Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp791144imm; Mon, 21 May 2018 14:31:39 -0700 (PDT) X-Google-Smtp-Source: AB8JxZotzg1IDlRU3nKK2bXdQpizKJjnmbgovZ64MXJU7Zjepk8mVOnxUyw/9AamMk972XwQzkMr X-Received: by 2002:a17:902:b946:: with SMTP id h6-v6mr22594541pls.3.1526938299484; Mon, 21 May 2018 14:31:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526938299; cv=none; d=google.com; s=arc-20160816; b=jxtXfBd2x2eBVr0TVG2DWSRoUwXH+85zCEr9J7AvdWoM1w5w1FG2krJQdxG67cZYgh qrudKdjSvhTTQnYTpSE+6Y0orsZBJ0gmndQmI1CoNSXtGC5rbS7TdcqhrMTxTQxwcu64 fuf8HD3nbEGN9k67l7M1v2WnqD4ajbwdr1si4lStjiqU02un+AuIxYOwP+YkhCWCScPP gEI95HRPZzEYiDS1IyBIPyHGStAzMq2JrEEVeE+h1JOlB8wBNNK1uSxfX0+w8Y9butRw zUdcjvz0q1llTtRsjbjhG6+taez4H+GiXMPllLidzU9fM4xQKRKSUJFe9A7puDDcrcWO yb5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=/bqyO57jCB4JhaMl9GpYvEoL/jiQpPCFdHpYlSgqnoE=; b=ZrozYNNzDLlxNhVrU4OOsS+GsmbuLJfeA9t3qY4nuTwzUJ1ic86gRE3H8G9eXypxX9 5FyFDbh5V4DWgx2f6MqzOUnGpp7T6Oi1lrnfU4K6iVRDX4Zs5drQ0n0tC6DTKV1lEsUI dOVqAHC8OJicExtEIrxEvQEvaaLWNpcbG0rQmoKSaFM6ipwGi2cMUdnkVExJZT6Nyv3j /15+W/rXR3zYfOIhZuWT5aT/miIaTl9BpuAHEGuxISgjp8L8q3YFMmRoSYiMnLbrXcFE sDVcpF89pV0GTRBDnswGseHv9d8H9ALnEEbmU4A12UwCvtCwneSHXlVtSbdoPTqkJfLB G3fA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HiSuqo+s; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u6-v6si14274435pfm.183.2018.05.21.14.31.25; Mon, 21 May 2018 14:31:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=HiSuqo+s; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932653AbeEUV04 (ORCPT + 99 others); Mon, 21 May 2018 17:26:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:41672 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932569AbeEUV0w (ORCPT ); Mon, 21 May 2018 17:26:52 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6FDB820873; Mon, 21 May 2018 21:26:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1526938010; bh=PM1IKycun1HoBz0nXYT5g/sbbTPId2jWPZsu0H+JLv4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HiSuqo+sPaWnQC0YvXJML1PRzFnMH6lVjj6jMn9PduFPQ8LiSx72Ca7EIP9WfSqec H4aHNQXMTuJoRMUjH8XgkB8RD9EZF6vzuP5Hj4B4wSG1bJonxPDK1MvFtZWxcKUCcl NH3z3CQHacbf1dxm2TBCv97UEpVdep9E7QlwIC4g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tom Lendacky , Thomas Gleixner Subject: [PATCH 4.16 108/110] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD Date: Mon, 21 May 2018 23:12:45 +0200 Message-Id: <20180521210515.061159078@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180521210503.823249477@linuxfoundation.org> References: <20180521210503.823249477@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Tom Lendacky commit bc226f07dcd3c9ef0b7f6236fe356ea4a9cb4769 upstream Expose the new virtualized architectural mechanism, VIRT_SSBD, for using speculative store bypass disable (SSBD) under SVM. This will allow guests to use SSBD on hardware that uses non-architectural mechanisms for enabling SSBD. [ tglx: Folded the migration fixup from Paolo Bonzini ] Signed-off-by: Tom Lendacky Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/cpu/common.c | 3 ++- arch/x86/kvm/cpuid.c | 11 +++++++++-- arch/x86/kvm/svm.c | 21 +++++++++++++++++++-- arch/x86/kvm/vmx.c | 18 +++++++++++++++--- arch/x86/kvm/x86.c | 13 ++++--------- 6 files changed, 50 insertions(+), 18 deletions(-) --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -933,7 +933,7 @@ struct kvm_x86_ops { int (*hardware_setup)(void); /* __init */ void (*hardware_unsetup)(void); /* __exit */ bool (*cpu_has_accelerated_tpr)(void); - bool (*cpu_has_high_real_mode_segbase)(void); + bool (*has_emulated_msr)(int index); void (*cpuid_update)(struct kvm_vcpu *vcpu); int (*vm_init)(struct kvm *kvm); --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -767,7 +767,8 @@ static void init_speculation_control(str if (cpu_has(c, X86_FEATURE_INTEL_STIBP)) set_cpu_cap(c, X86_FEATURE_STIBP); - if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD)) + if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD) || + cpu_has(c, X86_FEATURE_VIRT_SSBD)) set_cpu_cap(c, X86_FEATURE_SSBD); if (cpu_has(c, X86_FEATURE_AMD_IBRS)) { --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -374,7 +374,7 @@ static inline int __do_cpuid_ent(struct /* cpuid 0x80000008.ebx */ const u32 kvm_cpuid_8000_0008_ebx_x86_features = - F(AMD_IBPB) | F(AMD_IBRS); + F(AMD_IBPB) | F(AMD_IBRS) | F(VIRT_SSBD); /* cpuid 0xC0000001.edx */ const u32 kvm_cpuid_C000_0001_edx_x86_features = @@ -642,13 +642,20 @@ static inline int __do_cpuid_ent(struct g_phys_as = phys_as; entry->eax = g_phys_as | (virt_as << 8); entry->edx = 0; - /* IBRS and IBPB aren't necessarily present in hardware cpuid */ + /* + * IBRS, IBPB and VIRT_SSBD aren't necessarily present in + * hardware cpuid + */ if (boot_cpu_has(X86_FEATURE_AMD_IBPB)) entry->ebx |= F(AMD_IBPB); if (boot_cpu_has(X86_FEATURE_AMD_IBRS)) entry->ebx |= F(AMD_IBRS); + if (boot_cpu_has(X86_FEATURE_VIRT_SSBD)) + entry->ebx |= F(VIRT_SSBD); entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features; cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX); + if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD)) + entry->ebx |= F(VIRT_SSBD); break; } case 0x80000019: --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -3971,6 +3971,13 @@ static int svm_get_msr(struct kvm_vcpu * msr_info->data = svm->spec_ctrl; break; + case MSR_AMD64_VIRT_SPEC_CTRL: + if (!msr_info->host_initiated && + !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD)) + return 1; + + msr_info->data = svm->virt_spec_ctrl; + break; case MSR_F15H_IC_CFG: { int family, model; @@ -4105,6 +4112,16 @@ static int svm_set_msr(struct kvm_vcpu * break; set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1); break; + case MSR_AMD64_VIRT_SPEC_CTRL: + if (!msr->host_initiated && + !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD)) + return 1; + + if (data & ~SPEC_CTRL_SSBD) + return 1; + + svm->virt_spec_ctrl = data; + break; case MSR_STAR: svm->vmcb->save.star = data; break; @@ -5635,7 +5652,7 @@ static bool svm_cpu_has_accelerated_tpr( return false; } -static bool svm_has_high_real_mode_segbase(void) +static bool svm_has_emulated_msr(int index) { return true; } @@ -6859,7 +6876,7 @@ static struct kvm_x86_ops svm_x86_ops __ .hardware_enable = svm_hardware_enable, .hardware_disable = svm_hardware_disable, .cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr, - .cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase, + .has_emulated_msr = svm_has_emulated_msr, .vcpu_create = svm_create_vcpu, .vcpu_free = svm_free_vcpu, --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -9231,9 +9231,21 @@ static void vmx_handle_external_intr(str } STACK_FRAME_NON_STANDARD(vmx_handle_external_intr); -static bool vmx_has_high_real_mode_segbase(void) +static bool vmx_has_emulated_msr(int index) { - return enable_unrestricted_guest || emulate_invalid_guest_state; + switch (index) { + case MSR_IA32_SMBASE: + /* + * We cannot do SMM unless we can run the guest in big + * real mode. + */ + return enable_unrestricted_guest || emulate_invalid_guest_state; + case MSR_AMD64_VIRT_SPEC_CTRL: + /* This is AMD only. */ + return false; + default: + return true; + } } static bool vmx_mpx_supported(void) @@ -12297,7 +12309,7 @@ static struct kvm_x86_ops vmx_x86_ops __ .hardware_enable = hardware_enable, .hardware_disable = hardware_disable, .cpu_has_accelerated_tpr = report_flexpriority, - .cpu_has_high_real_mode_segbase = vmx_has_high_real_mode_segbase, + .has_emulated_msr = vmx_has_emulated_msr, .vcpu_create = vmx_create_vcpu, .vcpu_free = vmx_free_vcpu, --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1045,6 +1045,7 @@ static u32 emulated_msrs[] = { MSR_SMI_COUNT, MSR_PLATFORM_INFO, MSR_MISC_FEATURES_ENABLES, + MSR_AMD64_VIRT_SPEC_CTRL, }; static unsigned num_emulated_msrs; @@ -2843,7 +2844,7 @@ int kvm_vm_ioctl_check_extension(struct * fringe case that is not enabled except via specific settings * of the module parameters. */ - r = kvm_x86_ops->cpu_has_high_real_mode_segbase(); + r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE); break; case KVM_CAP_VAPIC: r = !kvm_x86_ops->cpu_has_accelerated_tpr(); @@ -4522,14 +4523,8 @@ static void kvm_init_msr_list(void) num_msrs_to_save = j; for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) { - switch (emulated_msrs[i]) { - case MSR_IA32_SMBASE: - if (!kvm_x86_ops->cpu_has_high_real_mode_segbase()) - continue; - break; - default: - break; - } + if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i])) + continue; if (j < i) emulated_msrs[j] = emulated_msrs[i];