Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

From: David Woodhouse
Date: Wed Jan 31 2018 - 17:10:34 EST

Next message: Jaegeuk Kim: "Re: [PATCH 2/2] f2fs: support {d,id,did,x}node checksum"
Previous message: Joe Lawrence: "Re: [PATCH v5 0/3] livepatch: introduce atomic replace"
In reply to: Jim Mattson: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Next in thread: Linus Torvalds: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2018-01-31 at 14:06 -0800, Jim Mattson wrote:
> On Wed, Jan 31, 2018 at 1:59 PM, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
> > I'm actually working on IBRS_ALL at the moment.
> >
> > I was tempted to *not* let the guests turn it off. Expose SPEC_CTRL but
> > just make it a no-op.
>
> Maybe we could convince Intel to add a LOCK bit to IA32_SPEC_CTRL like
> the one in IA32_FEATURE_CONTROL.

Given that IBRS_ALL is supposed to be a sanely-performing option, I'd
rather convince Intel to just make it unconditional. If they've added
the appropriate tagging to the BTB, why even *have* this deliberately
insecure mode when IBRS==0?

I understand that until/unless they get a *proper* fix, software is
still going to have to use IBPB as appropriate. But there's no need for
the IBRS bit to do *anything*.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Jaegeuk Kim: "Re: [PATCH 2/2] f2fs: support {d,id,did,x}node checksum"
Previous message: Joe Lawrence: "Re: [PATCH v5 0/3] livepatch: introduce atomic replace"
In reply to: Jim Mattson: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Next in thread: Linus Torvalds: "Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]