Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754684AbeAIV4P (ORCPT + 1 other); Tue, 9 Jan 2018 16:56:15 -0500 Received: from mx1.redhat.com ([209.132.183.28]:60198 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752721AbeAIV4N (ORCPT ); Tue, 9 Jan 2018 16:56:13 -0500 Subject: Re: [PATCH 6/7] x86/svm: Set IBPB when running a different VCPU To: Konrad Rzeszutek Wilk Cc: Arjan van de Ven , Liran Alon , jmattson@google.com, dwmw@amazon.co.uk, bp@alien8.de, aliguori@amazon.com, thomas.lendacky@amd.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <74e86dd8-804e-c9f2-098f-773283ac7065@redhat.com> <1255f660-55c5-86f0-07d0-b5846af35c4a@redhat.com> <20180109203909.GG19756@char.us.oracle.com> From: Paolo Bonzini Message-ID: Date: Tue, 9 Jan 2018 22:56:07 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20180109203909.GG19756@char.us.oracle.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 09 Jan 2018 21:56:13 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 09/01/2018 21:39, Konrad Rzeszutek Wilk wrote: > On Tue, Jan 09, 2018 at 05:49:08PM +0100, Paolo Bonzini wrote: >> On 09/01/2018 17:23, Arjan van de Ven wrote: >>> On 1/9/2018 8:17 AM, Paolo Bonzini wrote: >>>> On 09/01/2018 16:19, Arjan van de Ven wrote: >>>>> On 1/9/2018 7:00 AM, Liran Alon wrote: >>>>>> >>>>>> ----- arjan@linux.intel.com wrote: >>>>>> >>>>>>> On 1/9/2018 3:41 AM, Paolo Bonzini wrote: >>>>>>>> The above ("IBRS simply disables the indirect branch predictor") >>>>>>>> was my >>>>>>>> take-away message from private discussion with Intel.  My guess is >>>>>>>> that >>>>>>>> the vendors are just handwaving a spec that doesn't match what >>>>>>>> they have >>>>>>>> implemented, because honestly a microcode update is unlikely to do >>>>>>>> much >>>>>>>> more than an old-fashioned chicken bit.  Maybe on Skylake it does >>>>>>>> though, since the performance characteristics of IBRS are so >>>>>>>> different >>>>>>>> from previous processors.  Let's ask Arjan who might have more >>>>>>>> information about it, and hope he actually can disclose it... >>>>>>> >>>>>>> IBRS will ensure that, when set after the ring transition, no earlier >>>>>>> branch prediction data is used for indirect branches while IBRS is >>>>>>> set >>>> >>>> Let me ask you my questions, which are independent of L0/L1/L2 >>>> terminology. >>>> >>>> 1) Is vmentry/vmexit considered a ring transition, even if the guest is >>>> running in ring 0?  If IBRS=1 in the guest and the host is using IBRS, >>>> the host will not do a wrmsr on exit.  Is this safe for the host kernel? >>> >>> I think the CPU folks would want us to write the msr again. >> >> Want us, or need us---and if we don't do that, what happens? And if we >> have to do it, how is IBRS=1 different from an IBPB?... > > Arjan says 'ring transition' but I am pretty sure it is more of 'prediction > mode change'. And from what I have gathered so far moving from lower (guest) > to higher (hypervisor) has no bearing on the branch predicator. Meaning > the guest ring0 can attack us if we don't touch this MSR. > > We have to WRMSR 0x48 to 1 to flush out lower prediction. Aka this is a > 'reset' button and at every 'prediction mode' you have to hit this. That however makes me wonder why Intel said "before transitioning to ring 3, do WRMSR to IA32_SPEC_CTRL to clear IBRS to 0". I have looked again at the slides I had and "IBRS all the time" seems to require an IBPB anyway, thus making me wonder what's the point of it at all. Why can't we have proper indexing of the BTB by PCID and VPID, and forget IBRS completely on newer machines?!? > Can we have a discussion on making an kvm-security mailing list > where we can figure all this out during embargo and not have these > misunderstandings. Being told who knows what from other companies, would also have been a start. Instead CVE-2017-5715 was disclosed to each partner individually, and now _we_ are reaping what Intel has sown. Paolo