Received: by 2002:ab2:69cc:0:b0:1fd:c486:4f03 with SMTP id n12csp471553lqp; Tue, 11 Jun 2024 09:33:17 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWeR3UR7IZx+LgXUJa3t6rlsNkujfmKkZUQ9CSbbzYlxvvw7FC8j4MqDHpjqtI9wO70QmfDdASF8bG5sIeMq1IBDzWl3H43MHyRxlltIA== X-Google-Smtp-Source: AGHT+IE1OwrgFt/6/nY7pIULo+MnyI5YCF3YxFCMSowshcwDakJyTt5OtpHqmmeU93/1CotGgBD+ X-Received: by 2002:a17:906:52d8:b0:a6e:f7b5:3189 with SMTP id a640c23a62f3a-a6ef7b539c6mr700446866b.76.1718123597168; Tue, 11 Jun 2024 09:33:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718123597; cv=pass; d=google.com; s=arc-20160816; b=ZOyNt4uJTPNvLBs1NCGYqy59jjlnNWokGMgrEe0X2bxnB4qSyLnQG0rfXmXNo6o8Bs /+3KQfSkwpHQb79Qct+Y1HpwswhI4LtrQbVVy2NqVpjgQjTp+D5ehNT0pgarU9p91UfK 462HhpqmL9Fk5FOeSFMssOFlWjs0JrCg+IKIcn0R5VfsO/3FEzjnNrGBga0WNRdqpgLn o3LuulqMK/KHU40JziWqnVODz0Ynfw7LfB9kM7x9u5bOlLJesCq3u+808ihLwNNOdWKJ d1Od9ftzDjfdEi7GH8xtlafl2aRzjU8vHV3XGsXFE+jP+FKEYOQNbNdppuIcJSFxR89r ALxA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=c4xBvCLscNy4YUa29ei3FsIjxDWpzTmRoOerBpLD1P4=; fh=WRNl11Lg6ECYQK/lXF/hB8DisJzqUCoiPS2sjp1s5Cs=; b=NRMlouxcrJ8IMElCNmXED0+lhkFvSXVv9vcOG3ZE4NBxRkiLa8XIL+CvlF8CUwvgeQ 6rBHS14agh0XFJou+Wy4NB2VvqXkVAve8YnJYl8gNYdwXqkZXJpTm2ruPqqHYs9b9Yvu KdJTGEhD6ROXvUkXJSPuJTaKPxCgW2WVxAo/Y1fHYXsYtLPwv2j9afz968GJy8GDRg2T dZHIIJBY+eqxozJ8QdqZ4D8KFLlGSevnTFOMpJ9YZInGneLR35hnsMIavOjTcpyZNuft XGIIPAzh/6TzVtG95TH7hqe2Se1BGRdW1U2PtjN5zHJFN01JGwS2PRKMiGaYPl1tR7al 5HCg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qLd0phHN; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-210253-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210253-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a6f1e09fe96si214817066b.609.2024.06.11.09.33.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jun 2024 09:33:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-210253-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qLd0phHN; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-210253-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-210253-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 7F5E11F214FA for ; Tue, 11 Jun 2024 16:33:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B293D3FB83; Tue, 11 Jun 2024 16:32:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qLd0phHN" Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C81338FA0 for ; Tue, 11 Jun 2024 16:32:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718123576; cv=none; b=NbQcTcmDihoG8EYFvstEJw2MD/WemNhzPmpdMyvDDxVmvgbYDxSs5mjwPIhNmmnQS0YC8fcIjnR9WLeke4afWuTGwC58rAkMkAweYNm/mik1efRNFJJmaX8CbqtO5DTHsrCitAhp782USlQ+W/7MGn/PBS3eMGs5bg0jmiR//YI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718123576; c=relaxed/simple; bh=PfL/6AgJasVkbCS8dVXqo5yRf1/3Wobmr0iuiQOC/Dg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=IbIqyjiLKqWbTTYGecWM1AuB0Ittb2Te0CF6qf//fZP510L4wsFJ+0ZSPde4qXdLW46P9sygzq6b3P+rMD3oxsk8UxDZ0w8KKs9zsLdSHsZiQASYpQ0EmuT1nxzqWihKb+hA7al/lyn28gnUNA9xz8EoOVQ83LezOTc2J++hr3c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qLd0phHN; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-6c380e03048so868784a12.3 for ; Tue, 11 Jun 2024 09:32:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1718123575; x=1718728375; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c4xBvCLscNy4YUa29ei3FsIjxDWpzTmRoOerBpLD1P4=; b=qLd0phHNv1lZYJU+KCPtfLnW27S9VcZvh31IhDtCElrYfr19En09w3FgB1w6szsVH+ uIFNIXIlrNpoVVQgI+L7PueLBrF3EcECmsqY+VM6qTL4N9N0aq//FFRndn/bD+fJ2Wx3 aq5M6Ba1kmyaU3jRg5hVsx3CqEbJKYPY/2QRmaxMHqeml1PIkBh8s3IGb/oDBxgDRkSv Nr0Jx8FgDopvRVSBvjDRSp7L0yk5Y6NXlWJEN534WZB9G09JVCe8DtiHbz+XmrXxt4Us fU44963FMEBV0Zv4ZqD6nEzkgLZs11NxL05lj9+bxaXwEvz3CWGqwPDdsKRru7sUB9fZ /+Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718123575; x=1718728375; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c4xBvCLscNy4YUa29ei3FsIjxDWpzTmRoOerBpLD1P4=; b=JfWug30N3QXl1JL67z9w5IxNUlUwfPkkR7K38z9A9GCzHCg4nPMWbzOVYc0g1E4tao U+QxG9Y1SXrwGl31Y6vXpKrtNYs+x9LoZyJGRPtlTRNEGcsd9iv30JaVfAD421uteyf5 H6w31gL65744xboCnwus1PI/o/l2KYjTijUW8fOdxv1hrcuM2IngxwYUS/vMuzKN80tb UfkUG5wTYry1Wa+BVLEtBKHymvph9ig6GcA1BH2Cao+H+ELKnXLd/V2JJ69IePqA7+7l TYvohRqWk9ZkFjKLy9VXw4oU0GV0vmuuJ8Fko+0omqA5crKZSMQcyTndS6Blcw6qJ5c9 rHSQ== X-Forwarded-Encrypted: i=1; AJvYcCX/p45mtXFM9pdVEfblB54VpOLqf8CWEJvgMbPkm/foS2k5DdxSLmgUsA7mYhz2DoVkDGIl50QWtld7Tx7nCHudE2DE2lpnWYUveW4o X-Gm-Message-State: AOJu0YyHcdH/nH1l75Dr6gfoySUgtWij43P30FQshh8z6ouePrXrOaQp 8ls0YdKucRVEfP4p+dNJrEUsvnrBtgV0tY/Y1iVuHGg7ka9rN1zZG91e7bNKXOx1qVyGOxRAYrZ +5w== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:3342:0:b0:6f8:2594:7ca6 with SMTP id 41be03b00d2f7-6f825947dbdmr3071a12.2.1718123574775; Tue, 11 Jun 2024 09:32:54 -0700 (PDT) Date: Tue, 11 Jun 2024 09:32:53 -0700 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240410143446.797262-1-chao.gao@intel.com> <20240410143446.797262-10-chao.gao@intel.com> Message-ID: Subject: Re: [RFC PATCH v3 09/10] KVM: VMX: Advertise MITI_CTRL_BHB_CLEAR_SEQ_S_SUPPORT From: Sean Christopherson To: Chao Gao Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, daniel.sneddon@linux.intel.com, pawan.kumar.gupta@linux.intel.com, Zhang Chen , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" Content-Type: text/plain; charset="us-ascii" On Tue, Jun 11, 2024, Chao Gao wrote: > On Tue, Jun 11, 2024 at 06:34:49AM -0700, Sean Christopherson wrote: > >> As said, this requires some tweaks to KVM_CAP_FORCE_SPEC_CTRL, such as making > >> the mask and shadow values adjustable and applicable on a per-vCPU basis. The > >> tweaks are not necessarily for Intel-defined virtual MSRs; if there were other > >> preferable interfaces, they could also benefit from these changes. > >> > >> Any objections to these tweaks to KVM_CAP_FORCE_SPEC_CTRL? > > > >Why does KVM_CAP_FORCE_SPEC_CTRL need to be per-vCPU? Won't the CPU bugs and > >mitigations be system-wide / VM-wide? > > Because spec_ctrl is per-vCPU and Intel-defined virtual MSRs are also per-vCPU. I figured that was the answer, but part of me was hopeful :-) > i.e., a guest __can__ configure different values to virtual MSRs on different > vCPUs even though a sane guest won't do this. If KVM doesn't want to rule out > the possibility of supporting Intel-defined virtual MSRs in userspace or any > other per-vCPU interfaces, KVM_CAP_FORCE_SPEC_CTRL needs to be per-vCPU. > > implementation-wise, being per-vCPU is simpler because, otherwise, once userspace > adjusts the hardware mitigations to enforce, KVM needs to kick all vCPUs. This > will add more complexity. +1, I even typed up as much before reading this paragraph. > And IMO, requiring guests to deploy same mitigations on vCPUs is an unnecessary > limitation. Yeah, I can see how it would make things weird for no good reason. So yeah, if the only thing stopping us from letting userspace deal with the virtual MSRs is converting to a vCPU-scoped ioctl(), then by all means, lets do that.