KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD

BugLink: https://bugs.launchpad.net/bugs/1811080 commit bc226f07 upstream. Expose the new virtualized architectural mechanism, VIRT_SSBD, for using speculative store bypass disable (SSBD) under SVM. This will allow guests to use SSBD on hardware that uses non-architectural mechanisms for enabling SSBD. [ tglx: Folded the migration fixup from Paolo Bonzini ] Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [juergh: Added hunks that were missed in the original backport.] Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
BugLink: https://bugs.launchpad.net/bugs/1811080 commit bc226f07 upstream. Expose the new virtualized architectural mechanism, VIRT_SSBD, for using speculative store bypass disable (SSBD) under SVM. This will allow guests to use SSBD on hardware that uses non-architectural mechanisms for enabling SSBD. [ tglx: Folded the migration fixup from Paolo Bonzini ] Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [juergh: Added hunks that were missed in the original backport.] Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
80f3e90d · Tom Lendacky · Juerg Haefliger · 6cac847a · 80f3e90d · 80f3e90d
Commit 80f3e90d authored May 10, 2018 by Tom Lendacky Committed by Juerg Haefliger Feb 06, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 3 deletions

arch/x86/kvm/cpuid.h arch/x86/kvm/cpuid.h +10 -0

arch/x86/kvm/svm.c arch/x86/kvm/svm.c +11 -3

No files found.
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -213,6 +213,16 @@ static inline bool guest_cpuid_has_arch_capabilities(struct kvm_vcpu *vcpu)
 	return best && (best->edx & bit(X86_FEATURE_ARCH_CAPABILITIES));
 }

+static inline bool guest_cpuid_has_virt_ssbd(struct kvm_vcpu *vcpu)
+{
+	struct kvm_cpuid_entry2 *best;
+
+	best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0);
+	return best && (best->ebx & bit(X86_FEATURE_VIRT_SSBD));
+}
+
+
+
 /*
 * NRIPS is provided through cpuidfn 0x8000000a.edx bit 3
 */

--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3108,12 +3108,16 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)

 		msr_info->data = svm->spec_ctrl;
 		break;
-	case MSR_IA32_UCODE_REV:
-		msr_info->data = 0x01000065;
-		break;
 	case MSR_AMD64_VIRT_SPEC_CTRL:
+		if (!msr_info->host_initiated &&
+		    !guest_cpuid_has_virt_ssbd(vcpu))
+			return 1;
+
 		msr_info->data = svm->virt_spec_ctrl;
 		break;
+	case MSR_IA32_UCODE_REV:
+		msr_info->data = 0x01000065;
+		break;
 	case MSR_F15H_IC_CFG: {

 		int family, model;
@@ -3246,6 +3250,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 		set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
 		break;
 	case MSR_AMD64_VIRT_SPEC_CTRL:
+		if (!msr->host_initiated &&
+		    !guest_cpuid_has_virt_ssbd(vcpu))
+			return 1;
+
 		if (data & ~SPEC_CTRL_SSBD)
 			return 1;