Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7427358rwd;
        Tue, 6 Jun 2023 10:31:25 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ5/XM8dSnlGs8j8N8/fwBYQdod2NHQFZNiGPcmz33hDBsTHoucweEFHq1I1peEnHnyIcYRE
X-Received: by 2002:a05:6a20:1585:b0:104:ffd0:232a with SMTP id h5-20020a056a20158500b00104ffd0232amr441730pzj.8.1686072685388;
        Tue, 06 Jun 2023 10:31:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686072685; cv=none;
        d=google.com; s=arc-20160816;
        b=UK62O07h12u1ovFuoPVPZ8ZcvepkWz4fYe8VS4KyHnipZIDe7FEEKULnnKX23QWZKU
         6nlVl/jdmGzukQp85EcLHHYJdJKrKpf0tpguvodYCm8p8JjTT3ro4oQ9QImzv0ET8225
         SAd4uaYYZ6DSgIIJtTH3eCozdQzjZa9UIDjWkLEGTVT/TcNRLBF/8q2Bhx8rQIWZmB4K
         84PXoRa661c2Tla2Xr2Q4I7NxjIP7smiSl/Ilre0LOYpj33SsfGgYxMBshBE9enlR1u3
         op4lSB6n8hTGytlPwMSlXh7bUPyA9MdiFlchnKMwY2zI0BX3ChsXR7O70afs0W0CfM/t
         Lx4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:dkim-signature;
        bh=vWfghhT+K/VvYdIHsaVVRXfigb3NJPqkB0cgBd8gNOA=;
        b=o1tKLO7gFxtrmYkyHBBpY4NzJ6Xo/FEgNjE7sMIijBCb/l5L8hQjYSF/CkLqw69Uj+
         74LPSU/1Xkw1hJqzOCEqL+OIuw0OCmp9UciDGXbyAUHOsIEftMwYlFP0BusEtrUxBXkC
         OQuXSwfVMgafb+cNIC5YVbkpXBvfS5xAfbN82aC5LZTlL0cHZ921cWsMsbJahcS3BBh7
         wWYvIOY++oB5Y2vhV8WzJuKS3jndQALgDFT73emz6J76nQ+rliDqyXh0gJ5uHILemmQj
         0UJvxA3ttQTHD+mriCrqXWuKhUIZjZd7krwNbuGYikKYzZgKw+SOioIqv6xJoHXJ6n5t
         WPVQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=iEDqIHux;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l21-20020a637015000000b0053fb768afc8si7790122pgc.748.2023.06.06.10.31.11;
        Tue, 06 Jun 2023 10:31:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=iEDqIHux;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238187AbjFFQyn (ORCPT <rfc822;abrown110010@gmail.com>
        + 99 others); Tue, 6 Jun 2023 12:54:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45288 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238168AbjFFQya (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Jun 2023 12:54:30 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42E6010EB
        for <linux-kernel@vger.kernel.org>; Tue,  6 Jun 2023 09:54:29 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-565d6824f2dso93877207b3.0
        for <linux-kernel@vger.kernel.org>; Tue, 06 Jun 2023 09:54:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1686070468; x=1688662468;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=vWfghhT+K/VvYdIHsaVVRXfigb3NJPqkB0cgBd8gNOA=;
        b=iEDqIHuxrXw0gIUvL9P7CFRGySn8VWahksHLrzLIsF04F3kpysyg/ZXXPgX1/Oq0Cg
         uNZwWVM0lmG1i9F7IvLGtcvDZxah8CCzeFmyYd8JeZI2cirpwt8HxgWG6YNxcZ/oyeHa
         Shr68eC/Tvns2OgiaZBrBLT4BmA8I7jF4xpC5y8+kZuzzOkVQcp5L55EaqRj+XlgqlfZ
         Gv17+BTmWt1BakRBdxSu5TYg8+VYNMtb+aPTYbMhfPJ/FZ2xN1jI3sKNVB31LT/1zIzf
         AT1jmu9pwQeIqWTDkhnxgRX4LBjvB9V3rKWEN9NGRmT9IyKYu0qddHc/5qvolsBdo1QK
         u8Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686070468; x=1688662468;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=vWfghhT+K/VvYdIHsaVVRXfigb3NJPqkB0cgBd8gNOA=;
        b=Bm+ziV8ubC3yr11e41z1grvG0BETsllcZxOrAv1kBdjTIDD+EY1rHTWlw5APjD2lbV
         M5bp2G7sICmPASfLunJ7Sv02TF79fMsDuVq9oz4G2dKsuC/ASrZr80WQE6VVfq/JFopw
         zvdjN0xWW/jBNvAQOZPu4xyTrzpWCwGFK+C7M7Zk9GN2Y8sTeMACayEdHXUO04/yxsKL
         Pcth+PkojIcYqt6O+c0Q/1KhluTAlovTzgvkDlg0DZHLZLDl4GcPQ8hjFFdDHJNM1jnF
         jS6/byqbN7Xfh72WoLQYCPpVwDN8wqpiuhdsFGguOp82ZiwGCpn1Oa+eb67X4p1SpSEf
         nQiw==
X-Gm-Message-State: AC+VfDwuOr2omDxhiTz0GgrM9wWFjE1rP4INGCzLe14jQruZQSfJ7xHR
        3wKofGwjVa3AnuC8hqO9UOtScxIxEls=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:d208:0:b0:564:c5fd:6d98 with SMTP id
 x8-20020a81d208000000b00564c5fd6d98mr1286497ywi.10.1686070468519; Tue, 06 Jun
 2023 09:54:28 -0700 (PDT)
Date:   Tue, 6 Jun 2023 09:54:26 -0700
In-Reply-To: <ZHQdlSY2tsdGyCPs@chao-email>
Mime-Version: 1.0
References: <20230506030435.80262-1-chao.gao@intel.com> <b472b58d-0469-8a55-985c-1d966ce66419@intel.com>
 <ZGZhW/x5OWPmx1qD@google.com> <ZHQdlSY2tsdGyCPs@chao-email>
Message-ID: <ZH9kwlg2Ac9IER7Y@google.com>
Subject: Re: [PATCH] KVM: x86: Track supported ARCH_CAPABILITIES in kvm_caps
From:   Sean Christopherson <seanjc@google.com>
To:     Chao Gao <chao.gao@intel.com>
Cc:     Xiaoyao Li <xiaoyao.li@intel.com>, kvm@vger.kernel.org,
        Paolo Bonzini <pbonzini@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
        "H. Peter Anvin" <hpa@zytor.com>, linux-kernel@vger.kernel.org,
        Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 29, 2023, Chao Gao wrote:
> On Thu, May 18, 2023 at 10:33:15AM -0700, Sean Christopherson wrote:
> >FWIW, this trainwreck is another reason why I'm not going to look at the proposed
> >"Intel IA32_SPEC_CTRL Virtualization" crud until external forces dictate that I
> >do so.  I have zero confidence that a paravirt interface defined by hardware
> >vendors to fiddle with mitigations will be sane, flexible, and extensible.
> 
> Hi Sean,
> 
> Just to confirm we are on the same page:
> 
> "Intel IA32_SPEC_CTRL Virtualization" series consists of 3 parts:
> 
> 1. Expose BHI_CTRL, RRSBA_CTRL to guests. They are hardware mitigations to
>    disable BHI and RRSBA behaviors and can be used by both guest/host.
> 
> 2. Enable IA32_SPEC_CTRL Virtualization which is a VMX feature. This is for KVM
>    to effectively lock some bits of IA32_SPEC_CTRL MSR when guests are running.
> 
> 3. Implement the paravirt interface (the virtual MSRs) for guests to report
>    software mitigations in-use. KVM can utilize such information to enable
>    hardware mitigations for guests transparently to address software mitigation
>    effectiveness issues caused by CPU microarchitecture changes (RRSBA behavior,
>    size of branch history table).
> 
> As per my understanding, your concerns are primarily focused on #3, the
> paravirt interface, rather than the entire series. Am I correct in assuming that
> you do not oppose #1 and #2?

Yes, correct.  I definitely recommend posting #1 and #2 separately from the
paravirt interface, I ignored the entire series without realizing there is real
hardware support in there.

> You previously mentioned that the paravirt interface was not common [1], and
> this time, you expressed an expectation for the interface to be "sane, flexible,
> and extensible." To ensure clarity, I want to confirm my interpretation of
> your expectations:
> 
> 1. The interface should not be tied to a specific CPU vendor but instead be
>    beneficial for Intel and AMD (and even ARM, and potentially others).
> 
> 2. The interface should have the capability to solve other issues (e.g,
>    coordinate mitigations in guest/host to address other perf/function issues),
>    not limited to software mitigation effectiveness on Intel CPUs.
> 3. The interface should be extendable by VMMs rather than relying on hardware
>    vendors rolling out new spec. This enables VMM developers to propose new
>    ideas to coordinate mitigations in guest/host.

Ya, that's more or less my opinion.  Even more than allowing VMM developers to
extend/define the interface, I want the definition of the interace to be a
community/collaborative effort.  LKML has active representatives from all of the
major (known) hypervisors, so it shouldn't be *that* hard to figure out a way to
make the interface community driven.

Note that it doesn't necessarily have to be VMM developers, e.g. many of the
people that are intimately familiar with the mitigations aren't virtualization
folks.

> Please let me know if I missed any key points or if any of the above statements
> do not align with your expectations. 
> 
> [1]: https://lore.kernel.org/all/Y6Sin1bmLN10yvMw@google.com/