From: Kim Phillips <kim.phillips@amd.com>
To: Jim Mattson <jmattson@google.com>
Cc: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Joao Martins <joao.m.martins@oracle.com>,
Jonathan Corbet <corbet@lwn.net>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Juergen Gross <jgross@suse.com>,
Peter Zijlstra <peterz@infradead.org>,
Tony Luck <tony.luck@intel.com>, Babu Moger <Babu.Moger@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
kvm@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] x86/speculation: Support Automatic IBRS under virtualization
Date: Mon, 7 Nov 2022 16:29:44 -0600 [thread overview]
Message-ID: <f25152d2-7045-94f4-d5dc-69b609c0be6a@amd.com> (raw)
In-Reply-To: <CALMp9eSpKGCYK_1r3o326ui5RVoH73_RR5-LR2Div9Jm5zvk6A@mail.gmail.com>
On 11/4/22 5:00 PM, Jim Mattson wrote:
> On Fri, Nov 4, 2022 at 2:38 PM Kim Phillips <kim.phillips@amd.com> wrote:
>>
>> VM Guests may want to use Auto IBRS, so propagate the CPUID to them.
>>
>> Co-developed-by: Babu Moger <Babu.Moger@amd.com>
>> Signed-off-by: Kim Phillips <kim.phillips@amd.com>
>
> The APM says that, under AutoIBRS, CPL0 processes "have IBRS
> protection." I'm taking this to mean only that indirect branches in
> CPL0 are not subject to steering from a less privileged predictor
> mode. This would imply that indirect branches executed at CPL0 in L1
> could potentially be subject to steering by code running at CPL0 in
> L2, since L1 and L2 share hardware predictor modes.
That's true for AMD processors that don't support Same Mode IBRS, also
documented in the APM.
Processors that support AutoIBRS also support Same Mode IBRS (see
CPUID Fn8000_0008_EBX[IbrsSameMode] (bit 19)).
> Fortunately, there is an IBPB when switching VMCBs in svm_vcpu_load().
> But it might be worth noting that this is necessary for AutoIBRS to
> work (unless it actually isn't).
It is needed, but not for kernel/CPL0 code, rather to protect one
guest's user-space code from another's.
Kim
next prev parent reply other threads:[~2022-11-07 22:29 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-04 21:36 [PATCH 0/3] x86/speculation: Support Automatic IBRS Kim Phillips
2022-11-04 21:36 ` [PATCH 1/3] x86/cpufeatures: Add support for cpuid leaf 80000021/EAX (FeatureExt2Eax) Kim Phillips
2022-11-04 21:48 ` Borislav Petkov
2022-11-15 23:10 ` Kim Phillips
2022-11-16 11:59 ` Borislav Petkov
2022-11-16 20:22 ` Sean Christopherson
2022-11-16 21:01 ` Borislav Petkov
2022-11-04 21:36 ` [PATCH 2/3] x86/speculation: Support Automatic IBRS Kim Phillips
2022-11-04 21:52 ` Borislav Petkov
2022-11-05 11:10 ` Peter Zijlstra
2022-11-07 22:39 ` Kim Phillips
2022-11-07 23:41 ` Dave Hansen
2022-11-08 8:06 ` Peter Zijlstra
2022-11-11 12:09 ` Borislav Petkov
2022-11-11 12:40 ` Thadeu Lima de Souza Cascardo
2022-11-12 0:46 ` Kim Phillips
2022-11-12 0:54 ` Jim Mattson
2022-11-05 11:39 ` David Laight
2022-11-07 22:40 ` Kim Phillips
2022-11-04 21:36 ` [PATCH 3/3] x86/speculation: Support Automatic IBRS under virtualization Kim Phillips
2022-11-04 22:00 ` Jim Mattson
2022-11-07 22:29 ` Kim Phillips [this message]
2022-11-07 22:42 ` Jim Mattson
2022-11-08 22:48 ` Kim Phillips
2022-11-08 22:59 ` Jim Mattson
2022-11-06 8:38 ` Paolo Bonzini
2022-11-04 22:06 ` [PATCH 0/3] x86/speculation: Support Automatic IBRS Dave Hansen
2022-11-07 22:43 ` Kim Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f25152d2-7045-94f4-d5dc-69b609c0be6a@amd.com \
--to=kim.phillips@amd.com \
--cc=Babu.Moger@amd.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jmattson@google.com \
--cc=joao.m.martins@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox