x86/kvm: expose the CPUID of SPEC_CTRL and STIBP to guests

This patch shows an alternative approach to the one posted here: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1580364.html The advantages are 1) Simpler; 2) More reasonable because this is used to fill the hardware security hole, for all the x86 cpus that physically support the two CPUIDs, which means the hole already exists physically. All the VMs should use this feature no matter what CPU model they are using. So, exposing the two CPUIDs as long as they are physically supported by the hardware, and this doesn't require the QEMU side hardcode as usual. When the related feature bits are added to the kernel, and we can simply change it to: best->edx |= F(SPEC_CTRL) | F(PRED_CMD); Signed-off-by: Wei Wang <wei.w.wang@intel.com>
0day-ci · Jan 9, 2018 · 3f5dcda · 3f5dcda
1 parent ccff53f
commit 3f5dcda
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
@@ -70,6 +70,8 @@ u64 kvm_supported_xcr0(void)
 /* These are scattered features in cpufeatures.h. */
 #define KVM_CPUID_BIT_AVX512_4VNNIW     2
 #define KVM_CPUID_BIT_AVX512_4FMAPS     3
+#define KVM_CPUID_BIT_SPEC_CTRL         26
+#define KVM_CPUID_BIT_STIBP             27
 #define KF(x) bit(KVM_CPUID_BIT_##x)
 
 int kvm_update_cpuid(struct kvm_vcpu *vcpu)
@@ -109,6 +111,9 @@ int kvm_update_cpuid(struct kvm_vcpu *vcpu)
 		}
 	}
 
+	if (cpuid_edx(0x7) & (KF(SPEC_CTRL) | KF(STIBP)))
+		best->edx |= KF(SPEC_CTRL) | KF(STIBP);
+
 	best = kvm_find_cpuid_entry(vcpu, 0xD, 0);
 	if (!best) {
 		vcpu->arch.guest_supported_xcr0 = 0;