Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3906243pxy;
        Mon, 26 Apr 2021 12:39:50 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxKCX5DyGrkw5evwceyw5KN0XMpAwGXyoJItz2g6+nxCt4DMhtfg4k0rK4/GLGrCYGN44XU
X-Received: by 2002:a17:903:1cf:b029:e8:c4ca:be6d with SMTP id e15-20020a17090301cfb02900e8c4cabe6dmr20860547plh.39.1619465989872;
        Mon, 26 Apr 2021 12:39:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619465989; cv=none;
        d=google.com; s=arc-20160816;
        b=Wf/0CbxuzPLPC5Vd5ikVGJylEzliLzV5dtKacGbAxgsix/+Ctkw1yWGwJ2Ru7gL4ca
         zRzYdRsHjbNeBvWrA9R8qaSGSLjhDCAcCMKl4olZ3Hbzwy1MSvx7W58sBixbHwXtMCU6
         N8SxhB9+aFUikv9CeeSFdvsOdXrmuwK+SpvyNYXSf8xoJcSp7vB6NGzAQYpPz6PW2232
         6BbnspKcgsIiIM5Y3BK/B2vWRF6mOXlz2xv5UvS8l4qaSdgKtRfIr5oi+H88EGPGY8Wm
         fCUVY/LOh+mVg2MZ/l1LW3f1iFUXhsGMnvHUqqBO7jIbAqTX+wIjIoPlhtiY6/tJq2u3
         3tQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=yGSzz776qWLo2L8utoHd+WLD41PUYluYds/uPI29vQw=;
        b=YyUqk0k/JAvjJKRtoKxiy18i+EVeRm9ubUaVwh5znnWIlMQ2lMaj0zHn4JfRd7jans
         Is+nIF19Vg+PmwVKpmoALHNr43JSD6cgc0YUFxRZXwlqLszQbRDcAvfkFS00x1eHWgzJ
         vaQXJIHlFAJB5f5aPrbFvTh5q6LvRpSxMUP86SufImtllEeIzBBRFesUEQ5HZ4zdtaFo
         19o954BR3kFvGOHr8ItEd+BOcPT6BKJEY4mOeFESbwqoqLQtcVCGsnF3FKVnwS6h2aT5
         LtW6Nis2udKS6vuUi5krUXJttdnj97u3sWssMMR7fzeGmM+DhG4yOjNG2+TbL2Q+DwYw
         3V5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="o/H1HCK/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m21si18259678pgj.213.2021.04.26.12.39.37;
        Mon, 26 Apr 2021 12:39:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="o/H1HCK/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240203AbhDZTTS (ORCPT <rfc822;liujingjun001@gmail.com>
        + 99 others); Mon, 26 Apr 2021 15:19:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55488 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240119AbhDZTTP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Apr 2021 15:19:15 -0400
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD2F1C061574
        for <linux-kernel@vger.kernel.org>; Mon, 26 Apr 2021 12:18:33 -0700 (PDT)
Received: by mail-pf1-x42b.google.com with SMTP id e15so2874877pfv.10
        for <linux-kernel@vger.kernel.org>; Mon, 26 Apr 2021 12:18:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=yGSzz776qWLo2L8utoHd+WLD41PUYluYds/uPI29vQw=;
        b=o/H1HCK/ZfoOKIEtqGWPlA0oHo2/6vw2ro8xx/AXD/+4Cnqz3vjteOTz+IfhfLx3uo
         jJ7a3UdX/bpHiq0nBjOrHYmiKWPPIGMwLie5Nh8LJLQQCqhNbhAsJN81NSsRNBb5n1Z9
         52tp4TzLL6COWifHuX/9JJWmg6EJfdo5uHecCz2fExyiUJi2GWCw/DoQeFYWm/loXKHs
         693qsxZCNn9BYYGVYv5ek6lkVwfHuafg7exP4xZIyQ55cY9zho6jXVCEJEdX9+1E3J3P
         pZvj0e2cB/Ltit1ITgH6/UO+qSXcEC5Y/EL2z3zJTUAq+kPZhq4dbI13SSf72+xEFbZc
         r1iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=yGSzz776qWLo2L8utoHd+WLD41PUYluYds/uPI29vQw=;
        b=ZrDNsNd0sEkgjrm5Ujbg89hy6BTULgNlN5U6BjRZVZ/aI0WKXLXINRBxCFnJnBnIuX
         3nrOknp4/VIKfmhNXHqvlZpvT5kVOykRujtfRH/e5+H85+2HewElH22ouKL+Hn4LyMP+
         k7WAs134GnlS26j9o3dOOAIvkyJUsM3FRyDkQQOYiRYpExYI8MwmhqBtUVLoQaZskhRw
         mPe1hXnGHJonMBJD/l1tlNe/LXagUPnvmJoxfyyJs8+AidzdgJknLpjtX8tgYmCjkS7B
         65iyRiBpJW/R7GRe5L9jTVZwLvqypizMpoBbj5sTbmmAGma3OBdl+8h50yRaIkgTsX34
         Jkkg==
X-Gm-Message-State: AOAM530oK7IxM6w0L6RLDqSP07iWvQNuN6T8GEErPCA1k5G9+4MAqdho
        QCMU0Kb+jRcqV4+saVCnUo6ptw==
X-Received: by 2002:a65:6643:: with SMTP id z3mr17853825pgv.387.1619464713143;
        Mon, 26 Apr 2021 12:18:33 -0700 (PDT)
Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240])
        by smtp.gmail.com with ESMTPSA id v123sm409175pfb.80.2021.04.26.12.18.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Apr 2021 12:18:32 -0700 (PDT)
Date:   Mon, 26 Apr 2021 19:18:28 +0000
From:   Sean Christopherson <seanjc@google.com>
To:     Vitaly Kuznetsov <vkuznets@redhat.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Reiji Watanabe <reijiw@google.com>
Subject: Re: [PATCH v3 2/4] KVM: SVM: Clear MSR_TSC_AUX[63:32] on write
Message-ID: <YIcSBIeLpqQ0sDF7@google.com>
References: <20210423223404.3860547-1-seanjc@google.com>
 <20210423223404.3860547-3-seanjc@google.com>
 <87k0opfmo9.fsf@vitty.brq.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87k0opfmo9.fsf@vitty.brq.redhat.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 26, 2021, Vitaly Kuznetsov wrote:
> Sean Christopherson <seanjc@google.com> writes:
> 
> > Force clear bits 63:32 of MSR_TSC_AUX on write to emulate current AMD
> > CPUs, which completely ignore the upper 32 bits, including dropping them
> > on write.  Emulating AMD hardware will also allow migrating a vCPU from
> > AMD hardware to Intel hardware without requiring userspace to manually
> > clear the upper bits, which are reserved on Intel hardware.
> >
> > Presumably, MSR_TSC_AUX[63:32] are intended to be reserved on AMD, but
> > sadly the APM doesn't say _anything_ about those bits in the context of
> > MSR access.  The RDTSCP entry simply states that RCX contains bits 31:0
> > of the MSR, zero extended.  And even worse is that the RDPID description
> > implies that it can consume all 64 bits of the MSR:
> >
> >   RDPID reads the value of TSC_AUX MSR used by the RDTSCP instruction
> >   into the specified destination register. Normal operand size prefixes
> >   do not apply and the update is either 32 bit or 64 bit based on the
> >   current mode.
> >
> > Emulate current hardware behavior to give KVM the best odds of playing
> > nice with whatever the behavior of future AMD CPUs happens to be.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> >  arch/x86/kvm/svm/svm.c | 11 ++++++++++-
> >  1 file changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> > index 9ed9c7bd7cfd..71d704f8d569 100644
> > --- a/arch/x86/kvm/svm/svm.c
> > +++ b/arch/x86/kvm/svm/svm.c
> > @@ -2904,8 +2904,17 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
> >  		 * direct_access_msrs.  Doing that would require a rdmsr in
> >  		 * svm_vcpu_put.
> >  		 */
> > -		svm->tsc_aux = data;
> >  		wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
> 
> Hm, shouldn't this be 
> 
> wrmsrl(MSR_TSC_AUX, data) or wrmsrl(MSR_TSC_AUX, (u32)data)
> 
> then? As svm->tsc_aux wasn't updated yet.
> 
> > +
> > +		/*
> > +		 * Per Intel's SDM, bits 63:32 are reserved, but AMD's APM has
> > +		 * incomplete and conflicting architectural behavior.  Current
> > +		 * AMD CPUs completely ignore bits 63:32, i.e. they aren't
> > +		 * reserved and always read as zeros.  Emulate AMD CPU behavior
> > +		 * to avoid explosions if the vCPU is migrated from an AMD host
> > +		 * to an Intel host.
> > +		 */
> > +		svm->tsc_aux = (u32)data;
> 
> Actually, shouldn't we just move wrmsrl() here? Assuming we're not sure
> how (and if) upper 32 bits are going to be used, it would probably make
> sense to not write them to the actual MSR...

Argh.  I got too clever in trying to minimize the patch deltas and "broke" this
intermediate patch.  Once the user return framework is used, the result of
setting the MSR is checked before setting svm->tsc_aux, i.e. don't set the
virtual state if the real state could not be set.

I'm very tempted to add yet another patch to this mess to do:

		if (wrmsrl_safe(MSR_TSC_AUX, data))
			return 1;

		svm->tsc_aux = data;

And then this patch becomes:

		data = (u32)data;

		if (wrmsrl_safe(MSR_TSC_AUX, data))
			return 1;

		svm->tsc_aux = data;

The above will also make patch 3 cleaner as it will preserve the ordering of
truncating data and the wrmsr.

> >  		break;
> >  	case MSR_IA32_DEBUGCTLMSR:
> >  		if (!boot_cpu_has(X86_FEATURE_LBRV)) {
> 
> -- 
> Vitaly
>