Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2565671rwb; Mon, 7 Nov 2022 15:04:51 -0800 (PST) X-Google-Smtp-Source: AMsMyM5p6dCQqSSUgpSdAc698ZXNnsMFKi2DYV/pjWbeIUe7ANvK783YbQr+nZ2WRunBPAMFdBau X-Received: by 2002:aa7:c792:0:b0:453:98b7:213c with SMTP id n18-20020aa7c792000000b0045398b7213cmr52389827eds.159.1667862291553; Mon, 07 Nov 2022 15:04:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667862291; cv=none; d=google.com; s=arc-20160816; b=BDwaNXCNq70Hq6o6PnQ/Y35/uxqWIK0QPUasqfY7bMhy+c1WQ6Fj5sJoQFgVL1ubYr xd6xUbrqwEHWAK55psF1v8MoEOcTCxXRaq8YWGa7Mg1qdMX9Ym6ivEfY+fCf6uTrS673 vFqvGuo2AY5l2hkra95o7KRSKkTxabNG5beuUFJoF/JMvtbvdM8JFHt991V7UzYjpKcU huC8tzWHJAhC8NQTLLVfWrMixv/12ZjyLvoDi1+fri0HObnYMiWTfVT5T3A/L7AJdWku gLvZuGiWzkaGw5fzcEvE1dDAC26wa9fcJPZ5cBW6iji1gK0XJOHX2HasYi9zwuzxnJ1M HYQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vsChQ3Tg7BF0NokFjc4G7r9sJNrOBJh9/tEuPiQJZ4U=; b=nsWAyzMlEGFmJFoVmIZxcrPwuSQ31Dl1alKM2Zl4ZUIITNzkjH1c8Te/AZS6XVvE/D zzRLDPw7qu7C5G7lYvJLq/kY3sJgt905Mx3IcoA+ze0UbTMR0M9LKh8J7GbVyWiXVEKH UY8wV788O9/UdvkSi6e3ewZ6bDQLP4rqhRijKW2/fu4ldWSqtucvULDSPBFz1GA/KcDK KEqwQ+M7XnU35gzb0iVTq67tE0yeMIeGrCCHeoIMl8Lq3A75LJ9sJoXmalwYuzO8wKlb UjV8aFm50RVJqKFT7Djwn+OJ24nQ6NjHVyYXn1dZawIXKyjv3Un2e5RETRvhvD4hnS1K hzgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="OXhUPL/k"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id os18-20020a170906af7200b0076fa1e1274bsi7470829ejb.202.2022.11.07.15.04.29; Mon, 07 Nov 2022 15:04:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="OXhUPL/k"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232533AbiKGWmz (ORCPT + 91 others); Mon, 7 Nov 2022 17:42:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232518AbiKGWmv (ORCPT ); Mon, 7 Nov 2022 17:42:51 -0500 Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com [IPv6:2001:4860:4864:20::32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B4882AE14 for ; Mon, 7 Nov 2022 14:42:49 -0800 (PST) Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-13d9a3bb27aso13609252fac.11 for ; Mon, 07 Nov 2022 14:42:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vsChQ3Tg7BF0NokFjc4G7r9sJNrOBJh9/tEuPiQJZ4U=; b=OXhUPL/kJdt9DnBObe1Id8rcIBkiCprGnHElQF9Iy72vdVdarJzoUqRkqUVcPc7uag 3KFtCnuZdO3NjW9xDDeXQzRQl6OLXUXK5LXiB6hiuFGItYJiR17DTewS2jdhjqnqD+g1 8i7zh7bAUKWVq+/WpnzdNJSqMX94gYuoLAAXBGMCNFGmzw/RWpiD6eGSEQDDtr3pf+Vl VkWVvSvyNra/fAtqrtLDLtOm5du81bi0bVzLElJByceuBY6/aN3S5ipPTbnzdGxV5nWt ecIRbD2AlUVWIt51t/NEpt+Lw9Nap4WU64BAusqpScSDeYr6V+47+CEj/iA6AJlznbxc tedQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vsChQ3Tg7BF0NokFjc4G7r9sJNrOBJh9/tEuPiQJZ4U=; b=c27h3q/VoC7d+EY8sws2lz1jMKVuyvaZuAcKtrLpmUC0bCa6AtgUnw4V1KbOHDuSmK wHuB89/m1dAxFzazi2te7PEfIt9BRAOhauRGETzRkdvzRpXXhLOFftfQqC+RzXp2Tz68 YKXfFgoGLd/sbJxOz6qLotx+/ofhr2Q+gLRVOnRr7pS4S/5YAIcgWAXJyVU0xbL0+N5p Nyf64lrIBrw6cWJpmjA0hASfRx8/e7NVMHP1x4THZe8tkugZqtYLCNLKP+lItJjlOst/ ag0PZ29JRCQrOblWtxAAKZ906zZ4rLfs5nzp8eJI4cDa/BUNjTyQFd5is9gFiGAEEayX 6v2A== X-Gm-Message-State: ACrzQf3L6FJTRWARqmWWwZNQiA1JoN8apyfZOTrRSXtUvNe1gSfod304 Won1Qe7X9glZShLT0y286sZrvUqLtxngaPBQwPkAUA== X-Received: by 2002:a05:6871:8a3:b0:13b:18ef:e8df with SMTP id r35-20020a05687108a300b0013b18efe8dfmr30681436oaq.181.1667860968566; Mon, 07 Nov 2022 14:42:48 -0800 (PST) MIME-Version: 1.0 References: <20221104213651.141057-1-kim.phillips@amd.com> <20221104213651.141057-4-kim.phillips@amd.com> In-Reply-To: From: Jim Mattson Date: Mon, 7 Nov 2022 14:42:37 -0800 Message-ID: Subject: Re: [PATCH 3/3] x86/speculation: Support Automatic IBRS under virtualization To: Kim Phillips Cc: x86@kernel.org, Borislav Petkov , Boris Ostrovsky , Dave Hansen , "H. Peter Anvin" , Ingo Molnar , Joao Martins , Jonathan Corbet , Konrad Rzeszutek Wilk , Paolo Bonzini , Sean Christopherson , Thomas Gleixner , David Woodhouse , Greg Kroah-Hartman , Juergen Gross , Peter Zijlstra , Tony Luck , Babu Moger , Tom Lendacky , kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 7, 2022 at 2:29 PM Kim Phillips wrote: > > On 11/4/22 5:00 PM, Jim Mattson wrote: > > On Fri, Nov 4, 2022 at 2:38 PM Kim Phillips wrote: > >> > >> VM Guests may want to use Auto IBRS, so propagate the CPUID to them. > >> > >> Co-developed-by: Babu Moger > >> Signed-off-by: Kim Phillips > > > > The APM says that, under AutoIBRS, CPL0 processes "have IBRS > > protection." I'm taking this to mean only that indirect branches in > > CPL0 are not subject to steering from a less privileged predictor > > mode. This would imply that indirect branches executed at CPL0 in L1 > > could potentially be subject to steering by code running at CPL0 in > > L2, since L1 and L2 share hardware predictor modes. > > That's true for AMD processors that don't support Same Mode IBRS, also > documented in the APM. > > Processors that support AutoIBRS also support Same Mode IBRS (see > CPUID Fn8000_0008_EBX[IbrsSameMode] (bit 19)). > > > Fortunately, there is an IBPB when switching VMCBs in svm_vcpu_load(). > > But it might be worth noting that this is necessary for AutoIBRS to > > work (unless it actually isn't). > > It is needed, but not for kernel/CPL0 code, rather to protect one > guest's user-space code from another's. The question is whether it's necessary when switching between L1 and L2 on the same vCPU of the same VM. On the Intel side, this was (erroneously) optimized away in commit 5c911beff20a ("KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02").