Received: by 10.223.185.116 with SMTP id b49csp480421wrg; Tue, 20 Feb 2018 02:43:24 -0800 (PST) X-Google-Smtp-Source: AH8x225dwv4I1b/zz5lB4vYfAkJsYyHQmYheCKC2siHhszfMvPM8/F5Vtoo2M9RRNxsuQ91Qyjfz X-Received: by 10.99.110.70 with SMTP id j67mr12722302pgc.202.1519123404089; Tue, 20 Feb 2018 02:43:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519123404; cv=none; d=google.com; s=arc-20160816; b=DaT+NqYmK89bgpyTiHgLgJzddWodh7wWUQmh6MJ78meuqAnV0d3vFDP1DzeZZ4GW3e MZU3iK/Na90Ip/mV7CFk15o64mKnGFSzgDSAzSSnwS2iagf11OvWSJLy7Ez0gH0CiBCA 3v9ufd+Nzlj3m+CNq6EFgUV75nlimevGja5MGCvhTmQ5g/tIoah76iVh84mtPfzM0Ozm Ttj0Hzpr46hankH+lkoHnpXG2B0KpQK/wI0wwlfkXlhhayrMEqe9t8FmeTpMoEui5ruB P3PlKBWF1nc282hERbyXmEUOpurUS8gjn62CSx9bdMMZNtgEBmgcb8AiJ/zeBb+ZIEDK eu4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=Jy+l0wnK9ICTvKjWSGcxCtT82b1FG1fS45StQqSG7jU=; b=VPqzqRPGR4mfAk+rwN7olBfmWPF+UMyGsABmjfTxpVSEE9sNXf4c3hLHnw1RwmObhS eajKFyou+7PqThOtgUnvP9Bkwb/g9qn2/PAcLB1lvqV3VkZpVvnyXUc4Ojqplr4KUpNr lkshYu/hEXRkD8Bj6Ii4AUZN0SqIR9XKuYVkHObmGepFGTpMoVLPqkB/TSkb48jGIbjH u9oG4ZVo3107L46wUhtAyfNXSSn2oz3pheWYfsfHoRcnMU0OVl9GDSECrELlPNceyJPW B3F0XAWCTndMM3JhViSWqdG7wpMsmc8wzqnlaBVDqfYaOda7ReTTnMHxzRtrJY/a0Vz5 q8+g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w20-v6si1013788plq.262.2018.02.20.02.43.09; Tue, 20 Feb 2018 02:43:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751424AbeBTKmE (ORCPT + 99 others); Tue, 20 Feb 2018 05:42:04 -0500 Received: from Galois.linutronix.de ([146.0.238.70]:32912 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751052AbeBTKmC (ORCPT ); Tue, 20 Feb 2018 05:42:02 -0500 Received: from [37.80.9.43] by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1eo5Jh-0003dd-5I; Tue, 20 Feb 2018 11:38:33 +0100 Date: Tue, 20 Feb 2018 11:42:07 +0100 (CET) From: Thomas Gleixner To: David Woodhouse cc: karahmed@amazon.de, x86@kernel.org, kvm@vger.kernel.org, torvalds@linux-foundation.org, pbonzini@redhat.com, linux-kernel@vger.kernel.org, bp@alien8.de, peterz@infradead.org, jmattson@google.com, rkrcmar@redhat.com, arjan.van.de.ven@intel.com, dave.hansen@intel.com, mingo@kernel.org Subject: Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs In-Reply-To: Message-ID: References: <1519037457-7643-1-git-send-email-dwmw@amazon.co.uk> <1519037457-7643-3-git-send-email-dwmw@amazon.co.uk> <1519116825.7876.112.camel@infradead.org> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323329-1006712813-1519123329=:24268" X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-1006712813-1519123329=:24268 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Tue, 20 Feb 2018, Thomas Gleixner wrote: > On Tue, 20 Feb 2018, David Woodhouse wrote: > > On Tue, 2018-02-20 at 09:31 +0100, Thomas Gleixner wrote: > > > > @@ -3387,13 +3387,14 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > > >   > > > >   vmx->spec_ctrl = data; > > > >   > > > > - if (!data) > > > > + if (!data && !spectre_v2_ibrs_all()) > > > >   break; > > > >   > > > >   /* > > > >    * For non-nested: > > > >    * When it's written (to non-zero) for the first time, pass > > > > -  * it through. > > > > +  * it through unless we have IBRS_ALL and it should just be > > > > +  * set for ever. > > > > > > A non zero write is going to disable the intercept only when IBRS_ALL > > > is on. The comment says is should be set forever, i.e. not changeable by > > > the guest. So the condition should be: > > > > > > if (!data || spectre_v2_ibrs_all()) > > > break; > > > Hmm? > > > > Yes, good catch. Thanks. > > > > However, Paolo is very insistent that taking the trap every time is > > actually a lot *slower* than really frobbing IBRS on certain > > microarchitectures, so my hand-waving "pfft, what did they expect?" is > > not acceptable. > > > > Which I think puts us back to the "throwing the toys out of the pram" There are no more toys in the pram. I threw them all out weeks ago ... > > solution; demanding that Intel give us a new feature bit for "IBRS_ALL, > > and the bit in the MSR is a no-op". Which was going to be true for > > *most* new CPUs anyway. (Note: a blacklist for those few CPUs on which > > it *isn't* true might also suffice instead of a new feature bit.) > > > > Unless someone really wants to implement the atomic MSR save and > > restore on vmexit, and make it work with nesting, and make the whole > > thing sufficiently simple that we don't throw our toys out of the pram > > anyway when we see it? > > That whole stuff was duct taped into microcode in a rush and the result is > that we have only the choice between fire and frying pan. Whatever we > decide to implement is not going to be a half baken hack. s/not// of course > > I fully agree that Intel needs to get their act together and implement > IBRS_ALL sanely. > > The right thing to do is to allow the host to lock down the MSR once it > enabled IBRS_ALL so that any write to it will just turn into NOOPs. That > removes all worries about guests and in future generations of CPUs this bit > might just be hardwired to one and the MSR just a dummy for compability > reasons. > > Thanks, > > tglx > --8323329-1006712813-1519123329=:24268--