From: Eduardo Habkost <ehabkost@redhat.com>
To: David Dunn <ddunn@vmware.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>,
KarimAllah Ahmed <karahmed@amazon.de>,
"Wilson, Matt" <msw@amazon.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andi Kleen <ak@linux.intel.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
Ashok Raj <ashok.raj@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Borislav Petkov <bp@suse.de>,
Dan Williams <dan.j.williams@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"H . Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>,
Joerg Roedel <joro@8bytes.org>,
Jun Nakajima <jun.nakajima@intel.com>,
Laura Abbott <labbott@redhat.com>,
Linus To
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure
Date: Mon, 29 Jan 2018 23:08:32 -0200 [thread overview]
Message-ID: <20180130010832.GA21702@localhost.localdomain> (raw)
In-Reply-To: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com>
On Mon, Jan 29, 2018 at 10:29:28PM +0000, David Dunn wrote:
> On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
>
> > Maybe a generic "family/model/stepping/microcode really matches
> > the CPU you are running on" bit would be useful. The bit could
> > be enabled only on host-passthrough (aka "-cpu host") mode.
> >
> > If we really want to be able to migrate to host with different
> > CPU models (except Skylake), we could add a more specific "we
> > promise the host CPU is never going to be Skylake" bit.
> >
> > Now, if the hypervisor is not providing any of those bits, I
> > would advise against trusting family/model/stepping/microcode
> > under a hypervisor. Using a pre-defined CPU model (that doesn't
> > necessarily match the host) is very common when using KVM VM
> > management stacks.
> >
>
> Eduardo,
>
> I don't see how this is possible in a modern virtualization
> environment.
>
> Under VMware, a VM will be migrated to SkyLake if one is in the
> cluster and supports the features exposed to the VM. This can
> occur for suspend/resume as well.
>
> The migration pool isn't a constant. Hosts can be added to a
> cluster and VMs can be instructed to move across clusters. So
> there doesn't need to be a SkyLake around when the VM powers on
> in order for it to eventually end up on a SkyLake.
If this is the case for your deployment, this means the guest
must never assume it won't run on a Skylake host (even if f/m/s
is not Skylake), doesn't it? Then the hypervisor won't set the
"we promise the host CPU is never going to be Skylake" bit.
>
> Even if we expose bit to indicate that FMS matches the
> underlying host, when does the guest know to query that? The
> VM can be moved at any point in time, including after the guest
> asks if FMS matches host.
If the VM can be moved at any point of time to a different model
of host CPU, this means you won't tell the guest it can trust
f/m/s because it doesn't represent the underlying host. You
won't set the "f/m/s/m really matches the host CPU" bit.
On both scenarios you describe above, it sounds like Linux must
assume it could migrated to a Skylake host at any moment. This
is exactly why I'm proposing those extra bits.
--
Eduardo
WARNING: multiple messages have this Message-ID (diff)
From: Eduardo Habkost <ehabkost@redhat.com>
To: David Dunn <ddunn@vmware.com>
Cc: "Arjan van de Ven" <arjan@linux.intel.com>,
"KarimAllah Ahmed" <karahmed@amazon.de>,
"Wilson, Matt" <msw@amazon.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Andi Kleen" <ak@linux.intel.com>,
"Andrea Arcangeli" <aarcange@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Ashok Raj" <ashok.raj@intel.com>,
"Asit Mallick" <asit.k.mallick@intel.com>,
"Borislav Petkov" <bp@suse.de>,
"Dan Williams" <dan.j.williams@intel.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"H . Peter Anvin" <hpa@zytor.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Janakarajan Natarajan" <Janakarajan.Natarajan@amd.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Jun Nakajima" <jun.nakajima@intel.com>,
"Laura Abbott" <labbott@redhat.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Tim Chen" <tim.c.chen@linux.intel.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Fred Jacobs" <fjacobs@vmware.com>,
"Jim Mattson" <jmattson@google.com>,
"David Woodhouse" <dwmw2@infradead.org>
Subject: Re: [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure
Date: Mon, 29 Jan 2018 23:08:32 -0200 [thread overview]
Message-ID: <20180130010832.GA21702@localhost.localdomain> (raw)
In-Reply-To: <7EB9643C-D2DD-477A-90DE-05DC653D2D4B@vmware.com>
On Mon, Jan 29, 2018 at 10:29:28PM +0000, David Dunn wrote:
> On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
>
> > Maybe a generic "family/model/stepping/microcode really matches
> > the CPU you are running on" bit would be useful. The bit could
> > be enabled only on host-passthrough (aka "-cpu host") mode.
> >
> > If we really want to be able to migrate to host with different
> > CPU models (except Skylake), we could add a more specific "we
> > promise the host CPU is never going to be Skylake" bit.
> >
> > Now, if the hypervisor is not providing any of those bits, I
> > would advise against trusting family/model/stepping/microcode
> > under a hypervisor. Using a pre-defined CPU model (that doesn't
> > necessarily match the host) is very common when using KVM VM
> > management stacks.
> >
>
> Eduardo,
>
> I don't see how this is possible in a modern virtualization
> environment.
>
> Under VMware, a VM will be migrated to SkyLake if one is in the
> cluster and supports the features exposed to the VM. This can
> occur for suspend/resume as well.
>
> The migration pool isn't a constant. Hosts can be added to a
> cluster and VMs can be instructed to move across clusters. So
> there doesn't need to be a SkyLake around when the VM powers on
> in order for it to eventually end up on a SkyLake.
If this is the case for your deployment, this means the guest
must never assume it won't run on a Skylake host (even if f/m/s
is not Skylake), doesn't it? Then the hypervisor won't set the
"we promise the host CPU is never going to be Skylake" bit.
>
> Even if we expose bit to indicate that FMS matches the
> underlying host, when does the guest know to query that? The
> VM can be moved at any point in time, including after the guest
> asks if FMS matches host.
If the VM can be moved at any point of time to a different model
of host CPU, this means you won't tell the guest it can trust
f/m/s because it doesn't represent the underlying host. You
won't set the "f/m/s/m really matches the host CPU" bit.
On both scenarios you describe above, it sounds like Linux must
assume it could migrated to a Skylake host at any moment. This
is exactly why I'm proposing those extra bits.
--
Eduardo
next prev parent reply other threads:[~2018-01-30 1:08 UTC|newest]
Thread overview: 149+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-29 22:29 [RFC,05/10] x86/speculation: Add basic IBRS support infrastructure David Dunn
2018-01-29 22:29 ` David Dunn
2018-01-29 22:41 ` Andi Kleen
2018-01-29 22:41 ` Andi Kleen
2018-01-29 22:49 ` Jim Mattson
2018-01-29 22:49 ` Jim Mattson
2018-01-30 1:10 ` Eduardo Habkost
2018-01-30 1:10 ` Eduardo Habkost
2018-01-30 1:20 ` David Dunn
2018-01-30 1:20 ` David Dunn
2018-01-30 1:30 ` Eduardo Habkost
2018-01-30 1:30 ` Eduardo Habkost
2018-01-29 23:51 ` Fred Jacobs
2018-01-29 23:51 ` Fred Jacobs
2018-01-30 1:08 ` Eduardo Habkost [this message]
2018-01-30 1:08 ` Eduardo Habkost
-- strict thread matches above, loose matches on Subject: below --
2018-01-20 19:22 [RFC 00/10] Speculation Control feature support KarimAllah Ahmed
2018-01-20 19:22 ` [RFC 05/10] x86/speculation: Add basic IBRS support infrastructure KarimAllah Ahmed
2018-01-20 19:22 ` KarimAllah Ahmed
2018-01-21 14:31 ` Thomas Gleixner
2018-01-21 14:31 ` Thomas Gleixner
2018-01-21 14:56 ` Borislav Petkov
2018-01-21 14:56 ` Borislav Petkov
2018-01-22 9:51 ` Peter Zijlstra
2018-01-22 9:51 ` Peter Zijlstra
2018-01-22 12:06 ` Borislav Petkov
2018-01-22 12:06 ` Borislav Petkov
2018-01-22 13:30 ` Greg Kroah-Hartman
2018-01-22 13:30 ` Greg Kroah-Hartman
2018-01-22 13:36 ` Woodhouse, David
2018-01-22 13:37 ` Woodhouse, David
2018-01-21 15:25 ` David Woodhouse
2018-01-21 15:25 ` David Woodhouse
2018-01-23 20:58 ` David Woodhouse
2018-01-23 20:58 ` David Woodhouse
2018-01-23 22:43 ` Johannes Erdfelt
2018-01-24 8:47 ` Peter Zijlstra
2018-01-24 8:47 ` Peter Zijlstra
2018-01-24 9:02 ` David Woodhouse
2018-01-24 9:02 ` David Woodhouse
2018-01-24 9:10 ` Greg Kroah-Hartman
2018-01-24 9:10 ` Greg Kroah-Hartman
2018-01-24 15:09 ` Arjan van de Ven
2018-01-24 15:09 ` Arjan van de Ven
2018-01-24 15:18 ` David Woodhouse
2018-01-24 15:18 ` David Woodhouse
2018-01-24 9:34 ` Peter Zijlstra
2018-01-24 9:34 ` Peter Zijlstra
2018-01-24 10:49 ` Henrique de Moraes Holschuh
2018-01-24 10:49 ` Henrique de Moraes Holschuh
2018-01-24 12:30 ` David Woodhouse
2018-01-24 12:30 ` David Woodhouse
2018-01-24 12:14 ` David Woodhouse
2018-01-24 12:14 ` David Woodhouse
2018-01-24 12:29 ` Peter Zijlstra
2018-01-24 12:29 ` Peter Zijlstra
2018-01-24 12:58 ` David Woodhouse
2018-01-24 12:58 ` David Woodhouse
2018-01-29 20:14 ` [RFC,05/10] " Eduardo Habkost
2018-01-29 20:14 ` Eduardo Habkost
2018-01-29 20:17 ` David Woodhouse
2018-01-29 20:17 ` David Woodhouse
2018-01-29 20:42 ` Eduardo Habkost
2018-01-29 20:42 ` Eduardo Habkost
2018-01-29 20:44 ` Arjan van de Ven
2018-01-29 20:44 ` Arjan van de Ven
2018-01-29 21:02 ` David Woodhouse
2018-01-29 21:02 ` David Woodhouse
2018-01-29 21:37 ` Jim Mattson
2018-01-29 21:37 ` Jim Mattson
2018-01-29 21:50 ` Eduardo Habkost
2018-01-29 21:50 ` Eduardo Habkost
2018-01-29 22:12 ` Jim Mattson
2018-01-29 22:12 ` Jim Mattson
2018-01-30 1:22 ` Eduardo Habkost
2018-01-30 1:22 ` Eduardo Habkost
2018-01-29 22:25 ` Andi Kleen
2018-01-29 22:25 ` Andi Kleen
2018-01-30 1:37 ` Eduardo Habkost
2018-01-30 1:37 ` Eduardo Habkost
2018-01-29 21:37 ` Andi Kleen
2018-01-29 21:37 ` Andi Kleen
2018-01-29 21:44 ` Eduardo Habkost
2018-01-29 21:44 ` Eduardo Habkost
2018-01-29 22:10 ` Konrad Rzeszutek Wilk
2018-01-29 22:10 ` Konrad Rzeszutek Wilk
2018-01-30 1:12 ` Eduardo Habkost
2018-01-30 1:12 ` Eduardo Habkost
2018-01-30 0:23 ` Linus Torvalds
2018-01-30 0:23 ` Linus Torvalds
2018-01-30 1:03 ` Jim Mattson
2018-01-30 1:03 ` Jim Mattson
2018-01-30 3:13 ` Andi Kleen
2018-01-30 3:13 ` Andi Kleen
2018-01-31 15:03 ` Paolo Bonzini
2018-01-31 15:03 ` Paolo Bonzini
2018-01-31 15:07 ` Dr. David Alan Gilbert
2018-01-31 15:07 ` Dr. David Alan Gilbert
2018-01-30 1:32 ` Arjan van de Ven
2018-01-30 1:32 ` Arjan van de Ven
2018-01-30 3:32 ` Linus Torvalds
2018-01-30 3:32 ` Linus Torvalds
2018-01-30 12:04 ` Eduardo Habkost
2018-01-30 12:04 ` Eduardo Habkost
2018-01-30 13:54 ` Arjan van de Ven
2018-01-30 13:54 ` Arjan van de Ven
2018-01-30 8:22 ` David Woodhouse
2018-01-30 8:22 ` David Woodhouse
2018-01-30 11:35 ` David Woodhouse
2018-01-30 11:35 ` David Woodhouse
2018-01-30 11:56 ` Dr. David Alan Gilbert
2018-01-30 11:56 ` Dr. David Alan Gilbert
2018-01-30 12:11 ` Christian Borntraeger
2018-01-30 12:11 ` Christian Borntraeger
2018-01-30 14:46 ` Christophe de Dinechin
2018-01-30 14:46 ` Christophe de Dinechin
2018-01-30 14:52 ` Christian Borntraeger
2018-01-30 14:52 ` Christian Borntraeger
2018-01-30 14:56 ` Christophe de Dinechin
2018-01-30 14:56 ` Christophe de Dinechin
2018-01-30 15:33 ` Christian Borntraeger
2018-01-30 15:33 ` Christian Borntraeger
2018-01-30 20:46 ` Alan Cox
2018-01-30 20:46 ` Alan Cox
2018-01-31 10:05 ` Christophe de Dinechin
2018-01-31 10:05 ` Christophe de Dinechin
2018-01-31 10:15 ` Thomas Gleixner
2018-01-31 10:15 ` Thomas Gleixner
2018-01-31 11:04 ` Dr. David Alan Gilbert
2018-01-31 11:04 ` Dr. David Alan Gilbert
2018-01-31 11:52 ` Borislav Petkov
2018-01-31 11:52 ` Borislav Petkov
2018-01-31 12:30 ` Dr. David Alan Gilbert
2018-01-31 12:30 ` Dr. David Alan Gilbert
2018-01-31 13:18 ` Borislav Petkov
2018-01-31 13:18 ` Borislav Petkov
2018-01-31 14:04 ` Dr. David Alan Gilbert
2018-01-31 14:04 ` Dr. David Alan Gilbert
2018-01-31 14:44 ` Eduardo Habkost
2018-01-31 14:44 ` Eduardo Habkost
2018-01-31 16:28 ` Borislav Petkov
2018-01-31 16:28 ` Borislav Petkov
2018-01-31 11:07 ` Christophe de Dinechin
2018-01-31 11:07 ` Christophe de Dinechin
2018-01-31 15:00 ` Eduardo Habkost
2018-01-31 15:00 ` Eduardo Habkost
2018-01-31 15:11 ` Arjan van de Ven
2018-01-31 15:11 ` Arjan van de Ven
2018-01-31 10:03 ` [RFC 05/10] " Christophe de Dinechin
2018-01-31 10:03 ` Christophe de Dinechin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180130010832.GA21702@localhost.localdomain \
--to=ehabkost@redhat.com \
--cc=Janakarajan.Natarajan@amd.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=asit.k.mallick@intel.com \
--cc=bp@suse.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=ddunn@vmware.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=jun.nakajima@intel.com \
--cc=karahmed@amazon.de \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=msw@amazon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.