On Mon, Jan 29, 2018 at 1:49 PM, Daniel Kiper wrote:
> On Mon, Jan 29, 2018 at 12:31:13PM -0500, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
>> > On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
>> > >
>> > >
On Mon, Jan 29, 2018 at 1:49 PM, Daniel Kiper wrote:
> On Mon, Jan 29, 2018 at 12:31:13PM -0500, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
>> > On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
>> > >
>> > > Windows use IBRS and Microsoft
On Mon, Jan 29, 2018 at 12:31:13PM -0500, Konrad Rzeszutek Wilk wrote:
> On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
> > On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
> > >
> > > Windows use IBRS and Microsoft don't have any plans to switch to
> > > retpoline.
> > >
On Mon, Jan 29, 2018 at 12:31:13PM -0500, Konrad Rzeszutek Wilk wrote:
> On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
> > On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
> > >
> > > Windows use IBRS and Microsoft don't have any plans to switch to
> > > retpoline.
> > >
On Mon, Jan 29, 2018 at 11:16 AM, Konrad Rzeszutek Wilk
wrote:
> On Mon, Jan 29, 2018 at 10:43:22AM -0800, Jim Mattson wrote:
>> On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed
>> wrote:
>> > Add direct access to MSR_IA32_SPEC_CTRL for guests. This
On Mon, Jan 29, 2018 at 11:16 AM, Konrad Rzeszutek Wilk
wrote:
> On Mon, Jan 29, 2018 at 10:43:22AM -0800, Jim Mattson wrote:
>> On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed
>> wrote:
>> > Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>> > guests
>> > that will
On Mon, Jan 29, 2018 at 10:43:22AM -0800, Jim Mattson wrote:
> On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed wrote:
> > Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
> > guests
> > that will only mitigate Spectre V2 through IBRS+IBPB and will not
On Mon, Jan 29, 2018 at 10:43:22AM -0800, Jim Mattson wrote:
> On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed wrote:
> > Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
> > guests
> > that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a
> >
On 01/29/2018 08:04 PM, Jim Mattson wrote:
Can I assume you'll send out a new version with the fixes?
Yes, I am currently doing some tests and once I am done I will send a
new round.
... and the typo is already fixed in 'ibpb-wip' :)
On Mon, Jan 29, 2018 at 11:01 AM, David Woodhouse
On 01/29/2018 08:04 PM, Jim Mattson wrote:
Can I assume you'll send out a new version with the fixes?
Yes, I am currently doing some tests and once I am done I will send a
new round.
... and the typo is already fixed in 'ibpb-wip' :)
On Mon, Jan 29, 2018 at 11:01 AM, David Woodhouse
Can I assume you'll send out a new version with the fixes?
On Mon, Jan 29, 2018 at 11:01 AM, David Woodhouse wrote:
>
> (Top-posting; sorry.)
>
> Much of that is already fixed during our day, in
> http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb
>
> I
Can I assume you'll send out a new version with the fixes?
On Mon, Jan 29, 2018 at 11:01 AM, David Woodhouse wrote:
>
> (Top-posting; sorry.)
>
> Much of that is already fixed during our day, in
> http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb
>
> I forgot to fix up the
(Top-posting; sorry.)
Much of that is already fixed during our day, in
http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb
I forgot to fix up the wrong-MSR typo though, and we do still need to address
reset.
On Mon, 2018-01-29 at 10:43 -0800, Jim Mattson wrote:
> On Sun,
(Top-posting; sorry.)
Much of that is already fixed during our day, in
http://git.infradead.org/linux-retpoline.git/shortlog/refs/heads/ibpb
I forgot to fix up the wrong-MSR typo though, and we do still need to address
reset.
On Mon, 2018-01-29 at 10:43 -0800, Jim Mattson wrote:
> On Sun,
On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed wrote:
> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests
> that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a
> retpoline+IBPB based approach.
>
> To avoid the overhead
On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed wrote:
> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests
> that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a
> retpoline+IBPB based approach.
>
> To avoid the overhead of atomically saving
On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
> On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
> >
> > Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
> > Running a Windows guest should be a pretty common use-case no?
> >
> > In addition, your
On Mon, Jan 29, 2018 at 08:46:03AM +, David Woodhouse wrote:
> On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
> >
> > Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
> > Running a Windows guest should be a pretty common use-case no?
> >
> > In addition, your
On Mon, Jan 29, 2018 at 10:37:44AM +, David Woodhouse wrote:
> On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
> > On 01/29/2018 09:46 AM, David Woodhouse wrote:
> > > Reading the code and comparing with the SDM, I can't see where we're
> > > ever setting
On Mon, Jan 29, 2018 at 10:37:44AM +, David Woodhouse wrote:
> On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
> > On 01/29/2018 09:46 AM, David Woodhouse wrote:
> > > Reading the code and comparing with the SDM, I can't see where we're
> > > ever setting
On 29/01/2018 11:37, David Woodhouse wrote:
> On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
>> On 01/29/2018 09:46 AM, David Woodhouse wrote:
>>> Reading the code and comparing with the SDM, I can't see where we're
>>> ever setting VM_EXIT_MSR_STORE_{ADDR,COUNT} except in the nested
On 29/01/2018 11:37, David Woodhouse wrote:
> On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
>> On 01/29/2018 09:46 AM, David Woodhouse wrote:
>>> Reading the code and comparing with the SDM, I can't see where we're
>>> ever setting VM_EXIT_MSR_STORE_{ADDR,COUNT} except in the nested
On 29/01/2018 09:46, David Woodhouse wrote:
> I'd actually quite like to repeat the benchmark on the new fixed
> microcode, if anyone has it yet, to see if that read/swap slowness is
> still quite as excessive. I'm certainly not ruling this out, but I'm
> just a little wary of premature
On 29/01/2018 09:46, David Woodhouse wrote:
> I'd actually quite like to repeat the benchmark on the new fixed
> microcode, if anyone has it yet, to see if that read/swap slowness is
> still quite as excessive. I'm certainly not ruling this out, but I'm
> just a little wary of premature
On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
> On 01/29/2018 09:46 AM, David Woodhouse wrote:
> > Reading the code and comparing with the SDM, I can't see where we're
> > ever setting VM_EXIT_MSR_STORE_{ADDR,COUNT} except in the nested
> > case...
> Hmmm ... you are probably right! I
On Mon, 2018-01-29 at 10:43 +0100, KarimAllah Ahmed wrote:
> On 01/29/2018 09:46 AM, David Woodhouse wrote:
> > Reading the code and comparing with the SDM, I can't see where we're
> > ever setting VM_EXIT_MSR_STORE_{ADDR,COUNT} except in the nested
> > case...
> Hmmm ... you are probably right! I
On 01/29/2018 09:46 AM, David Woodhouse wrote:
On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
Running a Windows guest should be a pretty common use-case no?
In addition, your handle of the first WRMSR intercept
On 01/29/2018 09:46 AM, David Woodhouse wrote:
On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
Running a Windows guest should be a pretty common use-case no?
In addition, your handle of the first WRMSR intercept
On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
>
> Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
> Running a Windows guest should be a pretty common use-case no?
>
> In addition, your handle of the first WRMSR intercept could be different.
> It could signal
On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote:
>
> Windows use IBRS and Microsoft don't have any plans to switch to retpoline.
> Running a Windows guest should be a pretty common use-case no?
>
> In addition, your handle of the first WRMSR intercept could be different.
> It could signal
On 01/28/2018 09:21 PM, Konrad Rzeszutek Wilk wrote:
On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed wrote:
Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
guests
that will only mitigate Spectre V2 through IBRS+IBPB and will not be
using a
On 01/28/2018 09:21 PM, Konrad Rzeszutek Wilk wrote:
On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed wrote:
Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
guests
that will only mitigate Spectre V2 through IBRS+IBPB and will not be
using a
retpoline+IBPB based
- dw...@infradead.org wrote:
> On Sun, 2018-01-28 at 15:21 -0500, Konrad Rzeszutek Wilk wrote:
> > >To avoid the overhead of atomically saving and restoring the
> MSR_IA32_SPEC_CTRL
> > >for guests that do not actually use the MSR, only
> add_atomic_switch_msr when a
> > >non-zero is written
- dw...@infradead.org wrote:
> On Sun, 2018-01-28 at 15:21 -0500, Konrad Rzeszutek Wilk wrote:
> > >To avoid the overhead of atomically saving and restoring the
> MSR_IA32_SPEC_CTRL
> > >for guests that do not actually use the MSR, only
> add_atomic_switch_msr when a
> > >non-zero is written
>>
>> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>> >
>> > Do you mean that the host would intercept the guest WRMSR and do
>> > WRMSR itself? I would suggest that doing so is inconsistent with the
>> > docs. As specified, doing WRMSR to write 1 to IBRS does *not*
>> > protect
>>
>> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>> >
>> > Do you mean that the host would intercept the guest WRMSR and do
>> > WRMSR itself? I would suggest that doing so is inconsistent with the
>> > docs. As specified, doing WRMSR to write 1 to IBRS does *not*
>> > protect
>
> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
> >
> > Do you mean that the host would intercept the guest WRMSR and do
> > WRMSR itself? I would suggest that doing so is inconsistent with the
> > docs. As specified, doing WRMSR to write 1 to IBRS does *not*
> > protect the
>
> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
> >
> > Do you mean that the host would intercept the guest WRMSR and do
> > WRMSR itself? I would suggest that doing so is inconsistent with the
> > docs. As specified, doing WRMSR to write 1 to IBRS does *not*
> > protect the
On Sun, 2018-01-28 at 12:53 -0800, Andy Lutomirski wrote:
>
> > I believe it does. Guest kernel is protected from any guest userspace
> > predictions learned before IBRS was last set to 1 in *any* mode,
> > including host.
>
> Hmm, you're probably right.
>
> I would love to know what awful hack
On Sun, 2018-01-28 at 12:53 -0800, Andy Lutomirski wrote:
>
> > I believe it does. Guest kernel is protected from any guest userspace
> > predictions learned before IBRS was last set to 1 in *any* mode,
> > including host.
>
> Hmm, you're probably right.
>
> I would love to know what awful hack
> On Jan 28, 2018, at 12:44 PM, David Woodhouse wrote:
>
>> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>>
>> Do you mean that the host would intercept the guest WRMSR and do
>> WRMSR itself? I would suggest that doing so is inconsistent with the
>> docs.
> On Jan 28, 2018, at 12:44 PM, David Woodhouse wrote:
>
>> On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>>
>> Do you mean that the host would intercept the guest WRMSR and do
>> WRMSR itself? I would suggest that doing so is inconsistent with the
>> docs. As specified, doing
On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>
> Do you mean that the host would intercept the guest WRMSR and do
> WRMSR itself? I would suggest that doing so is inconsistent with the
> docs. As specified, doing WRMSR to write 1 to IBRS does *not*
> protect the guest.
I believe
On Sun, 2018-01-28 at 12:40 -0800, Andy Lutomirski wrote:
>
> Do you mean that the host would intercept the guest WRMSR and do
> WRMSR itself? I would suggest that doing so is inconsistent with the
> docs. As specified, doing WRMSR to write 1 to IBRS does *not*
> protect the guest.
I believe
> On Jan 28, 2018, at 12:21 PM, Konrad Rzeszutek Wilk
> wrote:
>
>> On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed
>> wrote:
>> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>> guests
>> that will only mitigate
> On Jan 28, 2018, at 12:21 PM, Konrad Rzeszutek Wilk
> wrote:
>
>> On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed
>> wrote:
>> Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>> guests
>> that will only mitigate Spectre V2 through IBRS+IBPB and will not be
>>
On Sun, 2018-01-28 at 15:21 -0500, Konrad Rzeszutek Wilk wrote:
> >To avoid the overhead of atomically saving and restoring the
> >MSR_IA32_SPEC_CTRL
> >for guests that do not actually use the MSR, only add_atomic_switch_msr when
> >a
> >non-zero is written to it.
>
>
> We tried this and found
On Sun, 2018-01-28 at 15:21 -0500, Konrad Rzeszutek Wilk wrote:
> >To avoid the overhead of atomically saving and restoring the
> >MSR_IA32_SPEC_CTRL
> >for guests that do not actually use the MSR, only add_atomic_switch_msr when
> >a
> >non-zero is written to it.
>
>
> We tried this and found
On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed wrote:
>Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>guests
>that will only mitigate Spectre V2 through IBRS+IBPB and will not be
>using a
>retpoline+IBPB based approach.
>
>To avoid the overhead
On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed wrote:
>Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
>guests
>that will only mitigate Spectre V2 through IBRS+IBPB and will not be
>using a
>retpoline+IBPB based approach.
>
>To avoid the overhead of atomically saving
Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests
that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a
retpoline+IBPB based approach.
To avoid the overhead of atomically saving and restoring the MSR_IA32_SPEC_CTRL
for guests that do not actually
Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests
that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a
retpoline+IBPB based approach.
To avoid the overhead of atomically saving and restoring the MSR_IA32_SPEC_CTRL
for guests that do not actually
52 matches
Mail list logo