[MODERATED] Re: [patch 04/11] [PATCH v2 04/10] Linux Patch #4

[Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>]

On Fri, Apr 20, 2018 at 07:03:31PM +0200, speck for Borislav Petkov wrote:
> On Fri, Apr 20, 2018 at 12:39:40PM -0400, speck for Konrad Rzeszutek Wilk wrote:
> > Wouldn't we leak our MD state to the guest? That is the guest
> > may have cleared everything (svm->spec_ctrl is zero when we VMEXIT),
> > and now we would be running it with MD bit set?
> 
> No, you pass the requested bits:
> 
> 		x86_enable_ibrs(svm->spec_ctrl);

I was thinking of the conditional:

if (svm->spec_ctrl) <=== HERE
	x86_enable_ibrs(svm->spec_ctrl);

Which meant that if the guest had set SPEC_CTRL to zero we would
never enter the x86_enable_ibrs function at all and VMENTER in the
guest with SPEC_CTRL MDD bit enabled (as we never restored
the guest SPEC_CTRL which is zero). Aka, leaking our state in it.

Hence thinking to ditch the conditional at all and just have those
two accessory functions.
> 
> and that function then picks apart which bits the host supports and sets
> them accordingly and filters out the reserved bits. You might call the
> function then:
> 
> 	x86_set_spec_ctrl();

> 
> and its counterpart
> 
> 	x86_restore_spec_ctrl();

Right. I am going to assume it would have an 'u64' as parameter.
> 
> or whatever. The restore side would simply clear the IBRS bit as we
> don't enable it on the host. It will restore the MD setting for the host
> too.
> 
> -- 
> Regards/Gruss,
>     Boris.
> 
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
> --