Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3542848iob; Tue, 17 May 2022 02:16:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBPyzEwnpM72ZVzgLZxVK4K3RzE+qBUEjVty2I32Mc/vUYI3FZ4qMYOXtzwQ5jmY9NXFdV X-Received: by 2002:a05:6402:1d48:b0:427:dfa3:2272 with SMTP id dz8-20020a0564021d4800b00427dfa32272mr17880524edb.333.1652778972546; Tue, 17 May 2022 02:16:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652778972; cv=none; d=google.com; s=arc-20160816; b=CpGxn3gjvgFFdbnIOArr8bQuOJ8YLyOKzhx4ko3DUFnG8hDfbBJ6Bt/UR+znEi9ZKZ 0cplZa9j75ZTUjzB8zU0azZ7RowCQxzuOFKATN5B93U/mRnYerIl8sfiwSvALrScdpjO UMVS7owksPUWjoePjeGTSxFa6SrLSGhNvioynQRqNkAUs8D4VeKTCSYd7l+uFtpzaLFy ebP8GgkSAAODD6dRYL/qkeiiINSRzo1iKfAyU7vjQpptVVX8L3qYFvsMdo6qtBG+v336 AtuSFkql674CMhvy/mYDL2eJljgCCxB5fNnUCNgrbr2RJLmBeZMOXjal/wW3j65bDRrt AFKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4PVGGuxc9ZyUOJ1tHjoyl2dymltFthy0B+E7Sw+J42M=; b=l5dkJEz3cdnRUCjJweTXuc7TicshlD4dxL+hSvRSXUGrbS8jznIyYxszLk1pZFSF9x LP3LNg9JCj4n7Fu7HiTxmcHkIbRAqX73y1EnhF4IHws2Ndnq7JNlDwl6gLf2tAR9HObh p+riCinpGz1fAdiNMZazd0/wTu3eQk+t1IXLeu/E4kSQGdKn9dqBq6/KEB1XLfMJoyZb eF0favErrBuF3cFWEyxHQyMThSal4GjEIQcsDyJ2WEozJ2cYDL7faeOX6Fb7b0s/Ss8+ ivC56a8Eg+NWCq5SpRmUMwnTwQQTkRDV3giae/0OsOzpMFekCbKmxmCWrVEJUdWOna5i P4fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nfqtFXnT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r23-20020a170906705700b006f39b748c48si2105804ejj.229.2022.05.17.02.15.46; Tue, 17 May 2022 02:16:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=nfqtFXnT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233191AbiEQAfx (ORCPT + 99 others); Mon, 16 May 2022 20:35:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229613AbiEQAfv (ORCPT ); Mon, 16 May 2022 20:35:51 -0400 Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CA23D130 for ; Mon, 16 May 2022 17:35:50 -0700 (PDT) Received: by mail-oi1-x230.google.com with SMTP id w130so20711786oig.0 for ; Mon, 16 May 2022 17:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4PVGGuxc9ZyUOJ1tHjoyl2dymltFthy0B+E7Sw+J42M=; b=nfqtFXnTGOPZxAFd1Lz+1d12jCgsAih4qDV1EY6Tvbl+0akZYChQ5Edmn9Uy0ZuML2 /Yr2uYhf+wPUsW+RhlPj0jnrgI6xQnFnDJXSdsS2bB2o2rEq8kT5IQzy30s3KZT90pj3 UHgi++aGzhoNWQSG7KMtVVGVzZ8lXDP3PxyzHRe/cj2CsiK8ysEKX+N/C/JCofnhP6Zy ysHoSuNHqM8uW8oykrmhadP4GJgmD8QVWKo1rTWmFdO3T0RLNLOU8o5Y2if5frE7OzBe tqgcEGsK8+XiuMXFj87N0IFHRR1P/0s3glsmvAukolmHIqsHn647aZrbjw9qXweuOLeg q85A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4PVGGuxc9ZyUOJ1tHjoyl2dymltFthy0B+E7Sw+J42M=; b=W458CLhIF6PeNAkBu6aIv44wSg3hSt/ZV6eDvHQ+mUYOAOX8ZkzB5+Gicgd0Tu1G1h t+3jaY1s4glhPlyyA9uUeh9xWvV2iDNSdlihGNMk30lF+tMQciZW8M75a9HtMHQT4eEZ QMtnZfZ1yF8pXrR+71X57aeiu+v5y1Si7MjxXuad1h7z08VSk+8ZJuMgYO5exqrbdUj1 1cdGfFZNNCAWysz0my4wg2FXGsiVzuZv0IgGTbByK8byxXDZWVtdPNRYkX7iY/kSUfnW DPXNCwtSzqmkT0QOyOnYvKLncJCdX2YZI6oP7HTE9w2nusxgyRS2TQHzYNP6hFEH2W73 dGYA== X-Gm-Message-State: AOAM531CTo510gEZ1yrfa2zIzFWq2lhM8M8Yu3zFDs1GK+tdmxON2Xp5 Cd/5NhA2ZZ1q/4rzHMLtsYKCPRzvGbVCkQd4nKZ2Gw== X-Received: by 2002:a05:6808:2125:b0:326:b51f:bbc2 with SMTP id r37-20020a056808212500b00326b51fbbc2mr15101655oiw.13.1652747749600; Mon, 16 May 2022 17:35:49 -0700 (PDT) MIME-Version: 1.0 References: <20181205191956.31480-1-ehabkost@redhat.com> <66796b4a-f5be-baeb-07ea-db95764e4bab@redhat.com> In-Reply-To: <66796b4a-f5be-baeb-07ea-db95764e4bab@redhat.com> From: Jim Mattson Date: Mon, 16 May 2022 17:35:38 -0700 Message-ID: Subject: Re: [PATCH] kvm: x86: Report STIBP on GET_SUPPORTED_CPUID To: Paolo Bonzini Cc: Eduardo Habkost , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, KarimAllah Ahmed , David Woodhouse Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 14, 2018 at 2:55 AM Paolo Bonzini wrote: > > On 05/12/18 20:19, Eduardo Habkost wrote: > > Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL > > to the guest, which makes STIBP available to guests. This was implemented > > by commits d28b387fb74d ("KVM/VMX: Allow direct access to > > MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to > > MSR_IA32_SPEC_CTRL"). > > > > However, we never updated GET_SUPPORTED_CPUID to let userspace know that > > STIBP can be enabled in CPUID. Fix that by updating > > kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features. > > > > Signed-off-by: Eduardo Habkost > > ... > Queued, thanks. > > Paolo On second thought, I believe this is premature. KVM does not currently support Intel's STIBP. From volume 4 of the SDM, "Prevents indirect branch predictions on *all* logical processors on the core from being controlled by any sibling logical processor in the same core." (emphasis mine) In particular, if two virtual HT siblings are running on different physical cores, and one of them sets IA32_SPEC_CTRL.STIBP, KVM must intercept the MSR write, track down the sibling vCPU thread, and ensure that IA32_SPEC_CTRL.STIBP is set on its logical processor. Moreover, whenever a vCPU thread migrates to a new logical processor, IA32_SPEC_CTRL.STIBP on the logical processor must be set to the logical or of the vCPU thread's own IA32_SPEC_CTRL.STIBP value and its sibling vCPU thread's IA32_SPEC_CTRL.STIBP value. Note that this implies that IA32_SPEC_CTRL cannot be a pass-through MSR.