Received: by 10.223.176.46 with SMTP id f43csp580591wra; Wed, 24 Jan 2018 02:50:33 -0800 (PST) X-Google-Smtp-Source: AH8x227npRhpkIYio8QHFhTW4Jd+HQgl12f5tXXV9+h9gKYsImI7ctrICj09Uw2cewJKNK6f/7w4 X-Received: by 10.99.191.15 with SMTP id v15mr10664210pgf.216.1516791033027; Wed, 24 Jan 2018 02:50:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516791032; cv=none; d=google.com; s=arc-20160816; b=XJ+vx2QuhE2ybl4LIaslIdG+GjUrjyFyzZUC/g7ERZwtcxylNnPMSKFZNzFjA3fTE5 yB5gsdvpOZyTlDCuYk4dGQyqnKwgLKqCTGKIMIoEYy0fH1scCztWyi2eI3TvdCnBvvn8 mLuqTdO44R5f0B6NROjyqGhOprpaq2MF+28Fq6dSJtGxB85J+HQVJDqBUeZq6YgZBKBn Lpm6Lj79GzoGf/HC8bF/s2kzl1Qkwe+WgsKTpGV7YGIz8NjMlQIjI9c6VYyCnsdYCMOT liu6OG2BFxiHEaUXKZIxU7SdTobvRyndpUu5n1nchVHvBHhIf64QgMmnLaoNQSdtUdwA YYHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature :arc-authentication-results; bh=GImehW8DlwvTmM0cpuSkqUDxBMEQ5cEZH1fpfViiYIE=; b=JT/PNwXxi8g005k569olVCYasNPKdckR9zqJJsLmXMS1yj6FIXdB+D83LqCDvKGEgK 4I4TJYpJAcfs6TD5Ps3UTQ2Jec4+hVobvRcSFk8dZJPV6qe0rILogETAGdpwn1VrjRiE /KJED/KNvKTzCIvG/Qbmb80JQUfiVgOKzS0wuiBMeqRz73JRBnLlIxfVlZiWyoRfyeUE 6c9DQOsAom3wFecWjk4zCRbS6cbJhRp9htkG87WK3wp7XDE4fmtjvu8IAq1m7RSb/tGa 1gEvem78pdyAJAaHjqG8vmNbmjk3CslR34r1eHMfNhAbftUOwXuW0PVYg9tq52s0jTkk MO9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=WNJHCVww; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TcsmGMIY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c23si2702852pfc.323.2018.01.24.02.50.18; Wed, 24 Jan 2018 02:50:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=WNJHCVww; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TcsmGMIY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933061AbeAXKtx (ORCPT + 99 others); Wed, 24 Jan 2018 05:49:53 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:32957 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932891AbeAXKtv (ORCPT ); Wed, 24 Jan 2018 05:49:51 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 6ECCD223E4; Wed, 24 Jan 2018 05:49:50 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Wed, 24 Jan 2018 05:49:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hmh.eng.br; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=GImehW8DlwvTmM0cpuSkqUDxBMEQ5cEZH1fpfViiYIE=; b=WNJHCVww Zv49h/q3PluCbSSmyt+cHhhxtsNpzSKVTL8idxIv6yjcza2Y6c8akml1OgtoCYMG SZEwENsFd9RXc315Vj7zBUwycJtqPaXUTxHjJQdk4gqU8csYYN7ZU+QJb5RV4Qyq AZ29ZMljpkNz4pu0b7L+ZfBiOdJpGGrc4ap/FkNBFgm5vEt7xf6Ve8BmG/F2tHGa s7DxLCE4Ur3kZETBcUeSgvqdmR9jwlXG3TYV/8oFX6xLpKfynZO6DUDssvKfnI1Y xFZ29sr0g9N5A/7jf2aXvLR/KJ1pkPVXsmc+aD7twOvTEOP5ZNozZ3I0P3P7VflY jgJUllwlrnpSWQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=GImehW8DlwvTmM0cpuSkqUDxBMEQ5 cEZH1fpfViiYIE=; b=TcsmGMIYrAhsv7Zwnjw7pPC99+aRCsdhkmAbwPbhZvhys bRMcIXaiO6LlWo+POHuSIDQEpjJDS6YglhweWa0yN4noZDgJZCD6aPUXIeO/V/uD KPNdAxajqb0CVq7Xq6FlTWjsFs2lbkDxCndDuRkAaQvcXC32HzzdR2HDn+Hfyw98 TUzXU9yCfor8tRXg8bnBMK+W4wwO/Asfc65rVS8o9IkkkcuB0oaFT5243m+NiAtp FLylO9crQHZOZEBNpujbekPm4CY9o3XbhvB7Id0fe3ShTFyN30/lEedbU2BwQ4pg WU1PAAETpFDyzU0c8t8hKMt81NjWY7rK+nPXXQjnQ== X-ME-Sender: Received: from khazad-dum.debian.net (unknown [201.82.128.91]) by mail.messagingengine.com (Postfix) with ESMTPA id 0171A240F8; Wed, 24 Jan 2018 05:49:50 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by localhost.khazad-dum.debian.net (Postfix) with ESMTP id 115B03401620; Wed, 24 Jan 2018 08:49:46 -0200 (-02) X-Virus-Scanned: Debian amavisd-new at khazad-dum.debian.net Received: from khazad-dum.debian.net ([127.0.0.1]) by localhost (khazad-dum2.khazad-dum.debian.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 9ENB5f7_sWJe; Wed, 24 Jan 2018 08:49:45 -0200 (-02) Received: by khazad-dum.debian.net (Postfix, from userid 1000) id 1AEB6340161A; Wed, 24 Jan 2018 08:49:45 -0200 (-02) Date: Wed, 24 Jan 2018 08:49:44 -0200 From: Henrique de Moraes Holschuh To: David Woodhouse Cc: Peter Zijlstra , Thomas Gleixner , KarimAllah Ahmed , linux-kernel@vger.kernel.org, Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Tim Chen , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org Subject: Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure Message-ID: <20180124104944.jbgxlvlkkqjweyar@khazad-dum.debian.net> References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-6-git-send-email-karahmed@amazon.de> <1516741116.13558.11.camel@infradead.org> <20180124084735.GM2228@hirez.programming.kicks-ass.net> <1516784541.13558.90.camel@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1516784541.13558.90.camel@infradead.org> X-GPG-Fingerprint1: 4096R/0x0BD9E81139CB4807: C467 A717 507B BAFE D3C1 6092 0BD9 E811 39CB 4807 User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 Jan 2018, David Woodhouse wrote: > I'm kind of tempted to turn it into a whitelist just by adding 1 to the > microcode revision in each table entry. Sure, that N+1 might be another > microcode build that also has issues but never saw the light of day... Watch out for the (AFAIK) still not properly documented where it should be (i.e. the microcode chapter of the Intel SDM) weirdness in Skylake+ microcode revision. Actually, this is related to SGX, so anything that has SGX. When it has SGX inside, Intel will release microcode only with even revision numbers, but the processor may report it as odd (and will do so by subtracting 1, so microcode 0xb0 is the same as microcode 0xaf) when the update is loaded by the processor itself from FIT (as opposed as being loaded by WRMSR from BIOS/UEFI/OS). So, you could see N-1 from within Linux if we did not update the microcode, and fail to trigger a whitelist (or mistrigger a blacklist). -- Henrique Holschuh