Received: by 2002:ab2:7407:0:b0:1f4:b336:87c4 with SMTP id e7csp211313lqn; Thu, 11 Apr 2024 21:08:03 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVyEh+u4JWy6Ksfu67CASYFoEfMhn5IE9p0XMPDjFwDGAiYvkvM9/scmPEL+SYDNzBnrZ6Xk4oecBVIpWxPi8zPcoIp1+nT2mtUK59o6w== X-Google-Smtp-Source: AGHT+IE+TEpONzz7j97y/WD/XWpM5RqRPi4BVPEIHxw69aKkOqkwSmcDxnF3uUwQ6XzYtdL3YY0N X-Received: by 2002:a05:6e02:184f:b0:36a:2fc3:3e0a with SMTP id b15-20020a056e02184f00b0036a2fc33e0amr1721095ilv.3.1712894883626; Thu, 11 Apr 2024 21:08:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712894883; cv=pass; d=google.com; s=arc-20160816; b=OIBZxtSbu8MEG5JHXXcu5xkjUU1uY3FcwhYmJ8Ab9S7ReJaNPS5kzb5gg/c33zkBSC 0/ngPzhP8LRhD/tvLffYZzCw7eMVtSfAPBDiayMBozaZv1oOvse0n1Z9webHW53gHuCW FZW0Fhg5xpiF2+aFshIBxir80gk/iVDIq1ZVEKYdUQclkRbRFcOGP4mPdzluqqhsaTjV 51xk8gNcX2ds7eOmG2QVkjnzYzVkcSiMZZHekYjgog79FcXQiLdHQ3OR/YNj1gwVcfVX q84QpBBNRs8i2njuvIcBDwT2xt8J9mfZEto2JrVcG8w0uFYktRnRfsaky7NS2/QARkvO CZmA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=TWGZtsGqJTB94/trEDr9F6ImbwgWZVLIi8X5eo0700A=; fh=+IH2Y5lQ9olyUtgEn2KlJw/5+dcvtdpQUxXfWlKtuwU=; b=wKqRCdj3kbV/r0r268Lp/DfJ1UrrTeNbyjhwDCqtcMp6ZoD4paOPau9Ch0xzDo4obP DCPiBh4pXsaL3UphlrN8IpsTIvO4OctpXaNSefT9IPwYBkEqzZIT6hUJuoFv5ahyW81J zIXfmInd46HqnbyoY4SSZ0UqC6i1gShUlEB/fn8rjYhJJc5nIUDzjqNzLkitOZd+imbj LVVsGyXD0H9F2t0Y1TrnKOBKafUqRMao9x89LqR1gAMTlgkL5YtgovqcPZ9tCvoBxT3W Xgt/wsug1HlNCR2amUmBMdwVGxxKsCgRstOzNXzjauoyGSb8IplXcxIVa9A9YHivPvfg zBzA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=SouzeARN; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-141888-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141888-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id b19-20020a63d813000000b005cdfb96ea62si2353806pgh.243.2024.04.11.21.08.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 21:08:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-141888-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=SouzeARN; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-141888-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141888-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4D460B22712 for ; Fri, 12 Apr 2024 04:08:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4F0371863B; Fri, 12 Apr 2024 04:07:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SouzeARN" Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA97617C7C for ; Fri, 12 Apr 2024 04:07:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712894869; cv=none; b=Aicc1VywPAj2kyrifOdOkpyHm6rCGT3UDcwSwhPiGqeIi3dziET1AC/d9MFnEF97yOUKm4sXQp4GUZ1XcKKodUV2srspmgYvtXuWBanPYwWR37/+pdp7FfDL1KsEZ/tXpHEuGj6/rSeyNhjiNeSdTkqCDPQk03uzvYW2lNPLILI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712894869; c=relaxed/simple; bh=TWGZtsGqJTB94/trEDr9F6ImbwgWZVLIi8X5eo0700A=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=sTe2Np6565GNDcvFH6N9lKcRoBjgo6Sqi9RrzC7MycgBcYjtoit6gIORV5QLETtRkqZVxJscM9RgbMJ59LIl4RZZzTTpDkySh8gWzGblU5JGQq0vHcSPP7qLUth0OwOfJr6gMR5b2R+207IJ4+nrn6NxFebUEVs+j8sHhcMigA0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SouzeARN; arc=none smtp.client-ip=209.85.208.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-56e2e851794so4383a12.0 for ; Thu, 11 Apr 2024 21:07:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712894866; x=1713499666; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TWGZtsGqJTB94/trEDr9F6ImbwgWZVLIi8X5eo0700A=; b=SouzeARNw7rD+rebCEMhpsY+SW7/KHC/Kz+gOFZadUyP+XtPWrtUsN/Cx7/PPUiZlX MajORzxmA5PCgyfiJCxqt8ePbwHq2T2pdYL8SOujg9mEKXmFdI1RrURxaieqqdLBVBE2 lTvB50hCigGZp/MhE8V1aoXZJPSoH1gw3N6KnqW6k3xBBnG9IKf4oL8oBnU57h7OgYz6 wR+Z3RDrTUyB94mQyjglo2g46SO9h9kxH4aS8va4NHYVq6dY+5bP/cse9QmTHJSLNW61 k0FnyvixPb/PK587u5fES9qNE2/HOMgrMy8+3cBUvG7JbON4QEqcdGOpai8QE6zcs0uv jHRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712894866; x=1713499666; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TWGZtsGqJTB94/trEDr9F6ImbwgWZVLIi8X5eo0700A=; b=oK9Gb2PliyQJW2NCoXGUkMNs/HPWO9srXj+uuNCvZ4BH2+qYPTo+sK0mnAg4EvKaSp 7Yi6VcCRjnorescsN+wFVW0O4f45UakfQhohMPVv7ZmDNLtFHjHL1CQp2N3OjIFGHcls LKaMRZfdPgNxx5IYTAUgiuiqsMNeAZ8qoF87Ml2a8L3L4LTO++gEdN4JZim3Z8Qfz0VW 4Tgrolejhet0FNI7cYFLmVfEoVPz3565g2iXt45y6oEX48xJcmmYq+YB0tZ2hoHk73LN wSKSgjq+MtmVz1AGmWgF0YhmtDT0ilfGfq1wIx5GoZp2s8ZJWCaxFiTSiStbCBKhwpVx df2w== X-Forwarded-Encrypted: i=1; AJvYcCXM8kUmlYfUoEt8tCWX9C3vxh6NOtz4nX4W4/kRAbZZ5PMSOGxEsyabfK1zRoW8l4GnkJpIXwVoYhhdFZW8EDvD+Vlhvi8OGqc06KjS X-Gm-Message-State: AOJu0YwpKNiAAD64FwRE/At5CwybXIswQZfL26TUef0yDP5ZvjCYpSHS 8y7Xsy082FpMue3ZNXJw3n8acMkqNkK/L/Sb/PEBxtbDHnKdVE8cAJv6AYqZajRr5QK53c+T/XU EO0xTlJHSM15SIxRHSYPyNS11AiTvQC0g63T+ X-Received: by 2002:a05:6402:610:b0:56f:ed6f:2b6d with SMTP id n16-20020a056402061000b0056fed6f2b6dmr90879edv.6.1712894866168; Thu, 11 Apr 2024 21:07:46 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240410143446.797262-1-chao.gao@intel.com> <20240410143446.797262-2-chao.gao@intel.com> In-Reply-To: <20240410143446.797262-2-chao.gao@intel.com> From: Jim Mattson Date: Thu, 11 Apr 2024 21:07:31 -0700 Message-ID: Subject: Re: [RFC PATCH v3 01/10] KVM: VMX: Virtualize Intel IA32_SPEC_CTRL To: Chao Gao Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, daniel.sneddon@linux.intel.com, pawan.kumar.gupta@linux.intel.com, Sean Christopherson , Paolo Bonzini , Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Apr 10, 2024 at 7:35=E2=80=AFAM Chao Gao wrote= : > > From: Daniel Sneddon > > Currently KVM disables interception of IA32_SPEC_CTRL after a non-0 is > written to IA32_SPEC_CTRL by guest. The guest is allowed to write any > value directly to hardware. There is a tertiary control for > IA32_SPEC_CTRL. This control allows for bits in IA32_SPEC_CTRL to be > masked to prevent guests from changing those bits. > > Add controls setting the mask for IA32_SPEC_CTRL and desired value for > masked bits. > > These new controls are especially helpful for protecting guests that > don't know about BHI_DIS_S and that are running on hardware that > supports it. This allows the hypervisor to set BHI_DIS_S to fully > protect the guest. > > Suggested-by: Sean Christopherson > Signed-off-by: Daniel Sneddon > Signed-off-by: Pawan Gupta > [ add a new ioctl to report supported bits. Fix the inverted check ] > Signed-off-by: Chao Gao This looks quite Intel-centric. Isn't this feature essentially the same as AMD's V_SPEC_CTRL? Can't we consolidate the code, rather than having completely independent implementations for AMD and Intel?