[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 9/9] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 31 Jan 2022 11:54:40 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I13JbV30Q84jMnuIxDGe1ht+ULzN4fbgLPo++bczqm0=; b=lgPwCcc8D6S3WKM3dzDVlJeRxQeBkyLgkKdVzniNCJPOsjLNEYb6AiQQJIJEB1OdJqStpvsn8b0VJXb6qrZ9Y9XlQ7AT4FXlKs0xBnCGTrNx3siVVbCREJ8lF3YS2ARavshjX/Fa3kJfObJDrTWi02NRYlpMHZd42nzwFrW72rtvf0AFvqNxpFQvHnZyt/RpluQeLrXjABu7zDc14Nn46UijS3DyHiihF84mHG+ktux48MSkvU9JjvYSRuB8Lwyl54EgykpVI/38061KEqCSCtJ936uLgmeic3sjUYdiVzwYhpBJFWK17AurQ/KfwDeRqMSqo4Is2F3uZeb58vbjaA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jq5Hq3tP4ldEyU9Eah7CpfIqM+A3ws69doc23dIDfgs0Jg3xaRjHuYMnAnE06u2jxJ0HP+bpX6ZBzplLkhWXsw1EuMgfTF95Zt/ROFDqduKQ6H6EbFoSI2Ea+P6hoIW1kt2SBpTAVPF1jEq1ivGAEGJ1XhQGHCdUoY3Hody/3ZC99M7kRl9tar9jESz9qk/pkE2sIH95IuqvMBMFepEnHuj3K6NvFQIn8GEAJ7AyrT46RzRFLlK9y5fAAQJt4OXMIQ4kpfPh7yj4QKa4V2xfsr46HEXJiShUOzX86T3udzOKzR1YsUfs2OTvwwZRKXo9sL+eKWIlEVMx30fCQexaKw==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 31 Jan 2022 11:54:48 +0000
  • Ironport-data: A9a23:qOCGHK5AhrkxUIXFsiFFhQxRtNXAchMFZxGqfqrLsTDasY5as4F+v mcdXGHUMvvfM2T8fth0YYq39RxQ6JDczoNqSVRs/3o3Hi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FV8MpBsJ00o5wbZg2dcw2LBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z0 ORi9r2fR1sTPpbBtL4wDR1gDhFXFPgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQRq+HP pNDMFKDajyDPVpdYRAzFK5lwr7rnyGjLjYbmAOK8P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvTR4Y6BLC+sPlwjzW7xGYeFRkXXluTuuSihwi1XNc3F qAP0nNw9+5orhXtF4SjGU3jyJKZgvICc8JhPK4bxw/R8Krv7irDKzYAdiNxQfVz4afaWgcW/ lOOmtroAxlmv7uUVW+R+9+okN+iBcQGBTRcPHFZFGPp9/Gm+dhu1UyXEr6PBYbo1oWdJN3m/ 9ydQMHSbZ03hNVD6ai09Euvb9mE9smQFV5dCuk6swuYAuJFiGyNOtbABbvzt68owGOlor+p5 iJsdy+2t7hmMH11vHbRKNjh5Znwjxp/DBXSgER0A74q/Cm39niocOh4uW8ifxo5bZ5UJ261M Sc/XD+9ArcJZhNGiocsO+qM5zkCl/C8RbwJqNiJBjaxXnSBXFDep3w/DaJh92vsjFItgckC1 WSzKq6R4YIhIf0/llKeHr5FuZdyn3xW7T6NGfjTkkr2uZLDNC/9YepUazOmM7FmhJ5oVS2Iq b6zwePQlUUGOAA/CwGKmbMuwacidCZjXc6u950IJ4Zu4GNOQQkcNhMY+pt4E6RNlKVJjObYu Ha7X05T0l3kgnPbbw6NbxhehHnHBP6TdFo3Yn4hO0iGwX8mbdr95asTbcJvL7Im6PZi3bh/S PxcI5eMBfFGSzLm/TUBbMai8Nw+JUrz3Q/ebTC4ZDUffoJ7Q1Cb8NHTYQaypjIFCTC6tJVir uT4hB/bW5cKWy9rEN3SNKC011q0sHVEwLByUkLEL8N9YkLp9IQ2eSX9guVue5MHKAnZxyvc3 AGTWE9Kqe7Iqo4z0d/ImaHb8Nv5T7ogRhJXRjCJ46y3OC/W+nuY7bVBCOvYLyrAUG7U+bm5Y bkHxf/LL/Bazk1BtJBxEug3wPtmtcfvvbJT0i9tAG7PMwawErplL3SLgZtPu6lKyuMLsAe6Q BvSqNxTOLHPM8L5Cl8BYgEia73bh/0TnzDT69UzIVn7u3ArrObWDx0KMknekjFZIZt0LJghk LUot8Mh4gCijgYnb4SdhSdO+mXQdnENXs3LbH3B7FMHXubz9mx/XA==
  • Ironport-hdrordr: A9a23:TRtgcas0FgOBTClV3jFrHCRD7skC0oMji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJh5o6H8BEGBKUmskKKceeEqTPmftXrdyReVxeZZnMrfKlzbamLDH4tmu5 uIHJIOceEYYWIK7voSpTPIaerIo+P3sJxA592ut0uFJDsCA8oLjmdE40SgYzZLrWF9dMAE/f Gnl656Tk+bCBIqh7OAdx44tob41r/2vaOjRSRDKw8s6QGIgz/twqX9CQKk0hAXVC4K6as+8E De+jaJpZmLgrWe8FvxxmXT55NZlJ/K0d1YHvGBjcATN3HFlhuoXoJ8QLeP1QpF4t1HqWxa1e UkkS1QePib2EmhOF1dZiGdgjUI5Qxer0MKD2Xo2UcL7/aJHw7SQPAx+r6xOiGplXbI+usMjZ 6jlljpx6a+R3n77VXAzsmNWBdwmkWup30+1eYVknxESIMbLKRctIoF4SpuYd099Q/Bmcga+d NVfYrhDTdtACenRmGcunMqzM2nX3w1EBvDSk8eutaN2zwTmHxi1UMXyMEWg39FrfsGOtV5zv WBNr4tmKBFT8cQY644DOAdQdGvAmiIRR7XKmqdLVnuCalCMXPQrJz85qkz+YiRCdE15Yp3nI 6EXEJTtGY0dU6rAcqS3IdT+hSIW2m5VSSF8LAW23G4gMyLeFPGC1zwdLkeqbrWnxxEOLypZx +aAuMiP8Pe
  • Ironport-sdr: HHa1XY96LjsbtBTF3MS/i6T6p8+TvpuuL4LwvV4Dwz5NOalkgkvZlMOemU+IrPMkIKQIPd2r1F o9CHUPTAuuqN0oH81vouNVn0k7F9B67NFPJqzbJ2aYH3rYLfz47TdN1oszAJAvBOG6xnROJowK X529GbkmS4IjuSFX2aDazZISkMjDWqVkwvHJDYQ3liDNHKY2M5oXjkCTbFNBJEN1XxTex79lwJ FAewkPzpO2uEUkqMbz4DS695bZjr+9EHmMPI1oLMuvmllUXC70iRl5JpZAmVBXxWrvGEGN89A9 thW+Vd4qRys79m54i9Z71B23
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYFEshh+hEQ9Y7KkWo9sPMXmoMQax89PsAgAAVFYA=
  • Thread-topic: [PATCH v2 9/9] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default
On 31/01/2022 10:39, Jan Beulich wrote:
> On 28.01.2022 14:29, Andrew Cooper wrote:
>> With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM 
>> guests.
>>
>> Update the CPUID derivation logic (both PV and HVM to avoid losing subtle
>> changes), drop the MSR intercept, and explicitly enable the CPUID bits for 
>> HVM
>> guests.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks.

>
> Oneremark:
>
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v)
>>  
>>      vmcb_set_exception_intercepts(vmcb, bitmap);
>>  
>> +    /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */
>> +    svm_intercept_msr(v, MSR_SPEC_CTRL,
>> +                      cp->extd.ibrs ? MSR_INTERCEPT_NONE : 
>> MSR_INTERCEPT_RW);
> Technically I suppose the intercept would also be unneeded if the MSR
> doesn't exist at all, as then the CPU would raise #GP(0) for any guest
> attempt to access it.

Yes, but that is very dangerous.  There are known examples of real model
specific registers in the place where architectural ones also exist. 
The Haswell uarch has two non-faulting MSRs in the x2APIC range.

A guest poking MSR_SPEC_CTRL when it isn't enumerated is not a path
which needs optimising, and taking a vmexit is more robust against
model-specific behaviour.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.