• Babu Moger's avatar
    KVM: SVM: Add support for Virtual SPEC_CTRL · d00b99c5
    Babu Moger authored
    Newer AMD processors have a feature to virtualize the use of the
    SPEC_CTRL MSR. Presence of this feature is indicated via CPUID
    function 0x8000000A_EDX[20]: GuestSpecCtrl. Hypervisors are not
    required to enable this feature since it is automatically enabled on
    processors that support it.
    
    A hypervisor may wish to impose speculation controls on guest
    execution or a guest may want to impose its own speculation controls.
    Therefore, the processor implements both host and guest
    versions of SPEC_CTRL.
    
    When in host mode, the host SPEC_CTRL value is in effect and writes
    update only the host version of SPEC_CTRL. On a VMRUN, the processor
    loads the guest version of SPEC_CTRL from the VMCB. When the guest
    writes SPEC_CTRL, only the guest version is updated. On a VMEXIT,
    the guest version is saved into the VMCB and the processor returns
    to only using the host SPEC_CTRL for speculation control. The guest
    SPEC_CTRL is located at offset 0x2E0 in the VMCB.
    
    The effective SPEC_CTRL setting is the guest SPEC_CTRL setting or'ed
    with the hypervisor SPEC_CTRL setting. This allows the hypervisor to
    ensure a minimum SPEC_CTRL if desired.
    
    This support also fixes an issue where a guest may sometimes see an
    inconsistent value for the SPEC_CTRL MSR on processors that support
    this feature. With the current SPEC_CTRL support, the first write to
    SPEC_CTRL is intercepted and the virtualized version of the SPEC_CTRL
    MSR is not updated. When the guest reads back the SPEC_CTRL MSR, it
    will be 0x0, instead of the actual expected value. There isn’t a
    security concern here, because the host SPEC_CTRL value is or’ed with
    the Guest SPEC_CTRL value to generate the effective SPEC_CTRL value.
    KVM writes with the guest's virtualized SPEC_CTRL value to SPEC_CTRL
    MSR just before the VMRUN, so it will always have the actual value
    even though it doesn’t appear that way in the guest. The guest will
    only see the proper value for the SPEC_CTRL register if the guest was
    to write to the SPEC_CTRL register again. With Virtual SPEC_CTRL
    support, the save area spec_ctrl is properly saved and restored.
    So, the guest will always see the proper value when it is read back.
    Signed-off-by: default avatarBabu Moger <babu.moger@amd.com>
    Message-Id: <161188100955.28787.11816849358413330720.stgit@bmoger-ubuntu>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    d00b99c5
svm.c 121 KB