From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ehabkost@redhat.com>
X-Google-Smtp-Source: AH8x224ShFlZXY+ftDlJSUN8bGVub2u+Tyqfmk20+O+ZXxRM9k5d6HK0XK0qEilj8+PwJzlxrGFG
ARC-Seal: i=1; a=rsa-sha256; t=1517258579; cv=none;
        d=google.com; s=arc-20160816;
        b=tp+nKCvQUqQ9yimxAFIwJ0V6hJBtLdWJKnvx/v0Y4mA+m9Siwd6oz1n/p4rPsITbT3
         I2tD+zd3fVRFWr6VCgoUFnvCHHZvNfuEC60rC1mR4kXbJ0VfO0Tv9Ka1/yrMeRwe3+G/
         ynfHC1zdv7nDxzQbHvWKKMSUss9AlvmJGHqMk33Zro7GfXDYDGlZkqRRlV/E/4NNzB4C
         0J2XpHMu44Hcz2bQtyU8if23eRf6e4dBd7FhldsxnLgr+nJ1ZNrOaiS+oGuIwPWE92jd
         GUJ7OIiZzjJWEX8IGLW5/7MlZToos0DMX+tqjgrCs0Xs2mD2ir9Jn5/7KmrPz5D38Pn+
         X6vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=chkV2+9j7BFeffIouz/9oWwnBRGacAVfbQKi+w0NDFs=;
        b=PrkH942JhqvE3bCwMratkNKeWAPtp8mp7iVFE2HS6C0aQEyVoReiBEgYa1GMaf/WaB
         Reci41dvemlaY8OaGT07WFbyWxTilapgGvl+0iRS7fbkD7P9ONZZKFQZMZm2Cp4epjPG
         QLQDJ6r4gwpBCC55q3NvvJY7ttMFL57pTqqTUrj8xEt7Wy7xHEjDMxEJ6eABthH6N1nW
         lrPTzbpAeZyTwjilsLjrDexskDsf2M3h7Kf5ryhNYYfJvJcK4HGc6E3TNlj1Y1h/t+2Y
         wFMpvyDeN1KSEZNUqa4LyCWr2S4eIbLxOrbp7sO67cxWyZDGKoZtt+/54728mg4l5tTC
         WlEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ehabkost@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=ehabkost@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ehabkost@redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=ehabkost@redhat.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Date: Mon, 29 Jan 2018 18:42:56 -0200
From: Eduardo Habkost <ehabkost@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: KarimAllah Ahmed <karahmed@amazon.de>, linux-kernel@vger.kernel.org,
	Andi Kleen <ak@linux.intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>,
	Borislav Petkov <bp@suse.de>,
	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
	Joerg Roedel <joro@8bytes.org>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Laura Abbott <labbott@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, kvm@vger.kernel.org,
	x86@kernel.org, "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support
 infrastructure
Message-ID: <20180129204256.GV25150@localhost.localdomain>
References: <1516476182-5153-6-git-send-email-karahmed@amazon.de>
 <20180129201404.GA1588@localhost.localdomain>
 <1517257022.18619.30.camel@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1517257022.18619.30.camel@infradead.org>
X-Fnord: you can see the fnord
User-Agent: Mutt/1.9.1 (2017-09-22)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140581449802182?=
X-GMAIL-MSGID: =?utf-8?q?1590960932244568856?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On Mon, Jan 29, 2018 at 08:17:02PM +0000, David Woodhouse wrote:
> On Mon, 2018-01-29 at 18:14 -0200, Eduardo Habkost wrote:
> > 
> > Sorry for being confused here, as probably the answer is buried
> > on a LKML thread somewhere.  The comment explains what the code
> > does, but not why.  Why exactly IBRS is preferred on Skylake?
> > 
> > I'm asking this because I would like to understand the risks
> > involved when running under a hypervisor exposing CPUID data that
> > don't match the host CPU.  e.g.: what happens if a VM is migrated
> > from a Broadwell host to a Skylake host?
> 
> https://lkml.org/lkml/2018/1/22/598 should cover most of that, I think.

Thanks, it does answer some of my questions.

So, it sounds like live-migration of a VM from a non-Skylake to a
Skylake host will make the guest unsafe, unless the guest was
explicitly configured to use IBRS.

In a perfect world, Linux would never look at CPU
family/model/stepping/microcode if running under a hypervisor, to
take any decision.  If Linux knows it's running under a
hypervisor, it would be safer to assume retpolines aren't enough,
unless the hypervisor is telling us otherwise.

The question is how the hypervisor could tell that to the guest.
If Intel doesn't give us a CPUID bit that can be used to tell
that retpolines are enough, maybe we should use a hypervisor
CPUID bit for that?

-- 
Eduardo