Received: by 10.223.185.116 with SMTP id b49csp82150wrg; Fri, 2 Mar 2018 14:05:25 -0800 (PST) X-Google-Smtp-Source: AG47ELuJ5eG3Ew9XfU7QdXfj0Hmfm+ebK8nplFUyjOZC275oWgsVnwRagrr1cyoCsstAQgHCDuQZ X-Received: by 2002:a17:902:8489:: with SMTP id c9-v6mr6381744plo.439.1520028325188; Fri, 02 Mar 2018 14:05:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520028325; cv=none; d=google.com; s=arc-20160816; b=XzNwr99aMao42UQnkuFMn5viTph0haDX3FJ/q0PfTn0qCra7b7/w+6alemd0v2TaHO rUEJfunWCCA8eUf9O0GahSJE1dP4dpbT7/pbvzwPJZ4lgNBBl4t3ujUFLCk/mCntVwIV V69kEleKmdUPWvf1LoRZ2Yopllo9avZUSwW1hjdG693mcUV/+/nHGUieNM1wW6tEiODp ebZZwhoYtglbpsAHuUdkgGGiVYvgqlIa9IyFbPV2w7w5jDG9tBjIKvYIJHPsufMb+grT KofAi6YwvOpo7UrxG3gsEYJcjC+x5EkTLJzg1hyJ+LStv7H8XOMQ71GafhTPZED9iSFN 9jjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=XQmQFJefjpagTC4r8qfpG0OQY7G8dY8lCTCfyiUAHjs=; b=CTMCbkAh/Gk1zbi2/OXVoZ3lNsLY/IViOzg3rST4Ci/GukdWECQjHnt27FtAm7HwdP EO3rjbcOQClAvu/ccxYUzMyc633QNs20qQjBNvajOInFp7p1uoaiTuQB8zrNIckfI4fZ Tbf1i7gpq3CfgmWgUcC/dKLtFHo4D7sd+IS6uGJYX3lfGtJ1t0nyBg44jnnVppRjFsRS crWKu6dzVVWh8SjjR1iXKJc7MjKjG655PCthcwGyFZoxGfV01IA5a+qIRG3enz4ef7qS crMkX/BEmrzGBmCEXgVp4lP2tLZp1GsoiG3h4jVDTxB4KWeqTtLx+7hrhMYdACt25CZL AAAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a61-v6si5387834pla.689.2018.03.02.14.05.10; Fri, 02 Mar 2018 14:05:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934188AbeCBVmu (ORCPT + 99 others); Fri, 2 Mar 2018 16:42:50 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54518 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752432AbeCBVmt (ORCPT ); Fri, 2 Mar 2018 16:42:49 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DDBD34075168; Fri, 2 Mar 2018 21:42:48 +0000 (UTC) Received: from flask (unknown [10.43.2.80]) by smtp.corp.redhat.com (Postfix) with SMTP id B77A1213AEF8; Fri, 2 Mar 2018 21:42:46 +0000 (UTC) Received: by flask (sSMTP sendmail emulation); Fri, 02 Mar 2018 22:42:12 +0100 Date: Fri, 2 Mar 2018 22:42:12 +0100 From: Radim =?utf-8?B?S3LEjW3DocWZ?= To: Paolo Bonzini Cc: Konrad Rzeszutek Wilk , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, David Woodhouse , KarimAllah Ahmed Subject: Re: [PATCH] KVM: VMX: expose the host's ARCH_CAPABILITIES MSR to userspace Message-ID: <20180302214212.GB13606@flask> References: <1519433546-33879-1-git-send-email-pbonzini@redhat.com> <20180226221300.GK22024@char.us.oracle.com> <20180301213205.GB29001@flask> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 02 Mar 2018 21:42:48 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 02 Mar 2018 21:42:48 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rkrcmar@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-03-02 10:36+0100, Paolo Bonzini: > On 01/03/2018 22:39, Radim Krčmář wrote: > > [Resent after removing g@char.us.oracle.com.] > > > > 2018-02-26 17:13-0500, Konrad Rzeszutek Wilk: > >> On Sat, Feb 24, 2018 at 01:52:26AM +0100, Paolo Bonzini wrote: > >>> Use the new MSR feature framework to expose the ARCH_CAPABILITIES MSR to > >>> userspace. This way, userspace can access the capabilities even if it > >>> does not have the permissions to read MSRs. > >> > >> ... That is good but could you expand a bit of why it would want this? > >> > >> I am 99% sure it is due to the lovely spectre_v2 mitigation but > >> could you include that in the commit message so that in say a year > >> folks would know what this is? > > > > Userspace can currently get the MSR by creating a VCPU and reading its > > MSR_IA32_ARCH_CAPABILITIES, because it is set from the hardware MSR. > > > > I thought that "permissions to read MSRs" talked about hardware MSRs, so > > the purpose of this patch would be a better interface, but I don't see > > how if we keep the auto-setting on VCPU creation. > > Yeah, it's mostly about a better interface and being able to do checks > before creating the VCPU. The commit message was written before I > noticed the auto-setting on VCPU creation, and I failed to update it. Ok, sounds good. I've deferred it to rc5 as I think we'll want to use this to replace the auto setting: I would not bet that it is going to be safe to expose future bits, so having the userspace always sanitize the capabilities would be safer (and more in line with what we do with other MSRs). i.e. this patch would also diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 051dab74e4e9..86ea4a83af1f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -5740,9 +5740,6 @@ static void vmx_vcpu_setup(struct vcpu_vmx *vmx) ++vmx->nmsrs; } - if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) - rdmsrl(MSR_IA32_ARCH_CAPABILITIES, vmx->arch_capabilities); - vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl); /* 22.2.1, 20.8.1 */