Received: by 10.223.185.116 with SMTP id b49csp717180wrg;
        Fri, 16 Feb 2018 06:08:49 -0800 (PST)
X-Google-Smtp-Source: AH8x225b/NwfGo11ygCVRAKSyKNPijhQnkEL8C0K4NmbKUtN2e2cZEgyGghyCCl4cH9qXwWYFzGA
X-Received: by 10.98.139.145 with SMTP id e17mr350873pfl.53.1518790129551;
        Fri, 16 Feb 2018 06:08:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518790129; cv=none;
        d=google.com; s=arc-20160816;
        b=F7PBUGKd6mAKQOAj4zWmlpfC2AjukBtXIUMJQ2I+2xeHnovXdrcJhsKjy68lhDqBa6
         k+1mvEpOUFZQOZrO2jE0JxffKnrWLfiZcn0Pu5WRyYrL2QbKjrtX43+99S29rMqfbfAI
         zh+7jAhsFIWxVvIh4FqCHoNZ5KIHKqpcN9RCbGBpMPgE0J6L1/rVvjCgp2pma0tBL+nJ
         6xvSozIvYxXwK0yJCoK6YksunEn+IonSGN0T913zIA760RBG/R0YLMQKP1ie5gTL09zW
         bLhsQQpKlSxHWw+dFg8mFxLMkT38/WN1orW8Ypo5wVpQJuDmZZN9H/XQRxlzKflc2EBc
         E36g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=lag4idgQp1+BIxQehvPlvRTVcMwsbYUYqgXjFlJpyOI=;
        b=oSjwbY0d7TTeLWL3kilURcWblATCMB+wvWFRkbJa3qR7aB+PqVylKDuInielXu1Cgi
         LTFRBDxkcuJfdmkRErJW0yN56bJFfIX96yjTGPIbYBknEaThcIE7HL0wDL8/Oo8meY0b
         621Ed5Oy1N3ZSXgts6bbZWxbbBtteyx6xjj+e06iHj53eE7Mr09NrNRYvz209eMsTuHb
         JUVpohb+ZPhE4dzf38jGJXyneDZpsaF3qLrLI/J2TL8c4ygvL+WYSxLPf49qw3/Ls0Nx
         GX4VVofNVMHY+TZZYDSDOCMiA6rFoIEiqMhy3xRImpnbamzQUY6RCsRAk2b1Wu/8mgqH
         CEvg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q184si2823907pga.242.2018.02.16.06.08.14;
        Fri, 16 Feb 2018 06:08:49 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1166947AbeBOSuL (ORCPT <rfc822;jaysonjohndmello@gmail.com>
        + 99 others); Thu, 15 Feb 2018 13:50:11 -0500
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:52834 "EHLO
        atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1162126AbeBOPVk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Feb 2018 10:21:40 -0500
Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512)
        id 4076680171; Thu, 15 Feb 2018 16:21:39 +0100 (CET)
Date:   Thu, 15 Feb 2018 16:21:39 +0100
From:   Pavel Machek <pavel@ucw.cz>
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     David Woodhouse <dwmw@amazon.co.uk>, tglx@linutronix.de,
        x86@kernel.org, kvm@vger.kernel.org, torvalds@linux-foundation.org,
        linux-kernel@vger.kernel.org, arjan.van.de.ven@intel.com,
        dave.hansen@intel.com
Subject: Re: [PATCH 2/2] x86/speculation: Support "Enhanced IBRS" on future
 CPUs
Message-ID: <20180215152139.GA23145@amd>
References: <1518449255-2182-1-git-send-email-dwmw@amazon.co.uk>
 <1518449255-2182-2-git-send-email-dwmw@amazon.co.uk>
 <7e2e5ad1-49b6-1fdb-4a62-8ad6aefc30a0@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
In-Reply-To: <7e2e5ad1-49b6-1fdb-4a62-8ad6aefc30a0@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue 2018-02-13 09:02:25, Paolo Bonzini wrote:
> On 12/02/2018 16:27, David Woodhouse wrote:
> > The original IBRS hack in microcode is horribly slow. For the next
> > generation of CPUs, as a stopgap until we get a proper fix, Intel
> > promise an "Enhanced IBRS" which will be fast.
> >=20
> > The assumption is that predictions in the BTB/RSB will be tagged with
> > the VMX mode and ring that they were learned in, and thus the CPU will
> > avoid consuming unsafe predictions without a performance penalty.
> >=20
> > Intel's documentation says that it is still required to set the IBRS bit
> > in the SPEC_CTRL MSR and ensure that it remains set.
> >=20
> > Cope with this by trapping and emulating *all* access to SPEC_CTRL from
> > KVM guests when the IBRS_ALL feature is present, so it can never be
> > turned off. Guests who see IBRS_ALL should never do anything except
> > turn it on at boot anyway. And if they didn't know about IBRS_ALL and
> > they keep frobbing IBRS on every kernel entry/exit... well the vmexit
> > for a no-op is probably going to be faster than they were expecting
> > anyway, so they'll live.
> >=20
> > Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> > Acked-by: Arjan van de Ven <arjan.van.de.ven@intel.com>
> > ---
> >  arch/x86/include/asm/nospec-branch.h |  9 ++++++++-
> >  arch/x86/kernel/cpu/bugs.c           | 16 ++++++++++++++--
> >  arch/x86/kvm/vmx.c                   | 17 ++++++++++-------
> >  3 files changed, 32 insertions(+), 10 deletions(-)
> >=20
> > diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/as=
m/nospec-branch.h
> > index 788c4da..524bb86 100644
> > --- a/arch/x86/include/asm/nospec-branch.h
> > +++ b/arch/x86/include/asm/nospec-branch.h
> > @@ -140,9 +140,16 @@ enum spectre_v2_mitigation {
> >  	SPECTRE_V2_RETPOLINE_MINIMAL_AMD,
> >  	SPECTRE_V2_RETPOLINE_GENERIC,
> >  	SPECTRE_V2_RETPOLINE_AMD,
> > -	SPECTRE_V2_IBRS,
> > +	SPECTRE_V2_IBRS_ALL,
> >  };
> > =20
> > +extern enum spectre_v2_mitigation spectre_v2_enabled;
> > +
> > +static inline bool spectre_v2_ibrs_all(void)
> > +{
> > +	return spectre_v2_enabled =3D=3D SPECTRE_V2_IBRS_ALL;
> > +}
> > +
> >  extern char __indirect_thunk_start[];
> >  extern char __indirect_thunk_end[];
> > =20
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index debcdda..047538a 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -88,12 +88,13 @@ static const char *spectre_v2_strings[] =3D {
> >  	[SPECTRE_V2_RETPOLINE_MINIMAL_AMD]	=3D "Vulnerable: Minimal AMD ASM r=
etpoline",
> >  	[SPECTRE_V2_RETPOLINE_GENERIC]		=3D "Mitigation: Full generic retpoli=
ne",
> >  	[SPECTRE_V2_RETPOLINE_AMD]		=3D "Mitigation: Full AMD retpoline",
> > +	[SPECTRE_V2_IBRS_ALL]			=3D "Mitigation: Enhanced IBRS",
> >  };

Hmm. Probably not just your problem but these should really get
documentation somewhere -- and adding another one should be treated
like changing the ABI.

How is poor userland expected to do anything inteligent with that
file?

									Pavel
--=20
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo=
g.html

--DocE+STaALJfprDB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlqFpYMACgkQMOfwapXb+vKxnACfZXWBOKiOPMD8FGNAxIUlT46p
xBgAnRZMYyDH18Yd+od9Krz84LYjXjfx
=8gfT
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--