Add direct access to speculation control MSRs for KVM guests. This allows the guest to protect itself against Spectre V2 using IBRS+IBPB instead of a retpoline+IBPB based approach. It also exposes the ARCH_CAPABILITIES MSR which is going to be used by future Intel processors to indicate RDCL_NO and IBRS_ALL. Ashok Raj (1): x86/kvm: Add IBPB support KarimAllah Ahmed (3): x86: kvm: Update the reverse_cpuid list to include CPUID_7_EDX x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL x86: vmx: Allow direct access to MSR_IA32_ARCH_CAPABILITIES arch/x86/kvm/cpuid.c | 6 ++++- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm.c | 14 +++++++++++ arch/x86/kvm/vmx.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/x86.c | 1 + 5 files changed, 92 insertions(+), 1 deletion(-) Cc: Andi Kleen <ak@xxxxxxxxxxxxxxx> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> Cc: Andy Lutomirski <luto@xxxxxxxxxx> Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> Cc: Ashok Raj <ashok.raj@xxxxxxxxx> Cc: Asit Mallick <asit.k.mallick@xxxxxxxxx> Cc: Borislav Petkov <bp@xxxxxxx> Cc: Dan Williams <dan.j.williams@xxxxxxxxx> Cc: Dave Hansen <dave.hansen@xxxxxxxxx> Cc: David Woodhouse <dwmw@xxxxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: H. Peter Anvin <hpa@xxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxxxxx> Cc: Janakarajan Natarajan <Janakarajan.Natarajan@xxxxxxx> Cc: Joerg Roedel <joro@xxxxxxxxxx> Cc: Jun Nakajima <jun.nakajima@xxxxxxxxx> Cc: Laura Abbott <labbott@xxxxxxxxxx> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx> Cc: kvm@xxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: x86@xxxxxxxxxx -- 2.7.4
