Received: by 10.223.176.5 with SMTP id f5csp3370762wra; Mon, 29 Jan 2018 12:16:03 -0800 (PST) X-Google-Smtp-Source: AH8x227CnCZK8QJJ7hG11Q5Nb1D8dzLor6Am2RM7mE2OyPx2XA5N3zBwkb/dOJ0ig29ybzb+sWzM X-Received: by 10.101.77.208 with SMTP id q16mr21631632pgt.395.1517256962938; Mon, 29 Jan 2018 12:16:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517256962; cv=none; d=google.com; s=arc-20160816; b=wtU7HhQrS6St220E3IjhrUIQh+7L3G/2rzzhIcmipHL1+DcwzhlAw+an8smpjfNEAe yxY7uIdwTgpF0/LRpeJ0Ky0R1IHQmqXW8wWWOMWJq4t4Qrocx4N9rhukohcXlwXgMVJ/ 5att1F0pNC1WM+jVaspmWUVh3u8ob7SqGGHDCw3iysDkIJaSdLN3UvbuEEe/TdvkfdQW 2NVwn0B23wet9weegBPDGyUimGrgJ9cBmso+5d9Bl63sEXK9cSdZ5CBRlN8N8WT07oD2 NCdIGDEy16o0QDW5IeZRfz6xcUkfTKAP1HiWnKWN7TnWsGUiJ1g7pYAtgYXCkGuLm7yR GSSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=pzKjgOHr6ONEpDsORrf6/GFBiiRmHPn52Yom0V+t9Rw=; b=zDzpw/gzYWa94ldr60ktOz1+Q3kk+r6ruEZCvFWlYaAmB2/M9NlbIBNz5PC4XDPVWd d9ZgWQkc/SoET9f/8iZzvvKwIBR4yUp04ODxLVdJhaVRSJRkaqDt72URmmh0Pr1XO55+ uiI+tPjjzWS6KqO7Z0L6p7tZOoCwVJIo0PSw2of0GGJ7uPd+TuZLy9NdNTjNy5GWK5Ps vx5XdiNNjyl4eysU++XYNI6qYnDxuRvkqdGxTNo1rwHw8t34rTVcHUgBn85EHsnVNkWi a5m9Y0MZtGDINcZLZMt6LBASOLMMiT6gGbzlNRD16FD3TnrbMU6FlgU4zWSH0qY4y+cl hv/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w8-v6si10187935plk.597.2018.01.29.12.15.48; Mon, 29 Jan 2018 12:16:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932215AbeA2UOQ (ORCPT + 99 others); Mon, 29 Jan 2018 15:14:16 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59090 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754220AbeA2UOL (ORCPT ); Mon, 29 Jan 2018 15:14:11 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7AB24461C8; Mon, 29 Jan 2018 20:14:10 +0000 (UTC) Received: from localhost (ovpn-116-57.gru2.redhat.com [10.97.116.57]) by smtp.corp.redhat.com (Postfix) with ESMTP id 395815C264; Mon, 29 Jan 2018 20:14:05 +0000 (UTC) Date: Mon, 29 Jan 2018 18:14:04 -0200 From: Eduardo Habkost To: KarimAllah Ahmed Cc: linux-kernel@vger.kernel.org, Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , David Woodhouse , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , Radim =?utf-8?B?S3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure Message-ID: <20180129201404.GA1588@localhost.localdomain> References: <1516476182-5153-6-git-send-email-karahmed@amazon.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1516476182-5153-6-git-send-email-karahmed@amazon.de> X-Fnord: you can see the fnord User-Agent: Mutt/1.9.1 (2017-09-22) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 29 Jan 2018 20:14:11 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 20, 2018 at 08:22:56PM +0100, KarimAllah Ahmed wrote: > From: David Woodhouse > > Not functional yet; just add the handling for it in the Spectre v2 > mitigation selection, and the X86_FEATURE_IBRS flag which will control > the code to be added in later patches. > > Also take the #ifdef CONFIG_RETPOLINE from around the RSB-stuffing; IBRS > mode will want that too. > > For now we are auto-selecting IBRS on Skylake. We will probably end up > changing that but for now let's default to the safest option. > > XX: Do we want a microcode blacklist? > > [karahmed: simplify the switch block and get rid of all the magic] > > Signed-off-by: David Woodhouse > Signed-off-by: KarimAllah Ahmed [...] > + case SPECTRE_V2_CMD_FORCE: > + /* > + * If we have IBRS support, and either Skylake or !RETPOLINE, > + * then that's what we do. > + */ > + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) && > + (is_skylake_era() || !retp_compiler())) { Sorry for being confused here, as probably the answer is buried on a LKML thread somewhere. The comment explains what the code does, but not why. Why exactly IBRS is preferred on Skylake? I'm asking this because I would like to understand the risks involved when running under a hypervisor exposing CPUID data that don't match the host CPU. e.g.: what happens if a VM is migrated from a Broadwell host to a Skylake host? > + mode = SPECTRE_V2_IBRS; > + setup_force_cpu_cap(X86_FEATURE_IBRS); > + break; > + } > + /* Fall through */ > case SPECTRE_V2_CMD_RETPOLINE: [...] -- Eduardo