From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x226oiRD7jQw334PBeIsqskCyRJARqyqJ/TTkyfiOTKMG6/5p+ag1J3JcRmRnNzdxr91gA5RX ARC-Seal: i=1; a=rsa-sha256; t=1517265695; cv=none; d=google.com; s=arc-20160816; b=icwPyg71lMRyIkJFXDmF6Aoz7SwOeMyMdZCtqNxrFyPj0QT8cEKm8k3fLvxRfulBdB bqRUMM7T/xsODs59LMsdpRewNHvmI4YBacQpzK/xHFBAmxD5rFjYhnrJy2tStaAmEB38 4MflOnfCO+bejf3qYQDegnu+BmptUVrKClyZeUzNuEx17ipLXnWBkvC8bV53DIou8jQQ zBNWT5IqS/QWRD+ECwk/uuMSPP75LMjgLL2HzydiitAEYulHSxxJXry7W2ZGwG+Do58V CqyeOhq0JSgoc4miO/gW0VkM6Y7ACNlkFuuLzcBZKF10OspkqSanPlv2fW9+A+bd62XS A3hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:arc-authentication-results; bh=XI4L6KGORQ7QdF+bNQG72KHABkjKwS72tGhh4c+M9j8=; b=vZPQLno5GPMr6WAGyF2IxROefpA7Fpzw2BKbITNhbKZHgjecg746JGzM+Lv++Q3lUA mAY8I42mgQFqnTX8qODYAS35tyj6jnC1oyyL9lfbYZ0j58OUKMMlLEAlrblIQrwTqbe0 aFsj+cCWg+i3qs6CojnrNjHFg4vhiSXF9MuNOWQDcnNBOTWclYdchFThNP5zCjZwYfpA w9ep0JE8BHGDCqtQhIk2xXe4lSPrdjkmSs6ADXRew45uvoieRCN3MWITiyGt3VhTxVGk Hri5tCfM4XuvORPVGdz2OL2YgYHgi3XvXP0bhl8l9T6SiogGefjSk4S5PDj3dlt91RrT gPwg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of ak@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=ak@linux.intel.com Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of ak@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=ak@linux.intel.com X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,432,1511856000"; d="scan'208";a="23424031" Date: Mon, 29 Jan 2018 14:41:24 -0800 From: Andi Kleen To: David Dunn Cc: Eduardo Habkost , Arjan van de Ven , KarimAllah Ahmed , "Wilson, Matt" , "linux-kernel@vger.kernel.org" , Andrea Arcangeli , Andy Lutomirski , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Linus Torvalds , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , Radim =?utf-8?B?S3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , "kvm@vger.kernel.org" , "x86@kernel.org" , "Dr. David Alan Gilbert" , Fred Jacobs , Jim Mattson , David Woodhouse Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure Message-ID: <20180129224124.GU26209@tassilo.jf.intel.com> References: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590140581449802182?= X-GMAIL-MSGID: =?utf-8?q?1590968394044720829?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: > Even if we expose bit to indicate that FMS matches the underlying host, when does the guest know to query that? The VM can be moved at any point in time, including after the guest asks if FMS matches host. There's no way to enable these mitigations later, so if you always have to enable the super set of all the mitigations for all the hosts you might be migrating too. As of currently that means if you want to ever migrate to Skylake you should set the Skylake model number and you're good. -Andi