• Paolo Bonzini's avatar
    KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality · c11f83e0
    Paolo Bonzini authored
    The current guest mitigation of TAA is both too heavy and not really
    sufficient.  It is too heavy because it will cause some affected CPUs
    (those that have MDS_NO but lack TAA_NO) to fall back to VERW and
    get the corresponding slowdown.  It is not really sufficient because
    it will cause the MDS_NO bit to disappear upon microcode update, so
    that VMs started before the microcode update will not be runnable
    anymore afterwards, even with tsx=on.
    
    Instead, if tsx=on on the host, we can emulate MSR_IA32_TSX_CTRL for
    the guest and let it run without the VERW mitigation.  Even though
    MSR_IA32_TSX_CTRL is quite heavyweight, and we do not want to write
    it on every vmentry, we can use the shared MSR functionality because
    the host kernel need not protect itself from TSX-based side-channels.
    Tested-by: default avatarJim Mattson <jmattson@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    c11f83e0
x86.c 266 KB