From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ehabkost@redhat.com>
X-Google-Smtp-Source: AH8x2258T1Owkhrg/WO5NebIKwOy1DfsGkupCqJPXugKSdaqU+QMtW63BSItEH6qStQbhuMCfY3P
ARC-Seal: i=1; a=rsa-sha256; t=1517256851; cv=none;
        d=google.com; s=arc-20160816;
        b=CrsOSXg+6Fv3l/dyWTZBFQGxwvmzP/piFfzVD0ovpawWRVIXSzvG5Pf0PJBAm6jlcP
         oN5oTOwouLkmZxgxackTEf8I2for/1L4SAdGCCv7xweXpiTurAtvJkOgZteiGaOHFGk1
         1rIowZV5JEBEI1kRlYrmrS2+t3UP5PCMKubwReAurocx9S5wQ9z6g7wFeIh/tr3mHX+F
         730sdlJ/AJz+YmlFYFSq4bwp2aXV+0qhoRCuq8SJn54rfUuts7owlUq6MkX8QnUrtNd2
         qAFQb9OO1zqLgh+db65WaMRzWByl2G+zegp06jEsFkgB/PljdWhE9jhsjsHrcOm4OC0B
         B+AA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :message-id:subject:cc:to:from:date:arc-authentication-results;
        bh=pzKjgOHr6ONEpDsORrf6/GFBiiRmHPn52Yom0V+t9Rw=;
        b=HJlIK5Rj92ekMCuJwoTVQnEVVQQfju4gBDN4RtkdRF0U0HTl59UoS0Ceb1IY1YBn75
         VHYhKIS98JtxomwLq6/tr/8qGcnh9QVwS99E2tfrqIwu2UdXsPFCa81sKFPyWvHboIkW
         y3meSedZL8jVkqDE65Xu5fP66fw8MTtIIW/jf1h50k/VAyqW4dfJW9wwMY6VE5MoTwaR
         raQHXpt1alynK7f2NKuwtSJcgJ7u3Sr2ke4csRLCPjO5wZTAtoqHbFahYzP/3fntDpFp
         Ld2IEMgoURrHRROTz1EA0GocOKdE6GdjNaXMEopjYFDqbcgKA2IeKdxT7ykcGMFbIH+W
         IsCA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ehabkost@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=ehabkost@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ehabkost@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=ehabkost@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Date: Mon, 29 Jan 2018 18:14:04 -0200
From: Eduardo Habkost <ehabkost@redhat.com>
To: KarimAllah Ahmed <karahmed@amazon.de>
Cc: linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>,
	Borislav Petkov <bp@suse.de>,
	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
	Joerg Roedel <joro@8bytes.org>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Laura Abbott <labbott@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
	x86@kernel.org
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support
 infrastructure
Message-ID: <20180129201404.GA1588@localhost.localdomain>
References: <1516476182-5153-6-git-send-email-karahmed@amazon.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1516476182-5153-6-git-send-email-karahmed@amazon.de>
X-Fnord: you can see the fnord
User-Agent: Mutt/1.9.1 (2017-09-22)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140581449802182?=
X-GMAIL-MSGID: =?utf-8?q?1590959120596132651?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Sat, Jan 20, 2018 at 08:22:56PM +0100, KarimAllah Ahmed wrote:
> From: David Woodhouse <dwmw@amazon.co.uk>
> 
> Not functional yet; just add the handling for it in the Spectre v2
> mitigation selection, and the X86_FEATURE_IBRS flag which will control
> the code to be added in later patches.
> 
> Also take the #ifdef CONFIG_RETPOLINE from around the RSB-stuffing; IBRS
> mode will want that too.
> 
> For now we are auto-selecting IBRS on Skylake. We will probably end up
> changing that but for now let's default to the safest option.
> 
> XX: Do we want a microcode blacklist?
> 
> [karahmed: simplify the switch block and get rid of all the magic]
> 
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
[...]
> +	case SPECTRE_V2_CMD_FORCE:
> +		/*
> +		 * If we have IBRS support, and either Skylake or !RETPOLINE,
> +		 * then that's what we do.
> +		 */
> +		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) &&
> +		    (is_skylake_era() || !retp_compiler())) {


Sorry for being confused here, as probably the answer is buried
on a LKML thread somewhere.  The comment explains what the code
does, but not why.  Why exactly IBRS is preferred on Skylake?

I'm asking this because I would like to understand the risks
involved when running under a hypervisor exposing CPUID data that
don't match the host CPU.  e.g.: what happens if a VM is migrated
from a Broadwell host to a Skylake host?



> +			mode = SPECTRE_V2_IBRS;
> +			setup_force_cpu_cap(X86_FEATURE_IBRS);
> +			break;
> +		}
> +		/* Fall through */
>  	case SPECTRE_V2_CMD_RETPOLINE:
[...]

-- 
Eduardo