Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs

From: Thomas Gleixner
Date: Tue Feb 20 2018 - 05:37:04 EST

Next message: Geert Uytterhoeven: "Re: [PATCH 9/9] serial: xuartps: Fix out-of-bounds access through DT alias"
Previous message: tip-bot for Juergen Gross: "[tip:x86/boot] acpi: Introduce acpi_arch_get_root_pointer() for getting rsdp address"
In reply to: David Woodhouse: "Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs"
Next in thread: Thomas Gleixner: "Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 20 Feb 2018, David Woodhouse wrote:
> On Tue, 2018-02-20 at 09:31 +0100, Thomas Gleixner wrote:
> > > @@ -3387,13 +3387,14 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> > > Â
> > > Â vmx->spec_ctrl = data;
> > > Â
> > > - if (!data)
> > > + if (!data && !spectre_v2_ibrs_all())
> > > Â break;
> > > Â
> > > Â /*
> > > Â Â* For non-nested:
> > > Â Â* When it's written (to non-zero) for the first time, pass
> > > - Â* it through.
> > > + Â* it through unless we have IBRS_ALL and it should just be
> > > + Â* set for ever.
> >
> > A non zero write is going to disable the intercept only when IBRS_ALL
> > is on. The comment says is should be set forever, i.e. not changeable by
> > the guest. So the condition should be:
> >
> > if (!data || spectre_v2_ibrs_all())
> > break;
> > Hmm?
>
> Yes, good catch. Thanks.
>
> However, Paolo is very insistent that taking the trap every time is
> actually a lot *slower* than really frobbing IBRS on certain
> microarchitectures, so my hand-waving "pfft, what did they expect?" is
> not acceptable.
>
> Which I think puts us back to the "throwing the toys out of the pram"
> solution; demanding that Intel give us a new feature bit for "IBRS_ALL,
> and the bit in the MSR is a no-op". Which was going to be true for
> *most* new CPUs anyway. (Note: a blacklist for those few CPUs on which
> it *isn't* true might also suffice instead of a new feature bit.)
>
> Unless someone really wants to implement the atomic MSR save and
> restore on vmexit, and make it work with nesting, and make the whole
> thing sufficiently simple that we don't throw our toys out of the pram
> anyway when we see it?

That whole stuff was duct taped into microcode in a rush and the result is
that we have only the choice between fire and frying pan. Whatever we
decide to implement is not going to be a half baken hack.

I fully agree that Intel needs to get their act together and implement
IBRS_ALL sanely.

The right thing to do is to allow the host to lock down the MSR once it
enabled IBRS_ALL so that any write to it will just turn into NOOPs. That
removes all worries about guests and in future generations of CPUs this bit
might just be hardwired to one and the MSR just a dummy for compability
reasons.

Thanks,

tglx

Next message: Geert Uytterhoeven: "Re: [PATCH 9/9] serial: xuartps: Fix out-of-bounds access through DT alias"
Previous message: tip-bot for Juergen Gross: "[tip:x86/boot] acpi: Introduce acpi_arch_get_root_pointer() for getting rsdp address"
In reply to: David Woodhouse: "Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs"
Next in thread: Thomas Gleixner: "Re: [PATCH v3 2/4] x86/speculation: Support "Enhanced IBRS" on future CPUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]