This series introduces "virtual IA32_SPEC_CTRL" support. Here are introduction and use cases of this new feature. ### Virtual IA32_SPEC_CTRL Virtual IA32_SPEC_CTRL [1] is a new VMX feature on Intel CPUs. This feature allows VMM to fix some bits of IA32_SPEC_CTRL MSR even when the MSR is pass-thru'd to a guest. ### Use cases of virtual IA32_SPEC_CTRL Software mitigations like Retpoline and software BHB-clearing sequence depend on CPU microarchitectures. And guest cannot know exactly the underlying microarchitecture. When a guest is migrated between processors of different microarchitectures, software mitigations which work perfectly on previous microachitecture may be not effective on the new one. To fix the problem, some hardware mitigations should be used in conjunction with software mitigations. Using virtual IA32_SPEC_CTRL, VMM can enforce hardware mitigations transparently to guests and avoid those hardware mitigations being accidentally disabled when guest changes IA32_SPEC_CTRL MSR. ### Intention of this series This series adds the capability of enforcing hardware mitigations for guests transparently and efficiently (i.e., without intecepting IA32_SPEC_CTRL MSR accesses) to kvm. The capability can be used to solve the VM migration issue in a pool consisting of processors of different microarchitectures. Specifically, below are two target scenarios of this series: Scenario 1: If retpoline is used by a VM to mitigate IMBTI in CPL0, VMM can set RRSBA_DIS_S on parts enumerates RRSBA. Note that the VM is presented with a microarchitecture doesn't enumerate RRSBA. Scenario 2: If a VM uses software BHB-clearing sequence on transitions into CPL0 to mitigate BHI, VMM can use "virtual IA32_SPEC_CTRL" to set BHI_DIS_S on newer hardware which doesn't enumerate BHI_NO. Intel defines some virtual MSRs for guests to notify VMM of software mitigations in use. Such information allows VMM to enable hardware mitigations only when necessary (i.e., VMs care about the vulnerability and are using software mitigiation) to minimize the performance impact to other VMs. The support of the virtual MSRs also added in this series. ### Organization of this series This series is developed based on v6.1-rc7 (commit ef4d3ea40565a781c25847e9cb96c1bd9f462bc6) 1. Patch 1 introduce Intel SPEC_CTRL BHI related definition. 2. Patch 2/3 advertises {RRSBA/BHI}_CTRL for retpoline/BHB-clearing sequence mitigations for KVM. 3. Patch 4 introduce Intel virtual IA32_SPEC_CTRL 4. Patch 5-7 virtualize a set of virtual MSRs for guests to communicate software mitigations in use. 5. Patch 8-9 enable "virtual IA32_SPEC_CTRL" VMX feature with virtual MSRs support in KVM. ### Documentation Refer to below link for more information: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html Pawan Gupta (1): x86/bugs: Use Virtual MSRs to request hardware mitigations Zhang Chen (8): x86/speculation: Introduce Intel SPEC_CTRL BHI related definition KVM: x86: Add a kvm-only leaf for RRSBA_CTRL KVM: x86: Add a kvm-only leaf for BHI_CTRL x86/kvm/vmx: Virtualize Intel IA32_SPEC_CTRL kvm/x86: Add ARCH_CAP_VIRTUAL_ENUM for guest MSR_IA32_ARCH_CAPABILITIES kvm/x86: Add MSR_VIRTUAL_MITIGATION_ENUM/CTRL emulation x86/kvm/vmx: Initialize SPEC_CTRL MASK for RRSBA x86/kvm/vmx: Initialize SPEC_CTRL MASK for BHI arch/x86/include/asm/msr-index.h | 29 +++++++ arch/x86/include/asm/vmx.h | 5 ++ arch/x86/include/asm/vmxfeatures.h | 2 + arch/x86/kernel/cpu/bugs.c | 24 ++++++ arch/x86/kvm/cpuid.c | 4 + arch/x86/kvm/reverse_cpuid.h | 9 ++ arch/x86/kvm/vmx/capabilities.h | 5 ++ arch/x86/kvm/vmx/vmx.c | 109 ++++++++++++++++++++++++- arch/x86/kvm/vmx/vmx.h | 27 +++++- arch/x86/kvm/x86.c | 23 +++++- tools/arch/x86/include/asm/msr-index.h | 6 ++ 11 files changed, 238 insertions(+), 5 deletions(-) -- 2.25.1