KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL

[ Based on a patch from Ashok Raj <ashok.raj@intel.com> ]

Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
guests that will only mitigate Spectre V2 through IBRS+IBPB and will not
be using a retpoline+IBPB based approach.

To avoid the overhead of saving and restoring the MSR_IA32_SPEC_CTRL for
guests that do not actually use the MSR, only start saving and restoring
when a non-zero is written to it.

No attempt is made to handle STIBP here, intentionally. Filtering STIBP
may be added in a future patch, which may require trapping all writes
if we don't want to pass it through directly to the guest.

[dwmw2: Clean up CPUID bits, save/restore manually, handle reset]

Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>
Cc: kvm@vger.kernel.org
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ashok Raj <ashok.raj@intel.com>
Link: https://lkml.kernel.org/r/1517522386-18410-5-git-send-email-karahmed@amazon.de
(cherry picked from commit d28b387fb74da95d69d2615732f50cceb38e9a4d)

Orabug: 27525575
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
[Backport:

 There is a lot that this patch does not pick up - but the most important we need
 to pick up is the wrmsr(0x48, 0) when the retpoline is used. That is we cannot leave
 the MSR048 hanging around with the guest value. The reason is that on a particular
 CPU we may schedule another guest vCPU (a different) one, and the check on whether
 to write the MSR0x48 is if 'vmx->spec_ctrl' (the vmx is tied to a specific VCPU).
 Which means we may not write the prpoer guest vCPU MSR value in and have the
 stale one in the guest.!]

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4bbde986125997510767e59afe16a4242f5929ab..3f9c3b1fa1aeada8de1c5a24dc35babfdfef2b9e 100644 (file)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -4032,6 +4032,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
                rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
                if (ibrs_inuse)
                        wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS);
+               else if (svm->spec_ctrl)
+                       wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_DISABLE_IBRS);
        }
 
        /* Eliminate branch target predictions from guest mode */

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index b8465bb9e54c7c33a7107205e9d470e5f9890a90..990a2bb920ac407bc66a62a450de08d331305753 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8327,6 +8327,8 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
                rdmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
                if (ibrs_inuse)
                        wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_ENABLE_IBRS);
+               else if (vmx->spec_ctrl)
+                       wrmsrl(MSR_IA32_SPEC_CTRL, SPEC_CTRL_FEATURE_DISABLE_IBRS);
        }
 
        /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */