public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Jon Kohler <jon@nutanix.com>
Cc: Sean Christopherson <seanjc@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Balbir Singh <sblbir@amazon.com>,
	Kim Phillips <kim.phillips@amd.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Kees Cook <keescook@chromium.org>,
	Waiman Long <longman@redhat.com>
Subject: Re: [PATCH v3] x86/speculation, KVM: only IBPB for switch_mm_always_ibpb on vCPU load
Date: Sat, 30 Apr 2022 18:08:57 +0200	[thread overview]
Message-ID: <Ym1fGZIs6K7T6h3n@zn.tnic> (raw)
In-Reply-To: <4E46337F-79CB-4ADA-B8C0-009E7500EDF8@nutanix.com>

On Sat, Apr 30, 2022 at 02:50:35PM +0000, Jon Kohler wrote:
> This is 100% a fair ask, I appreciate the diligence, as we’ve all been there
> on the ‘other side’ of changes to complex areas and spend hours digging on
> git history, LKML threads, SDM/APM, and other sources trying to derive
> why the heck something is the way it is.

Yap, that's basically proving my point and why I want stuff to be
properly documented so that the question "why was it done this way" can
always be answered satisfactorily.

> AFAIK, the KVM IBPB is avoided when switching in between vCPUs
> belonging to the same vmcs/vmcb (i.e. the same guest), e.g. you could 
> have one VM highly oversubscribed to the host and you wouldn’t see
> either the KVM IBPB or the switch_mm IBPB. All good. 
> 
> Reference vmx_vcpu_load_vmcs() and svm_vcpu_load() and the 
> conditionals prior to the barrier.

So this is where something's still missing.

> However, the pain ramps up when you have a bunch of separate guests,
> especially with a small amount of vCPUs per guest, so the switching is more
> likely to be in between completely separate guests.

If the guests are completely separate, then it should fall into the
switch_mm() case.

Unless it has something to do with, as I looked at the SVM side of
things, the VMCBs:

	if (sd->current_vmcb != svm->vmcb) {

So it is not only different guests but also within the same guest and
when the VMCB of the vCPU is not the current one.

But then if VMCB of the vCPU is not the current, per-CPU VMCB, then that
CPU ran another guest so in order for that other guest to attack the
current guest, then its branch pred should be flushed.

But I'm likely missing a virt aspect here so I'd let Sean explain what
the rules are...

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

  reply	other threads:[~2022-04-30 16:09 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-22 16:21 [PATCH v3] x86/speculation, KVM: only IBPB for switch_mm_always_ibpb on vCPU load Jon Kohler
2022-04-28 12:51 ` Jon Kohler
2022-04-29 16:59 ` Borislav Petkov
2022-04-29 17:31   ` Jon Kohler
2022-04-29 19:32     ` Borislav Petkov
2022-04-29 20:08       ` Jon Kohler
2022-04-29 20:29       ` Sean Christopherson
2022-04-29 20:59         ` Borislav Petkov
2022-04-29 21:59           ` Sean Christopherson
2022-04-29 22:22             ` Borislav Petkov
2022-04-29 23:23               ` Sean Christopherson
2022-04-30  9:50                 ` Borislav Petkov
2022-04-30 14:50                   ` Jon Kohler
2022-04-30 16:08                     ` Borislav Petkov [this message]
2022-05-06 15:42                       ` Jon Kohler
2022-05-10 14:44                       ` Sean Christopherson
2022-05-10 15:03                         ` Jon Kohler
2022-05-10 15:50                           ` Sean Christopherson
2022-05-12 13:44                             ` Borislav Petkov
2022-05-12 17:56                               ` Jon Kohler
2022-05-10 14:22                     ` Sean Christopherson
2022-05-10 14:49                       ` Jon Kohler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Ym1fGZIs6K7T6h3n@zn.tnic \
    --to=bp@alien8.de \
    --cc=aarcange@redhat.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=jmattson@google.com \
    --cc=jon@nutanix.com \
    --cc=joro@8bytes.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=kim.phillips@amd.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterz@infradead.org \
    --cc=sblbir@amazon.com \
    --cc=seanjc@google.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox