Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752625AbeAJRcl (ORCPT + 1 other); Wed, 10 Jan 2018 12:32:41 -0500 Received: from mail-it0-f68.google.com ([209.85.214.68]:42370 "EHLO mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751446AbeAJRch (ORCPT ); Wed, 10 Jan 2018 12:32:37 -0500 X-Google-Smtp-Source: ACJfBouhLFLbvX7e4wEGoLrXLtVqtsNzv5kznyZUu+N+6zMKDX3hSZyOF+iZwqkZ33sDEYmJ+X9Y+6TqNCOxxRnX+Fg= MIME-Version: 1.0 In-Reply-To: <35C3E23E-3BDE-4AFD-BD16-758A2D0B9037@gmail.com> References: <65578664-e3ec-f894-4e94-ff9fe6d7d6b3@redhat.com> <4ceeadb7-61c0-e5b9-867d-16c2bedcabc5@redhat.com> <35C3E23E-3BDE-4AFD-BD16-758A2D0B9037@gmail.com> From: Jim Mattson Date: Wed, 10 Jan 2018 09:32:36 -0800 Message-ID: Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest To: Nadav Amit Cc: Paolo Bonzini , Liran Alon , dwmw@amazon.co.uk, Konrad Rzeszutek Wilk , "the arch/x86 maintainers" , bp@alien8.de, Tom Lendacky , aliguori@amazon.com, Arjan van de Ven , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , LKML , kvm list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Right. For future CPUs with a well-engineered fix, no extra work should be necessary on VM-entry. However, for current CPUs, we have to ensure that host kernel addresses can't be deduced from by the guest. IBPB may be sufficient, but Intel's slide deck doesn't make that clear. On Wed, Jan 10, 2018 at 9:23 AM, Nadav Amit wrote: > Paolo Bonzini wrote: > >> On 10/01/2018 18:14, Jim Mattson wrote: >>>>> If (a) is true, does "IBRS ALL THE TIME" usage is basically a CPU >>>>> change to just create all BTB/BHB entries to be tagged with >>>>> prediction-mode at creation-time and that tag to be compared to current >>>>> prediction-mode when CPU attempts to use BTB/BHB? >>>> >>>> I hope so, and I hope said prediction mode includes PCID/VPID too. >>> >>> Branch prediction entries should probably be tagged with PCID, VPID, >>> EP4TA, and thread ID...the same things used to tag TLB contexts. >> >> But if so, I don't see the need for IBPB. > > It is highly improbable that a microcode patch can change how prediction > entries are tagged. IIRC, microcode may change the behavior of instructions > and “assists" (e.g., TLB miss). Not much more than that. >