From: Wanpeng Li <kernellwp@gmail.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: KarimAllah Ahmed <karahmed@amazon.de>, kvm <kvm@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"the arch/x86 maintainers" <x86@kernel.org>,
Ashok Raj <ashok.raj@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Arjan Van De Ven <arjan.van.de.ven@intel.com>,
Tim Chen <tim.c.chen@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Andi Kleen <ak@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Dan Williams <dan.j.williams@intel.com>,
Jun Nakajima <jun.nakajima@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Greg KH <gregkh@linuxfoundation.org>,
Peter Zijlstra <peterz@infradead.org>,
David Woodhouse <dwmw@amazon.co.uk>
Subject: Re: [PATCH v6 2/5] KVM: x86: Add IBPB support
Date: Thu, 3 May 2018 20:01:24 +0800 [thread overview]
Message-ID: <CANRm+CzXieWra9uyEuVpHF+5=Vq+JN4QY9BvJXRL3DEwqBGAag@mail.gmail.com> (raw)
In-Reply-To: <9c228512-33b8-0df6-0c3e-4d30140d6579@redhat.com>
2018-05-03 17:19 GMT+08:00 Paolo Bonzini <pbonzini@redhat.com>:
> On 03/05/2018 03:27, Wanpeng Li wrote:
>> So for 1) guest->guest attacks 2) guest/ring3->host/ring3 attacks 3)
>> guest/ring0->host/ring0 attacks, if IBPB is enough to protect these
>> three scenarios and retpoline is not needed?
>
> In theory yes, in practice if you want to do that IBPB is much more
> expensive than retpolines, because you'd need an IBPB on vmexit or a
> cache flush on vmentry.
https://lkml.org/lkml/2018/1/4/615 Retpoline is not recommended on
Skylake, so we need to pay the penalty for IBPB flush on each vmexit I
think.
Regards,
Wanpeng Li
next prev parent reply other threads:[~2018-05-03 12:01 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 21:59 [PATCH v6 0/5] KVM: Expose speculation control feature to guests KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KarimAllah Ahmed
2018-02-02 17:37 ` Jim Mattson
2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 2/5] KVM: x86: Add IBPB support KarimAllah Ahmed
2018-02-02 17:49 ` Konrad Rzeszutek Wilk
2018-02-02 18:02 ` David Woodhouse
2018-02-02 19:56 ` Konrad Rzeszutek Wilk
2018-02-02 20:16 ` David Woodhouse
2018-02-02 20:28 ` Konrad Rzeszutek Wilk
2018-02-02 20:31 ` David Woodhouse
2018-02-02 20:52 ` Konrad Rzeszutek Wilk
2018-02-02 20:52 ` Alan Cox
2018-02-05 19:22 ` Paolo Bonzini
2018-02-05 19:24 ` Paolo Bonzini
2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for Ashok Raj
2018-02-16 3:44 ` [PATCH v6 2/5] KVM: x86: " Jim Mattson
2018-02-16 4:22 ` Andi Kleen
2018-05-03 1:27 ` Wanpeng Li
2018-05-03 9:19 ` Paolo Bonzini
2018-05-03 12:01 ` Wanpeng Li [this message]
2018-05-03 12:46 ` Tian, Kevin
2018-02-01 21:59 ` [PATCH v6 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KarimAllah Ahmed
2018-02-02 10:53 ` Darren Kenny
2018-02-02 17:35 ` Jim Mattson
2018-02-02 17:51 ` Konrad Rzeszutek Wilk
2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed
2018-02-02 11:03 ` Darren Kenny
2018-02-02 11:27 ` David Woodhouse
2018-02-02 17:53 ` Konrad Rzeszutek Wilk
2018-02-02 18:05 ` David Woodhouse
2018-02-02 18:19 ` Konrad Rzeszutek Wilk
2018-02-02 17:57 ` Jim Mattson
2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 5/5] KVM: SVM: " KarimAllah Ahmed
2018-02-02 11:06 ` Darren Kenny
2018-02-02 18:02 ` Konrad Rzeszutek Wilk
-- strict thread matches above, loose matches on Subject: below --
2018-01-12 1:32 [PATCH 0/5] Add support for IBRS & IBPB KVM support Ashok Raj
2018-01-12 1:32 ` [PATCH 1/5] x86/ibrs: Introduce native_rdmsrl, and native_wrmsrl Ashok Raj
2018-01-12 1:41 ` Andy Lutomirski
2018-01-12 1:52 ` Raj, Ashok
2018-01-12 2:20 ` Andy Lutomirski
2018-01-12 3:01 ` Raj, Ashok
2018-01-12 5:03 ` Dave Hansen
2018-01-12 16:28 ` Josh Poimboeuf
2018-01-12 16:28 ` Woodhouse, David
2018-01-13 6:20 ` Andy Lutomirski
2018-01-13 13:52 ` Van De Ven, Arjan
2018-01-13 15:20 ` Andy Lutomirski
2018-01-13 6:19 ` Andy Lutomirski
2018-01-12 7:54 ` Greg KH
2018-01-12 12:28 ` Borislav Petkov
2018-01-12 1:32 ` [PATCH 2/5] x86/ibrs: Add new helper macros to save/restore MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 1:32 ` [PATCH 3/5] x86/ibrs: Add direct access support for MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 1:58 ` Dave Hansen
2018-01-12 3:14 ` Raj, Ashok
2018-01-12 9:51 ` Peter Zijlstra
2018-01-12 10:09 ` David Woodhouse
2018-01-15 13:45 ` Peter Zijlstra
2018-01-15 13:59 ` David Woodhouse
2018-01-15 14:45 ` Peter Zijlstra
2018-01-12 1:32 ` [PATCH 4/5] x86/svm: Direct access to MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 7:23 ` David Woodhouse
2018-01-12 9:58 ` Peter Zijlstra
2018-01-12 10:13 ` David Woodhouse
2018-01-12 12:38 ` Paolo Bonzini
2018-01-12 15:14 ` Tom Lendacky
2018-01-12 1:32 ` [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier Ashok Raj
2018-01-12 10:08 ` Peter Zijlstra
2018-01-12 12:32 ` Borislav Petkov
2018-01-12 12:39 ` Woodhouse, David
2018-01-12 15:21 ` Tom Lendacky
2018-01-12 15:31 ` Tom Lendacky
2018-01-12 15:36 ` Woodhouse, David
2018-01-12 17:06 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANRm+CzXieWra9uyEuVpHF+5=Vq+JN4QY9BvJXRL3DEwqBGAag@mail.gmail.com' \
--to=kernellwp@gmail.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=ashok.raj@intel.com \
--cc=asit.k.mallick@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jun.nakajima@intel.com \
--cc=karahmed@amazon.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).