Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp562755imn; Thu, 28 Jul 2022 09:00:22 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t2XUfItZprPieR16OPoRNHv96fjgh8VtqFGRJQD4BUBwyk/TPsbblEhBV2Lqq+hV15+kkD X-Received: by 2002:a05:6402:4148:b0:43b:7f36:e25f with SMTP id x8-20020a056402414800b0043b7f36e25fmr27777488eda.407.1659024022100; Thu, 28 Jul 2022 09:00:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659024022; cv=none; d=google.com; s=arc-20160816; b=kdavSmFXi0t1+j27AeZ4u30aajZryllXHvJIFJLN/vksuFfjbihiTkUdSILBQ5igdP NizbODOP/UCyput7Uiv8yuc9Xcv6s4GJ82HFQjTkAuQ4ok5psIXnIzJ2phC0HvUmxHzR ZuxZbFxP632RsN/dNFBOymT0YD/pI1KRW/6Wx2NTiwZBBCZ29nl0AwzwGJJJo8O8+4Ne oT9QFZdJtiTnMS2eweo9GVPWZ8XRh7Nj6z5itI9USVnOfAo3N6HKYHtgFGRJLG5UEL0q 0eeoPLQojfVqSvAMMMdaURM+MJ8pM9gkv8OpP682vFg3B47Flf0xgwvVJJ5byOJqT4KY 0Gzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=XryKy09UuWtP8D8t3mI1EtihwsObFJOpejpf+3O7+6M=; b=KPZwQHEkG+ZL2L5dYeFps+LehootK8cPJlOLyg/atHFeVjfJO3Rm6ApgfLCGmVV5hu f4JgdxqukKDTuT4sqr/ovIMFKoGaaKW/kctyZichcv91rwKuspOKSU0RD7xvqDyNn4Lj LjyRQ6eQnWcKAUQA+uqgUel80EI8heFJTiEdm0FRSYzawyFJjF74sfL+yTab+P3mel1o XWv2NFsaIRsk4zoIXRGQ1kEvmlWgS01F/w3Fs9jYHTm8GSUhsE4naVhOia+XRSBXEeJx ySo1vxt3o2r87o2CSWF6FDkW5b213Xgi+OQF/ZO+RQyoXj7gDS6l0D1SqhN17VBXEWuP f0fA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=N4atjYjS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o6-20020a170906774600b0072f22d91836si856990ejn.541.2022.07.28.08.59.56; Thu, 28 Jul 2022 09:00:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=N4atjYjS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231598AbiG1PuW (ORCPT + 99 others); Thu, 28 Jul 2022 11:50:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230265AbiG1PuU (ORCPT ); Thu, 28 Jul 2022 11:50:20 -0400 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 297712642 for ; Thu, 28 Jul 2022 08:50:18 -0700 (PDT) Received: from zn.tnic (p57969665.dip0.t-ipconnect.de [87.150.150.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 6B3DA1EC06A7; Thu, 28 Jul 2022 17:50:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1659023412; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=XryKy09UuWtP8D8t3mI1EtihwsObFJOpejpf+3O7+6M=; b=N4atjYjSlxbOF970f9MDxwHhojViIeynh9Dl2VSqpOgL+/CYZAxHFs4Bq6csVhNq8/t9sT YMEgfe7Kg03FUPX48hjvuF6V2hbOFIwBBxpbWBoqkeWQHgrjnfX2nVLhjW15Rffh26XgrP bksM+hMcuIFae0xqM5mMfqmfZwHBE8I= Date: Thu, 28 Jul 2022 17:50:06 +0200 From: Borislav Petkov To: Dimitri John Ledkov , Thadeu Lima de Souza Cascardo , Andrew Cooper Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Peter Zijlstra Subject: Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available Message-ID: References: <20220728122602.2500509-1-cascardo@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org + Cooper to sanity-check me. On Thu, Jul 28, 2022 at 05:18:31PM +0200, Borislav Petkov wrote: > On Thu, Jul 28, 2022 at 03:33:35PM +0100, Dimitri John Ledkov wrote: > > Azure public cloud (so it is Azure custom hyper-v hypervisor) these > > instance types https://docs.microsoft.com/en-us/azure/virtual-machines/dav4-dasv4-series > > Thank you both for the info. > > Virt is an awful piece of sh*t when it goes and emulates all kinds of > imaginary CPUs. And AMD machine *without* an IBPB which is affected by > retbleed. Well, f*ck that. > > Does that say somewhere on azure that those guests need to even enable > the mitigation or does the HV mitigate it for them? > > Because I wouldn't mind to simply disable the mitigation when on a > hypervisor which doesn't support IBPB. So for 5.19 we probably should take the one-liner just so that we release with all known issues fixed. Going forward, I'm thinking all that FW-mitigation selection should go into a function called something like firmware_select_mitigations() which gets called at the end of check_bugs(), after all mitigation selectors have run. And in there, the first check should be if X86_FEATURE_HYPERVISOR and if set, not set any mitigations for firmware calls. Because, frankly, is there any point in protecting against firmware calls in the guest? The guest firmware is part of the hypervisor which gets supplied by the guest owner or cloud provider or so. In the former case you probably don't need protection and in the latter, you don't have a choice. But I'm unclear on the fw-in-the-guest thing - I'm sure Andy has a better idea... Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette