From patchwork Wed Apr 26 12:58:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13224574 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C538FC7618E for ; Wed, 26 Apr 2023 12:58:39 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.526691.818575 (Exim 4.92) (envelope-from ) id 1prej7-0000Ch-2q; Wed, 26 Apr 2023 12:58:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 526691.818575; Wed, 26 Apr 2023 12:58:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prej6-0000Ca-U4; Wed, 26 Apr 2023 12:58:28 +0000 Received: by outflank-mailman (input) for mailman id 526691; Wed, 26 Apr 2023 12:58:28 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1prej6-0000C2-1N for xen-devel@lists.xenproject.org; Wed, 26 Apr 2023 12:58:28 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2060e.outbound.protection.outlook.com [2a01:111:f400:fe1a::60e]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 085f2683-e432-11ed-8611-37d641c3527e; Wed, 26 Apr 2023 14:58:26 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by PAXPR04MB8799.eurprd04.prod.outlook.com (2603:10a6:102:20e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.21; Wed, 26 Apr 2023 12:58:24 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::52b2:f58:e19:56ae]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::52b2:f58:e19:56ae%2]) with mapi id 15.20.6319.033; Wed, 26 Apr 2023 12:58:24 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 085f2683-e432-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ORN+xLgr0lLUhcJP7FXsrmJQR311RJRO9i510VZO8H3+bnf5AxQVXgAKidEC1J/7EkwHPPvT10NFob/GD9B5jRqLsD6FD+1ZCiqsiSKj9c1zUAeE63wUzVvVVEudtplmegnrZjVlNe5wTMf/a+G36iZRvVUexHpCr83yKyacyV+anlElWewLchewf+vkYud1EIXzRBwDidtOL92iS49AVs6H3YHKvYNDy9FAHnGGfhJVMdwDfFIbdt758xyo/4JFWFmNyu8YtT+CTBcmZg3evBk1Op/PISsCNY59p9aF8tSZLrN3rj0B89sZtXibI5BQ20q1w5O1FYr6Mldtpzus/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uCLLEbpWgJusYs/t7RT986NWsS87zkp4TQOhZfhkS8s=; b=RCGJHLukDiZdoPnLPsUv0pqlO1pca2RT8tBRMvG3Otzsrm+00D2gvkz6J/P3QME1BaV/HfvxqxSzCMR3CMit9E1IGx8S8xdGdKRGEsUJ87u/+7wVwTWXRisq9rBaoU38mrbRg4nuS/+M/G39z9hhQTjkJxVWpx9ZbblzyJVimr7groFg65eloI32v8PxdSGn76EwMCqd5m4zLE7y17BC7aoRGs0fPuKsyq7I9k/Mb0EhH6hArMyTkYA9kHAx2CoPlPq0qblNEQYwe++TA9sFnai5YSXzzv5+CPqda9ZKADctxcVw6OargIQbZ5wr1xQq7ntNBY2UMoepZKs2uvON9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uCLLEbpWgJusYs/t7RT986NWsS87zkp4TQOhZfhkS8s=; b=vA0ySRO9nFWScDA3zD5c/7EIEWikOp+dGgZ3CMijzG5fqtRrJT+9nlEVo+OA2F789oQAOg9AfXW1vVCfp3WI6Z4LXzRUiXyM335lNPNhARApml4tfBeo29/e14w8RW4KobmN7YkfrpRMyYgecQmfiRbCzmLcnzl5zqhkqhFi4qHZLu0FmSSHdM2DMQ7jIvrvAYEI/kV45a7B1RIfEjLerIfoVzUqSFhwhloTv8L1EXYoU22V2NHnE5JJ3KV0Uj7pm9/mTtDv/M5+OvJdETyAnfzdDFe3CZvKufjTM0mAAvCFPdaxxxOB01yGI9KcCuN9/y8kRnXnsOpIDfm3YFuZwg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Wed, 26 Apr 2023 14:58:23 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: [PATCH 2/2] VMX/cpu-policy: disable RDTSCP and INVPCID insns as needed Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Kevin Tian , Jun Nakajima References: In-Reply-To: X-ClientProxiedBy: FR0P281CA0151.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b3::19) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|PAXPR04MB8799:EE_ X-MS-Office365-Filtering-Correlation-Id: ced1774d-3f67-4fa3-6fcc-08db4655ebba X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PBxy5op1H1AtA5GPjJHpLsfteFVc0Ms9pOQDVi2utmWAqUk/AKODPo4tUzSFBtoAb+WD4Bc0dAnXXJQU4OiYmY0r0XoUFk4ljYq6IQNtU9p/S88cc6wDTMNJWLtbILbrhz9BYN0d1CfmuJsoc1Hy65nlA5jN+zcdFBKkb2Ci7qxayWnLmeyEt2KdubDaVV/R8mohNMqur4upkXqVqfJ5g0lN0CWedFJNSHPlyTVUg7uzw8dx3AfN+kvqQ3ACjr18r9/d2Aw2uchJkfNXz0wmSk9MCK1YvTu+Xpz+6F/2Y9ehy+MQqu9KbwOrImkF2ws10vIZPoPTT3hQSyJbV9C8ZdeQDNfER39IQaXzmjrtjTv2bhlM74ZWyx2eTBMk/F6yreZ8/oYmnuTjy8yqaZji+G10ccVVvKOft2/cjglpVe7LmbFdtMFv+hsKagEHDKigVl2UMhm6NARsO++tNJtIL0fDvhO+ohvkOKy97rMP9GA+aLDtWw2vu8LIEVCiUZrYqJD1W1LvJVK9jWkCOIJb8NZfhTrO1AQbqLRjOHMCEggDMrs4rJn6bLNK16rjQlNpaWCA7EZOOZZHktvF30OPEz6ORNtPxAZkU2hCySfNxwBivy3zZ9ZDF3kqdYu60MhP36qeh1H7tIf1zlEsyyDisQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(396003)(136003)(39860400002)(376002)(346002)(451199021)(8936002)(38100700002)(2616005)(8676002)(66946007)(66556008)(66476007)(86362001)(31696002)(6916009)(316002)(4326008)(5660300002)(83380400001)(41300700001)(478600001)(6486002)(54906003)(186003)(36756003)(26005)(31686004)(6506007)(6512007)(2906002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?LKwUMmDjth8ErmyI1PJ97MA6h5h4?= =?utf-8?q?G5TWgPlbrIOjRBbl0QNaUAUkTbC7OrrHz4jrkZ7u+VFPqOJfXR1k+ovGhey64bGkJ?= =?utf-8?q?vckfl/MQkGPIqASoQelY38l3glTCHsVYuiLrEn81BKdPQ+rIirshqCJERR9J/IaWW?= =?utf-8?q?rfbUX6Cvt6tHj/7Sg2cw/rNVvxbLqwPH/aTVT54YWaZXPgUeclbGggT5dxjZLq7GV?= =?utf-8?q?AdofDll5pOwQUV6l9DjR958k7MDXUtxIgrk/zgmdjQHXyaZGMpKviyqTUKRHBxWfT?= =?utf-8?q?oNY9CHKQI4Wbv2VzZzoUKPkqzUdfqjR1OpVKSCbkePZnNjN8at1sMNcRqOeQ4Z1ln?= =?utf-8?q?5+KKwlT3bLZFMnTmOBIPqCLiRvuckfwbv6Gr8jg84I7hrYnhllL8Xh0WlCDkUhfMI?= =?utf-8?q?CQfN9eACKv5aaYk6N3M4qDlohdpVbA55hhSPN3t5NPs8sHzpoa935xFEI9x3aBOhf?= =?utf-8?q?xkfiJPoHmP/PzulCx0Q94tP9lXKDsoDi9PObK5nK08MwliWCU59MeRwpsrif1hi6m?= =?utf-8?q?WSurIHfogKC49uSBBnpH4VK6Sd7NZdo5vBwJGBERpKZvVsBDcuKPf0Juu4MUa02l3?= =?utf-8?q?3VNnSWiAkriwCzzgexmFveCUgFUAWGyNaokGRX0WbTmUStkRyiDtBHZhpyCkJ2NII?= =?utf-8?q?y5MO5lFM8CWCy9hOz2jyh40JlbL/DfqLeTmBEpaXIw86ahNiUiiRtsj083zTKu26P?= =?utf-8?q?Pkty8cPzkri450KGIWPo2ry4bMXKUSlEQ2Px2vrGyNeix/FePgRPL698ahElFeyk9?= =?utf-8?q?uzQHl9DVZwpyrW6BdcVMdMOC3LUMJALH2HZrKNRJsBdHorf0VgMxH0cO6fDskhfIY?= =?utf-8?q?PfpYpSs3KnlZRvlFyFi1wwLZZsXIkAKOHKvVgigNht8M2XJa6bRvUGhlR0AlEHFwC?= =?utf-8?q?ANjsSl92NWcdRSPvTcWluFzwD9hB4pVUS3QHAUOJQ5lLhmqLC6jnsNwKPqZjrWj+5?= =?utf-8?q?FMfNt4Gjbk5wnx8JVSJcPnHQcpKPb/06nAGKmrRsor2sEJh6rIN5Q2efJyQv5Zqgg?= =?utf-8?q?x7FPaZ1VS9RkokJyEToh48czlefRaI4+pMUF5utAiDj3pT/cw4n6XnB4hBhMVSJIt?= =?utf-8?q?PQ2SXJM4iTHGJW52hdMqwiU22+TYKk4eJI8jqZx7YVqIZFGviYubsCL9m/dldCM+b?= =?utf-8?q?AEh7Gz6PgpTR59UFz2IqF5+WbcSkeRlTCdGi4noIFy6R9/fgFWJiSwj0pNDv+YQTE?= =?utf-8?q?ttUCtqFsYGZtSJYkR+8jjrkhnh981VFC3v4QcYQPKB8xmlHHmqlXMtwt56lLQargM?= =?utf-8?q?a3j+rnSKkQ5wNk5HNKBINyyiFGDOSkXeaHLHTGVPw2llmty2bXSjChtFHAGuapEZk?= =?utf-8?q?XFrg3S9ais23uvM3QoRkeKXcweBfykBQJolxnWqN8JuWWIhpMR+bS21Kd085Aii/U?= =?utf-8?q?3cVvhoLylIchLbjWy4cbmJ09+KVb+mk4RGwpq8Kltrd28BkUiKC4HiY3Oi9L7Mzm1?= =?utf-8?q?MdQ5iiZiXNqC5/jb3b+CAYArl3p2Z40c5FbilDTbqh0kTBY72o0GUhMrgxpZ+79wg?= =?utf-8?q?guURX8DwN7Gc?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: ced1774d-3f67-4fa3-6fcc-08db4655ebba X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Apr 2023 12:58:24.5815 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: O1ZZ10yQjFzMJrIpOLDTc7m0qbiqcAX0l17FMwG5uLPuYVAUczzayjblNM+Tn9c6E2ofvVtGtmv/IM+PxcWXhw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB8799 When either feature is available in hardware, but disabled for a guest, the respective insn would better cause #UD if attempted to be used. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -785,6 +785,30 @@ static void cf_check vmx_cpuid_policy_ch vmx_vmcs_enter(v); vmx_update_exception_bitmap(v); + if ( cp->extd.rdtscp ) + { + v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_ENABLE_RDTSCP; + vmx_update_secondary_exec_control(v); + } + else if ( v->arch.hvm.vmx.secondary_exec_control & + SECONDARY_EXEC_ENABLE_RDTSCP ) + { + v->arch.hvm.vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_RDTSCP; + vmx_update_secondary_exec_control(v); + } + + if ( cp->feat.invpcid ) + { + v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_ENABLE_INVPCID; + vmx_update_secondary_exec_control(v); + } + else if ( v->arch.hvm.vmx.secondary_exec_control & + SECONDARY_EXEC_ENABLE_INVPCID ) + { + v->arch.hvm.vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID; + vmx_update_secondary_exec_control(v); + } + /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored.