Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure

From: Konrad Rzeszutek Wilk
Date: Mon Jan 29 2018 - 17:11:01 EST

Next message: Jim Mattson: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Previous message: Mike Frysinger: "[PATCH] vt: change SGR 21 to follow the standards"
In reply to: Eduardo Habkost: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Next in thread: Eduardo Habkost: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote:
> On Mon, Jan 29, 2018 at 09:02:39PM +0000, David Woodhouse wrote:
> >
> >
> > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> > > >
> > > > The question is how the hypervisor could tell that to the guest.
> > > > If Intel doesn't give us a CPUID bit that can be used to tell
> > > > that retpolines are enough, maybe we should use a hypervisor
> > > > CPUID bit for that?
> > >
> > > the objective is to have retpoline be safe everywhere and never use IBRS
> > > (Linus was also pretty clear about that) so I'm confused by your question
> >
> > The question is about all the additional RSB-frobbing and call depth
> > counting and other bits that don't really even exist for Skylake yet in
> > a coherent form.
> >
> > If a guest doesn't have those, because it's running some future kernel
> > where they *are* implemented but not enabled because at *boot* time it
> > discovered it wasn't on Skylake, the question is what happens if that
> > guest is subsequently migrated to a Skylake-class machine.
> >
> > To which the answer is obviously "oops, sucks to be you". So yes,
> > *maybe* we want a way to advertise "you might be migrated to Skylake"
> > if you're booted on a pre-SKL box in a migration pool where such is
> > possible.
> >
> > That question is a reasonable one, and the answer possibly the same,
> > regardless of whether the plan for Skylake is to use IBRS, or all the
> > hypothetical other extra stuff.
>
> Maybe a generic "family/model/stepping/microcode really matches
> the CPU you are running on" bit would be useful. The bit could
> be enabled only on host-passthrough (aka "-cpu host") mode.
>
> If we really want to be able to migrate to host with different
> CPU models (except Skylake), we could add a more specific "we
> promise the host CPU is never going to be Skylake" bit.
>
> Now, if the hypervisor is not providing any of those bits, I
> would advise against trusting family/model/stepping/microcode
> under a hypervisor. Using a pre-defined CPU model (that doesn't

The migration code could be 'tickled' (when arrived at the destination)
to recheck the CPUID and do the alternative logic to turn the
proper bits on.

And this tickling could be as simple as an ACPI DSDT/AML code
specific to KVM PnP devices (say the CPUs?) to tell the guest to
resample its environment?

> necessarily match the host) is very common when using KVM VM
> management stacks.
>
> --
> Eduardo

Next message: Jim Mattson: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Previous message: Mike Frysinger: "[PATCH] vt: change SGR 21 to follow the standards"
In reply to: Eduardo Habkost: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Next in thread: Eduardo Habkost: "Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]