From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from hsi-kbw-5-158-153-52.hsi19.kabel-badenwuerttemberg.de ([5.158.153.52] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fIs4n-0007k3-Aq for speck@linutronix.de; Wed, 16 May 2018 10:46:25 +0200 Date: Wed, 16 May 2018 10:46:25 +0200 (CEST) From: Thomas Gleixner Subject: Re: [patch 07/15] Hidden 7 In-Reply-To: <20180516032226.GG18660@char.us.oracle.com> Message-ID: References: <20180513140048.543641807@linutronix.de> <20180513140538.798644579@linutronix.de> <20180516032226.GG18660@char.us.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Tue, 15 May 2018, speck for Konrad Rzeszutek Wilk wrote: > On Sun, May 13, 2018 at 04:00:55PM +0200, speck for Thomas Gleixner wrote: > > Subject: [patch 07/15] x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL > > From: Thomas Gleixner > > > > AMD is proposing a VIRT_SPEC_CTRL MSR to handle the Speculative Store > > Bypass Disable via MSR_AMD64_LS_CFG so that guests do not have to care > > about the bit position of the SSBD bit and thus facilitate migration. > > Oh, that is news to me. Is there an MSR value they had in mind? > > > > Also, the sibling coordination on Family 17H CPUs can only be done on > > the host. > > > > Extend x86_spec_ctrl_set_guest() and x86_spec_ctrl_restore_host() with an > > extra argument for the VIRT_SPEC_CTRL MSR. > > > > Hand in 0 from VMX and in SVM add a new virt_spec_ctrl member to the CPU > > data structure which is going to be used in later patches for the actual > > implementation. > > Why not expand it on VMX? That is couldn't this virtualized MSR be generic > to do the appropiate mitigation on both AMD and Intel? > > After all this is a software emulated MSR - so why make VMX ignore it? > (And yes I know the counter-argument - on Intel it should whack the SPEC_CTRL > MSR instead of fiddling with this - but then why have an 'virtualized' MSR > that is suppose to be generic!). Fine with me, but I leave that to the KVM wizards. Though I assume that this is a temporary workaround until AMD supports the real SPEC_CTRL MSR as well. > ..snip.. > > +++ b/arch/x86/kvm/svm.c > > @@ -213,6 +213,12 @@ struct vcpu_svm { > > } host; > > > > u64 spec_ctrl; > > + /* > > + * Contains guest-controlled bits of VIRT_SPEC_CTRL, which > > + * will be translated into the appropriate bits to perform > > s/bits/bits on the host/ ? sure. Thanks, tglx