Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp958186ybt; Tue, 7 Jul 2020 04:33:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx2UL36tzHXaEFZiZAQ1R1Ok+g591lnqo+TxZmt8QA9DHi4pCNn5e6bNzDGTQLvKiWLQCFp X-Received: by 2002:aa7:da46:: with SMTP id w6mr50935852eds.261.1594121634299; Tue, 07 Jul 2020 04:33:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594121634; cv=none; d=google.com; s=arc-20160816; b=O2hHXsi5eikn3qMa4ZgNKhIL1+f58o9B+ncPHvSlA0gTxvrycojX6h7Prx9Q53cD3x QOpH+PjJ32oWG1nyzIz0zTCC2dVZPI/zZ1MYp0K0eRkHgYGrqXtAKI7z9VKMhXhAWXdY ACIy43ZMmDu3OgXnB37VlbaBTefoXYHWGn/DYTbtnDcwyW1eDAWHr4cVvfH6EFQPjDMb 2Yb3/xUvUj+LyuLBxOvCfBYjHbNqt11MVV+oXj0gIWYBKWvKhSIXNnFdIHmLwidO+JYL PoI05+Y0s3fnZmRn5L+/CEJ88PqSHVJzkkFtltrkWemBytBxFhlYeJ15MvxCXyPrTdrn e5AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=W4e4p5dLUhje1SEFTTrCpD000/W8kMbUlw2wtOztRIY=; b=k5O+zqWL6jylTETmLcQef4Tp3enVTKYN8CZ549dBkLZ5Vwn8VP7KM3Eb3iLOTdjl8z SBbv3lxitQb1XlsEmJa3j5ANrvkr+ynL47PPAT49BmrdoP/pV3hHKo8tBr2DR5P7bJp+ Lldvg+0RVt84kBU3VmM7OKl8rQikYnUGjV89XWGRwOF23D8zzpZ0DSuOgGxm6UpmT0vR JEWtGI71KWs1Y88uI3otaaoxKc5yCgppVtKREvKjCwuYp9V/7U0m75hCyY+x56SPG5n3 4hnPocv2o6GBpzUJovBsqBi4bZpGTR0tm39uDIpLjfUfr0y//mXEPIJrlT9/kNKRgPjU /ATA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="iodVE/88"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a15si16219673edl.117.2020.07.07.04.33.30; Tue, 07 Jul 2020 04:33:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="iodVE/88"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727987AbgGGLbL (ORCPT + 99 others); Tue, 7 Jul 2020 07:31:11 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:43261 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726540AbgGGLbK (ORCPT ); Tue, 7 Jul 2020 07:31:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594121469; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W4e4p5dLUhje1SEFTTrCpD000/W8kMbUlw2wtOztRIY=; b=iodVE/88rjY9SeVC58U+0/K3DySkSGKCeiOTAhJYc/CkUdKyWS0ayd7SIP6lQ1esiIjOKk +54qMsKyfILZgwuWbEfjnKJQIXL+nMe273E0pR5F+1teZJ0skI16jBRfepcGXA+XSdRXVp x8XVFVM09/LuQOsvAX4ojEKd9j1qij8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-286-Pk7q_zGqMpqTU48Rs7fcuA-1; Tue, 07 Jul 2020 07:31:07 -0400 X-MC-Unique: Pk7q_zGqMpqTU48Rs7fcuA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3F3E1A0BD7; Tue, 7 Jul 2020 11:31:05 +0000 (UTC) Received: from starship (unknown [10.35.206.237]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7021579CE2; Tue, 7 Jul 2020 11:30:58 +0000 (UTC) Message-ID: Subject: Re: [PATCH] kvm: x86: rewrite kvm_spec_ctrl_valid_bits From: Maxim Levitsky To: Sean Christopherson Cc: kvm@vger.kernel.org, "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , linux-kernel@vger.kernel.org, Joerg Roedel , Thomas Gleixner , Wanpeng Li , "H. Peter Anvin" , Borislav Petkov , Paolo Bonzini , Vitaly Kuznetsov , Ingo Molnar , Jim Mattson Date: Tue, 07 Jul 2020 14:30:57 +0300 In-Reply-To: <20200707061105.GH5208@linux.intel.com> References: <20200702174455.282252-1-mlevitsk@redhat.com> <20200702181606.GF3575@linux.intel.com> <3793ae0da76fe00036ed0205b5ad8f1653f58ef2.camel@redhat.com> <20200707061105.GH5208@linux.intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 (3.34.4-1.fc31) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-07-06 at 23:11 -0700, Sean Christopherson wrote: > On Sun, Jul 05, 2020 at 12:40:25PM +0300, Maxim Levitsky wrote: > > > Rather than compute the mask every time, it can be computed once on module > > > load and stashed in a global. Note, there's a RFC series[*] to support > > > reprobing bugs at runtime, but that has bigger issues with existing KVM > > > functionality to be addressed, i.e. it's not our problem, yet :-). > > > > > > [*] https://lkml.kernel.org/r/1593703107-8852-1-git-send-email-mihai.carabas@oracle.com > > > > Thanks for the pointer! > > > > Note though that the above code only runs once, since after a single > > successful (non #GP) set of it to non-zero value, it is cleared in MSR bitmap > > for both reads and writes on both VMX and SVM. > > For me the performance is secondary to documenting the fact that the host > valid bits are fixed for a given instance of the kernel. There's enough > going on in kvm_spec_ctrl_valid_bits_host() that's it's not super easy to > see that it's a "constant" value. > > > This is done because of performance reasons which in this case are more > > important than absolute correctness. Thus to some extent the guest checks in > > the above are pointless. > > > > If you ask me, I would just remove the kvm_spec_ctrl_valid_bits, and pass > > this msr to guest right away and not on first access. > > That would unnecessarily penalize guests that don't utilize the MSR as KVM > would need to do a RDMSR on every VM-Exit to grab the guest's value. I haven't thought about this, this makes sense. > > One oddity with this whole thing is that by passing through the MSR, KVM is > allowing the guest to write bits it doesn't know about, which is definitely > not normal. It also means the guest could write bits that the host VMM > can't. > > Somehwat crazy idea inbound... rather than calculating the valid bits in > software, what if we throw the value at the CPU and see if it fails? At > least that way the host and guest are subject to the same rules. E.g. > > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -2062,11 +2062,19 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > !guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL)) > return 1; > > - if (data & ~kvm_spec_ctrl_valid_bits(vcpu)) > - return 1; > - > + ret = 0; > vmx->spec_ctrl = data; > - if (!data) > + > + local_irq_disable(); > + if (rdmsrl_safe(MSR_IA32_SPEC_CTRL, &data)) > + ret = 1; > + else if (wrmsrl_safe(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl)) > + ret = 1; > + else > + wrmsrl(MSR_IA32_SPEC_CTRL, data)) > + local_irq_enable(); > + > + if (ret || !vmx->spec_ctrl) > break; > > /* > I don't mind this as well, knowing that this is done only one per VM run anyway. Best regards, Maxim Levitsky