Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp525263imn; Thu, 28 Jul 2022 07:56:34 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vFbxwwo4sGvsxhZMPpp9iYFFVSXcKg3+rStmO1ATVwazQQ3+DhPHhABvLk1P8QmkBL+8tP X-Received: by 2002:a05:6a00:3495:b0:52a:b8e0:34fe with SMTP id cp21-20020a056a00349500b0052ab8e034femr27136551pfb.45.1659020194171; Thu, 28 Jul 2022 07:56:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659020194; cv=none; d=google.com; s=arc-20160816; b=P5B/1lmh7oSdTSKAMkhfTbnwR1SszUJfHbgLNQjkfE6uJgQs0CqPvjxt4sxyv9RgiF v2xLdCudUcTbbAmsu3gaY3ehBJCLNd2yxxxfAk6sy6t/aaupNQQcLhxlWPEgOaP8kvbS fMYQBBH5j5SM3YJk47Hju64m9J4S85aySVvYixrN9CNEiRVTfGpqoR4mW5EyCSB6mlAg rzayBc1osxIH6kZ5YiZw7iYhC3h3S+o9QIDQ/blhN0JafDU4MgoIiMecRIvg0cLLAqap 5E65F2x56OLFwGGxQqf5sUW/0vtbCkdyKPBKiTKzJUbrU6gKKY13IZ0BN9NIwLQGE0PJ zXQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=smAmLQDqaAhXYtvdpeSgEu24V4rDJU+98olXFW6DsY0=; b=gMROre/bnBv4qGmNr0uw9oby+HXEQS4gONJJH/Ns555hbEwLzHRxQw9ashHWrxdUgn xDWnxXt6AtMOVVH25P9Xy8uYx75HeP8vg/48DOGajFOMK8l04AL3Uz/DjvSVA6bGwgvj y6T0gNEnrckqm0rRlDU4RO7D8dtBptlxwz7iKIlcEM5DKfTl/zLSF4cDGb9muy95MQZU B6kpicXMfBgEjBxP8QBQFQYAbsGksA3qiiCgBaecrLe3EUB/offtO/ozvxw2La7gImYr B5LQhclgi3hKDffHvF2GLN936LmXbwAADgMH+p3ZdsCFfFDhlpdiPsMTRby2Bng5zyzo AqeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=QXAt1CJF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q3-20020a17090311c300b0016d6a067437si1326326plh.419.2022.07.28.07.56.18; Thu, 28 Jul 2022 07:56:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=QXAt1CJF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232568AbiG1OfZ (ORCPT + 99 others); Thu, 28 Jul 2022 10:35:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232525AbiG1OfG (ORCPT ); Thu, 28 Jul 2022 10:35:06 -0400 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC726627A for ; Thu, 28 Jul 2022 07:34:14 -0700 (PDT) Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 17FC23F11F for ; Thu, 28 Jul 2022 14:34:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1659018853; bh=smAmLQDqaAhXYtvdpeSgEu24V4rDJU+98olXFW6DsY0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=QXAt1CJF2EncS3zzwCWphaId3zC1GCQzRylnxNWCJgprHfPesmUztoSXIa6YQrZyP 2U2cjXyivXwrxfZqwUgQBwnxjMftuR6b0ysmFyY/CABXpqjbAkbnJG5+eUGtOTEbao phWhvqps66Sr/xuxF+Avdv0cMOg6Z1DD+q+Z8CLwh9VFJ/ElblETxb5zoa9uJkOsOD IlfQ+c3wK73jA65BRNAt4h66bPn41dtQ+MN1QdaU77hpBOPv1Pep2ixAjMqxv98hE6 iIBN3sbPPX9MIEmcz9iI90o0NcrEiAXUaG7/z4Twee9C7z802hjrs935ugtUfsMgZ1 lZwGmZmbLt/KA== Received: by mail-io1-f71.google.com with SMTP id v5-20020a5d9405000000b0067c98e0011dso594795ion.1 for ; Thu, 28 Jul 2022 07:34:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=smAmLQDqaAhXYtvdpeSgEu24V4rDJU+98olXFW6DsY0=; b=mMeWOvtF0oieSbcLykIRLWb1iK1RpieUobt/gK9CzzognzTOT3k91fX85OFYtojkU7 +JANTo2nOTRfYl5/IR/x0bHPawoqgKpFQ9SfVd9wdBUt1ux9OFMMms+1+bkktKEet9SD nCX4EHF8fgeHnwU9sxbd+nm3w4RFwJzcKEV4XhjoVx1FewV+dGkD6OjyM0yg342geOrb FhnTfCgZmUw0GylnQy7u8D1gFVup1g6a/sHLIeWxnRwSj2Vxy0Vx2RZbNIee0z9a8Etu 63vVPsQ01c+d0ehlaUuoIKTns7t87IAefGwJHEUYP9utSyuYcvjZXXqRSvogloWa7Pi6 3rbw== X-Gm-Message-State: AJIora+6xe2w1SFo7gWGHdABmNXf8sTWZNr9cSj4ZnkaA1J8nMfRFYFb bVZYQ3VKlC7xvJEKjKBoKuL/xmBPHkynGNFP5YA30GabHD2oZVGYsxdIPy2IPOwKlz6vhRs+3e6 khED6JCcxyGOK9WASrSTTO2HgvkV1EwZijp8TDoto9zTfSJf2WRLfXyKmDQ== X-Received: by 2002:a05:6638:1312:b0:341:40a1:7e20 with SMTP id r18-20020a056638131200b0034140a17e20mr10730103jad.228.1659018851755; Thu, 28 Jul 2022 07:34:11 -0700 (PDT) X-Received: by 2002:a05:6638:1312:b0:341:40a1:7e20 with SMTP id r18-20020a056638131200b0034140a17e20mr10730093jad.228.1659018851534; Thu, 28 Jul 2022 07:34:11 -0700 (PDT) MIME-Version: 1.0 References: <20220728122602.2500509-1-cascardo@canonical.com> In-Reply-To: From: Dimitri John Ledkov Date: Thu, 28 Jul 2022 15:33:35 +0100 Message-ID: Subject: Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available To: Borislav Petkov Cc: Thadeu Lima de Souza Cascardo , linux-kernel@vger.kernel.org, x86@kernel.org, Peter Zijlstra Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 28 Jul 2022 at 13:35, Borislav Petkov wrote: > > drop stable@ > > On Thu, Jul 28, 2022 at 09:26:02AM -0300, Thadeu Lima de Souza Cascardo wrote: > > Some cloud hypervisors do not provide IBPB on very recent CPU processors, > > including AMD processors affected by Retbleed. > > Which hypervisors are those? How relevant is that use case? > > How do I reproduce it here? Azure public cloud (so it is Azure custom hyper-v hypervisor) these instance types https://docs.microsoft.com/en-us/azure/virtual-machines/dav4-dasv4-series booted as gen2 (UEFI boot, so Dasv4-series instance types). A particular one is chosen in our automated testing, and always fails. I believe more than one instance type from that series of instance types is affected. I haven't tested but https://docs.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series are probably affected too. It's a class of popular-ish instance types, meaning that it could potentially take out a class of users who due to availability, performance, and/or pricing choose to run their workloads on those instance types. Potentially causing them a major outage of being unable to boot and/or reboot. -- okurrr, Dimitri