Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread David Woodhouse
On Tue, 2018-01-30 at 09:19 -0800, Jim Mattson wrote: > > Are you planning to allow L2 to write MSR_IA32_PRED_CMD without L0 > intercepting it, if the MSR write intercept is disabled in both the > vmcs01 MSR permission bitmap and the vmcs12 MSR permission bitmap? I don't see why we shouldn't.

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread David Woodhouse
On Tue, 2018-01-30 at 09:19 -0800, Jim Mattson wrote: > > Are you planning to allow L2 to write MSR_IA32_PRED_CMD without L0 > intercepting it, if the MSR write intercept is disabled in both the > vmcs01 MSR permission bitmap and the vmcs12 MSR permission bitmap? I don't see why we shouldn't.

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread Jim Mattson
On Mon, Jan 29, 2018 at 4:10 PM, KarimAllah Ahmed wrote: > From: Ashok Raj > > Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor > barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. > > [peterz: rebase and changelog

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread Jim Mattson
On Mon, Jan 29, 2018 at 4:10 PM, KarimAllah Ahmed wrote: > From: Ashok Raj > > Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor > barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. > > [peterz: rebase and changelog rewrite] > [karahmed: - rebase >

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread David Woodhouse
On Tue, 2018-01-30 at 08:22 -0600, Tom Lendacky wrote: > > @@ -918,6 +919,9 @@ static void svm_vcpu_init_msrpm(u32 *msrpm) > >   > >   set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1); > >   } > > + > > + if (boot_cpu_has(X86_FEATURE_IBPB)) > > +

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread David Woodhouse
On Tue, 2018-01-30 at 08:22 -0600, Tom Lendacky wrote: > > @@ -918,6 +919,9 @@ static void svm_vcpu_init_msrpm(u32 *msrpm) > >   > >   set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1); > >   } > > + > > + if (boot_cpu_has(X86_FEATURE_IBPB)) > > +

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread Tom Lendacky
On 1/29/2018 6:10 PM, KarimAllah Ahmed wrote: > From: Ashok Raj > > Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor > barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. > > [peterz: rebase and changelog rewrite] > [karahmed: -

Re: [PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-30 Thread Tom Lendacky
On 1/29/2018 6:10 PM, KarimAllah Ahmed wrote: > From: Ashok Raj > > Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor > barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. > > [peterz: rebase and changelog rewrite] > [karahmed: - rebase >- vmx:

[PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-29 Thread KarimAllah Ahmed
From: Ashok Raj Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. [peterz: rebase and changelog rewrite] [karahmed: - rebase - vmx: expose PRED_CMD whenever it is available

[PATCH v3 2/4] KVM: x86: Add IBPB support

2018-01-29 Thread KarimAllah Ahmed
From: Ashok Raj Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor barriers on switching between VMs to avoid inter VM Spectre-v2 attacks. [peterz: rebase and changelog rewrite] [karahmed: - rebase - vmx: expose PRED_CMD whenever it is available - svm: