Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp5895904rwd; Mon, 5 Jun 2023 09:58:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4rT7zf/z3YiztBLAE+vsyYVFuX9QTdm8WVnDLMmgfBhpkywFDi/jFZO9rMFdmZs0mMbQ+x X-Received: by 2002:a17:902:854b:b0:1b1:b0ec:462d with SMTP id d11-20020a170902854b00b001b1b0ec462dmr7327141plo.39.1685984334407; Mon, 05 Jun 2023 09:58:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685984334; cv=none; d=google.com; s=arc-20160816; b=yXp3Un+r9VWBIfmCj1oDZS/Rt6XSPADKhoC6Mw2nhstRV2cn/NUir9duyFo1kq4Eic KVYgZujIpaI3EDDdmM4aNp2BYJpGV289Q6ElWI+AJCYHa5pAGidoEfX/KbrPPiimmq3E LkRNIS9ffMGwfk1n7F1JN8U4P+pkBgrKEtO8XMb0CFu1Lx7bM+ICJLHCQssgMghVM5Go LPSchsi72YFtl7VTOntjdEElvguhan2BPr0SFZzdfkt/yoRuqkNclRHiC6IGcgeEq4tC JbdZZJGFVlTrEY4NRuhAtGf64sXYTKgtBJRwScoDz1g7TBLoDJumeUUgXRPIgKuY4Gqq 6tPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=itVCHxK7yJoWLdIly9PY/c8cuJY7tBQy/oref/nGCP4=; b=WSVtSKlts/tywmjk3isYtUXVZSnhWWcAj5yMVTtwnPQqWaBoaVLKL0Pc5SVaTnj22i 2rRnlWqNkGHWpM+lg+KsD8O+wPDSvSiNtMkUVfS2gO0ufrqPzqMuTbdUS+va3o7ETtGd /CCQKl4MLuKtKp7BKZ5IFwUYnpzEuhRBLUIqSiGDUTUiM2fStYhGDOagZMOXkkxtJ3ea tkF65nvqNnST9VlEZtuT3eu2TXLt2d2glmdcgWnh9IcsccZT6ijV13cCwYCfoUcj26oS B4O8KRHqrrQM+aC8jHy69kIUvZ55QYYNqf07hEvOvNQeunPlPA9uV2sW80FDrQWvc681 FU1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aUUxOLT3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u18-20020a170902e5d200b0019955f0dc48si5821814plf.527.2023.06.05.09.58.41; Mon, 05 Jun 2023 09:58:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aUUxOLT3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234978AbjFEQg0 (ORCPT + 99 others); Mon, 5 Jun 2023 12:36:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48946 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231253AbjFEQgV (ORCPT ); Mon, 5 Jun 2023 12:36:21 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AB0D10CB; Mon, 5 Jun 2023 09:35:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BF40662835; Mon, 5 Jun 2023 16:35:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 95B70C4339C; Mon, 5 Jun 2023 16:35:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685982955; bh=L7xzv+kSx174UlUtHfXxVLC08BZ82BvEB+2sWRo7BNg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=aUUxOLT3y8TH5o2dzR7y8OwCxsD2ZTNBgKWagSKJ5eHAeaN3UKv12v6M0oEvzebgU ACktNhMu8MbhDhPMZI6q2SzTuJlKr0k76v43Y8UMRj4bga9rNg5eilImKGsj7Qn+8c Vg7Ejv1crV80ADIAW2SsVD/K6ytKOu0Uv5Fanur8/fuKpO9KY+ZGKrAC+a4D+PG6CN PKueXoV+4MM4sY53dqTWh7fmBd9XRdHMA4//vigUeeuiyTyxiLiQxXOZqmzCokJegL iZ1Q+TxX9YJPSW3/K5Viy5scqly4UMRIXsAC+ScHdAm2Yw6zMw2T1rIZ8dxMYC0m3w jvDibjKLgBw3w== Date: Mon, 5 Jun 2023 09:35:52 -0700 From: Josh Poimboeuf To: Jon Kohler Cc: Pawan Gupta , Andrew Cooper , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , "H. Peter Anvin" , "Peter Zijlstra (Intel)" , Daniel Sneddon , "kvm @ vger . kernel . org" , LKML Subject: Re: [PATCH] KVM: VMX: remove LFENCE in vmx_spec_ctrl_restore_host() Message-ID: <20230605163552.hi5kvh5wijegmus6@treble> References: <20230531150112.76156-1-jon@nutanix.com> <20230531231820.trrs2uugc24gegj4@treble> <20230601004202.63yulqs73kuh3ep6@treble> <846dd0c5-d431-e20e-fdb3-a4a26b6a22ca@citrix.com> <20230601012323.36te7hfv366danpf@desk> <20230601042345.52s5337uz62p6aow@treble> <21D1D290-7DE9-4864-A05B-A36779D9DC26@nutanix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <21D1D290-7DE9-4864-A05B-A36779D9DC26@nutanix.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 05, 2023 at 02:29:02PM +0000, Jon Kohler wrote: > > > > On Jun 1, 2023, at 12:23 AM, Josh Poimboeuf wrote: > > > > On Wed, May 31, 2023 at 06:24:29PM -0700, Pawan Gupta wrote: > > > > ## 2023-05-31 > >> On Thu, Jun 01, 2023 at 01:50:48AM +0100, Andrew Cooper wrote: > >>> On 01/06/2023 1:42 am, Josh Poimboeuf wrote: > >>>> So each LFENCE has a distinct purpose. That said, there are no indirect > >>>> branches or unbalanced RETs between them. > >>> > >>> How lucky are you feeling? > >>> > >>> You're in C at this point, which means the compiler could have emitted a > >>> call to mem{cpy,cmp}() in place of a simple assignment/comparison. > >> > >> Moving the second LFENCE to the else part of WRMSR should be possible? > >> So that the serialization can be achived either by WRMSR or LFENCE. This > >> saves an LFENCE when host and guest value of MSR_SPEC_CTRL differ. > > > > Yes. Though in practice it might not make much of a difference. With > > wrmsr+lfence, the lfence has nothing to do so it might be almost > > instantaneous anyway. > > > > -- > > Josh > > Coming back to this, what if we hoisted call vmx_spec_ctrl_restore_host above > FILL_RETURN_BUFFER, and dropped this LFENCE as I did here? > > That way, we wouldn’t have to mess with the internal LFENCE in nospec-branch.h, > and that would act as the “final line of defense” LFENCE. > > Would that be acceptable? Or does FILL_RETURN_BUFFER *need* to occur > before any sort of calls no matter what? If we go by Intel's statement that only unbalanced RETs are a concern, that *might* be ok as long as there's a nice comment above the FILL_RETURN_BUFFER usage site describing the two purposes for the LFENCE. However, based on Andy's concerns, which I've discussed with him privately (but I'm not qualified to agree or disagree with), we may want to just convert vmx_spec_ctrl_restore_host() to asm. Better safe than sorry. My original implementation of that function was actually asm. I can try to dig up that code. -- Josh