Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp755625rwd; Thu, 18 May 2023 03:35:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ480To/hW0QlZ/lSGHbo4JnfvQAbIEVrJ7Rk8nKybIPujN7mxVxkRWvhR8DuQMsUUty+cE9 X-Received: by 2002:a05:6a00:134d:b0:64a:f69e:9091 with SMTP id k13-20020a056a00134d00b0064af69e9091mr4414899pfu.20.1684406127130; Thu, 18 May 2023 03:35:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684406127; cv=none; d=google.com; s=arc-20160816; b=UNzDCX2Y/5lBCY5Szqr52TQNZIxeYHdgTDmhxSWaUWGVuC4sSrKE447nrHF5f2MrbK ZEM00TN8+Hop5pLQTxTwP8K0EASp3EbFIoXbg6lcGn2lAlb9rIRU94kNxyGAbarvWOQO yDskwnEG0H6b8EoepIpj/VfygkiwezPbHJFG8cgzqnftjSrPctSShdndUM++DSexix4Z dDXMnvyCSJzTKwmNqAdilYJHS2aFvvetAotLE9iZdf5otmyLJp0CjmdtdG5GIp+NTgdt f6tNS8+ugWQAjJOfmefFuWH5BcNgqlg32/J2jOdzFJyO1nkonNfnZsHzWja96RYMnzyX q6Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=I77RMAM5WW2R8GY9zJczzzlEMwl3qcAD9/U5hAQVcMc=; b=m9wYzgUj65x9PzVV6C5oWGBjtOZtD3pC3QsCe+ZXuglqIUw7LhVjNebYOyVP8wO9Hr HO6frsMoeeRUvRsjnc/hU8TvRyKQ73eOR4V0NacjMJlpZegYgrKznico48u+uwfOY/XT EyPRFZfj7yIhQBKlTymGzBi+IR51yS0xOBYAVzwLF+XgYV31HfkhEnQTr/EIwV5/CteL WPNlduvp9llGgdrEhoLTO/SRYTcGuZEZ0gIsWoB3y8ukYFCMDKOF1Lu9BOdsE+1c2ueR vZh/kfiJMDt9C9mXCNsECHmwzYKwSKHS416iLFR+05X1ZtF6YxH1qUX+n2zw+6RumVSd YClw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lTySKBMq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y12-20020aa793cc000000b0063d2e0cf58esi1400689pff.10.2023.05.18.03.35.09; Thu, 18 May 2023 03:35:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lTySKBMq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230269AbjERKZl (ORCPT + 99 others); Thu, 18 May 2023 06:25:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230167AbjERKZj (ORCPT ); Thu, 18 May 2023 06:25:39 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33B7F1BDD; Thu, 18 May 2023 03:25:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684405538; x=1715941538; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=24OyC/WH+6pu2Uob3QtLodrvVV7ybxrbmkREJM0utP8=; b=lTySKBMqg//zH3wCMqDDsGRfgoerG04FQP1mXWVqQQ4qUolezJr1M0z5 QW2Vhig3f9aw4Fp1I2NVaYfGgfYWbYYcPvU7ynWyTt0SEr2ZdGFiRWw42 pVEVBqXWtr+UNkZG0v4dhpF43pzNL42zbk02Edw+i71uAsjoqypLwa4VJ VExx6KA1wiCwjAjqSkGIRMiEARyC66vQsZA4ArFrH6Yrq5eQF2jGbusZ6 4AbAF7SvZVztAAW1UnocptxcIh5zjhheaOcY5DlTjj0eIKj3UtKj4jH2O tNhyIF8Br2/ws8kK7kx+KDYCEnECMlP4uDAi/eLfoATVvI5BciDtSeXd6 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10713"; a="415455820" X-IronPort-AV: E=Sophos;i="5.99,285,1677571200"; d="scan'208";a="415455820" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2023 03:25:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10713"; a="735032349" X-IronPort-AV: E=Sophos;i="5.99,285,1677571200"; d="scan'208";a="735032349" Received: from xiaoyaol-hp-g830.ccr.corp.intel.com (HELO [10.254.211.142]) ([10.254.211.142]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2023 03:25:33 -0700 Message-ID: <7b90b6c6-9574-eb23-0884-d4ba5fbfb039@intel.com> Date: Thu, 18 May 2023 18:25:30 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 Thunderbird/102.10.1 Subject: Re: [RFC PATCH v2 08/11] KVM: VMX: Advertise MITI_ENUM_RETPOLINE_S_SUPPORT Content-Language: en-US To: Chao Gao , kvm@vger.kernel.org Cc: Jiaan Lu , Zhang Chen , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org References: <20230414062545.270178-1-chao.gao@intel.com> <20230414062545.270178-9-chao.gao@intel.com> From: Xiaoyao Li In-Reply-To: <20230414062545.270178-9-chao.gao@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HK_RANDOM_ENVFROM, HK_RANDOM_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/14/2023 2:25 PM, Chao Gao wrote: > Allow guest to query if the underying VMM understands Retpoline and > report the statue of Retpoline in suprevisor mode i.e. CPL < 3 via > MSR_VIRTUAL_MITIGATION_ENUM/CTRL. > > Disable RRSBA behavior by setting RRSBA_DIS_S for guest if guest is > using retpoline and the processor has the behavior. > > Signed-off-by: Zhang Chen > Signed-off-by: Chao Gao > Tested-by: Jiaan Lu > --- > arch/x86/kvm/vmx/vmx.c | 24 +++++++++++++++++++++--- > 1 file changed, 21 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index 980498c4c30c..25afb4c3e55e 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -1944,8 +1944,8 @@ static inline bool is_vmx_feature_control_msr_valid(struct vcpu_vmx *vmx, > } > > #define VIRTUAL_ENUMERATION_VALID_BITS VIRT_ENUM_MITIGATION_CTRL_SUPPORT > -#define MITI_ENUM_VALID_BITS 0ULL > -#define MITI_CTRL_VALID_BITS 0ULL > +#define MITI_ENUM_VALID_BITS MITI_ENUM_RETPOLINE_S_SUPPORT > +#define MITI_CTRL_VALID_BITS MITI_CTRL_RETPOLINE_S_USED > > static int vmx_get_msr_feature(struct kvm_msr_entry *msr) > { > @@ -2173,7 +2173,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > struct vmx_uret_msr *msr; > int ret = 0; > u32 msr_index = msr_info->index; > - u64 data = msr_info->data, spec_ctrl_mask; > + u64 data = msr_info->data, arch_msr = 0, spec_ctrl_mask = 0; Sugget to make arch_msr and spec_ctrl_mask as local variables of each case {} block > u32 index; > > switch (msr_index) { > @@ -2488,6 +2488,24 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > if (data & ~MITI_CTRL_VALID_BITS) > return 1; > > + if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) > + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, arch_msr); > + > + if (data & MITI_CTRL_RETPOLINE_S_USED && > + kvm_cpu_cap_has(X86_FEATURE_RRSBA_CTRL) && why kvm_cpu_cap_has() is used here? it means whether KVM supports expose this feature to guest. But what we need here is whether host supports this feature. Though they might get the same result, we'd better use boot_cpu_has() or even read CPUID directly (since cpuid info can be changed by clearcpuid magic) to avoid confusion. > + arch_msr & ARCH_CAP_RRSBA) > + spec_ctrl_mask |= SPEC_CTRL_RRSBA_DIS_S; > + > + /* > + * Intercept IA32_SPEC_CTRL to disallow guest from changing > + * certain bits. > + */ > + if (spec_ctrl_mask && !cpu_has_spec_ctrl_virt()) > + vmx_enable_intercept_for_msr(vcpu, MSR_IA32_SPEC_CTRL, MSR_TYPE_RW); > + > + vmx_set_spec_ctrl_mask(vmx, spec_ctrl_mask); > + vmx_set_guest_spec_ctrl(vmx, vmx_get_guest_spec_ctrl(vmx)); > + > vmx->msr_virtual_mitigation_ctrl = data; > break; > default: