Re: [RESEND RFC 0/2] Paravirtualized Control Register pinning

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Liran Alon <liran.alon@oracle.com>
Cc: John Andersen <john.s.andersen@intel.com>,
	tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
	x86@kernel.org, hpa@zytor.com, sean.j.christopherson@intel.com,
	vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com,
	joro@8bytes.org, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Subject: Re: [RESEND RFC 0/2] Paravirtualized Control Register pinning
Date: Mon, 23 Dec 2019 18:46:06 +0100	[thread overview]
Message-ID: <f4d3d392-8edf-54b2-1b90-417447240e22@redhat.com> (raw)
In-Reply-To: <03F5FE31-E769-4497-922B-C8613F0951FA@oracle.com>

On 23/12/19 18:28, Liran Alon wrote:
>>> Why reset CR pinned MSRs by userspace instead of KVM INIT
>>> handling?
>> Most MSRs are not reset by INIT, are they?
>> 
>> Paolo
>> 
> MSR_KVM_SYSTEM_TIME saved in vcpu->arch.time is reset at
> kvmclock_reset() which is called by kvm_vcpu_reset() (KVM INIT
> handler). In addition, vmx_vcpu_reset(), called from
> kvm_vcpu_reset(), also resets multiple MSRs such as:
> MSR_IA32_SPEC_CTRL (vmx->spec_ctrl) and MSR_IA32_UMWAIT_CONTROL
> (msr_ia32_umwait_control).

These probably can be removed, since they are zero at startup and at
least SPEC_CTRL is documented[1] to be unaffected by INIT.  However, I
couldn't find information about UMWAIT_CONTROL.

> Having said that, I see indeed that most of MSRs are being set by
> QEMU in kvm_put_msrs() when level >= KVM_PUT_RESET_STATE. When is
> triggered by qemu_system_reset() -> cpu_synchronize_all_post_reset ->
> cpu_synchronize_post_reset() -> kvm_cpu_synchronize_post_reset().
> 
> So given current design, OK I agree with you that CR pinned MSRs
> should be zeroed by userspace VMM.
> 
> It does though seems kinda weird to me that part of CPU state is
> initialised on KVM INIT handler and part of it in userspace VMM. It
> could lead to inconsistent (i.e. diverging from spec) CPU behaviour.

The reason for that is the even on real hardware INIT does not touch
most MSRs:

  9.1 Initialization overview

  Asserting the INIT# pin on the processor invokes a similar response to
  a hardware reset. The major difference is that during an INIT, the
  internal caches, MSRs, MTRRs, and x87 FPU state are left unchanged
  (although, the TLBs and BTB are invalidated as with a hardware reset).
  An INIT provides a method for switching from protected to real-address
  mode while maintaining the contents of the internal caches.

Paolo

[1]
https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

next prev parent reply	other threads:[~2019-12-23 17:46 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-20 19:26 [RESEND RFC 0/2] Paravirtualized Control Register pinning John Andersen
2019-12-20 19:27 ` [RESEND RFC 1/2] KVM: X86: Add CR pin MSRs John Andersen
2019-12-20 19:27 ` [RESEND RFC 2/2] X86: Use KVM " John Andersen
2019-12-23  7:39   ` Andy Lutomirski
2019-12-23 12:06     ` Borislav Petkov
2019-12-24 21:18     ` Andersen, John S
2019-12-21 13:59 ` [RESEND RFC 0/2] Paravirtualized Control Register pinning Paolo Bonzini
2019-12-23 17:28   ` Andersen, John S
2019-12-23 14:30 ` Liran Alon
2019-12-24 22:56   ` Liran Alon
2019-12-25  2:04   ` Andy Lutomirski
2019-12-25 13:05     ` Liran Alon
2019-12-23 14:48 ` Liran Alon
2019-12-23 17:09   ` Paolo Bonzini
2019-12-23 17:27     ` Andersen, John S
2019-12-23 17:28     ` Liran Alon
2019-12-23 17:46       ` Paolo Bonzini [this message]
2019-12-23 22:49         ` Liran Alon
2019-12-24 19:44   ` Andersen, John S
2019-12-24 20:35     ` Liran Alon
2019-12-24 21:17       ` Andersen, John S

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f4d3d392-8edf-54b2-1b90-417447240e22@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=john.s.andersen@intel.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=liran.alon@oracle.com \
    --cc=mingo@redhat.com \
    --cc=sean.j.christopherson@intel.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox