Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1746879ybl;
        Sun, 18 Aug 2019 09:33:45 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyqdynMyuOb7CQiksrofBBBPAJH1aiI+BVSYK/M5B3T+te7unadwfCn3ParkuNQlM5hLBq+
X-Received: by 2002:a17:902:788e:: with SMTP id q14mr18940790pll.234.1566146025485;
        Sun, 18 Aug 2019 09:33:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566146025; cv=none;
        d=google.com; s=arc-20160816;
        b=x1Hvpt5IfjQ8Dq+l9/a7xlKQb7czhhDdLhhoFrxfdq5dm6dv0HVRT3WjJG8aUSCBZd
         Fvhumvt+v6ZxWY3Lme2OARws30rT6fof740zJZy1E6huAps6ikbBBSZkIv5aFnPUP0KN
         XPPPDaKJ6lWjJvMuisFO1ZXeNw1YS/jvsQXJ1OlSYp3iS6WxrXLdibL9u3I7jBlsBqwq
         VUfQEKsNc6iDdfoUp9Z86HHJcaNjpMTwIxw3qSXOVpRftlYQ+pT2PNd5FEVAX6W2lww4
         5XkIFR9DyJR2DWs4+Ef6rEv4MckW4yBkFDLWJc3I/JcvmY2A6IH+Drzf5nEyiXvFYZol
         Msjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=Ka4OjIM4CjK9q7MwPLglDrt8nbz3TFzfbmazmN9DDZI=;
        b=ibwISOXLWl9oQ+JY0SYAJeWA4yQwNPl4oG3qVCfh2fiJngB79ZEUiXieFv5YOX5kXM
         IW4JKhi5S8ekFJR1EG2llXANTBisY2w18DPtgzC2E/dcjxfLRE0CYFnPuHYx4qNjw6bT
         /8SH3in90fE7rQflbjwhf0JfbxcYGw27OwpFzDioIMRPw6l+wOXbTWs23HgbKWZdXBfp
         x1apNcI5y2QkRuVBSN2eUt3E/NSNIagr3fwbA8U8LBwbWnqkZheYeyNRJmJMOsI11w3E
         va2njBFv6hxJeDa2fQUdRHdZwQx5H8M4ktJorTzt67VM5z4T2K2f32EyUHewU+IG+Wjl
         grOw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 29si8115350pgk.306.2019.08.18.09.33.30;
        Sun, 18 Aug 2019 09:33:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726742AbfHRQcm (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Sun, 18 Aug 2019 12:32:42 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:44787 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726005AbfHRQcl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 18 Aug 2019 12:32:41 -0400
Received: from pd9ef1cb8.dip0.t-ipconnect.de ([217.239.28.184] helo=nanos)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1hzO6Y-0008RU-Iy; Sun, 18 Aug 2019 18:32:30 +0200
Date:   Sun, 18 Aug 2019 18:32:29 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Andrew Cooper <andrew.cooper3@citrix.com>
cc:     Borislav Petkov <bp@alien8.de>,
        "Lendacky, Thomas" <Thomas.Lendacky@amd.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        "linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>, Ingo Molnar <mingo@redhat.com>,
        "Rafael J . Wysocki" <rjw@rjwysocki.net>,
        Pavel Machek <pavel@ucw.cz>, Chen Yu <yu.c.chen@intel.com>,
        Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family
 15h/16h
In-Reply-To: <919c80f1-53a5-44d2-d785-88890e449b38@citrix.com>
Message-ID: <alpine.DEB.2.21.1908181831340.1923@nanos.tec.linutronix.de>
References: <776cb5c2d33e7fd0d2893904724c0e52b394f24a.1565817448.git.thomas.lendacky@amd.com> <a24a2c7d-cfab-a049-37e8-7260a9063a7c@citrix.com> <20190815210547.GL15313@zn.tnic> <312b307b-19cc-84f8-97e6-07dbdf07dd12@citrix.com> <20190817084410.GA15364@zn.tnic>
 <919c80f1-53a5-44d2-d785-88890e449b38@citrix.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, 17 Aug 2019, Andrew Cooper wrote:
> On 17/08/2019 09:44, Borislav Petkov wrote:
> > On Thu, Aug 15, 2019 at 10:25:24PM +0100, Andrew Cooper wrote:
> >> I'm afraid that a number of hypervisors do write-discard, given the
> >> propensity of OSes (certainly traditionally) to go poking at bits like
> >> this without wrmsr_safe().
> >>
> >> You either need to read the MSR back and observe that the bit has really
> >> changed, or in this case as Thomas suggests, look at CPUID again (which
> >> will likely be the faster option for the non-virtualised case).
> > One thing I didn't think of when we talked about this: this happens only
> > after you resume the hypervisor.
> 
> :) It hadn't escaped my notice, hence the intervention on this thread.
> 
> > And the words "resume the hypervisor" already means an improbable use case.
> 
> Qubes and OpenXT are two laptop+hypervisor oriented distros where
> suspend/resume is a big deal, and these will have to follow AMD's
> recommendation here.
> 
> However, for servers which don't do S3/S4, we can reason about safely
> leaving RDRAND enabled, irrespective of guest configuration.

Let the administrator reason about it. Default is off for sanity sake.

Thanks,

	tglx