From patchwork Tue Jan 9 06:25:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Wang, Wei W" X-Patchwork-Id: 10151021 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7F768601A1 for ; Tue, 9 Jan 2018 06:43:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 733DA1FFDA for ; Tue, 9 Jan 2018 06:43:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 656AB2842D; Tue, 9 Jan 2018 06:43:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DE9F81FFDA for ; Tue, 9 Jan 2018 06:43:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755063AbeAIGnb (ORCPT ); Tue, 9 Jan 2018 01:43:31 -0500 Received: from mga14.intel.com ([192.55.52.115]:32122 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754220AbeAIGna (ORCPT ); Tue, 9 Jan 2018 01:43:30 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Jan 2018 22:43:30 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,334,1511856000"; d="scan'208";a="193328910" Received: from devel-ww.sh.intel.com ([10.239.48.110]) by fmsmga005.fm.intel.com with ESMTP; 08 Jan 2018 22:43:29 -0800 From: Wei Wang To: pbonzini@redhat.com, kvm@vger.kernel.org Cc: jmattson@google.com, liran.alon@oracle.com, Wei Wang Subject: [PATCH RFC] x86/kvm: expose the CPUID of SPEC_CTRL and STIBP to guests Date: Tue, 9 Jan 2018 14:25:17 +0800 Message-Id: <1515479117-44967-1-git-send-email-wei.w.wang@intel.com> X-Mailer: git-send-email 2.7.4 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch shows an alternative approach to the one posted here: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1580364.html The advantages are 1) Simpler; 2) More reasonable because this is used to fill the hardware security hole, for all the x86 cpus that physically support the two CPUIDs, which means the hole already exists physically. All the VMs should use this feature no matter what CPU model they are using. So, exposing the two CPUIDs as long as they are physically supported by the hardware, and this doesn't require the QEMU side hardcode as usual. When the related feature bits are added to the kernel, and we can simply change it to: best->edx |= F(SPEC_CTRL) | F(PRED_CMD); Signed-off-by: Wei Wang --- arch/x86/kvm/cpuid.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 0099e10..c33d3d4 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -70,6 +70,8 @@ u64 kvm_supported_xcr0(void) /* These are scattered features in cpufeatures.h. */ #define KVM_CPUID_BIT_AVX512_4VNNIW 2 #define KVM_CPUID_BIT_AVX512_4FMAPS 3 +#define KVM_CPUID_BIT_SPEC_CTRL 26 +#define KVM_CPUID_BIT_STIBP 27 #define KF(x) bit(KVM_CPUID_BIT_##x) int kvm_update_cpuid(struct kvm_vcpu *vcpu) @@ -109,6 +111,9 @@ int kvm_update_cpuid(struct kvm_vcpu *vcpu) } } + if (cpuid_edx(0x7) & (KF(SPEC_CTRL) | KF(STIBP))) + best->edx |= KF(SPEC_CTRL) | KF(STIBP); + best = kvm_find_cpuid_entry(vcpu, 0xD, 0); if (!best) { vcpu->arch.guest_supported_xcr0 = 0;