From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964791AbeALPb3 (ORCPT + 1 other); Fri, 12 Jan 2018 10:31:29 -0500 Received: from mail-bn3nam01on0079.outbound.protection.outlook.com ([104.47.33.79]:29376 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933955AbeALPbN (ORCPT ); Fri, 12 Jan 2018 10:31:13 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier To: Ashok Raj , linux-kernel@vger.kernel.org, Thomas Gleixner , Tim Chen , Andy Lutomirski , Linus Torvalds , Greg KH Cc: Dave Hansen , Andrea Arcangeli , Andi Kleen , Arjan Van De Ven , David Woodhouse , Peter Zijlstra , Dan Williams , Paolo Bonzini , Jun Nakajima , Asit Mallick References: <1515720739-43819-1-git-send-email-ashok.raj@intel.com> <1515720739-43819-6-git-send-email-ashok.raj@intel.com> From: Tom Lendacky Message-ID: <75ceffe7-5035-dbb4-6027-91daa4e7fa94@amd.com> Date: Fri, 12 Jan 2018 09:31:02 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <1515720739-43819-6-git-send-email-ashok.raj@intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR08CA0090.namprd08.prod.outlook.com (10.172.143.156) To MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 28c49ca5-f20d-4778-51a2-08d559d18149 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020083)(4652020)(5600026)(4604075)(48565401081)(2017052603307)(7153060)(7193020);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;3:2SYeRZ5xIv33UqNN+x4gXCE3uxAqpMpd0XY+tOGyxW0Z0+8p8nTD77wM3pddi7ZUL//QNFESKr0uVPEp1g8x03i/lTFGFtIFsUoNKeTMkwczkNRMLLbc16C+QlHp2SS8MiwQf+eblM3p862J57x6GNzoM/p7/9bOmUy79TeFyBdvw3FzQbrqZcR7NEK3XNoJuL4DEMJKzwbpOTjIHDfDxhgw+K9iXqhtrIPuv4/PIzhMKcysLHILvlBkjvOzURBl;25:QjPBVjBopiiP4+Hb3FwsIl/dTj+ysQ2BwQrUQrfKV901CTo/2H3CM0hJHZBheDtjGAOxwI9aWf5kr49G344JLJKUF5+S9OvZ1p9JrE5G7G7ITVRzXSAAtWMe/gqoN5rkLlMvwNmuM2BQ2fejbC3E6hqflsbgQ4i/W5VADCVjdxsuFToAskD+rGcfGW3KHdVbAS6gM+taqxDdBE63pgQljlJS2M4xzRPpuAMMzBg3pu6S7UKVI9aK++TOKBWu4AQtNYTTXDAY0Hyb+jh/DlHETYqlf4h0QQM4W46NVtbgXhjt3aAixcfafYxnYBcaNApHEu784yI7KnunfpZVTbWkAA==;31:LyfaYmLqOIJGtvJTHl03eBnmsm2N9pTeP0pGY9dNbf8YV/gKperZDfXIQBhzGWpdVrfcaxQ0o2xcNV+OpQpClye06XX+aFxkx699IekZMMl/QRki+B9zUBYZcIpVjUDVAACQCit4Slz2JnBEeIo6X47dPvVbC1f1RniPQnBcxwFb3eQqiRevSaP8OvfjgNd5YAewc3lh2Vw/sbKX/6o6aYS0+bMLMZ8WaiG04i/kBOc= X-MS-TrafficTypeDiagnostic: MWHPR12MB1149: X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:ay6e9QBjj+K+UbGhDWP0nJ9JfoO5Oao30k821MGvhD/gyO7+dh0PKaoPFlmlawMgrFHfyYGJHVtOcbv7RaoumJ8xPYuWessqw6xw8fDeYnXD7hh1+nExlChdnvojtXPUrAJpFJEwbVCQv9U+QkaTET4XQUTm6rV8ymH2+3xb2b5EbbQipRw2qR8L8ruWX5fE9s3o9o0cxWU0lFoD+yguPrQy1Lpk68ARV/cXIYNfVihXPCzNQhI1Z80MCDhC2LZljMWPncsmLrQ6NQlyqNvYZI+e25IwKyNMOTHfuw1bOQ6CzguathyR72/+c/I1+4n/j0prFNJyxAriFkLFGGoZHWrQwzV7ybwVjwujmAfEi0y723XJ5/cR4xVBSVlGPBD13RaA2BAgl7u+fWdHLYEkw0MNZH5RexxCaiDJfmzQufMl3lfKLI8xotAEJNzIbdgOcVsg+oi7aw61pImwiAWk10w4CXkrNkfoNVei9+9HtFQROW3XJp0JaIk5V2C5Y4/t;4:VgxbBb3rfCy8RqXSHIJPvlU5K0ulOkS9SiWDRCXDQngA5ogzM6VEPQbKVwoSsxtQVIFVSJJ4wszCgy9p4WYMq+A98v34vJqTBtHAIUETV9/1g0esKEoNXETZXne3r8w19LCMYE586eDXYsWi4yPrpjFVQbwoBKUQJZV+z2uYR+n+3n1t0XHjfGwDRj73Wvh/nbIOa7MTHXtIMFbOt7uvrhmRYVeEJRWF3EMIiJq+06g+lr6PXctOpvDxbnZ3aX4//+JJI5CHxFcLqgNoGFfdPJFI1WMHRRfASsPqZwj0+umCw5/BRdcaw0jSrY3NpCQ8 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(3231023)(944501145)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041268)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011);SRVR:MWHPR12MB1149;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:MWHPR12MB1149; X-Forefront-PRVS: 0550778858 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(396003)(39860400002)(346002)(366004)(39380400002)(376002)(189003)(24454002)(199004)(2906002)(76176011)(2486003)(52146003)(23676004)(52116002)(16526018)(106356001)(6666003)(2950100002)(105586002)(66066001)(65826007)(65806001)(7416002)(230700001)(47776003)(65956001)(83506002)(16576012)(3846002)(6116002)(5660300001)(316002)(6246003)(58126008)(77096006)(90366009)(6486002)(31696002)(86362001)(64126003)(81156014)(31686004)(72206003)(229853002)(8676002)(25786009)(81166006)(8936002)(50466002)(4326008)(68736007)(7736002)(478600001)(97736004)(3260700006)(59450400001)(53936002)(110136005)(54906003)(53546011)(305945005)(36756003)(386003);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1149;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzIzOldwWTg0TkpTUFNuMVlZazN2RGt1WDRhZWlX?= =?utf-8?B?S1dpakJYeUs2ekM5NUJpVVQ0bXBOeHBHbDA0T2FNNGVnbzBtZXdYTzhOR25U?= =?utf-8?B?RkE2RFNubkVqUkFRUWd3Y25vdlJDdWJaaGl0NGlmS09PMnAxQmxTNTB3WVl1?= =?utf-8?B?dEp4U3JPUS9UNGVtalJlSGpDVmk2TCszd2RuSndUbHNOMjlaQVZvT0dNZy9J?= =?utf-8?B?ei90cFlHZ21aTkVkdmRPa3NFNHNxTHprRktGeWxqSWdxVnB3aElHWE5SbCty?= =?utf-8?B?ZWtPNE1POGJXbTNkSitPU0llZnVsZk5QMmZmZkNqYlp1NFJKYjZaaGYvbXZE?= =?utf-8?B?OEJKZVpOLzJKRFpBZEwvWHc1UXVOZFJabVhVS1NNOUVIYm9OUXpicXlJZzFE?= =?utf-8?B?N080OVR3WCsvVTQxcmJZSEpqSFYxVUlzQ2hObHlaZGZydmxNMFdKeS9PQStI?= =?utf-8?B?cGtFQVorR0FkWEVuTms3ejEyeFBIYmhsTk1IZ0Z4eHRlNnVPMGNtWTU1NUp4?= =?utf-8?B?V0VIdnJPaFJpcVVPQlBRRUVEVnU0bFNxamZkYllrdGtRNkhxSXViYWNNM3ZI?= =?utf-8?B?dTVhUUxWT1lJSHFnMlNWM2liWUFMMzhDR2lTaUtjSWNWMDZMK3VNOVlXbHZP?= =?utf-8?B?a3AwdjFkNngrT1FMbFhsZUdRbXpxaGEvWjBPM3JqclpuSXArTHV5MVo0SWZF?= =?utf-8?B?YWlydUpwR1kvZFlGM2FNTTMrWEM0VVZtcUFaOEZCenVBODdzSGpJdm00dWcy?= =?utf-8?B?a2VSUkJBdTU5aWtHRHNibFN0VlNqcEJ1blVDOXZOS0J6eDdnNERqMmI5L0k3?= =?utf-8?B?a2pDcmVYL1dFTFJQc0ZtenoxRVhEclBVNUpvZVpCUCtrYzBlL01YajNCWUFW?= =?utf-8?B?cE9YNDJwTmRoaWJheVgxV2lmRTBYVFJJL3VSeGZXQ0dSSk9kMmZUanZIY1M3?= =?utf-8?B?VnVxTHVOUmJQcnJpYTJqQzZjNzZmUWZUcExRZCtVV3lWTG1TcnRmM0ZUeUFD?= =?utf-8?B?Y1lDK0Y1NGFpTWJMRFBnRmtxU0dGOU1HT210UGFUc3g5Uzc0Uzg3T2Ixd0JW?= =?utf-8?B?S2swNDV4WDZhbFJ6TWNxQ1hGcThBSmExVzhtdXBld1lzYmxXV1hDdktEODZY?= =?utf-8?B?NmVDUy9jQVNLYktvNFJkdVNKVjJZNlB3b0N3ZUdvdE8xYkZMWXFHMXJmbjc2?= =?utf-8?B?TVkzT2ZibEc2enUxdlpUWnJKZ2hYOW52czVXbmZkYThMUlV2dGJycEs4ZTBW?= =?utf-8?B?OWtXOFNlNS9jc25FUlNxQ0F5VWxpSzhZNCswS2oxWFhJb2Z4akVMelRBTlZy?= =?utf-8?B?ak5sZndFZm55NXp0UW1jS25ZYjlDRlhRdE9nSVJpakFBOHdXTWtPWHluaXVW?= =?utf-8?B?a1lORTdkYXhaR0g1dVJhcTA2MU9nVURFZ3VRb1VBNWdxSEdWblpySnhTNklw?= =?utf-8?B?b0V2Nm5uU3ExZFJ2K2IzRlJmZXRjUlYrTmdhMkVRUmNUOEU5UFM5LzJUejU0?= =?utf-8?B?aENoUVF5Mjg3dHdBUXRvY2h4YStkUS9naCtLTXBrTTRqOTRkMU01RGpzaCtl?= =?utf-8?B?KzNETW1FRTMzU3QwRGR3dnlBTG1FQ2lOcVkvTUhTY3o0UDViOEdrOXFqNTdW?= =?utf-8?B?RWVNMjUzMndPdEZrZFFqRy9DL2J1UVZwYVNPcG9TZGVsdEZKekJlZ2tkdGRY?= =?utf-8?B?SXVmYnNYYWVqTW8xQnpiazFnci9CU2QxZVNkUHR6dnBpakNqT2NQUU5ZcFFO?= =?utf-8?B?OEVtNkVCeGk2MW1YVTZqMG11ZmlJSnlWZWhxb1VqSnUrTUJWM0w4WjRINVYx?= =?utf-8?B?MXBKNmdwM1dzRjJ1dTFwWkh0YWUxQnpJcUlkMXVlSG5qS2g3YTNLcmprTXdw?= =?utf-8?B?YnZsT0hybFo4SFgvcmE0YVpsV2ZqNGNtWGVlSlE2elh3V215ZSs2USthelhr?= =?utf-8?B?aGdqWGhybTloMngvbUFSN3FCNlZUQzRMSHo4S1REVTRBRFpnUlpERWJhUlB5?= =?utf-8?B?aEhRV0FSL1Z2NFFTK0ZRV1VncjN3anc4bHl2QT09?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;6:n+GxuBPGuusCXyqzQWTEhCl/QK+w/JrHmLT/88PDBouQhoin69abxuxz38+10pe7E9qjDrwz9gLQTAlUnZQPQbh+Hr1vzEqDISEH5dEOT+YspGhjnZ0D1D0vLQOLYNK9D9G0ndEU/XHkX/jXMjxoXxCnxeveXc2xjU25iTab+8+SDEERJPKvBlP7DyNnhLCg0MRWUYfk6bvblmBw3B0/sQd7kFcKpYfAzRttKiA2rw3HMMNXu11vsD69PegCpHof1VbO91/PBxsYo2xIXkBfZkkEShXc0f7BwZb89VropPH6c0O5kCQCJQ9T+RO8tQTQmxQECizK0ufWfjigVk0XS8iN/h2S28eRGzMOEneGalY=;5:ICrNTfDbRZUCN/YLsY0kf07ZHw+sHN1/xuR6N+2uq0FnMcfpZTaem4MyRrVKTiFMwaqDZYclMML/P4OSzuC7N55zrKv9bnAgY7zQ3mvaFu0GBhzgmbnG0GR4e3vxqOTrq/GLSA37mlcJRqYWpia+Ct2V2eyElAwgvaf66wO9Ogo=;24:6YXnnYEVwb/Cf5snlxcgXoYWouK1vRQ3c5C2mL56HtIlj7I32pSi/V3+xEKUWF3WwP1Dqk+btROMqwacGGtDp67tGv6nf2OnYiDsNxlLu/A=;7:edtGi84C5F7yewojolLap3yG0WZZFFMo8LAGJlezlgh9UiwR5DfHz5HGY6fAnfS0m2xOLKTVKlX2I0Slb7qNGQb/ZQkD5Cd4A4HyYYhBJHBwJB0raMA1FvHAvFbGf30pi6YSFS1w2Xqa2qAi2JG3+rcGRDcDFUZWKQ4RaqfvDuleeE+l4OhykjVmWRbKtRNxEurjghZkGvnIp3A91algE9j+ziajdFSbVldqUrXYCe6OAWm4uVcA5a5lvJRtr5ID SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:E8+wizo8Gzzu0DQS7O+qvSZMjMOaNU+WWr/LEErancOoZeskJDffoNheWPfalDWcZXsVSLAd/bAMXaYX1hiKxQZnl1f1irAMaYwTvFi4w2k0eV/cCQXVzUZZYi93iDGEOXf79fSZqMbuwEhExcgPCO0tfsS5Dzd8kWsEd3Ktkqw9sJxH0S5rWS5zeXNzG3vcNd8x25/CG4MDEDE2HH6BlelypDGwL/NcrMTe/oiWebNzXUPCwHpiOOuYp6V3+2oJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jan 2018 15:31:06.9739 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 28c49ca5-f20d-4778-51a2-08d559d18149 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 1/11/2018 7:32 PM, Ashok Raj wrote: > cpuid ax=0x7, return rdx bit 26 to indicate presence of both > IA32_SPEC_CTRL(MSR 0x48) and IA32_PRED_CMD(MSR 0x49) > > BIT0: Indirect Branch Prediction Barrier > > When this MSR is written with IBPB=1 it ensures that earlier code's behavior > doesn't control later indirect branch predictions. > > Note this MSR is only writable and does not carry any state. Its a barrier > so the code should perform a wrmsr when the barrier is needed. > > Signed-off-by: Ashok Raj > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 3 +++ > arch/x86/kernel/cpu/spec_ctrl.c | 7 +++++++ > arch/x86/kvm/svm.c | 16 ++++++++++++++++ > arch/x86/kvm/vmx.c | 10 ++++++++++ > 5 files changed, 37 insertions(+) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 624b58e..52f37fc 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -213,6 +213,7 @@ > #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */ > #define X86_FEATURE_SPEC_CTRL ( 7*32+19) /* Speculation Control */ > #define X86_FEATURE_SPEC_CTRL_IBRS ( 7*32+20) /* Speculation Control, use IBRS */ > +#define X86_FEATURE_PRED_CMD ( 7*32+21) /* Indirect Branch Prediction Barrier */ > > /* Virtualization flags: Linux defined, word 8 */ > #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ > diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h > index 3e1cb18..1888e19 100644 > --- a/arch/x86/include/asm/msr-index.h > +++ b/arch/x86/include/asm/msr-index.h > @@ -46,6 +46,9 @@ > #define SPEC_CTRL_DISABLE_IBRS (0 << 0) > #define SPEC_CTRL_ENABLE_IBRS (1 << 0) > > +#define MSR_IA32_PRED_CMD 0x00000049 > +#define FEATURE_SET_IBPB (1<<0) > + > #define MSR_IA32_PERFCTR0 0x000000c1 > #define MSR_IA32_PERFCTR1 0x000000c2 > #define MSR_FSB_FREQ 0x000000cd > diff --git a/arch/x86/kernel/cpu/spec_ctrl.c b/arch/x86/kernel/cpu/spec_ctrl.c > index 02fc630..6cfec19 100644 > --- a/arch/x86/kernel/cpu/spec_ctrl.c > +++ b/arch/x86/kernel/cpu/spec_ctrl.c > @@ -15,6 +15,13 @@ void spec_ctrl_scan_feature(struct cpuinfo_x86 *c) > if (!c->cpu_index) > static_branch_enable(&spec_ctrl_dynamic_ibrs); > } > + /* > + * For Intel CPU's this MSR is shared the same cpuid > + * enumeration. When MSR_IA32_SPEC_CTRL is present > + * MSR_IA32_SPEC_CTRL is also available > + * TBD: AMD might have a separate enumeration for each. AMD will follow the specification that if cpuid ax=0x7, return rdx[26] is set, it will indicate both MSR registers and features are supported. But AMD also has a separate bit for IBPB (X86_FEATURE_PRED_CMD) alone. As all of the IBRS/IBPB stuff happens, that patch will follow. > + */ > + set_cpu_cap(c, X86_FEATURE_PRED_CMD);> } > } > > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > index 7c14471a..36924c9 100644 > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -251,6 +251,7 @@ static const struct svm_direct_access_msrs { > { .index = MSR_SYSCALL_MASK, .always = true }, > #endif > { .index = MSR_IA32_SPEC_CTRL, .always = true }, > + { .index = MSR_IA32_PRED_CMD, .always = false }, This should be .always = true > { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false }, > { .index = MSR_IA32_LASTBRANCHTOIP, .always = false }, > { .index = MSR_IA32_LASTINTFROMIP, .always = false }, > @@ -531,6 +532,7 @@ struct svm_cpu_data { > struct kvm_ldttss_desc *tss_desc; > > struct page *save_area; > + struct vmcb *current_vmcb; > }; > > static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); > @@ -923,6 +925,8 @@ static void svm_vcpu_init_msrpm(u32 *msrpm) > > if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) > set_msr_interception(msrpm, MSR_IA32_SPEC_CTRL, 1, 1); > + if (boot_cpu_has(X86_FEATURE_PRED_CMD)) > + set_msr_interception(msrpm, MSR_IA32_PRED_CMD, 1, 1); Similar to the comment about SPEC_CTRL, this should be removed as it will be covered by the loop. > } > > static void add_msr_offset(u32 offset) > @@ -1711,11 +1715,18 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu) > __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); > kvm_vcpu_uninit(vcpu); > kmem_cache_free(kvm_vcpu_cache, svm); > + /* > + * The VMCB could be recycled, causing a false negative in svm_vcpu_load; > + * block speculative execution. > + */ > + if (boot_cpu_has(X86_FEATURE_PRED_CMD)) > + native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB); > } > > static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) > { > struct vcpu_svm *svm = to_svm(vcpu); > + struct svm_cpu_data *sd = per_cpu(svm_data, cpu); > int i; > > if (unlikely(cpu != vcpu->cpu)) { > @@ -1744,6 +1755,11 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) > if (static_cpu_has(X86_FEATURE_RDTSCP)) > wrmsrl(MSR_TSC_AUX, svm->tsc_aux); > > + if (sd->current_vmcb != svm->vmcb) { > + sd->current_vmcb = svm->vmcb; > + if (boot_cpu_has(X86_FEATURE_PRED_CMD)) > + native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB); > + } > avic_vcpu_load(vcpu, cpu); > } > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1913896..caeb9ff 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -2280,6 +2280,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) > if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { > per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; > vmcs_load(vmx->loaded_vmcs->vmcs); > + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) This should probably use X86_FEATURE_PRED_CMD. > + native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);> } > > if (!already_loaded) { > @@ -3837,6 +3839,12 @@ static void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs) > free_vmcs(loaded_vmcs->vmcs); > loaded_vmcs->vmcs = NULL; > WARN_ON(loaded_vmcs->shadow_vmcs != NULL); > + /* > + * The VMCS could be recycled, causing a false negative in vmx_vcpu_load > + * block speculative execution. > + */ > + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) Again, X86_FEATURE_PRED_CMD. > + native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB); > } > > static void free_kvm_area(void) > @@ -6804,6 +6812,8 @@ static __init int hardware_setup(void) > */ > if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) > vmx_disable_intercept_for_msr(MSR_IA32_SPEC_CTRL, false); > + if (boot_cpu_has(X86_FEATURE_PRED_CMD)) > + vmx_disable_intercept_for_msr(MSR_IA32_PRED_CMD, false); > > vmx_disable_intercept_for_msr(MSR_FS_BASE, false); > vmx_disable_intercept_for_msr(MSR_GS_BASE, false); >