Received: by 10.223.176.5 with SMTP id f5csp3498282wra; Mon, 29 Jan 2018 14:11:39 -0800 (PST) X-Google-Smtp-Source: AH8x225tgwtOOKeG69kUY+poK00LyRnoHhXYhfMcKRK5X2EAa4nMbQ01j5mvwxSmLApaR8EaH3h+ X-Received: by 2002:a17:902:9a9:: with SMTP id 38-v6mr22816147pln.202.1517263899216; Mon, 29 Jan 2018 14:11:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517263899; cv=none; d=google.com; s=arc-20160816; b=TTTqiPcVpCMWFP6gbeePiQvKcqu5o0aWfFeR97DRzBDWAxpe13u4D4C8V1StUiYfue cYRR7TJ04uKLUvKUx1FKgWnL+jHoUGA0UETLgK71m5cs3+lyZKfJMGlllDOvB+GXiFbA dhaXUve6qk/+MtEFDsjwSKqX17rPYgRm7OwK2ArImzfMAvDE17/iIVHmsO+mXSiKdKyY 5ifrXePRvBMV4Yc3Ni7Ar5ynoNMBgnZ1Mbyr50hW8Xup0eYLc1Q/sPQ57504w3BUUn5e rqxsuE9qMhVDB41kfQHURyXlRswWCoRWP1TMMvQK3oNFqDal8ycL7LAh9pEyDVxiFM6Z xBwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:user-agent :in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:dkim-signature:arc-authentication-results; bh=Sun6m4jzn5lNQgpq8bLkbYBHzHrH2U5zhFTHVpYXdvk=; b=OkEY6T4ffH1ryWJrohRlVhQm44UfcSYmu8gyqZZF+aJceNlOTviBKWvvi7apfHBlDF KAjmmoQdB42605EpfGffrNrfiBcrvjyqV+9WCQOTTe1ri1aUaGC+eZoXkqZdG4Ba+vJe V2k8tr96AApFg9z8HahKGmC+2bIdAfkfGEkz2oV4wWU0KopBthzbbmlTlsZsm8rg4+4e TBO5LUW5CVIRYDyH06ImH5mA6wdaDIQg/6HuxqXNZRowKXktSbuV784bQ39NTffSfqe5 RAB7lUxOA7NiC/7SwkM8JMtgqZoP0CH4Wwiqyr0lwSi8i1JHtqo3eBK5ekdLoFRT8FkI +Bzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=eK+J3p3X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m63-v6si303192pld.753.2018.01.29.14.11.23; Mon, 29 Jan 2018 14:11:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=eK+J3p3X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752051AbeA2WK6 (ORCPT + 99 others); Mon, 29 Jan 2018 17:10:58 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:53052 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751547AbeA2WK4 (ORCPT ); Mon, 29 Jan 2018 17:10:56 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0TM6f5R183840; Mon, 29 Jan 2018 22:10:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to : content-transfer-encoding; s=corp-2017-10-26; bh=Sun6m4jzn5lNQgpq8bLkbYBHzHrH2U5zhFTHVpYXdvk=; b=eK+J3p3XRlK/k28IxMqR8JG8YX9srUPq2Yo1kFLML5gGpf5Q9fO4H71njj6smW8TNmRd PbkNXRelSIw7xXxhgFPZ4vMdyeXU67MTCx7LKz0iEvB+7dgUrMYJN5IaR/05fxbITHX6 wpr31wlLSf/949wqX7QEFWvTodTcCVMwwWaq6tnJ4syiWc6REI/ndbK3Yq+9NoOZZGWu Wxwv9zXw70zdLttB/pHOes2wC9G2Ba0iKGwR6+3gk4FeWpTc/LQDhlOpa5sYOPDafNzv 9Wz2fcGXrZAkP9XysdW86QA0rH84Yc20DoLfJqUuu/jWExCGfCGl7biKUduNSdft9Ycr xg== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2ftc3g80k7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 29 Jan 2018 22:10:16 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w0TMAF26002251 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 29 Jan 2018 22:10:15 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w0TMAExL031410; Mon, 29 Jan 2018 22:10:14 GMT Received: from char.us.oracle.com (/10.137.176.158) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 29 Jan 2018 14:10:13 -0800 Received: by char.us.oracle.com (Postfix, from userid 1000) id 752A56A09DE; Mon, 29 Jan 2018 17:10:11 -0500 (EST) Date: Mon, 29 Jan 2018 17:10:11 -0500 From: Konrad Rzeszutek Wilk To: Eduardo Habkost Cc: David Woodhouse , Arjan van de Ven , KarimAllah Ahmed , linux-kernel@vger.kernel.org, Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , Radim =?utf-8?B?S3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , kvm@vger.kernel.org, x86@kernel.org, "Dr. David Alan Gilbert" Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure Message-ID: <20180129221011.GW22045@char.us.oracle.com> References: <1516476182-5153-6-git-send-email-karahmed@amazon.de> <20180129201404.GA1588@localhost.localdomain> <1517257022.18619.30.camel@infradead.org> <20180129204256.GV25150@localhost.localdomain> <31415b7f-9c76-c102-86cd-6bf4e23e3aee@linux.intel.com> <1517259759.18619.38.camel@infradead.org> <20180129214421.GW25150@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20180129214421.GW25150@localhost.localdomain> User-Agent: Mutt/1.8.3 (2017-05-23) Content-Transfer-Encoding: quoted-printable X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8789 signatures=668655 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=735 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801290282 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote: > On Mon, Jan 29, 2018 at 09:02:39PM +0000, David Woodhouse wrote: > >=20 > >=20 > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > >=20 > > > > The question is how the hypervisor could tell that to the guest. > > > > If Intel doesn't give us a CPUID bit that can be used to tell > > > > that retpolines are enough, maybe we should use a hypervisor > > > > CPUID bit for that? > > > > > > the objective is to have retpoline be safe everywhere and never use= IBRS > > > (Linus was also pretty clear about that) so I'm confused by your qu= estion > >=20 > > The question is about all the additional RSB-frobbing and call depth > > counting and other bits that don't really even exist for Skylake yet = in > > a coherent form. > >=20 > > If a guest doesn't have those, because it's running some future kerne= l > > where they *are* implemented but not enabled because at *boot* time i= t > > discovered it wasn't on Skylake, the question is what happens if that > > guest is subsequently migrated to a Skylake-class machine. > >=20 > > To which the answer is obviously "oops, sucks to be you". So yes, > > *maybe* we want a way to advertise "you might be migrated to Skylake" > > if you're booted on a pre-SKL box in a migration pool where such is > > possible.=A0 > >=20 > > That question is a reasonable one, and the answer possibly the same, > > regardless of whether the plan for Skylake is to use IBRS, or all the > > hypothetical other extra stuff. >=20 > Maybe a generic "family/model/stepping/microcode really matches > the CPU you are running on" bit would be useful. The bit could > be enabled only on host-passthrough (aka "-cpu host") mode. >=20 > If we really want to be able to migrate to host with different > CPU models (except Skylake), we could add a more specific "we > promise the host CPU is never going to be Skylake" bit. >=20 > Now, if the hypervisor is not providing any of those bits, I > would advise against trusting family/model/stepping/microcode > under a hypervisor. Using a pre-defined CPU model (that doesn't The migration code could be 'tickled' (when arrived at the destination) to recheck the CPUID and do the alternative logic to turn the proper bits on. And this tickling could be as simple as an ACPI DSDT/AML code specific to KVM PnP devices (say the CPUs?) to tell the guest to resample its environment? > necessarily match the host) is very common when using KVM VM > management stacks. >=20 > --=20 > Eduardo