Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp2858013rwj; Mon, 19 Dec 2022 09:37:14 -0800 (PST) X-Google-Smtp-Source: AA0mqf5DXE/Rjj6nwL8jQAQiwdc2ucvzwdcZe/zwH0J4BtR/vwLkBKeEYqlAz3zO8iPOj/yj22J/ X-Received: by 2002:a17:906:2a95:b0:7ad:b14e:d108 with SMTP id l21-20020a1709062a9500b007adb14ed108mr18056954eje.66.1671471433741; Mon, 19 Dec 2022 09:37:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671471433; cv=none; d=google.com; s=arc-20160816; b=OVbvYsQUg4Cszi7A2F4LYFNPw9XQtujHEaKn4sxo/57tdG/FFOIVmY0NzCs/pKkYB9 3yQIuRR5ZuypTgf1S3p336HffjRZUtTLLIGMGMO3MV9QaHsbEEhnuB01oHm1xsWbYORE te5k7kbyWmpk2dLJFhUxaXrlJ1txhy8VFfS1sDZAfhfUWtjmAQel7R46tQihRjVeX3uG veTWFjNOBUUNE63Il7Rf4lxDFT7hkQ7pJJZ9LjuZgrEHMa8UDrBFpPSCjp44EMluECTT oxcehA2WAplu6rgGLt9RrpN9Ef8jF5d+VsAfCAUZvlhGBcbSsJoUPGCAe/YY/TyPedCn qF2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=o8HDc6dT9joGnG0gM3Tw5fM1Y1kizsgnHmZfvE7ewTk=; b=rbix1SeEWZX8fkGU+rn32s5PcJ5I6hyC8ATv6YHM8eK8KMY668xwkY9HpVfReSnA7x 5obVaCfJ7be5byd0uG5S36GIAe1/l8Hs/FtdKqwKK+g46HmDb0TU/UsmCF+Z3DC4eE7G QAObSgVftBCHTgF6CCqzLOUGmfcPtH6Ngak1yA2tvz6lguopLohyuORdXFMGJS+fzpsA 0dNAnCdxswCKI0r/GBbkqPB1ff/kEITGGfepdyZ1rUZvy8d4RqTKh/vnnvIoeuJt61yf pusnH6ARhkuJS15G/sfrwGRvpMRO4Bv4c9qPIVbpF4H2sPunnUxpyXaJvlgDZc4zyjjs kkyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=YhR1xiT0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hq15-20020a1709073f0f00b007ea638b5670si8927627ejc.485.2022.12.19.09.36.56; Mon, 19 Dec 2022 09:37:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=YhR1xiT0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232095AbiLSRON (ORCPT + 70 others); Mon, 19 Dec 2022 12:14:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231447AbiLSROL (ORCPT ); Mon, 19 Dec 2022 12:14:11 -0500 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11D5C6471 for ; Mon, 19 Dec 2022 09:14:10 -0800 (PST) Received: by mail-pj1-x102b.google.com with SMTP id n65-20020a17090a2cc700b0021bc5ef7a14so9537570pjd.0 for ; Mon, 19 Dec 2022 09:14:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=o8HDc6dT9joGnG0gM3Tw5fM1Y1kizsgnHmZfvE7ewTk=; b=YhR1xiT0G8FBVLG4nJ7wyz0mwaCakcQ8zSxJN8XRMcoomBHQBF2s4yfFSUkKVORwII bxpniJ4SxJ36LlZU9hk367x2Z+5rIBF3V0A5DpiQ6xGZM0gzmVwwl1t5pLSGio/O7u/A ngVFBIpD447Cz0UH2XAPfSeSw2XayP5fw5NTudPakDqqe3n1YQZBP3Qja9+F3l4sAi4c Sn53AFhPs5jWQxHskDdW+U4ehLe9k3WzrXVJ1dPTR4/z80LJscC+5JToN19Wd1H2xDCk sENCCk2RzauNypk5LI5YUbTo+pgQtS9xLlE38Xau0R2Du5uLrgAvCp+krPBd2Nsw6xKG yx0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=o8HDc6dT9joGnG0gM3Tw5fM1Y1kizsgnHmZfvE7ewTk=; b=FArrDGEHj68A+mv7J2PLaUhR9Yl5erZcKHCJDKEA6X+dJJMUHYttbUKQA0kTS0pde/ QfJopnaeEOulIXl/Nr97w9iGaogU+e0P9m6qL481+iNdrrPXvGz36jK+59ZqTpCPn7ke mb+Cp0zlYdaPogVyczivSRPvF3ARKUhMDi1xzlZv+KaCTdD7kP3KkUiPOUE2MMUYtnY5 TBKbwVrIf5yHqOsINl6A+J6oZaUPwggA9nC1MWDCc/a2WMXOQFgyC0sbXYOyKuwhU51O XeMhydwWaFt3R92sim3GuHGUMmvXUZNEk5uwkvvSvM9Yo7ydVRWHrKIM0v5T40QPggE8 +pwA== X-Gm-Message-State: AFqh2krqe46SzdmdsOL9e7c17Icwlwq00R7oSzs+KW2HBS1Ui8cTCjnI zSGV4vapUAbNfL5g/lt/kMDzug== X-Received: by 2002:a05:6a20:c1a4:b0:a3:d7b0:aeef with SMTP id bg36-20020a056a20c1a400b000a3d7b0aeefmr1680834pzb.0.1671470049442; Mon, 19 Dec 2022 09:14:09 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id i3-20020a631303000000b00478fbfd5276sm6532260pgl.15.2022.12.19.09.14.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Dec 2022 09:14:04 -0800 (PST) Date: Mon, 19 Dec 2022 17:14:00 +0000 From: Sean Christopherson To: Chao Gao Cc: Zhang Chen , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Pawan Gupta , Paolo Bonzini , "H. Peter Anvin" , Dave Hansen , Borislav Petkov , Ingo Molnar , Thomas Gleixner Subject: Re: [RFC PATCH 5/9] x86/bugs: Use Virtual MSRs to request hardware mitigations Message-ID: References: <20221210160046.2608762-1-chen.zhang@intel.com> <20221210160046.2608762-6-chen.zhang@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 19, 2022, Chao Gao wrote: > On Wed, Dec 14, 2022 at 08:18:17PM +0000, Sean Christopherson wrote: > > To me, this looks like Intel is foisting a paravirt interface on KVM and other > > hypervisors without collaborating with said hypervisors' developers and maintainers. > > > >I get that some of the mitigations are vendor specific, but things like RETPOLINE > >aren't vendor specific. I haven't followed all of the mitigation stuff very > >closely, but I wouldn't be surprised if there are mitigations now or in the future > >that are common across architectures, e.g. arm64 and x86-64. Intel doing its own > >thing means AMD and arm64 will likely follow suit, and suddenly KVM is supporting > >multiple paravirt interfaces for very similar things, without having any control > >over the APIs. That's all kinds of backwards. > > But if the interface is defined by KVM rather than Intel, it will likely end up > with different interfaces for different VMMs, then Linux guest needs to support > all of them. And KVM needs to implement Hyper-V's and Xen's interface to support > Hyper-V enlightened and Xen enlightened guest. This is a _real_ problem and > complicates KVM/Linux in a similar way as multiple paravirt interfaces. I never said the PV interfaces should be defined by KVM. I 100% agree that any one hypervisor defining its own interface will suffer the same problem. I think having a PV interface for coordinating mitigations between host and guest is a great idea. What I don't like is tying the interface to "hardware" and defining the interface without even trying to collaborate with others. > The use case of this paravirt interface is specific to Intel CPU microarchitecture. Well yeah, because the interface was designed only to work for Intel CPUs. > Supporting multiple paravirt interfaces may not happen in the near future if there > is no use case for AMD and arm64. I'll take that bet. The vast majority of problems that are solved by PV interfaces are common to all architectures and vendors, e.g. steal time, PV spinlocks, async page faults, directed yield, confidential VMs (GHCB vs. GHCI), etc. I highly doubt Intel is the only hardware vendor that will ever benefit from paravirtualizing mitigations.