On Tue, Mar 21, 2023 at 06:14:39PM -0700, Sean Christopherson wrote: > Virtualize FLUSH_L1D so that the guest can use the performant L1D flush > if one of the many mitigations might require a flush in the guest, e.g. > Linux provides an option to flush the L1D when switching mms. > > Passthrough MSR_IA32_FLUSH_CMD for write when it's supported in hardware > and exposed to the guest, i.e. always let the guest write it directly if > FLUSH_L1D is fully supported. > > Forward writes to hardware in host context on the off chance that KVM > ends up emulating a WRMSR, or in the really unlikely scenario where > userspace wants to force a flush. Restrict these forwarded WRMSRs to > the known command out of an abundance of caution. Passing through the > MSR means the guest can throw any and all values at hardware, but doing > so in host context is arguably a bit more dangerous. > > Link: https://lkml.kernel.org/r/CALMp9eTt3xzAEoQ038bJQ9LN0ZOXrSWsN7xnNUD%2B0SS%3DWwF7Pg%40mail.gmail.com > Link: https://lore.kernel.org/all/20230201132905.549148-2-eesposit@xxxxxxxxxx > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > --- > arch/x86/kvm/cpuid.c | 2 +- > arch/x86/kvm/svm/svm.c | 5 +++++ > arch/x86/kvm/vmx/nested.c | 3 +++ > arch/x86/kvm/vmx/vmx.c | 5 +++++ > arch/x86/kvm/vmx/vmx.h | 2 +- > arch/x86/kvm/x86.c | 12 ++++++++++++ > 6 files changed, 27 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c > index 599aebec2d52..9583a110cf5f 100644 > --- a/arch/x86/kvm/cpuid.c > +++ b/arch/x86/kvm/cpuid.c > @@ -653,7 +653,7 @@ void kvm_set_cpu_caps(void) > F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES) | F(INTEL_STIBP) | > F(MD_CLEAR) | F(AVX512_VP2INTERSECT) | F(FSRM) | > F(SERIALIZE) | F(TSXLDTRK) | F(AVX512_FP16) | > - F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) > + F(AMX_TILE) | F(AMX_INT8) | F(AMX_BF16) | F(FLUSH_L1D) > ); > > /* TSC_ADJUST and ARCH_CAPABILITIES are emulated in software. */ > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 85bb535fc321..b32edaf5a74b 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -95,6 +95,7 @@ static const struct svm_direct_access_msrs { > #endif > { .index = MSR_IA32_SPEC_CTRL, .always = false }, > { .index = MSR_IA32_PRED_CMD, .always = false }, > + { .index = MSR_IA32_FLUSH_CMD, .always = false }, > { .index = MSR_IA32_LASTBRANCHFROMIP, .always = false }, > { .index = MSR_IA32_LASTBRANCHTOIP, .always = false }, > { .index = MSR_IA32_LASTINTFROMIP, .always = false }, > @@ -4140,6 +4141,10 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu) > set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD, 0, > !!guest_has_pred_cmd_msr(vcpu)); > > + if (boot_cpu_has(X86_FEATURE_FLUSH_L1D)) Just curious, will this ever be true on AMD hardware? AFAIK, X86_FEATURE_FLUSH_L1D is Intel-defined CPU feature. > + set_msr_interception(vcpu, svm->msrpm, MSR_IA32_FLUSH_CMD, 0, > + !!guest_cpuid_has(vcpu, X86_FEATURE_FLUSH_L1D)); > + > /* For sev guests, the memory encryption bit is not reserved in CR3. */ > if (sev_guest(vcpu->kvm)) { > best = kvm_find_cpuid_entry(vcpu, 0x8000001F);
