Received: by 10.192.165.148 with SMTP id m20csp1755455imm; Thu, 3 May 2018 05:03:04 -0700 (PDT) X-Google-Smtp-Source: AB8JxZre/UaaBz8FI+nEgWmKJUfZpdQtxya0lpihhGDFq9F0/JcZFFxcsbtllcVnuPDpijaMIpGG X-Received: by 2002:a63:3706:: with SMTP id e6-v6mr6915153pga.281.1525348983960; Thu, 03 May 2018 05:03:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525348983; cv=none; d=google.com; s=arc-20160816; b=0gLBsn1qRGZ2F+/kUN3N2tJ8360S1/IOYeqX6n8kev11UikUR3mpnkWzsyHYS7Y7f7 kVuC3wCBRDjMg2lDp2vSz5wmnAe95fsBwxN564ter4uPloqlAfrY1nOdKUor9Vae5RD9 KFFJAuKOYywxcm24+QQRXaUGjvSQAJN72RA6NB4lb923Rd/HTz2DlqskjWE/ucG3Tj+O DK/j9cNYcbcOKGVe63pDdiCF/0X7rJ0fagq1A08tbRAq43Dr5Ye2P/Nyjhd3H8qXVbVj Yi2SgtxMZTkXXDPDV5hmogbMlKloFc6BsRrMyTwHCZ2RUjrkBSywc7R2Vq6msTPet+4f PZVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=e0qxxKRiv8qCo3yuzfRwsBKeVZmL9PNrhmn5+1ZVV1w=; b=03bUD8YhDMOBW3IqP3Lhks3pNbs387hsLG5k8DDzXbBHCk2lVTz4glhOAfyh6ZmkBL 7J0ECaUL3kuCfXVRq7Bhc1niw6LWF07aX96zWz1SqkLDPPQu37C7YWBqP66MTef0+eH/ 0SsDsNiKyeVI25RS5YnwzLMYo6wqBab+uoTxmkIbMV0BJOdlBCG2gqSYsTsU99eJ3+j3 OD4inctGCKMLmqL18iD83MVDRMqRxqaJU1kwje0DXThHtt7UY5ROtXqy70ukrBvFvWl1 gtamDaBaLvWvbyeOCujmBQ2CzQZdWBZQW9xhK6iXSh1CRjJXoGNctIXJwJj/AHaqUzed Ghmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lUOmPCWM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j6si13620851pfc.351.2018.05.03.05.02.41; Thu, 03 May 2018 05:03:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lUOmPCWM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751612AbeECMB2 (ORCPT + 99 others); Thu, 3 May 2018 08:01:28 -0400 Received: from mail-oi0-f43.google.com ([209.85.218.43]:42282 "EHLO mail-oi0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751154AbeECMBZ (ORCPT ); Thu, 3 May 2018 08:01:25 -0400 Received: by mail-oi0-f43.google.com with SMTP id t27-v6so15809040oij.9; Thu, 03 May 2018 05:01:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=e0qxxKRiv8qCo3yuzfRwsBKeVZmL9PNrhmn5+1ZVV1w=; b=lUOmPCWM3A7JjCzvSbFJgph5jDPn2076MHZmPt1J9cMPUX/jeQdokmQNOLNuv7jx5F lJ7CLHV0W7eDZYAzBPjIA4KiYxCXSMq7jx7c0aOpsAqcPHjodEZp5Ju4nXzeyLsV305C iaZ61OjKlljXrPG814lSM9TY+CvZRsBgqzgw/Fc2zLX+/e3V2s0INjMXimPyOF/gFixi B/kRF5Cg603f4b7N8VCRUfZJd/TnbGMMDiGsciAIZBVroCIrIvjplrYzGW44KmPgRtWU fDekaNczRIaY/owZYgtTl/HZ7fOclu7zG4aiWCYGet9fpju7r6bR6kvTrcZ3+9AXsJXM ZNrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=e0qxxKRiv8qCo3yuzfRwsBKeVZmL9PNrhmn5+1ZVV1w=; b=lD/PK+kEp0sQlmohxVNyNoaCWl13hl2vGjlqch8iqQRVzgqwVgrjldBkoFg0GCyZsv 1hFuzmVrkLReAZ2Id1C5AWIeF6GZjqbtR/XJgWUCQCNWcOxmbUrxLI+/b1kR5kTlFEH9 T/SYE2srIUI28ojL6Rw7RPVEVtDmXkhrTJwac4slN5RmmHyzJnky3sQB9jSdJAGNMpHY yNxQm8my7sS9J2OHW7SqTPzxZdorn5YEzksyKDek+g29wFYVCBAtDTpW2HehuZ6kbS+3 hADjgWzKBmWU+2lIEymaUNXkJASK8VcRl1Ax7v5ggB5u7bUjGkUSYtKYRwhOFMKz84DK cSzw== X-Gm-Message-State: ALQs6tDj8VCQpsMJSSmmVhLlviKjX6Lh7rKW0pqIXDGi4DY1pfpgztBF qJPfO5ZG934hFGOeVkiZy0hMwGtaXkQVEI3/v+Y= X-Received: by 2002:aca:b2c6:: with SMTP id b189-v6mr14809398oif.186.1525348884833; Thu, 03 May 2018 05:01:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.70.211 with HTTP; Thu, 3 May 2018 05:01:24 -0700 (PDT) In-Reply-To: <9c228512-33b8-0df6-0c3e-4d30140d6579@redhat.com> References: <1517522386-18410-1-git-send-email-karahmed@amazon.de> <1517522386-18410-3-git-send-email-karahmed@amazon.de> <9c228512-33b8-0df6-0c3e-4d30140d6579@redhat.com> From: Wanpeng Li Date: Thu, 3 May 2018 20:01:24 +0800 Message-ID: Subject: Re: [PATCH v6 2/5] KVM: x86: Add IBPB support To: Paolo Bonzini Cc: KarimAllah Ahmed , kvm , LKML , "the arch/x86 maintainers" , Ashok Raj , Asit Mallick , Dave Hansen , Arjan Van De Ven , Tim Chen , Linus Torvalds , Andrea Arcangeli , Andi Kleen , Thomas Gleixner , Dan Williams , Jun Nakajima , Andy Lutomirski , Greg KH , Peter Zijlstra , David Woodhouse Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-05-03 17:19 GMT+08:00 Paolo Bonzini : > On 03/05/2018 03:27, Wanpeng Li wrote: >> So for 1) guest->guest attacks 2) guest/ring3->host/ring3 attacks 3) >> guest/ring0->host/ring0 attacks, if IBPB is enough to protect these >> three scenarios and retpoline is not needed? > > In theory yes, in practice if you want to do that IBPB is much more > expensive than retpolines, because you'd need an IBPB on vmexit or a > cache flush on vmentry. https://lkml.org/lkml/2018/1/4/615 Retpoline is not recommended on Skylake, so we need to pay the penalty for IBPB flush on each vmexit I think. Regards, Wanpeng Li