From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Thomas.Lendacky@amd.com>
X-Google-Smtp-Source: AH8x225r8Ag8lOk3eEu74XrQskIR1VuP5NZfYjH1dHs63yZHDERyxnvP8XYcBbecAn1qSsRsxYi7
ARC-Seal: i=1; a=rsa-sha256; t=1516747075; cv=none;
        d=google.com; s=arc-20160816;
        b=nwtc7/vmRQDWLzBg2xg4Bz8W7VDCCrgvlb6thw9R3I5xua2PkYY9RfONvVko2WDz6G
         V2H9fxVoybwI+CeamVTwC8j9IETTgU7mpbWZdVPWy8lprHAMYw3yjSxw95lN1Xp1mpfi
         ksr92lhnV7HOd/2zs8u0aTAY6ZKTLCQ1uN4DcORIizdkjV4DkM6HP2Zi0BB81RTbGKf0
         wnfQh8MLI6v6run10t4mn/07hVBka0FXbBMxEtPu3ECCeQKKa+M7BOTicCaMxtfWNROb
         LlJvuTZ6h2Jt7XqemBWFRKKMSf/0qv8K/rC2Os2KJnR8C3FhpDLgWbLmi7hN2rLslgGD
         /SPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=spamdiagnosticmetadata:spamdiagnosticoutput
         :content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject
         :dkim-signature:arc-authentication-results;
        bh=aU8WEbahsUQTBFeRLpBtJFFdzcDUi5Y1dGMhI6SL8dM=;
        b=gNqNybMoJHYOEe5PIQHRz9xi78LWoH6Svtp34wYYAlag+4zOvDRNmrQp2YRGO6zJxZ
         +4ndZCNjbAOuAOgHMzhNbQe19dIpfsjRqcu16dKhIqrl/zer7PVUKsOeSDee7Q9ZdBhU
         sUvJvDT/LqPkEsBYBpwznuJGNFjoSTMJjRqbpfnZzs17H8+dvJKEz0KJ1Wg5E+TAOpgK
         0TO8zYzd1zXVxkkp3oussw+ZVxX/UyXhA3FpWOIPN6JkUXFlUNtTFQOjbIkBjIQsK47f
         OJoK5Y7FBzLLiKC4RaoWM02J9i8j9GTO8ZdIs1GxVXlOCOIOIhOQt5sGe4c3ZnqsSNRD
         eMkw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=EfWMr2mS;
       spf=neutral (google.com: 104.47.36.40 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector1-amd-com header.b=EfWMr2mS;
       spf=neutral (google.com: 104.47.36.40 is neither permitted nor denied by best guess record for domain of thomas.lendacky@amd.com) smtp.mailfrom=Thomas.Lendacky@amd.com
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Thomas.Lendacky@amd.com;
Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict
 Indirect Branch Speculation
To: "Woodhouse, David" <dwmw@amazon.co.uk>,
 Andy Lutomirski <luto@amacapital.net>, KarimAllah Ahmed <karahmed@amazon.de>
Cc: linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
 Andrea Arcangeli <aarcange@redhat.com>, Andy Lutomirski <luto@kernel.org>,
 Arjan van de Ven <arjan@linux.intel.com>, Ashok Raj <ashok.raj@intel.com>,
 Asit Mallick <asit.k.mallick@intel.com>, Borislav Petkov <bp@suse.de>,
 Dan Williams <dan.j.williams@intel.com>, Dave Hansen
 <dave.hansen@intel.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 "H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
 Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
 Joerg Roedel <joro@8bytes.org>, Jun Nakajima <jun.nakajima@intel.com>,
 Laura Abbott <labbott@redhat.com>,
 Linus Torvalds <torvalds@linux-foundation.org>,
 Masami Hiramatsu <mhiramat@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>,
 Peter Zijlstra <peterz@infradead.org>, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>, Thomas Gleixner <tglx@linutronix.de>,
 Tim Chen <tim.c.chen@linux.intel.com>, kvm@vger.kernel.org, x86@kernel.org,
 Arjan Van De Ven <arjan.van.de.ven@intel.com>
References: <1516476182-5153-1-git-send-email-karahmed@amazon.de>
 <1516476182-5153-10-git-send-email-karahmed@amazon.de>
 <243BE571-AF73-44B3-8D17-193F9E07686A@amacapital.net>
 <4e01a7a9-29e4-adcc-3f53-550fb7f3d370@amd.com>
 <1516724457.9521.156.camel@amazon.co.uk>
From: Tom Lendacky <thomas.lendacky@amd.com>
Message-ID: <fb2b5589-e14c-470e-2de0-d9da1667bace@amd.com>
Date: Tue, 23 Jan 2018 16:37:35 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <1516724457.9521.156.camel@amazon.co.uk>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR1101CA0018.namprd11.prod.outlook.com (10.174.237.28)
 To MWHPR12MB1152.namprd12.prod.outlook.com (10.169.204.16)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d06ef053-c288-429f-0bc1-08d562b1ee9b
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:MWHPR12MB1152;
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1152;3:XpSk+FDjGXvC62ysNLbJY7DwFvyrZUTq5YSRTCjpTR0SsTgd3O9sJWDEOt7qcqEZ9AmlUiW1MjzK5aT36DojAn2FrAGgRszSC4YoGa9ZCAOT74aVIdflwprsF14WINFpBHPvAomoSz5Ooqhy22BlZKUC9+veRs+dAsis983zWe9Dkwej+yVdHygTyGxaURCPUVa0SdQIXCRIqZK19Mf//tLuNnT1ApPQeOFZiPyPpV4Z6OjE2LPClMcphxNsXZ0t;25:oVlSTXKkSiILYCD7sw4q3hwYcoqrsxkK1o3YxH1WinPBXcMdsv6efQB3/eBBpkOc0+n+EyF1G114B2BZ4fW76NcF/7gBV0XHVd4iFOHJ/jil91eOlu3zSA82x1nvGAgF1trFJbYiEZyYEpX60t5byIrGWTS/WiRH50JOhbbT851Q92O3ivz4d2wHxHVtSXPzHI3s/JFd+emClsbOCHKuswIParUTfx6GsnBMJm88q/MEcsV+vaavIkYaI2lrRoom0D7yDUKIy4p69vPKpk+eYgupU/Q+E46a+Ky90okWNgp5wlcyjWdBzdKezBbQbUj7u+rkE681eH6BVPNVrQRysg==;31:EvChkANGXBVriLmWnEatYkhp0+6nQtTUlYvVXGo8OMJeLUx/LYp/XPGru6vE+mdNQ6CNm3EGKsSbdHFra5v/p4JWi+PowRXFOv4G2Uf7KpuKpXUkzdWVTtB8Dr+8WRABFnMXNikLQHm8ijx/ZgC4/4aLnTpjV61mo3Iw+mm+crLmFA3Cc4sTWHiOT4HG6lJjqAqEZzo8zBWT79B8+Qx2a9BxyETTXcgG6MF4NtrWCiU=
X-MS-TrafficTypeDiagnostic: MWHPR12MB1152:
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1152;20:A2BpbWee3Kl+02vuLOzymfl7aaPF9kg1WqXUTwtuMrDK2G9YtCWqL64dIpAj/scM6I99wjKWODS2W3mvNTPc/qRG6G1Lh37u+KHc9hFeX+qA2ra4TvGMtfX9aZm8+ExehD9agotMKqFtr7pfSnG/L5hPF2N2kT7wgLYVpcHBhVyhvjricGogRXxLe0qdm9alrDPPHh1eDS53ktLdwkk+NO/Van4Q1rIptWRpWOB021uqMnQmPwdMSPfkv/Jv9UPfikk/J4nXMYz6yCPizWs68SbZeN/VD4uiCl5C4OpVQr3oO6vVgEVjR2jCwRWRsJr86lMCpvvlVmH0TLlLIzuOR2cbAi2DONLM+SUoTXqVvG/H5KRYwu2Exsa+yjR64flQQlxUi0YF44ThoOh3qIV1jcWhItyyE2gp2YooszNgjTruw7tvHjplm1m7jWVmgnxm3fMmggDLFK4x+mU/dY/MLCoxZQH+zzL7w5VP+dpucw77CcNlNJcqkWQM+Y/OQjZg;4:dGTLDuXHZICq3qcGTAQqAXaRpuSYZpYEQIV2Bzyduvx7JWO+3kzVNTXRUfpQ1hYOzou8a0bvAQSbSLxEtuLr2Kv62nXCYFnp7su3jYA/QAHFmNO1+ItfYpqVLMjWRUzLLxiN3a8KhTYREs3aqKDrhNdHvtcKD1GAafnNa6XYt0xk3twme0xkEPaWub/01CLEKeTFW3q7PdEMh5OBzh7LAMKaPElIh8IL426r7F8qpoV1qajvoF4HnSi6L6UFL1C8IYU7delclOHLxM9qBWSw7A==
X-Microsoft-Antispam-PRVS: <MWHPR12MB11525DD55937242904AE539EECE30@MWHPR12MB1152.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040501)(2401047)(5005006)(8121501046)(3231023)(2400081)(944501161)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041288)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:MWHPR12MB1152;BCL:0;PCL:0;RULEID:;SRVR:MWHPR12MB1152;
X-Forefront-PRVS: 05610E64EE
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6049001)(366004)(376002)(346002)(396003)(39380400002)(39860400002)(189003)(199004)(377424004)(53936002)(6246003)(25786009)(5660300001)(110136005)(77096007)(105586002)(26005)(7416002)(16576012)(50466002)(65826007)(3260700006)(68736007)(6486002)(7736002)(81156014)(16526018)(81166006)(6666003)(4326008)(8936002)(31696002)(90366009)(2950100002)(8676002)(54906003)(58126008)(52116002)(2906002)(65806001)(65956001)(66066001)(53546011)(97736004)(76176011)(86362001)(64126003)(386003)(6116002)(93886005)(47776003)(316002)(478600001)(3846002)(229853002)(36756003)(31686004)(72206003)(305945005)(52146003)(83506002)(2486003)(2870700001)(106356001)(23676004);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1152;H:[10.236.65.116];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUyOzIzOmlmbmQwaEU0aWxLSDE1NVZyS2hGMWFadTZp?=
 =?utf-8?B?eml6UXBiVXN2KzI1N1ZDejR0MFFyOWlKV2JnKzVPY1M3cmFLdzdWOEJDM2w0?=
 =?utf-8?B?NXM2UU1lRnlsbE5Ta25sWndpV0xMclNlWjNHSW11QnhNY0p2Sm5KTGFtWHVn?=
 =?utf-8?B?cVloa2V6SUVlcjVqaFBaZmphQkQrc2VCNjE3NmVieTMxekR5RUs0ajQ3WEIw?=
 =?utf-8?B?aVQyTWk2SnIzVzdCeDV6Z1NOSDlVZmZIcktUQzlUd0k5RG41T3ZnWFllMkRi?=
 =?utf-8?B?K0IzY3VYSUdNV3lXM3g5b0xwZlFoT1EwSWZSVnNRUmFOd0ZzQTNlOTZvbmFt?=
 =?utf-8?B?QkM3dHJQcjg5emF1MC81bnFCMU4xdlZ2dGFQb0JieWc1WDRHZXYwU1BIWkl1?=
 =?utf-8?B?Zk9aajZJWU03SEkxUlhRUG10TG5wVVdwSzhYWi9ZSi9iNUM0RmV6ZjBOSmtJ?=
 =?utf-8?B?M01YemxGTytPREM5K0VCRmhpUE5rSVVnb0xMTmNiY1o2ZjZtMGFJUm03Ymkw?=
 =?utf-8?B?TVlBRXlXQ1cvcW1YL1NPZEhrU3drdng0UlJjSGVMV3NVT2xxNTBDOXdORHhS?=
 =?utf-8?B?Uy9ieThCU0NBNDAzTDFuNk1UTy9iRUdXSG80UWpmeWorRkhVL0R4ZU9RYVhp?=
 =?utf-8?B?bnc1NUlXSEpieDg3T2g5bEpiSXRSWGJwMGVrZUlvQWk1eGVEaW1EUDg2YWw3?=
 =?utf-8?B?K1lhYzdXdEVxd0xTSEh6NTdIZkZWcmNXeTFyNXltY0NWTGdxWTNGdTdWbGQ2?=
 =?utf-8?B?SWovWVJYUE5MUEFkUlJxb2ZsZ01hZDFZMUFQai82cXZxdUE5WjhxTlpQMzVG?=
 =?utf-8?B?L0x4OGc2U2NMTXREN3JyZThsb1JTUCtwdmlWQXdPL1kvZGFWaVRodjhzeFE4?=
 =?utf-8?B?ajF5NVBpV0d4Rkt0TS9YeFB3clk2NDA4VmM5TjNMci9nN2luOWJKQ1JoVVZE?=
 =?utf-8?B?aGJjbnIyU2xLSUs0dVQvRDNsSFFRSjRKcitTK3lKV1R6T3pBSWxORVh5cFYx?=
 =?utf-8?B?clVWbFpUTkIyQzlmaEdnMHpIOGdDeFdGYzlIcHRSQ1ZJUmVUVDFVM3lzeTQ0?=
 =?utf-8?B?Znp6NHhhVitUK1MyZmJsdE5sblZOdGZCcE9qUmJGd2FTNXlyMkpWelI1OE5E?=
 =?utf-8?B?akd4NUd1NVYvY09jZVZYNklkdU81bTZBL3BJWGVrY1ZYZzNxUWN2SWdQTXBu?=
 =?utf-8?B?V2hYT0FEQTJId3kzNWdud0JmTkk0RWVKSjNiM29TODRwVGZSSFNEbkpPbENI?=
 =?utf-8?B?cERDZW5Pc21rRXBtTEZ0UFFxc0JMWjFYVEZnQW1GYU5YZU9rL3RJOXUrRGxq?=
 =?utf-8?B?bmorTUk1MDlaM3YxZERON3JvdUNXN1RsVGNiUk55aWYwQzUxaEt3blliYTNq?=
 =?utf-8?B?K1Qza3V4bmZJb2JxTDlpd2pFQVcxV3NPbUc5OGMyZllrWHFPZTZZMllRTkEv?=
 =?utf-8?B?SFJGdUtDNEd0YkRBY3QxL2Vma0dLTklhNVdFN0RWekdkalRURmZmWkZ6a2xw?=
 =?utf-8?B?R3ZZQUttTEFONHRqRjNGazRTazg1RnpXaE9hNTFITk9RQjZvR2ZhMnQrMDdQ?=
 =?utf-8?B?TUhmWmJON2s3eklwa3c1UEZkQUdvcnFjb1plY2N1ZVNReE1nQnFWU3FQZnJp?=
 =?utf-8?B?bmY5eDFwczh1Nm85WkZZLzJHajl6eG9RMCtaZkhVUzRZa0lFL1dGSDNuWXFm?=
 =?utf-8?B?S09ud2s1aDc5QkQzeE9VVUozemM1T0UrZWM5cktraUlzWjh4T2ZxamU0VUlu?=
 =?utf-8?B?T3VueVpGbXZDMXFhYzM5ZnBGT2F5Z29EdXpPYk52dkhmSW9BdEFKVnZScCtv?=
 =?utf-8?B?WTZvWU9ZYXNGUGthR2ZMUEwvaDAvQVRJQ05ZWTEvNGkyaldQLzQxZGw1T0hu?=
 =?utf-8?B?eUM0Wjh1b1ZZWHVGRU9rajcrQXZDc0tkdHByWFJORVFiVVJQZE1KNEZocHhG?=
 =?utf-8?B?NklZZmJzb2hySmNRNVVqZUkxcjNqMGxhM2k4akxzRVFwM3RsbWNKN1AxMkZa?=
 =?utf-8?B?elgzYTlPR0NLRzVaQzgwaWpWNzJ4WExjZXdHWXM2dUlWNTFCeURDd2ZsVy9n?=
 =?utf-8?Q?uJ9E=3D?=
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1152;6:s8BbCECGpRrewcuhcbRBFacZJYECs489oqCPQe4y7vgX/sjcoOyaHxymWiThHyyva7ybGjjunO5GuAcxAYuwNJeJgB+eI2+C2AZCp5+7dGNxn8kDkkanXBjv3E4lB8weQMpQUqjyNYKMHX0n9o97/yTEV4n1uCVZUNGAcOde3rEQO0I68q92L39h86swUDJxHdW5fI5rossDVOE7XT+ut8d15lcMbDIDU2+hJoJc32XjQ7zdUYZIhh8An+fBhfK2MYeIIZIEBwcu3gKFfnTe5rJAI72Ylu+MD8p2X+uqXl0zYaMDAqVmspCoejsYXgiY+rQDRmF9QA3O/tHoQE4gu9BwaXyRI8Xt1Ts+71aBV0Q=;5:4Tt8y4nUavXxl1Ho7dRZkdQCGy7CFX2MBtAOoL8yP7D5+fBowyP6UbT+q9wH1KnjwZxaK0Bqfcc2Kwdk3cSdgKYyPQY42EnhtzsoTxCyQzyUi+ZdmZWjb8FCKdVkMyZTKnY/Gp4vzWUPA1fUW9xUdzv8B4hrnxDaqcZ+aQGgAME=;24:lLEZKZKQhDDL3HoWvSv7lGQ5BPlzgIoPFYmUmcKB3xKXq6NvFH2S4pdb+Expg/SiJY5gHuUswTN4F9wnZhFCK1UuZz1eI/+QVu74Aan9NR8=;7:SQyl7n5Vae4nHf0WUlGjAhCE0A13S4gMT7xgboQYJ2ttwSKHrHZ1Ew0uW6zAkZbuYLE5w3FQiFaKZ66M6+e4UWGZ0iBnHG8Wz9ZOc5oWimwe07N0kkrYkDvWuKnZrfnu0ZJMkDkiJG1ZjLLlrVriYXQy1+nTgzDxN2QDF/HJ0/NqQu+Xdvl9PidDgVMu4XprUUHaUwykHFmMlOEfxwEwSROGfaSSl1caITOeSYu0CGQO63l+khgD/cz6fOzINwZt
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1152;20:dbE3JpkbSG+spXnhZtOcXHUFD/o6JAeRyMlkvuhbcBFkMIiJum6mvUwf6XU/Ykz/DMd6noySaCGa+rfUaVih3qrCrT1KjB4p4XBrGgRSXqrU4FJTSZVlKlrDAPyDZpjVxd0xH+W7UsFYqtmVACbSELF263aoM6/EDSeiEnXFdEmGkkJ7x9zEOsEYCnfI1HQAMAAfqsv+r/nLq3EK6Mwrr11lhuiMXgPNFsP8AaXHyPAX1m71MfhgCR/eB+XHu6HA
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2018 22:37:45.4352 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d06ef053-c288-429f-0bc1-08d562b1ee9b
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1152
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: =?utf-8?q?1590140582166248265?=
X-GMAIL-MSGID: =?utf-8?q?1590424581288752635?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

On 1/23/2018 10:20 AM, Woodhouse, David wrote:
> On Tue, 2018-01-23 at 10:12 -0600, Tom Lendacky wrote:
>>
>>>> +.macro UNRESTRICT_IB_SPEC
>>>> +    ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_IBRS
>>>> +    PUSH_MSR_REGS
>>>> +    WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0
>>>  
>> I think you should be writing 2, not 0, since I'm reasonably
>> confident that we want STIBP on.  Can you explain why you're writing
>> 0?
>>
>> Do we want to talk about STIBP in general?  Should it be (yet another)
>> boot option to enable or disable?  If there is STIBP support without
>> IBRS support, it could be a set and forget at boot time.
> 
> We haven't got patches which enable STIBP in general. The kernel itself
> is safe either way with retpoline, or because IBRS implies STIBP too
> (that is, there's no difference between writing 1 and 3).
> 
> So STIBP is purely about protecting userspace processes from one
> another, and VM guests from one another, when they run on HT siblings.
> 
> There's an argument that there are so many other information leaks
> between HT siblings that we might not care. Especially as it's hard to
> *tell* when you're scheduling, whether you trust all the processes (or
> guests) on your HT siblings right now... let alone later when
> scheduling another process if you need to *now* set STIBP on a sibling
> which is no longer save from this process now running.
> 
> I'm not sure we want to set STIBP *unconditionally* either because of
> the performance implications.
> 
> For IBRS we had an answer and it was just ugly. For STIBP we don't
> actually have an answer for "how do we use this?". Do we?

Not sure.  Maybe to start, the answer might be to allow it to be set for
the ultra-paranoid, but in general don't enable it by default.  Having it
enabled would be an alternative to someone deciding to disable SMT, since
that would have even more of a performance impact.

Thanks,
Tom

> 
>