Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp132856iof; Sun, 5 Jun 2022 23:20:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIeizf1pkV0/4bpV1eoKx29UD/3MxQuCVV3g7JKlgw5cGCKoSO9nLdL80nr7mZRZV04E2D X-Received: by 2002:a17:90a:ba15:b0:1cb:be7d:bbca with SMTP id s21-20020a17090aba1500b001cbbe7dbbcamr59374466pjr.143.1654496415594; Sun, 05 Jun 2022 23:20:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654496415; cv=none; d=google.com; s=arc-20160816; b=zNvqJWRnO0cV3K099ennnAZa15CJaMpR0U2bdZjDmi+jJyBJEJTdShf5Wy2SUcmyrz N+rEpUmo/hzyTBngb9dlOfv4N2JjQDhM0XbcZe8PNaB/SoC9jtSejzVTUfm23SajWOub Tm6xlEFTgcotWhBrspSUcSM9wJg7JpstF96gnZ1Mo3ACzhfk8wJKlVWYdf2d7JOQznyX B/pI0jy97hKlMH8Wpx1JosXtj0lGtkvX1TNGg2DPzriQjAu296AtmMdTrTwoKfQo9QJb rsBEQ08gI0JoUoleNmfkCE90WZLalEYKB9+zkECyZmliTFV0PSZ+5yOy/Rt3nSfRZ2Mh +L6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=DRI9cKAgY3QVATHOoo0D04BM6oqFmuon1T3veMdSR+0=; b=l6bvrC8/ixQq8a+oYZQc6v1VUgFN826HEI82slGHvN9qt0+z4nl9ne5Zw/jhagXSit tu1l8RzXu+6JEcTGxVG66CfQKQSbd2MtiIBFh123JJfk8iq4PakbeBYfuJiik5FcdYi4 Q5fJkg49hKT+6BkwyBSQ1WW4+yMUdvco42NouVg1BR3n7BbC94GHIlY2xnNMILVvIlv5 9COvxxtGj21yizdmvBu2hbrDjzFipmoKEn81h1askivAwLrnRQFPLVgLhHwIGhYtWfAJ +CcKLf/zlWYrw19Cs89ws6zPPVmGO63VI7CitwLn0BYo0HkzRhBSOSRY4UVzyDcG51q5 wSNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Y5dr4A3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id 205-20020a6302d6000000b003fccd1caadbsi16960854pgc.680.2022.06.05.23.20.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Jun 2022 23:20:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Y5dr4A3Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4F8B6B1C00; Sun, 5 Jun 2022 21:59:40 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350394AbiFDDMD (ORCPT + 99 others); Fri, 3 Jun 2022 23:12:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236879AbiFDDMA (ORCPT ); Fri, 3 Jun 2022 23:12:00 -0400 Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06C672AE2 for ; Fri, 3 Jun 2022 20:11:57 -0700 (PDT) Received: by mail-oi1-x234.google.com with SMTP id w16so2843135oie.5 for ; Fri, 03 Jun 2022 20:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=DRI9cKAgY3QVATHOoo0D04BM6oqFmuon1T3veMdSR+0=; b=Y5dr4A3Zl+CHMSVikGZoL33DFqP1Ta6+bUVZhRlZ3PCaU7C5m+936veqa7BiGx4IYs XzWM4ttXOp/WcBfO+0ZTVUYO5MXeljq3tDJgcRi/QarbLc3xzgFjCzsp3n35icBn4Z+M nFV/A/TShU6j2UkfIZje8i7UlzIiLT0xr2T7GrtyOPTiZgyZnSVU/jZ9XdnV03pMjGui /euJyDBkQeDxSUj3VvCuoL01Tt+8mlkrJQF628C45Uyq4myYludKKSqCsLOh4gS4b/DI MvEYSere7DJG9lohEwLusPnJJ0FUrhhgX9hdrycc79QSa2SdNs0HD3vw9zIC3jTUGkiY CV7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=DRI9cKAgY3QVATHOoo0D04BM6oqFmuon1T3veMdSR+0=; b=qXD+dGcXJXdIDXOFjeySiehku/POlKctD37r1JkHx8TcFuipqyiURRhBNQ7czfBAFR k9EuKb2k7yTn+LKqLwv1Sz7NIOsiaZ7oMveXO2qIHt5phczeJcjds0zCSp7ldLaRyF0f rlSw6GnfOH3XS95vNfqtL44ifWNSUCC6ztu3tiVOgPrBzwJKUF6Xa60Nj9pmz4c6JBYk TLnSu15FlgRvvgNW0OsqGq8YKKm7zkn4r/S2N/p6ub6B32gvFUERnwrlT0C4dML1QTgM HaKyG4SYSWB6v46EG4Edtd108hKdjcEEzc7nD9WVz1/kbolC6n5VOHp+q8iOH4rkAtxM WNIw== X-Gm-Message-State: AOAM530gJxWpxEfbuu9QW8lXSKzurvpIM7HgQrGlhyr3RjFT/Y9NTGH1 QX8/0GVARnsGKHQ4IvvVEaSwR/GZO84dyBFHmX6qdg== X-Received: by 2002:a05:6808:1189:b0:32b:7fb5:f443 with SMTP id j9-20020a056808118900b0032b7fb5f443mr23865041oil.269.1654312316075; Fri, 03 Jun 2022 20:11:56 -0700 (PDT) MIME-Version: 1.0 References: <161188083424.28787.9510741752032213167.stgit@bmoger-ubuntu> <161188100955.28787.11816849358413330720.stgit@bmoger-ubuntu> In-Reply-To: <161188100955.28787.11816849358413330720.stgit@bmoger-ubuntu> From: Jim Mattson Date: Fri, 3 Jun 2022 20:11:45 -0700 Message-ID: Subject: Re: [PATCH v4 2/2] KVM: SVM: Add support for Virtual SPEC_CTRL To: Babu Moger Cc: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, fenghua.yu@intel.com, tony.luck@intel.com, wanpengli@tencent.com, kvm@vger.kernel.org, thomas.lendacky@amd.com, peterz@infradead.org, seanjc@google.com, joro@8bytes.org, x86@kernel.org, kyung.min.park@intel.com, linux-kernel@vger.kernel.org, krish.sadhukhan@oracle.com, hpa@zytor.com, mgross@linux.intel.com, vkuznets@redhat.com, kim.phillips@amd.com, wei.huang2@amd.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 28, 2021 at 4:43 PM Babu Moger wrote: > This support also fixes an issue where a guest may sometimes see an > inconsistent value for the SPEC_CTRL MSR on processors that support > this feature. With the current SPEC_CTRL support, the first write to > SPEC_CTRL is intercepted and the virtualized version of the SPEC_CTRL > MSR is not updated. When the guest reads back the SPEC_CTRL MSR, it > will be 0x0, instead of the actual expected value. There isn=E2=80=99t a > security concern here, because the host SPEC_CTRL value is or=E2=80=99ed = with > the Guest SPEC_CTRL value to generate the effective SPEC_CTRL value. > KVM writes with the guest's virtualized SPEC_CTRL value to SPEC_CTRL > MSR just before the VMRUN, so it will always have the actual value > even though it doesn=E2=80=99t appear that way in the guest. The guest wi= ll > only see the proper value for the SPEC_CTRL register if the guest was > to write to the SPEC_CTRL register again. With Virtual SPEC_CTRL > support, the save area spec_ctrl is properly saved and restored. > So, the guest will always see the proper value when it is read back. Note that there are actually two significant problems with the way the new feature interacts with the KVM code before this patch: 1) All bits set by the first non-zero write become sticky until the vCPU is reset (because svm->spec_ctrl is never modified after the first non-zero write). 2) The current guest IA32_SPEC_CTRL value isn't actually known to the hypervisor. It thinks that there are no writes to the MSR after the first non-zero write, so that sticky value will be returned to KVM_GET_MSRS. This breaks live migration. Basically, an always-on V_SPEC_CTRL breaks existing hypervisors. It must, therefore, default to off. However, I see that our Rome and Milan CPUs already report the existence of this feature.