From: Chao Gao <chao.gao@intel.com>
To: Binbin Wu <binbin.wu@linux.intel.com>
Cc: <kvm@vger.kernel.org>, Jiaan Lu <jiaan.lu@intel.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Zhang Chen <chen.zhang@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Babu Moger <babu.moger@amd.com>,
Daniel Sneddon <daniel.sneddon@linux.intel.com>,
Sandipan Das <sandipan.das@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Kim Phillips <kim.phillips@amd.com>,
Alexandre Chartre <alexandre.chartre@oracle.com>,
<linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH v2 05/11] x86/bugs: Use Virtual MSRs to request hardware mitigations
Date: Tue, 18 Apr 2023 10:01:52 +0800 [thread overview]
Message-ID: <ZD35e6XS9RePNZCx@chao-env> (raw)
In-Reply-To: <0312c900-fa7d-2ae5-22f7-956a7517193c@linux.intel.com>
On Mon, Apr 17, 2023 at 09:43:59PM +0800, Binbin Wu wrote:
>
>On 4/14/2023 2:25 PM, Chao Gao wrote:
>> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
>>
>> Guests that have different family/model than the host may not be aware
>> of hardware mitigations(such as RRSBA_DIS_S) available on host. This is
>> particularly true when guests migrate. To solve this problem Intel
>> processors have added a virtual MSR interface through which guests can
>> report their mitigation status and request VMM to deploy relevant
>> hardware mitigations.
>>
>> Use this virtualized MSR interface to request relevant hardware controls
>> for retpoline mitigation.
>>
>> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
>> Co-developed-by: Zhang Chen <chen.zhang@intel.com>
>> Signed-off-by: Zhang Chen <chen.zhang@intel.com>
>> Signed-off-by: Chao Gao <chao.gao@intel.com>
>> Tested-by: Jiaan Lu <jiaan.lu@intel.com>
>> ---
>> arch/x86/include/asm/msr-index.h | 25 +++++++++++++++++++++++++
>> arch/x86/kernel/cpu/bugs.c | 25 +++++++++++++++++++++++++
>> 2 files changed, 50 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
>> index 60b25d87b82c..aec213f0c6fc 100644
>> --- a/arch/x86/include/asm/msr-index.h
>> +++ b/arch/x86/include/asm/msr-index.h
>> @@ -166,6 +166,7 @@
>> * IA32_XAPIC_DISABLE_STATUS MSR
>> * supported
>> */
>> +#define ARCH_CAP_VIRTUAL_ENUM BIT_ULL(63) /* MSR_VIRTUAL_ENUMERATION supported */
>> #define MSR_IA32_FLUSH_CMD 0x0000010b
>> #define L1D_FLUSH BIT(0) /*
>> @@ -1103,6 +1104,30 @@
>> #define MSR_IA32_VMX_MISC_INTEL_PT (1ULL << 14)
>> #define MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS (1ULL << 29)
>> #define MSR_IA32_VMX_MISC_PREEMPTION_TIMER_SCALE 0x1F
>> +
>> +/* Intel virtual MSRs */
>> +#define MSR_VIRTUAL_ENUMERATION 0x50000000
>> +#define VIRT_ENUM_MITIGATION_CTRL_SUPPORT BIT(0) /*
>> + * Mitigation ctrl via virtual
>> + * MSRs supported
>> + */
>> +
>> +#define MSR_VIRTUAL_MITIGATION_ENUM 0x50000001
>> +#define MITI_ENUM_BHB_CLEAR_SEQ_S_SUPPORT BIT(0) /* VMM supports BHI_DIS_S */
>> +#define MITI_ENUM_RETPOLINE_S_SUPPORT BIT(1) /* VMM supports RRSBA_DIS_S */
>> +
>> +#define MSR_VIRTUAL_MITIGATION_CTRL 0x50000002
>> +#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT 0 /*
>> + * Request VMM to deploy
>> + * BHI_DIS_S mitigation
>> + */
>> +#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED BIT(MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT)
>
>Seems it is defined, but not used to request VMM to deploy BHI_DIS_S
>mitigation?
Because Linux kernel doesn't use BHB-clearing sequence. Instead,
"disable unprivileged eBPF by default" + SMAP + eIBRS are used.
KVM uses this bit when checking if guests, which may not be running
Linux, are using BHB-clearing sequence.
>
>
>And IMO, it is more natual to put this patch after the four capability
>advertising patches.
Makes sense. I will organize the series in that order.
next prev parent reply other threads:[~2023-04-18 2:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-14 6:25 [RFC PATCH v2 00/11] Intel IA32_SPEC_CTRL Virtualization Chao Gao
2023-04-14 6:25 ` [RFC PATCH v2 01/11] x86/msr-index: Add bit definitions for BHI_DIS_S and BHI_NO Chao Gao
2023-04-14 9:52 ` Binbin Wu
2023-04-14 6:25 ` [RFC PATCH v2 02/11] KVM: x86: Advertise CPUID.7.2.EDX and RRSBA_CTRL support Chao Gao
2023-04-16 7:04 ` Binbin Wu
2023-04-16 13:25 ` Chao Gao
2023-05-15 6:53 ` Xiaoyao Li
2023-05-16 2:04 ` Chao Gao
2023-05-16 2:22 ` Xiaoyao Li
2023-05-16 3:01 ` Chao Gao
2023-05-16 7:03 ` Xiaoyao Li
2023-05-16 9:09 ` Chao Gao
2023-05-18 9:50 ` Xiaoyao Li
2023-05-19 9:43 ` Chao Gao
2023-04-14 6:25 ` [RFC PATCH v2 03/11] KVM: x86: Advertise BHI_CTRL support Chao Gao
2023-05-15 7:14 ` Xiaoyao Li
2023-04-14 6:25 ` [RFC PATCH v2 04/11] KVM: VMX: Add IA32_SPEC_CTRL virtualization support Chao Gao
2023-04-17 3:17 ` Binbin Wu
2023-04-18 2:07 ` Chao Gao
2023-04-17 6:48 ` Chenyi Qiang
2023-04-17 7:31 ` Chao Gao
2023-05-16 7:16 ` Xiaoyao Li
2023-05-16 9:20 ` Chao Gao
2023-04-14 6:25 ` [RFC PATCH v2 05/11] x86/bugs: Use Virtual MSRs to request hardware mitigations Chao Gao
2023-04-17 13:43 ` Binbin Wu
2023-04-18 2:01 ` Chao Gao [this message]
2023-04-14 6:25 ` [RFC PATCH v2 06/11] KVM: x86: Advertise ARCH_CAP_VIRTUAL_ENUM support Chao Gao
2023-05-18 10:14 ` Xiaoyao Li
2023-05-19 9:57 ` Chao Gao
2023-05-22 1:02 ` Xiaoyao Li
2023-04-14 6:25 ` [RFC PATCH v2 07/11] KVM: VMX: Advertise MITIGATION_CTRL support Chao Gao
2023-04-14 6:25 ` [RFC PATCH v2 08/11] KVM: VMX: Advertise MITI_ENUM_RETPOLINE_S_SUPPORT Chao Gao
2023-05-18 10:25 ` Xiaoyao Li
2023-05-19 10:26 ` Chao Gao
2023-05-22 9:43 ` Liu, Jingqi
2023-04-14 6:25 ` [RFC PATCH v2 09/11] KVM: VMX: Advertise MITI_CTRL_BHB_CLEAR_SEQ_S_SUPPORT Chao Gao
2023-05-22 9:41 ` Liu, Jingqi
2023-04-14 6:25 ` [RFC PATCH v2 10/11] KVM: selftests: Add tests for virtual enumeration/mitigation MSRs Chao Gao
2023-05-22 9:39 ` Liu, Jingqi
2023-04-14 6:25 ` [RFC PATCH v2 11/11] KVM: selftests: Add tests for IA32_SPEC_CTRL MSR Chao Gao
2023-04-14 9:51 ` [RFC PATCH v2 00/11] Intel IA32_SPEC_CTRL Virtualization Binbin Wu
2023-04-14 22:10 ` Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZD35e6XS9RePNZCx@chao-env \
--to=chao.gao@intel.com \
--cc=alexandre.chartre@oracle.com \
--cc=babu.moger@amd.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=chen.zhang@intel.com \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jiaan.lu@intel.com \
--cc=jpoimboe@kernel.org \
--cc=kim.phillips@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=sandipan.das@amd.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.