Received: by 10.223.176.5 with SMTP id f5csp1221464wra; Wed, 31 Jan 2018 03:11:52 -0800 (PST) X-Google-Smtp-Source: AH8x227XtnUCb5wsv7JY0Nkad0hx/IF0J9Ak3yqAKyDWjTnPIzBHo0Yz33LpTuPtHAbJOCZNScwR X-Received: by 10.98.242.77 with SMTP id y13mr32809957pfl.156.1517397112259; Wed, 31 Jan 2018 03:11:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517397112; cv=none; d=google.com; s=arc-20160816; b=sCAC4nzLml/N5jqL5Uxq+SDehvo9J54K0l9npkwPP/I8jK4r/KmfItv5YBy1QkdfrO QfdyDmVa04O2bZcESTkYzUpFmioSO3idWIFquqQfy6iELG3snp8NJL6fR+kMCwpFT+Jk SGDz9EuUYsZ/8nbTD7NkwpaLeRic7JuywJepW2ytdUWb2Ohjw9rnCq3iBkPPyZAsq2Po NyBA/JPfG5y9MMPZQBEDBS+WYkqRPz7JJD8GN24ZoS6V2xvVqLmgQnMvzFU+Zj/lyDBJ r6tBzs01oskfxAS3TYD5eZ6qOZTHbnJ6BVTdE9OX6RNtKdW/pmdjE8pKIDaXyxdVGmCc bmPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:subject:mime-version :from:dkim-signature:arc-authentication-results; bh=1j+UN47qw6nZBkMr67fzzvIl+Zj+7dmFw3SIi4oAECs=; b=Dc8VJrnhfARPK5UXtMASYaQXlvxQMO6mPX+yrjldwSH78D5Ne2P2tu7s+1Q/gnycQK 42wH8bMycTuubbrvM8rLal7aMfU24mCVzLp92nAOjS7Z8zKX3iwbfbpYLMWx16w4UMKB FmEnXt9z10DKr7dMgbasqCrMk7oBSzW7hRsUsAwqPVb6Kvu9338dtUJuNBC6gqpGejPj +taoPlIItdEQVT66DEAsrYpRE1bQAIyfhSXtPZFtef+NCiHA01bioZD26UJyOIi5K2/m stibUJcQ2hooGiP6krGq0Eqs5a+6EeP8+MS6btMg5O2MoparjJpL3qGowyREs7gXOiI7 uZ6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kDIgXj8J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u12-v6si1169126plz.165.2018.01.31.03.11.37; Wed, 31 Jan 2018 03:11:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kDIgXj8J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753758AbeAaLHd (ORCPT + 99 others); Wed, 31 Jan 2018 06:07:33 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:54246 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753710AbeAaLHa (ORCPT ); Wed, 31 Jan 2018 06:07:30 -0500 Received: by mail-wm0-f66.google.com with SMTP id t74so7286631wme.3; Wed, 31 Jan 2018 03:07:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1j+UN47qw6nZBkMr67fzzvIl+Zj+7dmFw3SIi4oAECs=; b=kDIgXj8J/QG8pF78S0HvohBe2UuLRGCJYoa+D/kLXhGWPQhqOzzGhm0l42stMj3SyF qbIba2ryqEQnNIh1NohX02PhDzJKvEnb/QGS66+H4Z2C6rz0Zktjvqtih7h6EttCSzrj 7v3A2iJ/gq082PvfRbpkskQ9vP44YdWJuF+Nj2kB7/Coa0I3OrrRpm9CvvRa8NFLpRnC /jk4ted5XQSRJQZ/AG80BrL4dOkxhe2+AO8ypxrz1w2GG4QZ/E1qD8hikq1CDt5F0GoL ooqJ6epYFUlZsQknNNFh+YES1dyjN+H9TUctt/PdOIVx/E06cP0Fqlq+WD3HVmQwMayu /SlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1j+UN47qw6nZBkMr67fzzvIl+Zj+7dmFw3SIi4oAECs=; b=W5fId2WzeZlpNZbkiMcT9L5pjH0Ohe1Mil+W8bMuJZNd5D+E74xan9+v43efo7WR8W WlBUk+S6dQ9cW/zYc8OQdywOYLjLMgyaa5nOLtWO7M9DJWxgF+mS0U+QIcWq+Kx2yrEh mDVBfguLd8133v0z5DDixlIl8/pVBSUolMNYHjKLuJJ/LGZFwm7ckt1QU0vGOtApn39h U5iK4UtPMoln+4ruu2f7vvmpjethgE7F/kDpWBTs2a9XLfr4rscU3QRTFPvjTIHLlDlb 0zeF6wrS6/VllxRkAWOtpjQ8OlerTUopBvfRnzQB2ToMQrnjdbpFVD4vx33ikttuc+Xm GkyA== X-Gm-Message-State: AKwxyteXwSwyzBSfiGseeKYOzKpEuNMXaTyB7GJcdjBhzt2av0taQFSy WS/5Guwugm1lccoVRNQTJBk= X-Received: by 10.28.203.135 with SMTP id b129mr21878657wmg.155.1517396848849; Wed, 31 Jan 2018 03:07:28 -0800 (PST) Received: from [192.168.77.22] (val06-1-88-182-161-34.fbx.proxad.net. [88.182.161.34]) by smtp.gmail.com with ESMTPSA id 72sm14521352wmh.44.2018.01.31.03.07.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 03:07:27 -0800 (PST) From: Christophe de Dinechin X-Google-Original-From: Christophe de Dinechin Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure In-Reply-To: Date: Wed, 31 Jan 2018 12:07:25 +0100 Cc: Christophe de Dinechin , Alan Cox , Linus Torvalds , David Woodhouse , Arjan van de Ven , Linux Kernel Mailing List , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?utf-8?B?UmFkaW0gS3LEjW3DocWZ?= , Tim Chen , Tom Lendacky , KVM list , the arch/x86 maintainers , "Dr. David Alan Gilbert" Content-Transfer-Encoding: quoted-printable Message-Id: <538F5768-D0E3-48C1-ABE8-84F2178A7B82@dinechin.org> References: <1516476182-5153-6-git-send-email-karahmed@amazon.de> <20180129201404.GA1588@localhost.localdomain> <1517257022.18619.30.camel@infradead.org> <20180129204256.GV25150@localhost.localdomain> <31415b7f-9c76-c102-86cd-6bf4e23e3aee@linux.intel.com> <1517259759.18619.38.camel@infradead.org> <20180130204623.583b1a7a@alans-desktop> <200C59E8-80F3-4FEC-BA3B-E6A56FA12C74@dinechin.org> To: Thomas Gleixner , Eduardo Habkost , KarimAllah Ahmed X-Mailer: Apple Mail (2.3445.5.20) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On 31 Jan 2018, at 11:15, Thomas Gleixner wrote: >=20 > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: >>> On 30 Jan 2018, at 21:46, Alan Cox = wrote: >>>=20 >>>> If you are ever going to migrate to Skylake, I think you should = just >>>> always tell the guests that you're running on Skylake. That way the >>>> guests will always assume the worst case situation wrt Specte. >>>=20 >>> Unfortunately if you do that then guest may also decide to use other >>> Skylake hardware features and pop its clogs when it finds out its = actually >>> running on Westmere or SandyBridge. >>>=20 >>> So you need to be able to both lie to the OS and user space via = cpuid and >>> also have a second 'but do skylake protections' that only mitigation >>> aware software knows about. >>=20 >> Yes. The most desirable lie is different depending on whether you = want to >> allow virtualization features such as migration (where you=E2=80=99d = gravitate >> towards a CPU with less features) or whether you want to allow = mitigation >> (where you=E2=80=99d rather present the most fragile CPUID, probably = Skylake). >>=20 >> Looking at some recent patches, I=E2=80=99m concerned that the code = being added >> often assumes that the CPUID is the correct way to get that info. >> I do not think this is correct. You really want specific information = about >> the host CPUID, not whatever KVM CPUID emulation makes up. >=20 > That wont cut it. If you have a heterogenous farm of systems, then you = need: >=20 > - All CPUs have to support IBRS/IBPB or at least hte hypervisor has = to > pretend they do by providing fake MRS for that >=20 > - Have a 'force IBRS/IBPB' mechanism so the guests don't discard it = due > to missing CPU feature bits. >=20 > Though this gets worse. You have to make sure that the guest keeps = _ALL_ > sorts of mitigation mechanisms enabled and does not decide to disable > retpolines because IBRS/IBPB are "available=E2=80=9D. What you are saying is that it=E2=80=99s one thing to test at boot time, = but (at least) migration events should also cause a re-check. Agreed. The alternative is to pessimistically enable mitigation in VMs. I believe this is the current =E2=80=9Cstate of the art=E2=80=9D, i.e. = enable IBRS statically via a CPU type variant. What is the best place to re-check anyway? (Just out of curiosity: there are no non-symmetric systems that mix CPUs of different generation, right?) >=20 > Good luck with making all that work. :-) >=20 > Thanks, >=20 > tglx