Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp129142pxa; Fri, 21 Aug 2020 03:11:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxvrfKTSC7q4nuVZM47IdH7aQBaKB9TEZ6U3xZrV85Z9wrcIWRW86lqnAEfpCp6QK1yNKdh X-Received: by 2002:a17:906:9356:: with SMTP id p22mr2064183ejw.119.1598004693450; Fri, 21 Aug 2020 03:11:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598004693; cv=none; d=google.com; s=arc-20160816; b=c/qm/0EA4qlOh0VhZk0cPPQh/gn8ngR29XVJgjhpf/ZeN02EHsxtbJRFJxhpY8qPay 5JNptQW56QStD8T13ax8s0nGV56rIziEAC3arUKvxIxd7U0Yj/m2rxOWUIdNulXUjZ7Z iHFYjGcrlGSgPPRYX9gZxYPYRfNIljAWOwTdVaGXuXrobeY3nSstMKyeIZicYQlzqL+G bycCxSmFK8mQV7FuKMwG+CoyojdQxLh37W7/VMJnEvQjRbiduG5I6tWV4UUEbMr9HslX BazlSQWZXm32K5nmkV94xxSfPGdtLQSdiRgQetfuOeTk+gEr4lc5qtKysLErYRvPAldo gp0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=t1P7azXYfV0jqkCDnkRHD/0D9waQRA2iINzYrxU+tRY=; b=RCHVf5EwmCbHwOruV4MGl2BmNuyAvObrePataVmWdL3sozwzSEe2i0QTAMuJj6+oF5 fo1rCK4RiH2qS3cyHXBJdy6nHH9nQOKXuOOmxy61pVOkuutODmoFapqjihzDNfZObIPt OFbVBDutMA8Z+Lye+wS7mbD8IBBNld7Ly1obWmKKx9q6hke7bOcuvZIjeJP6ZCp4Tg8K mnxfbKsgj7/DTBp9V4zjvAkRsfNhLk31KMVyi413pOE6DzNESiChG9r7rSlpY1dKkQzp i8UoCYmAGG3kKVfjfsDJlVJ5IOM1M0a+d+DNqG8UlrmpUCXUpvj3/4Hme4YXicyypFC2 G5jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HknO05dS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rl11si957219ejb.519.2020.08.21.03.11.09; Fri, 21 Aug 2020 03:11:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HknO05dS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728525AbgHUKH2 (ORCPT + 99 others); Fri, 21 Aug 2020 06:07:28 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:33873 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728004AbgHUKH0 (ORCPT ); Fri, 21 Aug 2020 06:07:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598004443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t1P7azXYfV0jqkCDnkRHD/0D9waQRA2iINzYrxU+tRY=; b=HknO05dSLdQldRj6tFofgE7jPI1EB5a8jZd88hiAgsrR4EKYfjf0qHRrBubwM3/akniIiN Ppedl/iM1raRyZiqxtYgVgFRfgKR0LFZD9JklWRtemeyO9ZgiOXJRZmD/Hr13Iy2MR5i+T 4gaBGqIzsR8sZReAN3R5Skdgc/1Wz8U= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-453-9WlxZuNfNAW5qLWXEkBuog-1; Fri, 21 Aug 2020 06:07:22 -0400 X-MC-Unique: 9WlxZuNfNAW5qLWXEkBuog-1 Received: by mail-wm1-f71.google.com with SMTP id q23so361078wmj.0 for ; Fri, 21 Aug 2020 03:07:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=t1P7azXYfV0jqkCDnkRHD/0D9waQRA2iINzYrxU+tRY=; b=G1jaHI14AU1whoOJR0bpJSL0j4/DUF2cZRYAxnbXLNRycmSERG2IqIqwqh+VjOWqf+ 1LmaNmFpiVChwdeVlFCDVdIJz4laEOsn38V6OP1EsewLjR/4oFB0fHgb7jtvLqkqWaVc +LGqfCZV22CTeXj23SJs0GHnI450gZiD/rnAHfP7JvpVCweogKKSzGei/Wkn4KU/A9UN KIUrRYciD9dwgaDMs2Jwbp7Z/sLmFovBZFyLOEG2X2FnrUazyJhZxfrDRHcYmqQjlWBj c8k/QS2O5hPVfgc2Bcn1VZletjuVxxFru6HH8ss2DJF051owXwR1m2Z4SxSWqEXmITPT 3NSg== X-Gm-Message-State: AOAM5302hyBgd35J2vaQjGJ9pS8rDpX511kp4pbVjDtj3sUGrPcU6oxP e1i1z9X0cZyZ7K/1MN3O+S6eH/B4hO5U1XtXhR8E0VABganmyfK4xX3wolvlb+nQ6onU1sy6aIg ghfLj/Sf4f2LuPHhIpudQived X-Received: by 2002:adf:a1c6:: with SMTP id v6mr2014124wrv.197.1598004441007; Fri, 21 Aug 2020 03:07:21 -0700 (PDT) X-Received: by 2002:adf:a1c6:: with SMTP id v6mr2014105wrv.197.1598004440766; Fri, 21 Aug 2020 03:07:20 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:1cc0:4e4e:f1a9:1745? ([2001:b07:6468:f312:1cc0:4e4e:f1a9:1745]) by smtp.gmail.com with ESMTPSA id f9sm3174815wrm.62.2020.08.21.03.07.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 21 Aug 2020 03:07:20 -0700 (PDT) Subject: Re: [PATCH] x86/entry/64: Disallow RDPID in paranoid entry if KVM is enabled To: Borislav Petkov Cc: Sean Christopherson , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, Dave Hansen , Chang Seok Bae , Peter Zijlstra , Sasha Levin , kvm@vger.kernel.org, Tom Lendacky References: <20200821025050.32573-1-sean.j.christopherson@intel.com> <20200821074743.GB12181@zn.tnic> <3eb94913-662d-5423-21b1-eaf75635142a@redhat.com> <20200821081633.GD12181@zn.tnic> <3b4ba9e9-dbf6-a094-0684-e68248050758@redhat.com> <20200821092237.GF12181@zn.tnic> <1442e559-dde4-70f6-85ac-58109cf81c16@redhat.com> <20200821094802.GG12181@zn.tnic> From: Paolo Bonzini Message-ID: <81985f69-190d-eea6-f1ff-206a43b06851@redhat.com> Date: Fri, 21 Aug 2020 12:07:18 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20200821094802.GG12181@zn.tnic> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 21/08/20 11:48, Borislav Petkov wrote: >> It's not like we grab MSRs every day. The user-return notifier restores >> 6 MSRs (7 on very old processors). The last two that were added were >> MSR_TSC_AUX itself in 2009 (!) and MSR_IA32_TSX_CTRL last year. > What about "If it is a shared resource, there better be an agreement > about sharing it." is not clear? > > It doesn't matter how many or which resources - there needs to be a > contract for shared use so that shared use is possible. It is that > simple. Sure, and I'll make sure to have that discussion the next time we add a shared MSR in 2029. In the meanwhile: * for the syscall MSRs, patches to share them were reviewed by hpa and peterz so I guess there's no problem. * for MSR_TSC_AUX, which is the one that is causing problems, everybody seems to agree with just using LSL (in the lack specific numbers on performance improvements from RDPID). * for MSR_IA32_TSX_CTRL.RTM_DISABLE, which is the only one that was added in the last 10 years, I'm pretty sure there are no plans for using the Trusty Sidechannel eXtension in the kernel. So that should be fine too. (The CPUID_CLEAR bit of the MSR is not shared). Thanks, Paolo