Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp496002rwb;
        Fri, 4 Aug 2023 16:58:19 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEDJb+SRERzLgfWVWPG+9EQEs2yPJflAX+CZdSwNjlMVrSfLroX4lEfWqH/bEnM3K04PI1m
X-Received: by 2002:a05:6a00:1306:b0:682:713e:e510 with SMTP id j6-20020a056a00130600b00682713ee510mr3751562pfu.27.1691193499237;
        Fri, 04 Aug 2023 16:58:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691193499; cv=none;
        d=google.com; s=arc-20160816;
        b=IPNhNNQv1ZW8AWs2EHw/wRUfIVfjZOlXiyywuuxe+dsMwmgdZWpjseNlC9H4JJ9YZA
         c8n26kNomCx4QgGwK9UXbquOdKtIrN9EanaAdXyMv5pRKn0LnLxpiDtjg58uHzSVqTZe
         qemVFRt0Pj0ADvPDC7q5Cge7PPfmbQgWwZq3cnsXcbGWHZwlyOhhHeHJvHeHTk1gIjfu
         B5xIGL+vvXxAKQ+TA2c4lKdaL38ZbwYl+IuRxdDO00fLAkUuGd5vFAncA4WqsBTCOed5
         rVMmz3fhnkFqMcHqBsbZgz0z0iHQ77vDX/NxK8u8ySRGnyFdPE0feWqMMLi4jhkUv+U4
         bhFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:dkim-signature;
        bh=/b75SsC9scGnF35935tzcOT5yZXu5YqOH3IvVYTIO2M=;
        fh=0lbqxz6t4CyfmYik2ZSN2xGpa8Qfusz0u0JFID+mRHM=;
        b=dYjW4BV5/bWab11Wgp5TM5Bu4ULfd74tIbgoFaya0SHw8GNEWtIzloyfSqhzQxM5eN
         D2t2cxnfrqtYCn+b+d6ijwptRgY2QJfJQNdqVyvVuxGW9D84v4gOEn5qjbw7doVdmYLE
         fypply4FVmrGBhlqdfG9tuHNk01ZrbiilLkXz3XKto8I2thuIWezcBgsxLkq8v1Bal3G
         vTyHMw6nLcoaswwe0sqnlqsLpHcL+MnX6MXTSuLrajDE4jlN8vNPhqeLqA19s28DqgA/
         DdPU7Qv02R23BLa+2R0jNiQZCHhDQAVCXQPxsIelQHTMBWi/wfo22tkCgkENZnPdGhaf
         0h4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=6FIcWAdA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h71-20020a63834a000000b0056387b40590si2307260pge.798.2023.08.04.16.58.07;
        Fri, 04 Aug 2023 16:58:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=6FIcWAdA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230430AbjHDWVF (ORCPT <rfc822;apalekar@gmail.com> + 99 others);
        Fri, 4 Aug 2023 18:21:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230343AbjHDWVE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 4 Aug 2023 18:21:04 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94D7DE70
        for <linux-kernel@vger.kernel.org>; Fri,  4 Aug 2023 15:21:03 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-d064a458dd5so2578735276.1
        for <linux-kernel@vger.kernel.org>; Fri, 04 Aug 2023 15:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1691187663; x=1691792463;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=/b75SsC9scGnF35935tzcOT5yZXu5YqOH3IvVYTIO2M=;
        b=6FIcWAdAD/y19QrMG96QEM8qoHmJvas1148syfBbX+sRjRgF3cTEEPXcRYJ18kwrhR
         wY1q1+67C0HpeIGox5P8r/KCkTFi3U9liXADQWiM+qrM2aKtTpLGMlaHBY/cwEmHqDag
         55NBesv7opvqVSXeMQ/XhCcEiQaob/XbWgJuO9P9NPREzbwde2YtLaKx/LIR1bU4bSGA
         vKED5hykI3YzHz6tuRxWQPNfi782TDdzjvwHcwH00mR7PMQQCUUaimJi9vrPA4nwsUPK
         fw33ZNAR45xNkwbyPFD1Jm5kDJJa0yX39n9UidMVMX27yXlJSZZi9LYWSjpFc1ENr2bv
         rW3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691187663; x=1691792463;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=/b75SsC9scGnF35935tzcOT5yZXu5YqOH3IvVYTIO2M=;
        b=edGoM6dDhUm4b0F+eynBTblg9Ok2ahwBemf3UTKrgAAwjpy40G/BqSUwkw8BnBdeyM
         SHi5CwUewgpvnoeFZqgzZ3sIvXNA67+Z/HS98PzXHgcb7NPnEHoxL0MjA7+YS2Og9lP/
         8Y2UIOzDIHm6Ucnt34fT1KZQESQkky8Mw9IJgTb6kEBIr9tFtIUJkEMKlXIq34Ngamiv
         BSZl6INjUWoQ+xZNQg+ELsSiMCJS649ecvzuAstqDPHAO7Z2+6eA6l7FHJsw56xB/rsB
         ZAE8KAJzEHy5+zp8rPbLp+BWZV8EdoPUFVzOKf69GC/oUmp9JMbcrgeMzcibW5EHz/aA
         VQZQ==
X-Gm-Message-State: AOJu0YxhGmShki4PBDs61ess2KZ/uJzUPmql6PCyukXeqppgMgaMku4g
        TNVNKNeqvGUll3j6f92YWthQJHfiQms=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a25:dbcf:0:b0:d01:60ec:d0e with SMTP id
 g198-20020a25dbcf000000b00d0160ec0d0emr17435ybf.9.1691187662858; Fri, 04 Aug
 2023 15:21:02 -0700 (PDT)
Date:   Fri, 4 Aug 2023 15:21:01 -0700
In-Reply-To: <c5bdcd8e-c6cd-d586-499c-4a2b7528cda9@redhat.com>
Mime-Version: 1.0
References: <20230803042732.88515-1-weijiang.yang@intel.com>
 <20230803042732.88515-12-weijiang.yang@intel.com> <ZMyJIq4CgXxudJED@chao-email>
 <ZM1tNJ9ZdQb+VZVo@google.com> <c5bdcd8e-c6cd-d586-499c-4a2b7528cda9@redhat.com>
Message-ID: <ZM15zd998LCOUOrZ@google.com>
Subject: Re: [PATCH v5 11/19] KVM:VMX: Emulate read and write to CET MSRs
From:   Sean Christopherson <seanjc@google.com>
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     Chao Gao <chao.gao@intel.com>,
        Yang Weijiang <weijiang.yang@intel.com>, peterz@infradead.org,
        john.allen@amd.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com,
        binbin.wu@linux.intel.com
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Aug 04, 2023, Paolo Bonzini wrote:
> On 8/4/23 23:27, Sean Christopherson wrote:
> > > > +
> > > > +	if (!kvm_cpu_cap_has(X86_FEATURE_SHSTK) &&
> > > > +	    !kvm_cpu_cap_has(X86_FEATURE_IBT))
> > > > +		return false;
> > > > +
> > > > +	return msr->host_initiated ||
> > > > +		guest_cpuid_has(vcpu, X86_FEATURE_IBT) ||
> > > > +		guest_cpuid_has(vcpu, X86_FEATURE_SHSTK);
> > 
> > Similar to my suggestsion for XSS, I think we drop the waiver for host_initiated
> > accesses, i.e. require the feature to be enabled and exposed to the guest, even
> > for the host.
> 
> No, please don't.  Allowing host-initiated accesses is what makes it
> possible to take the list of MSR indices and pass it blindly to KVM_GET_MSR
> and KVM_SET_MSR.

I don't see how that can work today.  Oooh, the MSRs that don't exempt host_initiated
are added to the list of MSRs to save/restore, i.e. KVM "silently" supports
MSR_AMD64_OSVW_ID_LENGTH and MSR_AMD64_OSVW_STATUS.

And guest_pv_has() returns true unless userspace has opted in to enforcement.

Sad panda.

That means we need to figure out a solution for KVM stuffing GUEST_SSP on RSM,
which is a "host" write but a guest controlled value.