Received: by 10.223.185.116 with SMTP id b49csp1185010wrg; Wed, 21 Feb 2018 13:43:25 -0800 (PST) X-Google-Smtp-Source: AH8x224g05qOu19qOp0mbf7hHqRVP3Ovo5Z8atAaV2k49SMiA8cGBmdhKXKc/VdVhBFyKrrCwtxi X-Received: by 10.99.65.133 with SMTP id o127mr3754761pga.13.1519249404869; Wed, 21 Feb 2018 13:43:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519249404; cv=none; d=google.com; s=arc-20160816; b=SKHs+y7E2UNRdWRUl4gNBzOsBEHKRimWhfTnbpNdYlnQVw/Lt/SjvUvkfsYUp5tazL 6sSKTR8vyRlB1uog6Am15Mh2U5yuuLKBG4ZP0DuSdc8roMVjXzz7GRvq5+kFJrRDRVOF BZHU9ss9y/CLHAY06Eo0gQYFIKe7uhFUgW7mAIWZjhMmWwBTo3GDz2zLl+/Ca9pP8WoV rz3aNLBb76M+jIztUSug8wZ+qLaiILKLGoiAXLO+8F2IKkKMRpz/xWyCv/+dp+COemK9 7kbvpNitl9UKaubgLsduGkVTS81MfGAfbjVOumcvI4ZlaIOQhS6oquIKyRNlb32d2fX8 Msxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=xTBK3Qi6PMh0weba3AFUclpZyrWBadMLJJoqs5jw0L0=; b=Ud14RV48sClfV5MPKgWcqWtzyCE8bwqcxGpbtBmP4ecfI3W8Gu/z3wyG9qltAkHmXy d0vAXDJcpsR7gVzaeCrwaXn5HTreDbbotAaeNM3Z8NBGIj2A7YXKNuRyXb4A+jh+1blf G/5YEnItBdmAVvZ83XuuKTGFpU4bagl7FSs+GW+vpyj9mzh09q4lv23DjWhTfpFHkW+s YnpoOaFvKOxxwj69w1tGZJpMKTHsuz/tJi/I3+QgMBgj97DCM6ue7VpyCD4Vw5oNYPah 5QZjoaIPXw3HyWMyfTVx/q8ypgWHly9XMHmR/0TwL3KbJBCP6gMYKzuWj+7A0QQmwmHQ yNZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=a+ItZYHJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n8-v6si267251pls.231.2018.02.21.13.43.09; Wed, 21 Feb 2018 13:43:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=a+ItZYHJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751460AbeBUVly (ORCPT + 99 others); Wed, 21 Feb 2018 16:41:54 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:39409 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751017AbeBUVlq (ORCPT ); Wed, 21 Feb 2018 16:41:46 -0500 Received: by mail-wm0-f68.google.com with SMTP id 191so140013wmm.4; Wed, 21 Feb 2018 13:41:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xTBK3Qi6PMh0weba3AFUclpZyrWBadMLJJoqs5jw0L0=; b=a+ItZYHJLBw4NU0cuY5TvN2eN8TJ4IfklXnM4ENBklpzifI3yb7cQZ817/BeVzG4PZ mFC4gAKSywzQhJhULqTF0u178TjPb64WVzQFqr8H+cfGI/BVRWFEeUcU4tP3grwIgLG+ dIdrLlWAymBZBZN/kMTh89L9P4nnl97SgYxCHENtxqgT8s3CMS2YApLcRA3lMFtyOL/n AfcVSK2hugCGdNTlxtCqevjUglYV35BywC0xUJPViO9Og1rp82dh2OUyVmUj4rYiymtP bWqbr/b9MbEDYjH8S0WgpRpziHfTrJlMY1uL4qhmCPP/ibGHuLCq6VsxC1js90LdS1mN HVcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=xTBK3Qi6PMh0weba3AFUclpZyrWBadMLJJoqs5jw0L0=; b=cR9s1MEazgk13gkCwJpbeJktLv/BR7Xor/IEUwfoksvZGwBGIrSqCDh8Xz189RBl6k n3aj5pl2EmftfyNDcOrcRL8LcUJoGkZKw/IQzxFmAbecYAMGQxhxyW5T3ci0soPXZlBv aPZZNndotX7GDaBF1LiR3TpXxhn2gorU42VpyEB94tf4gZLrdLz2F+lRAkNwIrOj9VvA Jqb/CWjjSc5CbV4nDy5DaohGKiYrHAEqFgtGcqXWkpBLdhr8R7HSlXiHlwxZse4nsGO5 o07e4jmzr2+YvPUcVBOq6PVgQvXiOTCofUIEcQxQyKLajKW/mHsmtKrIO0/NpzNB06Tf ptxA== X-Gm-Message-State: APf1xPDaR9aI8XxR1IonjuUqvs9aV17qRBcr+HX2kgg2Pan7rOyIzcVS DeTAMfDGI+Ndf/n6A80BWr78c6w7 X-Received: by 10.28.153.147 with SMTP id b141mr3263269wme.47.1519249303862; Wed, 21 Feb 2018 13:41:43 -0800 (PST) Received: from 640k.localdomain.localdomain (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id j132sm2827364wmd.27.2018.02.21.13.41.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2018 13:41:43 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: x86@kernel.org, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , KarimAllah Ahmed , David Woodhouse , Jim Mattson , Thomas Gleixner , Ingo Molnar , stable@vger.kernel.org Subject: [PATCH 1/3] KVM: x86: use native MSR ops for SPEC_CTRL Date: Wed, 21 Feb 2018 22:41:35 +0100 Message-Id: <1519249297-73718-2-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1519249297-73718-1-git-send-email-pbonzini@redhat.com> References: <1519249297-73718-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Having a paravirt indirect call in the IBRS restore path is not a good idea, since we are trying to protect from speculative execution of bogus indirect branch targets. It is also slower, so use native_wrmsrl on the vmentry path too. Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d Cc: x86@kernel.org Cc: Radim Krčmář Cc: KarimAllah Ahmed Cc: David Woodhouse Cc: Jim Mattson Cc: Thomas Gleixner Cc: Ingo Molnar Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- arch/x86/kvm/svm.c | 7 ++++--- arch/x86/kvm/vmx.c | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index b3e488a74828..1598beeda11c 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include @@ -5355,7 +5356,7 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) * being speculatively taken. */ if (svm->spec_ctrl) - wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl); + native_wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl); asm volatile ( "push %%" _ASM_BP "; \n\t" @@ -5465,10 +5466,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) * save it. */ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)) - rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl); + svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); if (svm->spec_ctrl) - wrmsrl(MSR_IA32_SPEC_CTRL, 0); + native_wrmsrl(MSR_IA32_SPEC_CTRL, 0); /* Eliminate branch target predictions from guest mode */ vmexit_fill_RSB(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 67b028d8e726..5caeb8dc5bda 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -51,6 +51,7 @@ #include #include #include +#include #include #include "trace.h" @@ -9453,7 +9454,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * being speculatively taken. */ if (vmx->spec_ctrl) - wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); + native_wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); vmx->__launched = vmx->loaded_vmcs->launched; asm( @@ -9589,10 +9590,10 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * save it. */ if (!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)) - rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); + vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); if (vmx->spec_ctrl) - wrmsrl(MSR_IA32_SPEC_CTRL, 0); + native_wrmsrl(MSR_IA32_SPEC_CTRL, 0); /* Eliminate branch target predictions from guest mode */ vmexit_fill_RSB(); -- 1.8.3.1