Received: by 2002:a05:6358:16cd:b0:dc:6189:e246 with SMTP id r13csp1545528rwl; Fri, 4 Nov 2022 15:41:35 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4bdZTT+RYloHHFR5iLel2y1ohSvKDNOdiT2xJm2bmHXd0/0uxZdcZ+/zEebHdqHDur60m5 X-Received: by 2002:a63:105e:0:b0:46e:9bac:1c3 with SMTP id 30-20020a63105e000000b0046e9bac01c3mr31243058pgq.388.1667601695330; Fri, 04 Nov 2022 15:41:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667601695; cv=none; d=google.com; s=arc-20160816; b=LxghRDRWYykKmNVtLJlGcRaT/jMVjproMqgUgHNcu6ramfdn7czfy5xnb6W+Nbv5pI qH64Mzx7b6gGMjUg9h/QFy2tZ50MrkGn8F74OiUF27VkCr99B8r5kd+XuBH2ju8KoOtG avY0XvtQrA9LFNRgJL4Vz46VNqLZR63XUm3hHAtNOmFedp61cSSykHckSQw7VkcqPhsH 8x3XLxQEpzZed3On9zo+RyYM6kaQzaMdZjNLlr9ZzPYGo9aXI1SaM1whaac5zDmt1JZS DkkSp2x2KReaT+K6spI8jFtKrCTI77I+kCt7UVS7ujmUannyXMBMgzAy9kQGmW+7d4Lc KGiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9ru2O27KhwLVb1DWRXQb8XtQqCurqYDAL67PCWqMfqE=; b=eGzAELkctRGh61X/AcPMKPcT78zdhkwFgL7fb6/6lXBXq+DUDBuY/oD2Meo6jdZIHZ v+o1No/gP6uV+LA3TcLn8UzK1Xrpprx+CM1bpZUO2cM38M/0mearSgtZ0rMB9q7x9Ev6 lC5XeGIGtP3IaIeHWNAth8pltPEuqtpWLhEYT4qIr8GQD4Hma9arWgfHkVwkMFHjnS5n ddKF9G1qqOgegJ9RLA2LLTysugTiQKubMc/FmbQ8QyBo+OKmMyaRH4JIM+QbbrHHRtfP Qa5Xt6BZyQfNthIufk7+px7GjjhvbzRXSo7hvdp5Tv8oomzsAbeufoML1dXx7DZY/h0P /g2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=p5z1DkIl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y7-20020a170902864700b00186f608c511si767551plt.575.2022.11.04.15.41.23; Fri, 04 Nov 2022 15:41:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=p5z1DkIl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230017AbiKDWBA (ORCPT + 97 others); Fri, 4 Nov 2022 18:01:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229495AbiKDWA5 (ORCPT ); Fri, 4 Nov 2022 18:00:57 -0400 Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF407BC2E for ; Fri, 4 Nov 2022 15:00:56 -0700 (PDT) Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-13ba86b5ac0so6994730fac.1 for ; Fri, 04 Nov 2022 15:00:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9ru2O27KhwLVb1DWRXQb8XtQqCurqYDAL67PCWqMfqE=; b=p5z1DkIlfx8i6AFUMDT/HshPZbplUxGPOa98ZuyhLM+4EdBOr+wIzBhw2b2/4CxMEQ 0+7AmUHdoOPEOw2BMwCbpy6N5TGdtONibPiVtSHpm44nafbKshwffZgG4/x7owqOjORU g7z6ub2sAkT+IrWAvrMFh6EKsZlR/WuMtYF1oLL8Dwt5cmUYxvPsYc5P6gDB5pgq6OFh yxlTHRxs2XWQweRJ42RypWc+ltWhJTqpFBH0d52eDjnWvdxJfrMd+/8LyuQfg7X5hh3M 2ON9mWd+97DPM5nYE8ZazS7svxlZAl8gP6US0A38vxeXncc6JYPBL2a7925Sa62wG9Vd lEOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9ru2O27KhwLVb1DWRXQb8XtQqCurqYDAL67PCWqMfqE=; b=Bnanu9hzuSJc7pFzuos9bZb4LQ+IUUetIikmD3XJUqIYD/pT+u6NedgCgi9VI6qXF+ itNuVPzySNqOh/Ueo28AXr3/vGxHORzrbQGipcxu4z/5ygfpm6ZBic2NMnKQCq0gDSsJ 6l5VuVegpbvy8XJk5ofokLMaf6o3ZadWnoxafnWbBG9vKjdYlCXDllEW7ZQNGcxxp0ZZ koUnFwK4zKyjKEVglOA0+4WT/m37Gtg5Tz4SZnGP1SwzoVMZg4vR38eBWXzrT46fwSEg cvboExR84zjTPUaR5oSDUX8mMCkQiGSQYJ2j72APsHEcPuEj7btEXHlzBDY24OQ4JpKV hc7Q== X-Gm-Message-State: ACrzQf3coToxYRKaPMnsxsW10x54svNSWXTlmugP/YyWmemlbylGNu54 S509NyrmlR/FlAoGOlvWAwFkuFdLs3q41qdsaK3GEQ== X-Received: by 2002:a05:6871:8a3:b0:13b:18ef:e8df with SMTP id r35-20020a05687108a300b0013b18efe8dfmr22205078oaq.181.1667599255959; Fri, 04 Nov 2022 15:00:55 -0700 (PDT) MIME-Version: 1.0 References: <20221104213651.141057-1-kim.phillips@amd.com> <20221104213651.141057-4-kim.phillips@amd.com> In-Reply-To: <20221104213651.141057-4-kim.phillips@amd.com> From: Jim Mattson Date: Fri, 4 Nov 2022 15:00:45 -0700 Message-ID: Subject: Re: [PATCH 3/3] x86/speculation: Support Automatic IBRS under virtualization To: Kim Phillips Cc: x86@kernel.org, Borislav Petkov , Boris Ostrovsky , Dave Hansen , "H. Peter Anvin" , Ingo Molnar , Joao Martins , Jonathan Corbet , Konrad Rzeszutek Wilk , Paolo Bonzini , Sean Christopherson , Thomas Gleixner , David Woodhouse , Greg Kroah-Hartman , Juergen Gross , Peter Zijlstra , Tony Luck , Babu Moger , Tom Lendacky , kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 4, 2022 at 2:38 PM Kim Phillips wrote: > > VM Guests may want to use Auto IBRS, so propagate the CPUID to them. > > Co-developed-by: Babu Moger > Signed-off-by: Kim Phillips The APM says that, under AutoIBRS, CPL0 processes "have IBRS protection." I'm taking this to mean only that indirect branches in CPL0 are not subject to steering from a less privileged predictor mode. This would imply that indirect branches executed at CPL0 in L1 could potentially be subject to steering by code running at CPL0 in L2, since L1 and L2 share hardware predictor modes. Fortunately, there is an IBPB when switching VMCBs in svm_vcpu_load(). But it might be worth noting that this is necessary for AutoIBRS to work (unless it actually isn't).