Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 12:44:41PM -0200, Eduardo Habkost wrote: > Also, if anybody don't like it, users can already specify, e.g., > "Broadwell,-hle,-rtm" or "Skylake,+spec_ctrl". > > QEMU only adds have the -noTSX and -IBRS CPU for convenience of > management systems that don't know how to

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 12:44:41PM -0200, Eduardo Habkost wrote: > Also, if anybody don't like it, users can already specify, e.g., > "Broadwell,-hle,-rtm" or "Skylake,+spec_ctrl". > > QEMU only adds have the -noTSX and -IBRS CPU for convenience of > management systems that don't know how to

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/31/2018 2:15 AM, Thomas Gleixner wrote: Good luck with making all that work. on the Intel side we're checking what we can do that works and doesn't break things right now; hopefully we just end up with a bit in the arch capabilities MSR for "you should do RSB stuffing" and then the HV's

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/31/2018 2:15 AM, Thomas Gleixner wrote: Good luck with making all that work. on the Intel side we're checking what we can do that works and doesn't break things right now; hopefully we just end up with a bit in the arch capabilities MSR for "you should do RSB stuffing" and then the HV's

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Paolo Bonzini (pbonz...@redhat.com) wrote: > On 29/01/2018 22:13, Andi Kleen wrote: > >> What happens when someone introduces a > >> workaround tied to some other model numbers? > > There are already many of those in the tree for other issues and features. > > So far you managed to survive

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Paolo Bonzini (pbonz...@redhat.com) wrote: > On 29/01/2018 22:13, Andi Kleen wrote: > >> What happens when someone introduces a > >> workaround tied to some other model numbers? > > There are already many of those in the tree for other issues and features. > > So far you managed to survive

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 29/01/2018 22:13, Andi Kleen wrote: >> What happens when someone introduces a >> workaround tied to some other model numbers? > There are already many of those in the tree for other issues and features. > So far you managed to survive without. Likely that will be true > in the future too.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 29/01/2018 22:13, Andi Kleen wrote: >> What happens when someone introduces a >> workaround tied to some other model numbers? > There are already many of those in the tree for other issues and features. > So far you managed to survive without. Likely that will be true > in the future too.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 11:15:50AM +0100, Thomas Gleixner wrote: > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > > > >> If you are ever going to migrate to Skylake, I think you should just > > >> always tell

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 11:15:50AM +0100, Thomas Gleixner wrote: > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > > > >> If you are ever going to migrate to Skylake, I think you should just > > >> always tell the guests that you're

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 02:04:49PM +, Dr. David Alan Gilbert wrote: > * Borislav Petkov (b...@suse.de) wrote: > > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > > > Indeed, it's only for this weird case where you suddenly need to change > > > it. > > > > No, there's

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 02:04:49PM +, Dr. David Alan Gilbert wrote: > * Borislav Petkov (b...@suse.de) wrote: > > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > > > Indeed, it's only for this weird case where you suddenly need to change > > > it. > > > > No, there's

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Borislav Petkov (b...@suse.de) wrote: > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > > Indeed, it's only for this weird case where you suddenly need to change > > it. > > No, there's more: > > .name = "Broadwell-noTSX", > .name = "Haswell-noTSX",

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Borislav Petkov (b...@suse.de) wrote: > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > > Indeed, it's only for this weird case where you suddenly need to change > > it. > > No, there's more: > > .name = "Broadwell-noTSX", > .name = "Haswell-noTSX",

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > Indeed, it's only for this weird case where you suddenly need to change > it. No, there's more: .name = "Broadwell-noTSX", .name = "Haswell-noTSX", -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote: > Indeed, it's only for this weird case where you suddenly need to change > it. No, there's more: .name = "Broadwell-noTSX", .name = "Haswell-noTSX", -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Borislav Petkov (b...@suse.de) wrote: > On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote: > > That half is the easy bit, we've already got that (thanks to Eduardo), > > QEMU has -IBRS variants of CPU types, so if you start a VM with > > -cpu Broadwell-IBRS > > Eww, a CPU

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Borislav Petkov (b...@suse.de) wrote: > On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote: > > That half is the easy bit, we've already got that (thanks to Eduardo), > > QEMU has -IBRS variants of CPU types, so if you start a VM with > > -cpu Broadwell-IBRS > > Eww, a CPU

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote: > That half is the easy bit, we've already got that (thanks to Eduardo), > QEMU has -IBRS variants of CPU types, so if you start a VM with > -cpu Broadwell-IBRS Eww, a CPU model with a specific feature bit. I hope you guys

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote: > That half is the easy bit, we've already got that (thanks to Eduardo), > QEMU has -IBRS variants of CPU types, so if you start a VM with > -cpu Broadwell-IBRS Eww, a CPU model with a specific feature bit. I hope you guys

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 31 Jan 2018, at 11:15, Thomas Gleixner wrote: > > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: >>> On 30 Jan 2018, at 21:46, Alan Cox wrote: >>> If you are ever going to migrate to Skylake, I think you should just always

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 31 Jan 2018, at 11:15, Thomas Gleixner wrote: > > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: >>> On 30 Jan 2018, at 21:46, Alan Cox wrote: >>> If you are ever going to migrate to Skylake, I think you should just always tell the guests that you're running on Skylake.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Thomas Gleixner (t...@linutronix.de) wrote: > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > > > >> If you are ever going to migrate to Skylake, I think you should just > > >> always tell the guests that

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Thomas Gleixner (t...@linutronix.de) wrote: > On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > > > >> If you are ever going to migrate to Skylake, I think you should just > > >> always tell the guests that you're running on Skylake. That

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > >> If you are ever going to migrate to Skylake, I think you should just > >> always tell the guests that you're running on Skylake. That way the > >> guests will

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Wed, 31 Jan 2018, Christophe de Dinechin wrote: > > On 30 Jan 2018, at 21:46, Alan Cox wrote: > > > >> If you are ever going to migrate to Skylake, I think you should just > >> always tell the guests that you're running on Skylake. That way the > >> guests will always assume the worst case

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 21:46, Alan Cox wrote: > >> If you are ever going to migrate to Skylake, I think you should just >> always tell the guests that you're running on Skylake. That way the >> guests will always assume the worst case situation wrt Specte. > >

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 21:46, Alan Cox wrote: > >> If you are ever going to migrate to Skylake, I think you should just >> always tell the guests that you're running on Skylake. That way the >> guests will always assume the worst case situation wrt Specte. > > Unfortunately if you do that then

Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure

KarimAllah Ahmed writes: > From: David Woodhouse > > Not functional yet; just add the handling for it in the Spectre v2 > mitigation selection, and the X86_FEATURE_IBRS flag which will control > the code to be added in later patches. > > Also take the #ifdef CONFIG_RETPOLINE

Re: [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure

KarimAllah Ahmed writes: > From: David Woodhouse > > Not functional yet; just add the handling for it in the Spectre v2 > mitigation selection, and the X86_FEATURE_IBRS flag which will control > the code to be added in later patches. > > Also take the #ifdef CONFIG_RETPOLINE from around the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> If you are ever going to migrate to Skylake, I think you should just > always tell the guests that you're running on Skylake. That way the > guests will always assume the worst case situation wrt Specte. Unfortunately if you do that then guest may also decide to use other Skylake hardware

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> If you are ever going to migrate to Skylake, I think you should just > always tell the guests that you're running on Skylake. That way the > guests will always assume the worst case situation wrt Specte. Unfortunately if you do that then guest may also decide to use other Skylake hardware

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 03:56 PM, Christophe de Dinechin wrote: > > >> On 30 Jan 2018, at 15:52, Christian Borntraeger >> wrote: >> >> >> >> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: >>> >>> On 30 Jan 2018, at 13:11, Christian Borntraeger

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 03:56 PM, Christophe de Dinechin wrote: > > >> On 30 Jan 2018, at 15:52, Christian Borntraeger >> wrote: >> >> >> >> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: >>> >>> On 30 Jan 2018, at 13:11, Christian Borntraeger wrote: On

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 15:52, Christian Borntraeger > wrote: > > > > On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: >> >> >>> On 30 Jan 2018, at 13:11, Christian Borntraeger >>> wrote: >>> >>> >>> >>> On 01/30/2018 01:23 AM, Linus

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 15:52, Christian Borntraeger > wrote: > > > > On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: >> >> >>> On 30 Jan 2018, at 13:11, Christian Borntraeger >>> wrote: >>> >>> >>> >>> On 01/30/2018 01:23 AM, Linus Torvalds wrote: >>> [...] So I

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: > > >> On 30 Jan 2018, at 13:11, Christian Borntraeger >> wrote: >> >> >> >> On 01/30/2018 01:23 AM, Linus Torvalds wrote: >> [...] >>> >>> So I actually have a _different_ question to the virtualization >>>

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 03:46 PM, Christophe de Dinechin wrote: > > >> On 30 Jan 2018, at 13:11, Christian Borntraeger >> wrote: >> >> >> >> On 01/30/2018 01:23 AM, Linus Torvalds wrote: >> [...] >>> >>> So I actually have a _different_ question to the virtualization >>> people. This includes the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 13:11, Christian Borntraeger > wrote: > > > > On 01/30/2018 01:23 AM, Linus Torvalds wrote: > [...] >> >> So I actually have a _different_ question to the virtualization >> people. This includes the vmware people, but it also obviously >>

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> On 30 Jan 2018, at 13:11, Christian Borntraeger > wrote: > > > > On 01/30/2018 01:23 AM, Linus Torvalds wrote: > [...] >> >> So I actually have a _different_ question to the virtualization >> people. This includes the vmware people, but it also obviously >> incldues the Amazon AWS kind

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/29/2018 7:32 PM, Linus Torvalds wrote: On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote: the most simple solution is that we set the internal feature bit in Linux to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest in a VM. That

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/29/2018 7:32 PM, Linus Torvalds wrote: On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote: the most simple solution is that we set the internal feature bit in Linux to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest in a VM. That sounds reasonable.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 01:23 AM, Linus Torvalds wrote: [...] > > So I actually have a _different_ question to the virtualization > people. This includes the vmware people, but it also obviously > incldues the Amazon AWS kind of usage. > > When you're a hypervisor (whether vmware or Amazon), why do you

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 01/30/2018 01:23 AM, Linus Torvalds wrote: [...] > > So I actually have a _different_ question to the virtualization > people. This includes the vmware people, but it also obviously > incldues the Amazon AWS kind of usage. > > When you're a hypervisor (whether vmware or Amazon), why do you

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 07:32:06PM -0800, Linus Torvalds wrote: > On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven > wrote: > > > > the most simple solution is that we set the internal feature bit in Linux > > to turn on the "stuff the RSB" workaround is we're on a SKL

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 07:32:06PM -0800, Linus Torvalds wrote: > On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven > wrote: > > > > the most simple solution is that we set the internal feature bit in Linux > > to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest > > in a

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Linus Torvalds (torva...@linux-foundation.org) wrote: > Why do you even _care_ about the guest, and how it acts wrt Skylake? > What you should care about is not so much the guests (which do their > own thing) but protect guests from each other, no? > > So I'm a bit mystified by some of this

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

* Linus Torvalds (torva...@linux-foundation.org) wrote: > Why do you even _care_ about the guest, and how it acts wrt Skylake? > What you should care about is not so much the guests (which do their > own thing) but protect guests from each other, no? > > So I'm a bit mystified by some of this

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote: > > Note on the unhappiness with some of the patches involved: what I do > *not* want to see is the "on every kernel entry" kind of garbage. > > So my unhappiness with the intel microcode patches is two-fold: > >  (a) the interface is

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote: > > Note on the unhappiness with some of the patches involved: what I do > *not* want to see is the "on every kernel entry" kind of garbage. > > So my unhappiness with the intel microcode patches is two-fold: > >  (a) the interface is

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote: >   And the "big hammer" approach to spectre would seem to > be to just make sure the BTB and RSB are flushed at vmexit time - and > even then you might decide that you really want to just move it to > vmenter time, and only do it if the VM

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote: >   And the "big hammer" approach to spectre would seem to > be to just make sure the BTB and RSB are flushed at vmexit time - and > even then you might decide that you really want to just move it to > vmenter time, and only do it if the VM

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote: > > the most simple solution is that we set the internal feature bit in Linux > to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest > in a VM. That sounds reasonable. However, wouldn't it be

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote: > > the most simple solution is that we set the internal feature bit in Linux > to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest > in a VM. That sounds reasonable. However, wouldn't it be even better to extend

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> Right now, we are dealing with one workaround, which is tied to > Skylake-era model numbers. Yes, we could report a Skylake model > number, and Linux guests would use IBRS instead of retpoline. But this Nobody is planning to use IBRS and Linus has rejected it. > approach doesn't scale. What

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> Right now, we are dealing with one workaround, which is tied to > Skylake-era model numbers. Yes, we could report a Skylake model > number, and Linux guests would use IBRS instead of retpoline. But this Nobody is planning to use IBRS and Linus has rejected it. > approach doesn't scale. What

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:25:12PM -0800, Andi Kleen wrote: > > I agree with your point that the common hypervisor practice to fake > old model numbers will break some of the workarounds. Hypervisors > may need to revisit their practice. > > > > In general, making these kinds of decisions based

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:25:12PM -0800, Andi Kleen wrote: > > I agree with your point that the common hypervisor practice to fake > old model numbers will break some of the workarounds. Hypervisors > may need to revisit their practice. > > > > In general, making these kinds of decisions based

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/29/2018 4:23 PM, Linus Torvalds wrote: Why do you even _care_ about the guest, and how it acts wrt Skylake? What you should care about is not so much the guests (which do their own thing) but protect guests from each other, no? the most simple solution is that we set the internal feature

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On 1/29/2018 4:23 PM, Linus Torvalds wrote: Why do you even _care_ about the guest, and how it acts wrt Skylake? What you should care about is not so much the guests (which do their own thing) but protect guests from each other, no? the most simple solution is that we set the internal feature

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Tue, Jan 30, 2018 at 01:20:52AM +, David Dunn wrote: > Eduardo, > > This is why it would be good to have a CPUID bit that says: > "apply SkyLake RSB stuffing." That's preferable to "trust FMS" > for VMware. Agreed it would be more useful than "trust FMS". However, I believe a "no need

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Tue, Jan 30, 2018 at 01:20:52AM +, David Dunn wrote: > Eduardo, > > This is why it would be good to have a CPUID bit that says: > "apply SkyLake RSB stuffing." That's preferable to "trust FMS" > for VMware. Agreed it would be more useful than "trust FMS". However, I believe a "no need

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:12:02PM -0800, Jim Mattson wrote: > On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote: > > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: > >> For GCE, "you might be migrated to Skylake" is pretty much a > >> certainty. Even if

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:12:02PM -0800, Jim Mattson wrote: > On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote: > > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: > >> For GCE, "you might be migrated to Skylake" is pretty much a > >> certainty. Even if you're in a zone that

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

Eduardo, This is why it would be good to have a CPUID bit that says: "apply SkyLake RSB stuffing." That's preferable to "trust FMS" for VMware. If Intel defines such a feature flag, sets it on SkyLake, and Linux uses it... that would be very helpful for VMware. I won't speak for GCE and AWS.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

Eduardo, This is why it would be good to have a CPUID bit that says: "apply SkyLake RSB stuffing." That's preferable to "trust FMS" for VMware. If Intel defines such a feature flag, sets it on SkyLake, and Linux uses it... that would be very helpful for VMware. I won't speak for GCE and AWS.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 05:10:11PM -0500, Konrad Rzeszutek Wilk wrote: [...] > The migration code could be 'tickled' (when arrived at the destination) > to recheck the CPUID and do the alternative logic to turn the > proper bits on. > > And this tickling could be as simple as an ACPI DSDT/AML

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 05:10:11PM -0500, Konrad Rzeszutek Wilk wrote: [...] > The migration code could be 'tickled' (when arrived at the destination) > to recheck the CPUID and do the alternative logic to turn the > proper bits on. > > And this tickling could be as simple as an ACPI DSDT/AML

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:49:51PM -0800, Jim Mattson wrote: > And if we expect to introduce Cascade Lake into the pool in the > future, we use a Cascade Lake model number? > > It sounds like you are suggesting that we set the model number to the > highest model number that will ever be

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 02:49:51PM -0800, Jim Mattson wrote: > And if we expect to introduce Cascade Lake into the pool in the > future, we use a Cascade Lake model number? > > It sounds like you are suggesting that we set the model number to the > highest model number that will ever be

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 10:29:28PM +, David Dunn wrote: > On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote: > > > Maybe a generic "family/model/stepping/microcode really matches > > the CPU you are running on" bit would be useful. The bit could > > be enabled only on

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 10:29:28PM +, David Dunn wrote: > On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote: > > > Maybe a generic "family/model/stepping/microcode really matches > > the CPU you are running on" bit would be useful. The bit could > > be enabled only on

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

The guest OS is responsible for protecting itself from intra-guest attacks. The hypervisor can't do that. We want to give the guest OS the tools it needs to make reasonable decisions about the intra-guest protections it wants to enable, in an environment where the virtual processor and the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

The guest OS is responsible for protecting itself from intra-guest attacks. The hypervisor can't do that. We want to give the guest OS the tools it needs to make reasonable decisions about the intra-guest protections it wants to enable, in an environment where the virtual processor and the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 1:02 PM, David Woodhouse wrote: > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: >> >> the objective is to have retpoline be safe everywhere and never use IBRS >> (Linus was also pretty clear about that) so I'm confused by your question

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 1:02 PM, David Woodhouse wrote: > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: >> >> the objective is to have retpoline be safe everywhere and never use IBRS >> (Linus was also pretty clear about that) so I'm confused by your question Note on the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

(Apologies as I was brought into this thread late, but I believe I have context). Could a new "feature" be enumerated on Skylake and beyond which specifies that a particular problem exists which requires different mitigation than on previous processors? Perhaps a CPUID bit enumerating this

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

(Apologies as I was brought into this thread late, but I believe I have context). Could a new "feature" be enumerated on Skylake and beyond which specifies that a particular problem exists which requires different mitigation than on previous processors? Perhaps a CPUID bit enumerating this

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

And if we expect to introduce Cascade Lake into the pool in the future, we use a Cascade Lake model number? It sounds like you are suggesting that we set the model number to the highest model number that will ever be introduced into the pool, at any time in the future. That approach would also

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

And if we expect to introduce Cascade Lake into the pool in the future, we use a Cascade Lake model number? It sounds like you are suggesting that we set the model number to the highest model number that will ever be introduced into the pool, at any time in the future. That approach would also

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> Even if we expose bit to indicate that FMS matches the underlying host, when > does the guest know to query that? The VM can be moved at any point in time, > including after the guest asks if FMS matches host. There's no way to enable these mitigations later, so if you always have to enable

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> Even if we expose bit to indicate that FMS matches the underlying host, when > does the guest know to query that? The VM can be moved at any point in time, > including after the guest asks if FMS matches host. There's no way to enable these mitigations later, so if you always have to enable

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote: > Maybe a generic "family/model/stepping/microcode really matches > the CPU you are running on" bit would be useful. The bit could > be enabled only on host-passthrough (aka "-cpu host") mode. > > If we really want to be able to

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote: > Maybe a generic "family/model/stepping/microcode really matches > the CPU you are running on" bit would be useful. The bit could > be enabled only on host-passthrough (aka "-cpu host") mode. > > If we really want to be able to

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

I agree with your point that the common hypervisor practice to fake old model numbers will break some of the workarounds. Hypervisors may need to revisit their practice. > > In general, making these kinds of decisions based on F/M/S is probably > > unwise when running in a VM. > > Certainly.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

I agree with your point that the common hypervisor practice to fake old model numbers will break some of the workarounds. Hypervisors may need to revisit their practice. > > In general, making these kinds of decisions based on F/M/S is probably > > unwise when running in a VM. > > Certainly.

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote: > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: >> For GCE, "you might be migrated to Skylake" is pretty much a >> certainty. Even if you're in a zone that doesn't currently have >> Skylake machines,

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote: > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: >> For GCE, "you might be migrated to Skylake" is pretty much a >> certainty. Even if you're in a zone that doesn't currently have >> Skylake machines, chances are pretty good

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote: > On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote: > > > > > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > > > > > The question is how the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote: > On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote: > > > > > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > > > > > The question is how the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: > For GCE, "you might be migrated to Skylake" is pretty much a > certainty. Even if you're in a zone that doesn't currently have > Skylake machines, chances are pretty good that it will have Skylake > machines some day in the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote: > For GCE, "you might be migrated to Skylake" is pretty much a > certainty. Even if you're in a zone that doesn't currently have > Skylake machines, chances are pretty good that it will have Skylake > machines some day in the

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote: > > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > > > The question is how the hypervisor could tell that to the guest. > > > If Intel doesn't give us a CPUID

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote: > > > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > > > The question is how the hypervisor could tell that to the guest. > > > If Intel doesn't give us a CPUID

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> The question is about all the additional RSB-frobbing and call depth > counting and other bits that don't really even exist for Skylake yet in > a coherent form. We have had several patch kits posted that all are in a "coherent form" That was the original one

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

> The question is about all the additional RSB-frobbing and call depth > counting and other bits that don't really even exist for Skylake yet in > a coherent form. We have had several patch kits posted that all are in a "coherent form" That was the original one

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

For GCE, "you might be migrated to Skylake" is pretty much a certainty. Even if you're in a zone that doesn't currently have Skylake machines, chances are pretty good that it will have Skylake machines some day in the not-too-distant future. In general, making these kinds of decisions based on

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

For GCE, "you might be migrated to Skylake" is pretty much a certainty. Even if you're in a zone that doesn't currently have Skylake machines, chances are pretty good that it will have Skylake machines some day in the not-too-distant future. In general, making these kinds of decisions based on

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > The question is how the hypervisor could tell that to the guest. > > If Intel doesn't give us a CPUID bit that can be used to tell > > that retpolines are enough, maybe we should

Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote: > On 1/29/2018 12:42 PM, Eduardo Habkost wrote: > > > > The question is how the hypervisor could tell that to the guest. > > If Intel doesn't give us a CPUID bit that can be used to tell > > that retpolines are enough, maybe we should

  1   2   >