From: KarimAllah Ahmed <karahmed@amazon.de> To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: "KarimAllah Ahmed" <karahmed@amazon.de>, "Andi Kleen" <ak@linux.intel.com>, "Andrea Arcangeli" <aarcange@redhat.com>, "Andy Lutomirski" <luto@kernel.org>, "Arjan van de Ven" <arjan@linux.intel.com>, "Ashok Raj" <ashok.raj@intel.com>, "Asit Mallick" <asit.k.mallick@intel.com>, "Borislav Petkov" <bp@suse.de>, "Dan Williams" <dan.j.williams@intel.com>, "Dave Hansen" <dave.hansen@intel.com>, "David Woodhouse" <dwmw@amazon.co.uk>, "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>, "H . Peter Anvin" <hpa@zytor.com>, "Ingo Molnar" <mingo@redhat.com>, "Janakarajan Natarajan" <Janakarajan.Natarajan@amd.com>, "Joerg Roedel" <joro@8bytes.org>, "Jun Nakajima" <jun.nakajima@intel.com>, "Laura Abbott" <labbott@redhat.com>, "Linus Torvalds" <torvalds@linux-foundation.org>, "Masami Hiramatsu" <mhiramat@kernel.org>, "Paolo Bonzini" <pbonzini@redhat.com>, "Peter Zijlstra" <peterz@infradead.org>, "Radim Krčmář" <rkrcmar@redhat.com>, "Thomas Gleixner" <tglx@linutronix.de>, "Tim Chen" <tim.c.chen@linux.intel.com>, "Tom Lendacky" <thomas.lendacky@amd.com> Subject: [PATCH v6 0/5] KVM: Expose speculation control feature to guests Date: Thu, 1 Feb 2018 22:59:41 +0100 [thread overview] Message-ID: <1517522386-18410-1-git-send-email-karahmed@amazon.de> (raw) Add direct access to speculation control MSRs for KVM guests. This allows the guest to protect itself against Spectre V2 using IBRS+IBPB instead of a retpoline+IBPB based approach. It also exposes the ARCH_CAPABILITIES MSR which is used by Intel processors to indicate RDCL_NO and IBRS_ALL. Keep in mind that the SVM part of the patch is unchanged this time. Mostly to get feedback/confirmation about the nested handling for VMX first, once this is done I will update SVM as well. v6: - Do not penalize (save/restore IBRS) all L2 guests when anyone of them starts using the SPEC_CTRL. v5: - svm: add PRED_CMD and SPEC_CTRL to direct_access_msrs list. - vmx: check also for X86_FEATURE_SPEC_CTRL for msr reads and writes. - vmx: Use MSR_TYPE_W instead of MSR_TYPE_R for the nested IBPB MSR - rewrite commit message for IBPB patch [2/5] (Ashok) v4: - Add IBRS passthrough for SVM (5/5). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL arch/x86/kvm/cpuid.c | 22 ++++-- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm.c | 87 +++++++++++++++++++++++ arch/x86/kvm/vmx.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.c | 1 + 5 files changed, 299 insertions(+), 8 deletions(-) Cc: Andi Kleen <ak@linux.intel.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Ashok Raj <ashok.raj@intel.com> Cc: Asit Mallick <asit.k.mallick@intel.com> Cc: Borislav Petkov <bp@suse.de> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com> Cc: Joerg Roedel <joro@8bytes.org> Cc: Jun Nakajima <jun.nakajima@intel.com> Cc: Laura Abbott <labbott@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tim Chen <tim.c.chen@linux.intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: KarimAllah Ahmed <karahmed@amazon.de> To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: KarimAllah Ahmed <karahmed@amazon.de>, Andi Kleen <ak@linux.intel.com>, Andrea Arcangeli <aarcange@redhat.com>, Andy Lutomirski <luto@kernel.org>, Arjan van de Ven <arjan@linux.intel.com>, Ashok Raj <ashok.raj@intel.com>, Asit Mallick <asit.k.mallick@intel.com>, Borislav Petkov <bp@suse.de>, Dan Williams <dan.j.williams@intel.com>, Dave Hansen <dave.hansen@intel.com>, David Woodhouse <dwmw@amazon.co.uk>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>, Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>, Joerg Roedel <joro@8bytes.org>, Jun Nakajima <jun.nakajima@intel.com>, Laura Abbott <labbott@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Masami Hiramatsu <m Subject: [PATCH v6 0/5] KVM: Expose speculation control feature to guests Date: Thu, 1 Feb 2018 22:59:41 +0100 [thread overview] Message-ID: <1517522386-18410-1-git-send-email-karahmed@amazon.de> (raw) Add direct access to speculation control MSRs for KVM guests. This allows the guest to protect itself against Spectre V2 using IBRS+IBPB instead of a retpoline+IBPB based approach. It also exposes the ARCH_CAPABILITIES MSR which is used by Intel processors to indicate RDCL_NO and IBRS_ALL. Keep in mind that the SVM part of the patch is unchanged this time. Mostly to get feedback/confirmation about the nested handling for VMX first, once this is done I will update SVM as well. v6: - Do not penalize (save/restore IBRS) all L2 guests when anyone of them starts using the SPEC_CTRL. v5: - svm: add PRED_CMD and SPEC_CTRL to direct_access_msrs list. - vmx: check also for X86_FEATURE_SPEC_CTRL for msr reads and writes. - vmx: Use MSR_TYPE_W instead of MSR_TYPE_R for the nested IBPB MSR - rewrite commit message for IBPB patch [2/5] (Ashok) v4: - Add IBRS passthrough for SVM (5/5). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL arch/x86/kvm/cpuid.c | 22 ++++-- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm.c | 87 +++++++++++++++++++++++ arch/x86/kvm/vmx.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/x86.c | 1 + 5 files changed, 299 insertions(+), 8 deletions(-) Cc: Andi Kleen <ak@linux.intel.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Ashok Raj <ashok.raj@intel.com> Cc: Asit Mallick <asit.k.mallick@intel.com> Cc: Borislav Petkov <bp@suse.de> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com> Cc: Joerg Roedel <joro@8bytes.org> Cc: Jun Nakajima <jun.nakajima@intel.com> Cc: Laura Abbott <labbott@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tim Chen <tim.c.chen@linux.intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org -- 2.7.4
next reply other threads:[~2018-02-01 21:59 UTC|newest] Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-02-01 21:59 KarimAllah Ahmed [this message] 2018-02-01 21:59 ` [PATCH v6 0/5] KVM: Expose speculation control feature to guests KarimAllah Ahmed 2018-02-01 21:59 ` [PATCH v6 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KarimAllah Ahmed 2018-02-02 17:37 ` Jim Mattson 2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for KarimAllah Ahmed 2018-02-01 21:59 ` [PATCH v6 2/5] KVM: x86: Add IBPB support KarimAllah Ahmed 2018-02-02 17:49 ` Konrad Rzeszutek Wilk 2018-02-02 18:02 ` David Woodhouse 2018-02-02 18:02 ` David Woodhouse 2018-02-02 19:56 ` Konrad Rzeszutek Wilk 2018-02-02 20:16 ` David Woodhouse 2018-02-02 20:16 ` David Woodhouse 2018-02-02 20:28 ` Konrad Rzeszutek Wilk 2018-02-02 20:31 ` David Woodhouse 2018-02-02 20:31 ` David Woodhouse 2018-02-02 20:52 ` Konrad Rzeszutek Wilk 2018-02-02 20:52 ` Alan Cox 2018-02-05 19:22 ` Paolo Bonzini 2018-02-05 19:24 ` Paolo Bonzini 2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for Ashok Raj 2018-02-16 3:44 ` [PATCH v6 2/5] KVM: x86: " Jim Mattson 2018-02-16 4:22 ` Andi Kleen 2018-05-03 1:27 ` Wanpeng Li 2018-05-03 9:19 ` Paolo Bonzini 2018-05-03 12:01 ` Wanpeng Li 2018-05-03 12:46 ` Tian, Kevin 2018-02-01 21:59 ` [PATCH v6 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KarimAllah Ahmed 2018-02-02 10:53 ` Darren Kenny 2018-02-02 17:35 ` Jim Mattson 2018-02-02 17:51 ` Konrad Rzeszutek Wilk 2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed 2018-02-01 21:59 ` [PATCH v6 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed 2018-02-02 11:03 ` Darren Kenny 2018-02-02 11:27 ` David Woodhouse 2018-02-02 11:27 ` David Woodhouse 2018-02-02 17:53 ` Konrad Rzeszutek Wilk 2018-02-02 18:05 ` David Woodhouse 2018-02-02 18:19 ` Konrad Rzeszutek Wilk 2018-02-02 17:57 ` Jim Mattson 2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed 2018-02-01 21:59 ` [PATCH v6 5/5] KVM: SVM: " KarimAllah Ahmed 2018-02-02 11:06 ` Darren Kenny 2018-02-02 18:02 ` Konrad Rzeszutek Wilk -- strict thread matches above, loose matches on Subject: below -- 2018-01-12 1:32 [PATCH 0/5] Add support for IBRS & IBPB KVM support Ashok Raj 2018-01-12 1:32 ` [PATCH 1/5] x86/ibrs: Introduce native_rdmsrl, and native_wrmsrl Ashok Raj 2018-01-12 1:41 ` Andy Lutomirski 2018-01-12 1:52 ` Raj, Ashok 2018-01-12 2:20 ` Andy Lutomirski 2018-01-12 3:01 ` Raj, Ashok 2018-01-12 5:03 ` Dave Hansen 2018-01-12 16:28 ` Josh Poimboeuf 2018-01-12 16:28 ` Woodhouse, David 2018-01-13 6:20 ` Andy Lutomirski 2018-01-13 13:52 ` Van De Ven, Arjan 2018-01-13 15:20 ` Andy Lutomirski 2018-01-13 6:19 ` Andy Lutomirski 2018-01-12 7:54 ` Greg KH 2018-01-12 12:28 ` Borislav Petkov 2018-01-12 1:32 ` [PATCH 2/5] x86/ibrs: Add new helper macros to save/restore MSR_IA32_SPEC_CTRL Ashok Raj 2018-01-12 1:32 ` [PATCH 3/5] x86/ibrs: Add direct access support for MSR_IA32_SPEC_CTRL Ashok Raj 2018-01-12 1:58 ` Dave Hansen 2018-01-12 3:14 ` Raj, Ashok 2018-01-12 9:51 ` Peter Zijlstra 2018-01-12 10:09 ` David Woodhouse 2018-01-15 13:45 ` Peter Zijlstra 2018-01-15 13:59 ` David Woodhouse 2018-01-15 14:45 ` Peter Zijlstra 2018-01-12 1:32 ` [PATCH 4/5] x86/svm: Direct access to MSR_IA32_SPEC_CTRL Ashok Raj 2018-01-12 7:23 ` David Woodhouse 2018-01-12 9:58 ` Peter Zijlstra 2018-01-12 10:13 ` David Woodhouse 2018-01-12 12:38 ` Paolo Bonzini 2018-01-12 15:14 ` Tom Lendacky 2018-01-12 1:32 ` [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier Ashok Raj 2018-01-12 10:08 ` Peter Zijlstra 2018-01-12 12:32 ` Borislav Petkov 2018-01-12 12:39 ` Woodhouse, David 2018-01-12 15:21 ` Tom Lendacky 2018-01-12 15:31 ` Tom Lendacky 2018-01-12 15:36 ` Woodhouse, David 2018-01-12 17:06 ` Tom Lendacky
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1517522386-18410-1-git-send-email-karahmed@amazon.de \ --to=karahmed@amazon.de \ --cc=Janakarajan.Natarajan@amd.com \ --cc=aarcange@redhat.com \ --cc=ak@linux.intel.com \ --cc=arjan@linux.intel.com \ --cc=ashok.raj@intel.com \ --cc=asit.k.mallick@intel.com \ --cc=bp@suse.de \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@intel.com \ --cc=dwmw@amazon.co.uk \ --cc=gregkh@linuxfoundation.org \ --cc=hpa@zytor.com \ --cc=joro@8bytes.org \ --cc=jun.nakajima@intel.com \ --cc=kvm@vger.kernel.org \ --cc=labbott@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mhiramat@kernel.org \ --cc=mingo@redhat.com \ --cc=pbonzini@redhat.com \ --cc=peterz@infradead.org \ --cc=rkrcmar@redhat.com \ --cc=tglx@linutronix.de \ --cc=thomas.lendacky@amd.com \ --cc=tim.c.chen@linux.intel.com \ --cc=torvalds@linux-foundation.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.