Received: by 10.223.176.5 with SMTP id f5csp4373028wra; Tue, 30 Jan 2018 06:25:58 -0800 (PST) X-Google-Smtp-Source: AH8x225hBIVtcSPf5TTHRt7Gnf4Be/S5PbazqMKWjdWbCdc8q9MgunjxZvqR1XkPGAWiKbtt2a+D X-Received: by 2002:a17:902:930c:: with SMTP id bc12-v6mr25761127plb.328.1517322358473; Tue, 30 Jan 2018 06:25:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517322358; cv=none; d=google.com; s=arc-20160816; b=nNPGMyLR3HqV1CuIvkoq35UtPtuLoXTZV9r0zjnYD0h14nuZE28onb7ztukjXu7coI tDStYujzfN6ePPgUwAMhMm711YrYs5NZxSzieTGKIHAHJ74ry/jgB52QRxF2Z0p9zYdH MuoFAfXSwFjiVHaVJgg11+n/goRqoKG7q/ELUFXmwP35o9x2xSWwgG04oC4RGIY0H5MX nCPVwGlDpkAH+LkZXzJGG+CJZdsLk6h/nMBPjzlI27EF/B6HTjV5/ua0BWZfcgnPncMe XpJsyjXt0poZlXEjUWHDSKXBaQ8ujkA4QCuQtocZIbU1VT2b46Yv4/s4EKSapJ9bJT+S OQXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=JsuDkVGCWAGQu/e6xOgrrZaiIDccPTYq8yFlK9HX+JI=; b=bQd53d/N4O9ZC6yfJfaqWKtKMBJ14stKf1hDQgyUTFRHVo+tuRNmCu5vjdEmsRVEc8 8Cwtz0toQZPGtL9wkhiY432whorgw2gSa9LSlPJNMx8KbeJCFF7CHFCsMVaPgP58c1E7 pg/2T4vOYreynvBMD8vicgzpg96//gcX5YdFpw5/GknaXvZzZC0HElXe2k6QYE+RYOPz D6jMvwIdDkpy/EN2d+SpGLl7W5BTQ9SOTveEJJwRXkj/fLYewLZtq7QaFNCzH2H780CU BneYuoSI+S5zE4fw139dWbhYOqb/dvDvZFuGrR3LMxPmapdQ/oA5D29u90T2ZWU1PRRi dC5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si1111898pli.157.2018.01.30.06.25.44; Tue, 30 Jan 2018 06:25:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752867AbeA3OBr (ORCPT + 99 others); Tue, 30 Jan 2018 09:01:47 -0500 Received: from mga17.intel.com ([192.55.52.151]:10439 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751786AbeA3OBo (ORCPT ); Tue, 30 Jan 2018 09:01:44 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jan 2018 06:01:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,435,1511856000"; d="scan'208";a="30619294" Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.252.141.77]) ([10.252.141.77]) by orsmga002.jf.intel.com with ESMTP; 30 Jan 2018 06:01:43 -0800 Subject: Re: [PATCH] x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel To: Borislav Petkov , Thomas Gleixner Cc: David Woodhouse , karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org References: <1517269773-16750-1-git-send-email-dwmw@amazon.co.uk> <20180130105814.m5zd43dyx2o2ius2@pd.tnic> <1517310230.18619.86.camel@infradead.org> <20180130111848.zjv2dngfzcz35lyt@pd.tnic> <1517311693.18619.102.camel@infradead.org> <1517314193.18619.115.camel@infradead.org> <20180130131122.s3bs6lbs43go73gj@pd.tnic> From: Arjan van de Ven Message-ID: <37c4e2a7-6e35-d736-dfaf-83fbe4895401@linux.intel.com> Date: Tue, 30 Jan 2018 06:01:43 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180130131122.s3bs6lbs43go73gj@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/30/2018 5:11 AM, Borislav Petkov wrote: > On Tue, Jan 30, 2018 at 01:57:21PM +0100, Thomas Gleixner wrote: >> So much for the theory. That's not going to work. If the boot cpu has the >> feature then the alternatives will have been applied. So even if the flag >> mismatch can be observed when a secondary CPU comes up the outcome will be >> access to a non existing MSR and #GP. > > Yes, with mismatched microcode we're f*cked. I think in the super early days of SMP there was an occasional broken BIOS. (and when Linux then did the ucode update it was sane again) Not since a long time though (I think the various certification suites check for it now) > > So my question is: is there such microcode out there or is this > something theoretical which we want to address? at this point it's insane theoretical; no OS can actually cope with this, so if you're an OEM selling this, your customer can run zero OSes ;-) > > (.. and adressing this will be ugly, no matter what.) > > And if I were able to wish, I'd like to blacklist that microcode in > dracut so that it doesn't come anywhere near my system. I'm not sure what you'd want dracut to do... panic() the system on such a bios?