Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
From:   Christophe de Dinechin <christophe.de.dinechin@gmail.com>
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support
 infrastructure
In-Reply-To: <alpine.DEB.2.20.1801311111181.2293@nanos>
Date:   Wed, 31 Jan 2018 12:07:25 +0100
Cc:     Christophe de Dinechin <christophe.de.dinechin@gmail.com>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        David Woodhouse <dwmw2@infradead.org>,
        Arjan van de Ven <arjan@linux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Andi Kleen <ak@linux.intel.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        Ashok Raj <ashok.raj@intel.com>,
        Asit Mallick <asit.k.mallick@intel.com>,
        Borislav Petkov <bp@suse.de>,
        Dan Williams <dan.j.williams@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
        Joerg Roedel <joro@8bytes.org>,
        Jun Nakajima <jun.nakajima@intel.com>,
        Laura Abbott <labbott@redhat.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        =?utf-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        KVM list <kvm@vger.kernel.org>,
        the arch/x86 maintainers <x86@kernel.org>,
        "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <538F5768-D0E3-48C1-ABE8-84F2178A7B82@dinechin.org>
References: <1516476182-5153-6-git-send-email-karahmed@amazon.de>
 <20180129201404.GA1588@localhost.localdomain>
 <1517257022.18619.30.camel@infradead.org>
 <20180129204256.GV25150@localhost.localdomain>
 <31415b7f-9c76-c102-86cd-6bf4e23e3aee@linux.intel.com>
 <1517259759.18619.38.camel@infradead.org>
 <CA+55aFxBh3LvsQq9wy313NQCn3iu+yuAmsi0zNVxWmGDUUds-A@mail.gmail.com>
 <20180130204623.583b1a7a@alans-desktop>
 <200C59E8-80F3-4FEC-BA3B-E6A56FA12C74@dinechin.org>
 <alpine.DEB.2.20.1801311111181.2293@nanos>
To:     Thomas Gleixner <tglx@linutronix.de>,
        Eduardo Habkost <ehabkost@redhat.com>,
        KarimAllah Ahmed <karahmed@amazon.de>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk


> On 31 Jan 2018, at 11:15, Thomas Gleixner <tglx@linutronix.de> wrote:
>=20
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
>>> On 30 Jan 2018, at 21:46, Alan Cox <gnomes@lxorguk.ukuu.org.uk> =
wrote:
>>>=20
>>>> If you are ever going to migrate to Skylake, I think you should =
just
>>>> always tell the guests that you're running on Skylake. That way the
>>>> guests will always assume the worst case situation wrt Specte.
>>>=20
>>> Unfortunately if you do that then guest may also decide to use other
>>> Skylake hardware features and pop its clogs when it finds out its =
actually
>>> running on Westmere or SandyBridge.
>>>=20
>>> So you need to be able to both lie to the OS and user space via =
cpuid and
>>> also have a second 'but do skylake protections' that only mitigation
>>> aware software knows about.
>>=20
>> Yes. The most desirable lie is different depending on whether you =
want to
>> allow virtualization features such as migration (where you=E2=80=99d =
gravitate
>> towards a CPU with less features) or whether you want to allow =
mitigation
>> (where you=E2=80=99d rather present the most fragile CPUID, probably =
Skylake).
>>=20
>> Looking at some recent patches, I=E2=80=99m concerned that the code =
being added
>> often assumes that the CPUID is the correct way to get that info.
>> I do not think this is correct. You really want specific information =
about
>> the host CPUID, not whatever KVM CPUID emulation makes up.
>=20
> That wont cut it. If you have a heterogenous farm of systems, then you =
need:
>=20
>  - All CPUs have to support IBRS/IBPB or at least hte hypervisor has =
to
>    pretend they do by providing fake MRS for that
>=20
>  - Have a 'force IBRS/IBPB' mechanism so the guests don't discard it =
due
>    to missing CPU feature bits.
>=20
> Though this gets worse. You have to make sure that the guest keeps =
_ALL_
> sorts of mitigation mechanisms enabled and does not decide to disable
> retpolines because IBRS/IBPB are "available=E2=80=9D.

What you are saying is that it=E2=80=99s one thing to test at boot time, =
but
(at least) migration events should also cause a re-check. Agreed.
The alternative is to pessimistically enable mitigation in VMs.
I believe this is the current =E2=80=9Cstate of the art=E2=80=9D, i.e. =
enable
IBRS statically via a CPU type variant.

What is the best place to re-check anyway?

(Just out of curiosity: there are no non-symmetric systems
that mix CPUs of different generation, right?)


>=20
> Good luck with making all that work.

:-)

>=20
> Thanks,
>=20
> 	tglx