On Wed, Jan 31, 2018 at 12:44:41PM -0200, Eduardo Habkost wrote:
> Also, if anybody don't like it, users can already specify, e.g.,
> "Broadwell,-hle,-rtm" or "Skylake,+spec_ctrl".
>
> QEMU only adds have the -noTSX and -IBRS CPU for convenience of
> management systems that don't know how to
On Wed, Jan 31, 2018 at 12:44:41PM -0200, Eduardo Habkost wrote:
> Also, if anybody don't like it, users can already specify, e.g.,
> "Broadwell,-hle,-rtm" or "Skylake,+spec_ctrl".
>
> QEMU only adds have the -noTSX and -IBRS CPU for convenience of
> management systems that don't know how to
On 1/31/2018 2:15 AM, Thomas Gleixner wrote:
Good luck with making all that work.
on the Intel side we're checking what we can do that works and doesn't break
things right now; hopefully we just end up with a bit in the arch capabilities
MSR for "you should do RSB stuffing" and then the HV's
On 1/31/2018 2:15 AM, Thomas Gleixner wrote:
Good luck with making all that work.
on the Intel side we're checking what we can do that works and doesn't break
things right now; hopefully we just end up with a bit in the arch capabilities
MSR for "you should do RSB stuffing" and then the HV's
* Paolo Bonzini (pbonz...@redhat.com) wrote:
> On 29/01/2018 22:13, Andi Kleen wrote:
> >> What happens when someone introduces a
> >> workaround tied to some other model numbers?
> > There are already many of those in the tree for other issues and features.
> > So far you managed to survive
* Paolo Bonzini (pbonz...@redhat.com) wrote:
> On 29/01/2018 22:13, Andi Kleen wrote:
> >> What happens when someone introduces a
> >> workaround tied to some other model numbers?
> > There are already many of those in the tree for other issues and features.
> > So far you managed to survive
On 29/01/2018 22:13, Andi Kleen wrote:
>> What happens when someone introduces a
>> workaround tied to some other model numbers?
> There are already many of those in the tree for other issues and features.
> So far you managed to survive without. Likely that will be true
> in the future too.
On 29/01/2018 22:13, Andi Kleen wrote:
>> What happens when someone introduces a
>> workaround tied to some other model numbers?
> There are already many of those in the tree for other issues and features.
> So far you managed to survive without. Likely that will be true
> in the future too.
On Wed, Jan 31, 2018 at 11:15:50AM +0100, Thomas Gleixner wrote:
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> > >
> > >> If you are ever going to migrate to Skylake, I think you should just
> > >> always tell
On Wed, Jan 31, 2018 at 11:15:50AM +0100, Thomas Gleixner wrote:
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> > >
> > >> If you are ever going to migrate to Skylake, I think you should just
> > >> always tell the guests that you're
On Wed, Jan 31, 2018 at 02:04:49PM +, Dr. David Alan Gilbert wrote:
> * Borislav Petkov (b...@suse.de) wrote:
> > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> > > Indeed, it's only for this weird case where you suddenly need to change
> > > it.
> >
> > No, there's
On Wed, Jan 31, 2018 at 02:04:49PM +, Dr. David Alan Gilbert wrote:
> * Borislav Petkov (b...@suse.de) wrote:
> > On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> > > Indeed, it's only for this weird case where you suddenly need to change
> > > it.
> >
> > No, there's
* Borislav Petkov (b...@suse.de) wrote:
> On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> > Indeed, it's only for this weird case where you suddenly need to change
> > it.
>
> No, there's more:
>
> .name = "Broadwell-noTSX",
> .name = "Haswell-noTSX",
* Borislav Petkov (b...@suse.de) wrote:
> On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> > Indeed, it's only for this weird case where you suddenly need to change
> > it.
>
> No, there's more:
>
> .name = "Broadwell-noTSX",
> .name = "Haswell-noTSX",
On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> Indeed, it's only for this weird case where you suddenly need to change
> it.
No, there's more:
.name = "Broadwell-noTSX",
.name = "Haswell-noTSX",
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix
On Wed, Jan 31, 2018 at 12:30:36PM +, Dr. David Alan Gilbert wrote:
> Indeed, it's only for this weird case where you suddenly need to change
> it.
No, there's more:
.name = "Broadwell-noTSX",
.name = "Haswell-noTSX",
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix
* Borislav Petkov (b...@suse.de) wrote:
> On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote:
> > That half is the easy bit, we've already got that (thanks to Eduardo),
> > QEMU has -IBRS variants of CPU types, so if you start a VM with
> > -cpu Broadwell-IBRS
>
> Eww, a CPU
* Borislav Petkov (b...@suse.de) wrote:
> On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote:
> > That half is the easy bit, we've already got that (thanks to Eduardo),
> > QEMU has -IBRS variants of CPU types, so if you start a VM with
> > -cpu Broadwell-IBRS
>
> Eww, a CPU
On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote:
> That half is the easy bit, we've already got that (thanks to Eduardo),
> QEMU has -IBRS variants of CPU types, so if you start a VM with
> -cpu Broadwell-IBRS
Eww, a CPU model with a specific feature bit. I hope you guys
On Wed, Jan 31, 2018 at 11:04:07AM +, Dr. David Alan Gilbert wrote:
> That half is the easy bit, we've already got that (thanks to Eduardo),
> QEMU has -IBRS variants of CPU types, so if you start a VM with
> -cpu Broadwell-IBRS
Eww, a CPU model with a specific feature bit. I hope you guys
> On 31 Jan 2018, at 11:15, Thomas Gleixner wrote:
>
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
>>> On 30 Jan 2018, at 21:46, Alan Cox wrote:
>>>
If you are ever going to migrate to Skylake, I think you should just
always
> On 31 Jan 2018, at 11:15, Thomas Gleixner wrote:
>
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
>>> On 30 Jan 2018, at 21:46, Alan Cox wrote:
>>>
If you are ever going to migrate to Skylake, I think you should just
always tell the guests that you're running on Skylake.
* Thomas Gleixner (t...@linutronix.de) wrote:
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> > >
> > >> If you are ever going to migrate to Skylake, I think you should just
> > >> always tell the guests that
* Thomas Gleixner (t...@linutronix.de) wrote:
> On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> > >
> > >> If you are ever going to migrate to Skylake, I think you should just
> > >> always tell the guests that you're running on Skylake. That
On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> >
> >> If you are ever going to migrate to Skylake, I think you should just
> >> always tell the guests that you're running on Skylake. That way the
> >> guests will
On Wed, 31 Jan 2018, Christophe de Dinechin wrote:
> > On 30 Jan 2018, at 21:46, Alan Cox wrote:
> >
> >> If you are ever going to migrate to Skylake, I think you should just
> >> always tell the guests that you're running on Skylake. That way the
> >> guests will always assume the worst case
> On 30 Jan 2018, at 21:46, Alan Cox wrote:
>
>> If you are ever going to migrate to Skylake, I think you should just
>> always tell the guests that you're running on Skylake. That way the
>> guests will always assume the worst case situation wrt Specte.
>
>
> On 30 Jan 2018, at 21:46, Alan Cox wrote:
>
>> If you are ever going to migrate to Skylake, I think you should just
>> always tell the guests that you're running on Skylake. That way the
>> guests will always assume the worst case situation wrt Specte.
>
> Unfortunately if you do that then
KarimAllah Ahmed writes:
> From: David Woodhouse
>
> Not functional yet; just add the handling for it in the Spectre v2
> mitigation selection, and the X86_FEATURE_IBRS flag which will control
> the code to be added in later patches.
>
> Also take the #ifdef CONFIG_RETPOLINE
KarimAllah Ahmed writes:
> From: David Woodhouse
>
> Not functional yet; just add the handling for it in the Spectre v2
> mitigation selection, and the X86_FEATURE_IBRS flag which will control
> the code to be added in later patches.
>
> Also take the #ifdef CONFIG_RETPOLINE from around the
> If you are ever going to migrate to Skylake, I think you should just
> always tell the guests that you're running on Skylake. That way the
> guests will always assume the worst case situation wrt Specte.
Unfortunately if you do that then guest may also decide to use other
Skylake hardware
> If you are ever going to migrate to Skylake, I think you should just
> always tell the guests that you're running on Skylake. That way the
> guests will always assume the worst case situation wrt Specte.
Unfortunately if you do that then guest may also decide to use other
Skylake hardware
On 01/30/2018 03:56 PM, Christophe de Dinechin wrote:
>
>
>> On 30 Jan 2018, at 15:52, Christian Borntraeger
>> wrote:
>>
>>
>>
>> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>>>
>>>
On 30 Jan 2018, at 13:11, Christian Borntraeger
On 01/30/2018 03:56 PM, Christophe de Dinechin wrote:
>
>
>> On 30 Jan 2018, at 15:52, Christian Borntraeger
>> wrote:
>>
>>
>>
>> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>>>
>>>
On 30 Jan 2018, at 13:11, Christian Borntraeger
wrote:
On
> On 30 Jan 2018, at 15:52, Christian Borntraeger
> wrote:
>
>
>
> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>>
>>
>>> On 30 Jan 2018, at 13:11, Christian Borntraeger
>>> wrote:
>>>
>>>
>>>
>>> On 01/30/2018 01:23 AM, Linus
> On 30 Jan 2018, at 15:52, Christian Borntraeger
> wrote:
>
>
>
> On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>>
>>
>>> On 30 Jan 2018, at 13:11, Christian Borntraeger
>>> wrote:
>>>
>>>
>>>
>>> On 01/30/2018 01:23 AM, Linus Torvalds wrote:
>>> [...]
So I
On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>
>
>> On 30 Jan 2018, at 13:11, Christian Borntraeger
>> wrote:
>>
>>
>>
>> On 01/30/2018 01:23 AM, Linus Torvalds wrote:
>> [...]
>>>
>>> So I actually have a _different_ question to the virtualization
>>>
On 01/30/2018 03:46 PM, Christophe de Dinechin wrote:
>
>
>> On 30 Jan 2018, at 13:11, Christian Borntraeger
>> wrote:
>>
>>
>>
>> On 01/30/2018 01:23 AM, Linus Torvalds wrote:
>> [...]
>>>
>>> So I actually have a _different_ question to the virtualization
>>> people. This includes the
> On 30 Jan 2018, at 13:11, Christian Borntraeger
> wrote:
>
>
>
> On 01/30/2018 01:23 AM, Linus Torvalds wrote:
> [...]
>>
>> So I actually have a _different_ question to the virtualization
>> people. This includes the vmware people, but it also obviously
>>
> On 30 Jan 2018, at 13:11, Christian Borntraeger
> wrote:
>
>
>
> On 01/30/2018 01:23 AM, Linus Torvalds wrote:
> [...]
>>
>> So I actually have a _different_ question to the virtualization
>> people. This includes the vmware people, but it also obviously
>> incldues the Amazon AWS kind
On 1/29/2018 7:32 PM, Linus Torvalds wrote:
On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote:
the most simple solution is that we set the internal feature bit in Linux
to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest
in a VM.
That
On 1/29/2018 7:32 PM, Linus Torvalds wrote:
On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote:
the most simple solution is that we set the internal feature bit in Linux
to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest
in a VM.
That sounds reasonable.
On 01/30/2018 01:23 AM, Linus Torvalds wrote:
[...]
>
> So I actually have a _different_ question to the virtualization
> people. This includes the vmware people, but it also obviously
> incldues the Amazon AWS kind of usage.
>
> When you're a hypervisor (whether vmware or Amazon), why do you
On 01/30/2018 01:23 AM, Linus Torvalds wrote:
[...]
>
> So I actually have a _different_ question to the virtualization
> people. This includes the vmware people, but it also obviously
> incldues the Amazon AWS kind of usage.
>
> When you're a hypervisor (whether vmware or Amazon), why do you
On Mon, Jan 29, 2018 at 07:32:06PM -0800, Linus Torvalds wrote:
> On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven
> wrote:
> >
> > the most simple solution is that we set the internal feature bit in Linux
> > to turn on the "stuff the RSB" workaround is we're on a SKL
On Mon, Jan 29, 2018 at 07:32:06PM -0800, Linus Torvalds wrote:
> On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven
> wrote:
> >
> > the most simple solution is that we set the internal feature bit in Linux
> > to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest
> > in a
* Linus Torvalds (torva...@linux-foundation.org) wrote:
> Why do you even _care_ about the guest, and how it acts wrt Skylake?
> What you should care about is not so much the guests (which do their
> own thing) but protect guests from each other, no?
>
> So I'm a bit mystified by some of this
* Linus Torvalds (torva...@linux-foundation.org) wrote:
> Why do you even _care_ about the guest, and how it acts wrt Skylake?
> What you should care about is not so much the guests (which do their
> own thing) but protect guests from each other, no?
>
> So I'm a bit mystified by some of this
On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote:
>
> Note on the unhappiness with some of the patches involved: what I do
> *not* want to see is the "on every kernel entry" kind of garbage.
>
> So my unhappiness with the intel microcode patches is two-fold:
>
> (a) the interface is
On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote:
>
> Note on the unhappiness with some of the patches involved: what I do
> *not* want to see is the "on every kernel entry" kind of garbage.
>
> So my unhappiness with the intel microcode patches is two-fold:
>
> (a) the interface is
On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote:
> And the "big hammer" approach to spectre would seem to
> be to just make sure the BTB and RSB are flushed at vmexit time - and
> even then you might decide that you really want to just move it to
> vmenter time, and only do it if the VM
On Mon, 2018-01-29 at 16:23 -0800, Linus Torvalds wrote:
> And the "big hammer" approach to spectre would seem to
> be to just make sure the BTB and RSB are flushed at vmexit time - and
> even then you might decide that you really want to just move it to
> vmenter time, and only do it if the VM
On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote:
>
> the most simple solution is that we set the internal feature bit in Linux
> to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest
> in a VM.
That sounds reasonable.
However, wouldn't it be
On Mon, Jan 29, 2018 at 5:32 PM, Arjan van de Ven wrote:
>
> the most simple solution is that we set the internal feature bit in Linux
> to turn on the "stuff the RSB" workaround is we're on a SKL *or* as a guest
> in a VM.
That sounds reasonable.
However, wouldn't it be even better to extend
> Right now, we are dealing with one workaround, which is tied to
> Skylake-era model numbers. Yes, we could report a Skylake model
> number, and Linux guests would use IBRS instead of retpoline. But this
Nobody is planning to use IBRS and Linus has rejected it.
> approach doesn't scale. What
> Right now, we are dealing with one workaround, which is tied to
> Skylake-era model numbers. Yes, we could report a Skylake model
> number, and Linux guests would use IBRS instead of retpoline. But this
Nobody is planning to use IBRS and Linus has rejected it.
> approach doesn't scale. What
On Mon, Jan 29, 2018 at 02:25:12PM -0800, Andi Kleen wrote:
>
> I agree with your point that the common hypervisor practice to fake
> old model numbers will break some of the workarounds. Hypervisors
> may need to revisit their practice.
>
> > > In general, making these kinds of decisions based
On Mon, Jan 29, 2018 at 02:25:12PM -0800, Andi Kleen wrote:
>
> I agree with your point that the common hypervisor practice to fake
> old model numbers will break some of the workarounds. Hypervisors
> may need to revisit their practice.
>
> > > In general, making these kinds of decisions based
On 1/29/2018 4:23 PM, Linus Torvalds wrote:
Why do you even _care_ about the guest, and how it acts wrt Skylake?
What you should care about is not so much the guests (which do their
own thing) but protect guests from each other, no?
the most simple solution is that we set the internal feature
On 1/29/2018 4:23 PM, Linus Torvalds wrote:
Why do you even _care_ about the guest, and how it acts wrt Skylake?
What you should care about is not so much the guests (which do their
own thing) but protect guests from each other, no?
the most simple solution is that we set the internal feature
On Tue, Jan 30, 2018 at 01:20:52AM +, David Dunn wrote:
> Eduardo,
>
> This is why it would be good to have a CPUID bit that says:
> "apply SkyLake RSB stuffing." That's preferable to "trust FMS"
> for VMware.
Agreed it would be more useful than "trust FMS". However, I
believe a "no need
On Tue, Jan 30, 2018 at 01:20:52AM +, David Dunn wrote:
> Eduardo,
>
> This is why it would be good to have a CPUID bit that says:
> "apply SkyLake RSB stuffing." That's preferable to "trust FMS"
> for VMware.
Agreed it would be more useful than "trust FMS". However, I
believe a "no need
On Mon, Jan 29, 2018 at 02:12:02PM -0800, Jim Mattson wrote:
> On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote:
> > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
> >> For GCE, "you might be migrated to Skylake" is pretty much a
> >> certainty. Even if
On Mon, Jan 29, 2018 at 02:12:02PM -0800, Jim Mattson wrote:
> On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote:
> > On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
> >> For GCE, "you might be migrated to Skylake" is pretty much a
> >> certainty. Even if you're in a zone that
Eduardo,
This is why it would be good to have a CPUID bit that says: "apply SkyLake RSB
stuffing." That's preferable to "trust FMS" for VMware.
If Intel defines such a feature flag, sets it on SkyLake, and Linux uses it...
that would be very helpful for VMware.
I won't speak for GCE and AWS.
Eduardo,
This is why it would be good to have a CPUID bit that says: "apply SkyLake RSB
stuffing." That's preferable to "trust FMS" for VMware.
If Intel defines such a feature flag, sets it on SkyLake, and Linux uses it...
that would be very helpful for VMware.
I won't speak for GCE and AWS.
On Mon, Jan 29, 2018 at 05:10:11PM -0500, Konrad Rzeszutek Wilk wrote:
[...]
> The migration code could be 'tickled' (when arrived at the destination)
> to recheck the CPUID and do the alternative logic to turn the
> proper bits on.
>
> And this tickling could be as simple as an ACPI DSDT/AML
On Mon, Jan 29, 2018 at 05:10:11PM -0500, Konrad Rzeszutek Wilk wrote:
[...]
> The migration code could be 'tickled' (when arrived at the destination)
> to recheck the CPUID and do the alternative logic to turn the
> proper bits on.
>
> And this tickling could be as simple as an ACPI DSDT/AML
On Mon, Jan 29, 2018 at 02:49:51PM -0800, Jim Mattson wrote:
> And if we expect to introduce Cascade Lake into the pool in the
> future, we use a Cascade Lake model number?
>
> It sounds like you are suggesting that we set the model number to the
> highest model number that will ever be
On Mon, Jan 29, 2018 at 02:49:51PM -0800, Jim Mattson wrote:
> And if we expect to introduce Cascade Lake into the pool in the
> future, we use a Cascade Lake model number?
>
> It sounds like you are suggesting that we set the model number to the
> highest model number that will ever be
On Mon, Jan 29, 2018 at 10:29:28PM +, David Dunn wrote:
> On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
>
> > Maybe a generic "family/model/stepping/microcode really matches
> > the CPU you are running on" bit would be useful. The bit could
> > be enabled only on
On Mon, Jan 29, 2018 at 10:29:28PM +, David Dunn wrote:
> On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
>
> > Maybe a generic "family/model/stepping/microcode really matches
> > the CPU you are running on" bit would be useful. The bit could
> > be enabled only on
The guest OS is responsible for protecting itself from intra-guest
attacks. The hypervisor can't do that. We want to give the guest OS
the tools it needs to make reasonable decisions about the intra-guest
protections it wants to enable, in an environment where the virtual
processor and the
The guest OS is responsible for protecting itself from intra-guest
attacks. The hypervisor can't do that. We want to give the guest OS
the tools it needs to make reasonable decisions about the intra-guest
protections it wants to enable, in an environment where the virtual
processor and the
On Mon, Jan 29, 2018 at 1:02 PM, David Woodhouse wrote:
>
> On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
>>
>> the objective is to have retpoline be safe everywhere and never use IBRS
>> (Linus was also pretty clear about that) so I'm confused by your question
On Mon, Jan 29, 2018 at 1:02 PM, David Woodhouse wrote:
>
> On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
>>
>> the objective is to have retpoline be safe everywhere and never use IBRS
>> (Linus was also pretty clear about that) so I'm confused by your question
Note on the
(Apologies as I was brought into this thread late, but I believe I have
context).
Could a new "feature" be enumerated on Skylake and beyond which specifies that
a particular problem exists which requires different mitigation than on
previous processors? Perhaps a CPUID bit enumerating this
(Apologies as I was brought into this thread late, but I believe I have
context).
Could a new "feature" be enumerated on Skylake and beyond which specifies that
a particular problem exists which requires different mitigation than on
previous processors? Perhaps a CPUID bit enumerating this
And if we expect to introduce Cascade Lake into the pool in the
future, we use a Cascade Lake model number?
It sounds like you are suggesting that we set the model number to the
highest model number that will ever be introduced into the pool, at
any time in the future. That approach would also
And if we expect to introduce Cascade Lake into the pool in the
future, we use a Cascade Lake model number?
It sounds like you are suggesting that we set the model number to the
highest model number that will ever be introduced into the pool, at
any time in the future. That approach would also
> Even if we expose bit to indicate that FMS matches the underlying host, when
> does the guest know to query that? The VM can be moved at any point in time,
> including after the guest asks if FMS matches host.
There's no way to enable these mitigations later, so if you always
have to enable
> Even if we expose bit to indicate that FMS matches the underlying host, when
> does the guest know to query that? The VM can be moved at any point in time,
> including after the guest asks if FMS matches host.
There's no way to enable these mitigations later, so if you always
have to enable
On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
> Maybe a generic "family/model/stepping/microcode really matches
> the CPU you are running on" bit would be useful. The bit could
> be enabled only on host-passthrough (aka "-cpu host") mode.
>
> If we really want to be able to
On Mon, 2018-01-29 at 13:45:07 -0800, Eduardo Habkost wrote:
> Maybe a generic "family/model/stepping/microcode really matches
> the CPU you are running on" bit would be useful. The bit could
> be enabled only on host-passthrough (aka "-cpu host") mode.
>
> If we really want to be able to
I agree with your point that the common hypervisor practice to fake
old model numbers will break some of the workarounds. Hypervisors
may need to revisit their practice.
> > In general, making these kinds of decisions based on F/M/S is probably
> > unwise when running in a VM.
>
> Certainly.
I agree with your point that the common hypervisor practice to fake
old model numbers will break some of the workarounds. Hypervisors
may need to revisit their practice.
> > In general, making these kinds of decisions based on F/M/S is probably
> > unwise when running in a VM.
>
> Certainly.
On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote:
> On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
>> For GCE, "you might be migrated to Skylake" is pretty much a
>> certainty. Even if you're in a zone that doesn't currently have
>> Skylake machines,
On Mon, Jan 29, 2018 at 1:50 PM, Eduardo Habkost wrote:
> On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
>> For GCE, "you might be migrated to Skylake" is pretty much a
>> certainty. Even if you're in a zone that doesn't currently have
>> Skylake machines, chances are pretty good
On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote:
> On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote:
> >
> >
> > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> > > >
> > > > The question is how the
On Mon, Jan 29, 2018 at 07:44:21PM -0200, Eduardo Habkost wrote:
> On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote:
> >
> >
> > On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> > > On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> > > >
> > > > The question is how the
On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
> For GCE, "you might be migrated to Skylake" is pretty much a
> certainty. Even if you're in a zone that doesn't currently have
> Skylake machines, chances are pretty good that it will have Skylake
> machines some day in the
On Mon, Jan 29, 2018 at 01:37:05PM -0800, Jim Mattson wrote:
> For GCE, "you might be migrated to Skylake" is pretty much a
> certainty. Even if you're in a zone that doesn't currently have
> Skylake machines, chances are pretty good that it will have Skylake
> machines some day in the
On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote:
>
>
> On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> > On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> > >
> > > The question is how the hypervisor could tell that to the guest.
> > > If Intel doesn't give us a CPUID
On Mon, Jan 29, 2018 at 09:02:39PM +, David Woodhouse wrote:
>
>
> On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> > On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> > >
> > > The question is how the hypervisor could tell that to the guest.
> > > If Intel doesn't give us a CPUID
> The question is about all the additional RSB-frobbing and call depth
> counting and other bits that don't really even exist for Skylake yet in
> a coherent form.
We have had several patch kits posted that all are in a "coherent form"
That was the original one
> The question is about all the additional RSB-frobbing and call depth
> counting and other bits that don't really even exist for Skylake yet in
> a coherent form.
We have had several patch kits posted that all are in a "coherent form"
That was the original one
For GCE, "you might be migrated to Skylake" is pretty much a
certainty. Even if you're in a zone that doesn't currently have
Skylake machines, chances are pretty good that it will have Skylake
machines some day in the not-too-distant future.
In general, making these kinds of decisions based on
For GCE, "you might be migrated to Skylake" is pretty much a
certainty. Even if you're in a zone that doesn't currently have
Skylake machines, chances are pretty good that it will have Skylake
machines some day in the not-too-distant future.
In general, making these kinds of decisions based on
On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> >
> > The question is how the hypervisor could tell that to the guest.
> > If Intel doesn't give us a CPUID bit that can be used to tell
> > that retpolines are enough, maybe we should
On Mon, 2018-01-29 at 12:44 -0800, Arjan van de Ven wrote:
> On 1/29/2018 12:42 PM, Eduardo Habkost wrote:
> >
> > The question is how the hypervisor could tell that to the guest.
> > If Intel doesn't give us a CPUID bit that can be used to tell
> > that retpolines are enough, maybe we should
1 - 100 of 148 matches
Mail list logo