From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: ARC-Seal: i=1; a=rsa-sha256; t=1517396849; cv=none; d=google.com; s=arc-20160816; b=EB5YiJ0zyGwgLIXbWtuu/tBg8KzRAxA5kAhR8P4x7LhkNIwk4wLyKWcZDx5ABPurDi dItJAOZnm0yRuYR/b4n7XfAPdPr76g3y/CoOuqdCr60e303y4SHuRRIL64oMo3smJTY5 CM89E9cDwspGKVd2KA8JMBM1Ee4EhD3usXqG5+1s73Fi6zCSrak6jKK2Xc+Z9KQNk8GF OcCf0XxFahqNRkfPt79pi7hPViKnL96Yr2Wj6M0rtEf7/Wy4lAryAglnUjwwk+iucGGb Wjk3qST7uQZmIBvQlcRtYijtFkuk1D6JUgPIGVW9VsKTLBFs2O4K9VlNnR5xjQKj7JXx vfQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:subject:mime-version:from:dkim-signature :arc-authentication-results; bh=1j+UN47qw6nZBkMr67fzzvIl+Zj+7dmFw3SIi4oAECs=; b=uUSkbckYQVEzg3Bra9r0G+owefHGMCXMzUDdJFVdaVYbeb7w7vWgzJJYHWBJOkSwkK DdcRW80wdI/MpdP/00VRWQe+qnScX6aAssJA9bjY/6nMfCKIcV/JPnFlv6NGnGVBiO3g ULLX7uhxd4ICXDVRilqvMilAapEZTwB8UbsPrtZGVman734znCAkJh3FJYxomcXv52Gh r7zuIWL2AOaJnrf2807tLErXqd4nATS7dsv+VkCwciAvMS2VoC84Zg2lX3CUHU1bmVPS Yn0ZYnKZDCGW3CHuFwP3xpGqi/NJJK06OezRYai/cD0O5IOv96fTUNMpqi8mXhpGS30q 5ZDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kDIgXj8J; spf=pass (google.com: domain of christophe.de.dinechin@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=christophe.de.dinechin@gmail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kDIgXj8J; spf=pass (google.com: domain of christophe.de.dinechin@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=christophe.de.dinechin@gmail.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com X-Google-Smtp-Source: AH8x2271OtJXq1pIpEnnNmkXzjW9oU65Tlra6C9C/eolxd9HmCrDwNBzWLt/ADi3y9YGHhcNFGZW4Q== From: Christophe de Dinechin X-Google-Original-From: Christophe de Dinechin Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure In-Reply-To: Date: Wed, 31 Jan 2018 12:07:25 +0100 Cc: Christophe de Dinechin , Alan Cox , Linus Torvalds , David Woodhouse , Arjan van de Ven , Linux Kernel Mailing List , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?utf-8?B?UmFkaW0gS3LEjW3DocWZ?= , Tim Chen , Tom Lendacky , KVM list , the arch/x86 maintainers , "Dr. David Alan Gilbert" Content-Transfer-Encoding: quoted-printable Message-Id: <538F5768-D0E3-48C1-ABE8-84F2178A7B82@dinechin.org> References: <1516476182-5153-6-git-send-email-karahmed@amazon.de> <20180129201404.GA1588@localhost.localdomain> <1517257022.18619.30.camel@infradead.org> <20180129204256.GV25150@localhost.localdomain> <31415b7f-9c76-c102-86cd-6bf4e23e3aee@linux.intel.com> <1517259759.18619.38.camel@infradead.org> <20180130204623.583b1a7a@alans-desktop> <200C59E8-80F3-4FEC-BA3B-E6A56FA12C74@dinechin.org> To: Thomas Gleixner , Eduardo Habkost , KarimAllah Ahmed X-Mailer: Apple Mail (2.3445.5.20) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590140581449802182?= X-GMAIL-MSGID: =?utf-8?q?1591105919002483900?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: > On 31 Jan 2018, at 11:15, Thomas Gleixner wrote: >=20 > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: >>> On 30 Jan 2018, at 21:46, Alan Cox = wrote: >>>=20 >>>> If you are ever going to migrate to Skylake, I think you should = just >>>> always tell the guests that you're running on Skylake. That way the >>>> guests will always assume the worst case situation wrt Specte. >>>=20 >>> Unfortunately if you do that then guest may also decide to use other >>> Skylake hardware features and pop its clogs when it finds out its = actually >>> running on Westmere or SandyBridge. >>>=20 >>> So you need to be able to both lie to the OS and user space via = cpuid and >>> also have a second 'but do skylake protections' that only mitigation >>> aware software knows about. >>=20 >> Yes. The most desirable lie is different depending on whether you = want to >> allow virtualization features such as migration (where you=E2=80=99d = gravitate >> towards a CPU with less features) or whether you want to allow = mitigation >> (where you=E2=80=99d rather present the most fragile CPUID, probably = Skylake). >>=20 >> Looking at some recent patches, I=E2=80=99m concerned that the code = being added >> often assumes that the CPUID is the correct way to get that info. >> I do not think this is correct. You really want specific information = about >> the host CPUID, not whatever KVM CPUID emulation makes up. >=20 > That wont cut it. If you have a heterogenous farm of systems, then you = need: >=20 > - All CPUs have to support IBRS/IBPB or at least hte hypervisor has = to > pretend they do by providing fake MRS for that >=20 > - Have a 'force IBRS/IBPB' mechanism so the guests don't discard it = due > to missing CPU feature bits. >=20 > Though this gets worse. You have to make sure that the guest keeps = _ALL_ > sorts of mitigation mechanisms enabled and does not decide to disable > retpolines because IBRS/IBPB are "available=E2=80=9D. What you are saying is that it=E2=80=99s one thing to test at boot time, = but (at least) migration events should also cause a re-check. Agreed. The alternative is to pessimistically enable mitigation in VMs. I believe this is the current =E2=80=9Cstate of the art=E2=80=9D, i.e. = enable IBRS statically via a CPU type variant. What is the best place to re-check anyway? (Just out of curiosity: there are no non-symmetric systems that mix CPUs of different generation, right?) >=20 > Good luck with making all that work. :-) >=20 > Thanks, >=20 > tglx