Received: by 10.223.176.5 with SMTP id f5csp3527726wra;
        Mon, 29 Jan 2018 14:42:37 -0800 (PST)
X-Google-Smtp-Source: AH8x2243ihXUgp6qX8smzPLhNeNGUgEp3ZEaW9zJwtIBSxhEnu5RM+JjEsWlN5AlpDSq7TqauYx4
X-Received: by 10.101.77.146 with SMTP id p18mr21882888pgq.75.1517265757330;
        Mon, 29 Jan 2018 14:42:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517265757; cv=none;
        d=google.com; s=arc-20160816;
        b=RrUzjWjn5KHb3ujMEfuxEpkVr05r0ggLPzTXqu0mcMvsaLjQ+myNmVkTP4hwNzG4Cb
         oayKGxzZChdukmHUHZBGdfw+4gpIs3cB3uPpeEqqYmIw4tDF3Yb8/hYnzvGdnnf5Tiz1
         XHoyPmcaMGakAuJ3gByuwr6JC25OgPNWBO2wIluUXQVKYUx0GWc0Qp5yIBzzX3MIUMG6
         3zPOKwOFsX7+aSjDwmOfZ1Dp8gT/i3T3AH8IvsMVjE04l+zms55uow8ZmUpFpJ7CagGB
         DN1CifkFUX2BsazfXGro5mMlod5D9+tBnsQXkQGdCcnfub5fxIE1v0IJ+1/7IzdHkhY5
         I0pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=XI4L6KGORQ7QdF+bNQG72KHABkjKwS72tGhh4c+M9j8=;
        b=CC2Yrh+Uws4NqiTOx9PSUius7A2IwvEJ0SY7Zg5mIKYzng79P0TXL0vcLSI4B2rZhc
         08RIzoTo8ORFkt+I7lnldCa0VYMdXc780kUj/WFfYcJGeFEQUC5eFPPTu9Zvb6N33RRI
         T6cl2tDZPqmtzbsqehWJcWmXSF8BI6VjVqXRIrLLZLOKKQVXFpKHgFuIa1H6wNgsk+jQ
         BgrZIgr48FetsUI8AYBtNUXlX6BHfPCYrd1P0SqrnOWBPZotiZy6fzanAc9xkPd4J9IO
         hSdLp8vW0Fv/dxZXZLcEVgaBdESfraK8oD+mig39M9/+FJi4l2QcORr5KgVLpJcj3/eT
         VfIw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c1-v6si10209697pld.427.2018.01.29.14.42.22;
        Mon, 29 Jan 2018 14:42:37 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751959AbeA2Wl5 (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 29 Jan 2018 17:41:57 -0500
Received: from mga14.intel.com ([192.55.52.115]:3181 "EHLO mga14.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751450AbeA2Wl4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jan 2018 17:41:56 -0500
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Jan 2018 14:41:34 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.46,432,1511856000"; 
   d="scan'208";a="23424031"
Received: from tassilo.jf.intel.com (HELO tassilo.localdomain) ([10.7.201.35])
  by FMSMGA003.fm.intel.com with ESMTP; 29 Jan 2018 14:41:33 -0800
Received: by tassilo.localdomain (Postfix, from userid 1000)
        id 91118300A86; Mon, 29 Jan 2018 14:41:24 -0800 (PST)
Date:   Mon, 29 Jan 2018 14:41:24 -0800
From:   Andi Kleen <ak@linux.intel.com>
To:     David Dunn <ddunn@vmware.com>
Cc:     Eduardo Habkost <ehabkost@redhat.com>,
        Arjan van de Ven <arjan@linux.intel.com>,
        KarimAllah Ahmed <karahmed@amazon.de>,
        "Wilson, Matt" <msw@amazon.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Ashok Raj <ashok.raj@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Borislav Petkov <bp@suse.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
        Joerg Roedel <joro@8bytes.org>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Laura Abbott <labbott@redhat.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
        Fred Jacobs <fjacobs@vmware.com>,
        Jim Mattson <jmattson@google.com>,
        David Woodhouse <dwmw2@infradead.org>
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support
 infrastructure
Message-ID: <20180129224124.GU26209@tassilo.jf.intel.com>
References: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> Even if we expose bit to indicate that FMS matches the underlying host, when does the guest know to query that?  The VM can be moved at any point in time, including after the guest asks if FMS matches host.

There's no way to enable these mitigations later, so if you always
have to enable the super set of all the mitigations for all the hosts you
might be migrating too.  

As of currently that means if you want to ever migrate to Skylake you should
set the Skylake model number and you're good.

-Andi