Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1560892yba; Thu, 25 Apr 2019 01:44:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqyv3FAirzz6mgJ1YU61xaUOVT3dyOFnTUfsHHYckPCYDsZ7LRDJMIy+D5ick4HkTYqmxh+T X-Received: by 2002:a63:5014:: with SMTP id e20mr11635798pgb.312.1556181870938; Thu, 25 Apr 2019 01:44:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556181870; cv=none; d=google.com; s=arc-20160816; b=wGgOggrVnDRBAuTTacTha9TCKFfby8FS1LLY1vyE+lkEtK0prKFgON56O/h2WH+Aaw AgppwiLZ2Tayu+xBX+bpBigtgIFhvFUdo1j/4MGANqTu63hnq8gePbrlX8pIzuAzLlq/ YLGGpA9kKwRdjJElc7eMifMXmk4ODlDWjgKTrFMv1eOCDUHDViScg5SYVHIcUh7K0qy+ piMud784Q3VSLH5SMz1BoUyRdNkrbUDVXn4cFhwH1aW8Fd2Po6teNSDb268dAzkvfXOn UKMru3SOiUzuls58cQehKpH191zMr1HJ90teDolFUqcftf9YxhOH2hlku5BW+DOlZJui HkeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=ZH3m8K1is4OaqeQS2gfcQyaXjy+mCJHM9rxirdWmD7c=; b=hSTZuV9wH1h4duYUByxX5mxsYXyhtOK87GpFxEVNrMtx9y/GLFgdIJRicY6Bs8Fq0e 1McemGBEnWrn/Lh6jHUHGasNOd0CVelrUGW/iZL9Qe6zzsal54GEp9gpZ8Jg1tEKWNgA QUIOL5CRw6Z9BjyIKhjBQkbomyBNHl4RPYoJC1Y4VfXBbGNHPjT6+9RS6dN3GQLxpUOz kpFLO7jrt8yCsfTvWZmWYzqPpNDoHErL521fzLE39sDxMyLSEieWUp0vMTi7ILaj3Ppk 0wTfqHWsHE68eh4NKxojnZAaF9nxGiqi1IH4vuegTRRTUUBHRwiZQrtyDFIqlMscXtuC qQJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h4si20238056pgc.298.2019.04.25.01.44.16; Thu, 25 Apr 2019 01:44:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727681AbfDYHmS (ORCPT + 99 others); Thu, 25 Apr 2019 03:42:18 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:56675 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726692AbfDYHmS (ORCPT ); Thu, 25 Apr 2019 03:42:18 -0400 Received: from p5de0b374.dip0.t-ipconnect.de ([93.224.179.116] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hJZ1B-00075o-PK; Thu, 25 Apr 2019 09:42:05 +0200 Date: Thu, 25 Apr 2019 09:42:04 +0200 (CEST) From: Thomas Gleixner To: Fenghua Yu cc: Ingo Molnar , Borislav Petkov , H Peter Anvin , Paolo Bonzini , Dave Hansen , Ashok Raj , Peter Zijlstra , Ravi V Shankar , Xiaoyao Li , Christopherson Sean J , Kalle Valo , Michael Chan , linux-kernel , x86 , kvm@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Xiaoyao Li Subject: Re: [PATCH v8 12/15] kvm/vmx: Emulate MSR TEST_CTL In-Reply-To: <1556134382-58814-13-git-send-email-fenghua.yu@intel.com> Message-ID: References: <1556134382-58814-1-git-send-email-fenghua.yu@intel.com> <1556134382-58814-13-git-send-email-fenghua.yu@intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 Apr 2019, Fenghua Yu wrote: > > +static void atomic_switch_msr_test_ctl(struct vcpu_vmx *vmx) > +{ > + u64 host_msr_test_ctl; > + > + if (!boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT)) > + return; Again: MSR_TST_CTL is not only about LOCK_DETECT. Check the control mask. > + host_msr_test_ctl = this_cpu_read(msr_test_ctl_cache); > + > + if (host_msr_test_ctl == vmx->msr_test_ctl) { This still assumes that the only bit which can be set in the MSR is that lock detect bit. > + clear_atomic_switch_msr(vmx, MSR_TEST_CTL); > + } else { > + add_atomic_switch_msr(vmx, MSR_TEST_CTL, vmx->msr_test_ctl, > + host_msr_test_ctl, false); So what happens here is that if any other bit is set on the host, VMENTER will happily clear it. guest = (host & ~vmx->test_ctl_mask) | vmx->test_ctl; That preserves any bits which are not exposed to the guest. But the way more interesting question is why are you exposing the MSR and the bit to the guest at all if the host has split lock detection enabled? That does not make any sense as you basically allow the guest to switch it off and then launch a slowdown attack. If the host has it enabled, then a guest has to be treated like any other process and the #AC trap has to be caught by the hypervisor which then kills the guest. Only if the host has split lock detection disabled, then you can expose it and allow the guest to turn it on and handle it on its own. Thanks, tglx