From: Sean Christopherson <seanjc@google.com>
To: Jon Kohler <jon@nutanix.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Waiman Long <longman@redhat.com>,
Kees Cook <keescook@chromium.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] KVM: VMX: do not disable interception for MSR_IA32_SPEC_CTRL on eIBRS
Date: Wed, 25 May 2022 17:04:25 +0000 [thread overview]
Message-ID: <Yo5hmcdRvE1UrI4y@google.com> (raw)
In-Reply-To: <20220520204115.67580-1-jon@nutanix.com>
On Fri, May 20, 2022, Jon Kohler wrote:
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 610355b9ccce..1c725d17d984 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -2057,20 +2057,32 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> return 1;
>
> vmx->spec_ctrl = data;
> - if (!data)
> +
> + /*
> + * Disable interception on the first non-zero write, unless the
> + * guest is hosted on an eIBRS system and setting only
The "unless guest is hosted on an eIBRS system" blurb is wrong and doesn't match
the code. Again, it's all about whether eIBRS is advertised to the guest. With
some other minor tweaking to wrangle the comment to 80 chars...
/*
* Disable interception on the first non-zero write, except if
* eIBRS is advertised to the guest and the guest is enabling
* _only_ IBRS. On eIBRS systems, kernels typically set IBRS
* once at boot and never touch it post-boot. All other bits,
* and IBRS on non-eIBRS systems, are often set on a per-task
* basis, i.e. change frequently, so the benefit of avoiding
* VM-exits during guest context switches outweighs the cost of
* RDMSR on every VM-Exit to save the guest's value.
*/
> + * SPEC_CTRL_IBRS, which is typically set once at boot and never
Uber nit, when it makes sense, avoid regurgitating the code verbatim, e.g. refer
to "setting SPEC_CTRL_IBRS" as "enabling IBRS". That little bit of abstraction
can sometimes help unfamiliar readers understand the effect of the code, whereas
copy+pasting bits of the code doesn't provide any additional context.
> + * touched again. All other bits are often set on a per-task
> + * basis, i.e. may change frequently, so the benefit of avoiding
> + * VM-exits during guest context switches outweighs the cost of
> + * RDMSR on every VM-Exit to save the guest's value.
> + */
> + if (!data ||
> + (data == SPEC_CTRL_IBRS &&
> + (vcpu->arch.arch_capabilities & ARCH_CAP_IBRS_ALL)))
Align the two halves of the logical-OR, i.e.
if (!data ||
(data == SPEC_CTRL_IBRS &&
(vcpu->arch.arch_capabilities & ARCH_CAP_IBRS_ALL)))
break;
next prev parent reply other threads:[~2022-05-25 17:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-20 20:41 [PATCH v3] KVM: VMX: do not disable interception for MSR_IA32_SPEC_CTRL on eIBRS Jon Kohler
2022-05-25 17:04 ` Sean Christopherson [this message]
2022-05-25 17:14 ` Jon Kohler
2022-05-25 17:32 ` Sean Christopherson
2022-05-25 17:46 ` Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yo5hmcdRvE1UrI4y@google.com \
--to=seanjc@google.com \
--cc=aarcange@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=jon@nutanix.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.