On Wed, Dec 05, 2018 at 05:02:06PM -0500, Konrad Rzeszutek Wilk wrote:
> On Wed, Dec 05, 2018 at 05:19:56PM -0200, Eduardo Habkost wrote:
> > Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
> > to the guest, which makes STIBP available to guests. This was implemented
> > by commits d28b387fb74d ("KVM/VMX: Allow direct access to
> > MSR_IA32_SPEC_CTRL") and b2ac58f90540 ("KVM/SVM: Allow direct access to
> > MSR_IA32_SPEC_CTRL").
> >
> > However, we never updated GET_SUPPORTED_CPUID to let userspace know that
> > STIBP can be enabled in CPUID. Fix that by updating
>
> Ooops!
> > kvm_cpuid_8000_0008_ebx_x86_features and kvm_cpuid_7_0_edx_x86_features.
>
> Shouldn't there also be a patch in QEMU to use it? (aka, +stibp).
I will submit the QEMU patch soon.
A patch exists on some downstream QEMU distributions, already,
but it was never merged upstream because GET_SUPPORTED_CPUID
never supported STIBP in the upstream kernel. (And because in
the end it was not used for mitigating Spectre)
>
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Thanks!
--
Eduardo
