* [Qemu-devel] [PATCH 0/2] docs: a few updates to spectre CPU flag recommendations
@ 2019-03-07 12:18 Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 1/2] docs: clarify that spec-ctrl is only needed for Spectre v2 Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 2/2] docs: add note about stibp CPU feature for spectre v2 Daniel P. Berrangé
0 siblings, 2 replies; 3+ messages in thread
From: Daniel P. Berrangé @ 2019-03-07 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: Paolo Bonzini, Eduardo Habkost, Richard Henderson,
Daniel P. Berrangé
This corrects the note about spec-ctrl and adds info about the stibp
flag that was later added to QEMU/KVM.
Daniel P. Berrangé (2):
docs: clarify that spec-ctrl is only needed for Spectre v2
docs: add note about stibp CPU feature for spectre v2
docs/qemu-cpu-models.texi | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Qemu-devel] [PATCH 1/2] docs: clarify that spec-ctrl is only needed for Spectre v2
2019-03-07 12:18 [Qemu-devel] [PATCH 0/2] docs: a few updates to spectre CPU flag recommendations Daniel P. Berrangé
@ 2019-03-07 12:18 ` Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 2/2] docs: add note about stibp CPU feature for spectre v2 Daniel P. Berrangé
1 sibling, 0 replies; 3+ messages in thread
From: Daniel P. Berrangé @ 2019-03-07 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: Paolo Bonzini, Eduardo Habkost, Richard Henderson,
Daniel P. Berrangé
The docs currently say that the spec-ctrl feature is needed for both
Spectre variants, but it is only used to address Spectre v2. Also
remove the note about retpolines. The guest OS is usually treated
as a blackbox from host mgmt pov, so it won't have knowledge about
use of retpolines and thus should unconditionally expose spec-ctrl,
allowing the guest to decide whether to use it or not.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/qemu-cpu-models.texi | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 1b72584161..0ce528806d 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -158,8 +158,7 @@ support this feature.
@item @code{spec-ctrl}
-Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
-in cases where retpolines are not sufficient.
+Required to enable the Spectre v2 (CVE-2017-5715) fix.
Included by default in Intel CPU models with -IBRS suffix.
@@ -249,8 +248,7 @@ included if using "Host passthrough" or "Host model".
@item @code{ibpb}
-Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
-in cases where retpolines are not sufficient.
+Required to enable the Spectre v2 (CVE-2017-5715) fix.
Included by default in AMD CPU models with -IBPB suffix.
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Qemu-devel] [PATCH 2/2] docs: add note about stibp CPU feature for spectre v2
2019-03-07 12:18 [Qemu-devel] [PATCH 0/2] docs: a few updates to spectre CPU flag recommendations Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 1/2] docs: clarify that spec-ctrl is only needed for Spectre v2 Daniel P. Berrangé
@ 2019-03-07 12:18 ` Daniel P. Berrangé
1 sibling, 0 replies; 3+ messages in thread
From: Daniel P. Berrangé @ 2019-03-07 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: Paolo Bonzini, Eduardo Habkost, Richard Henderson,
Daniel P. Berrangé
While the stibp CPU feature is not commonly used by guest OS for spectre
mitigation due to its performance impact, it is none the less best
practice to expose it to all guest OS. This allows the guest OS to
decide whether to make use or it.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/qemu-cpu-models.texi | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 0ce528806d..23c11dc86f 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -168,6 +168,17 @@ Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.
+@item @code{stibp}
+
+Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
+operating systems.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
+
+
@item @code{ssbd}
Required to enable the CVE-2018-3639 fix
@@ -258,6 +269,17 @@ Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.
+@item @code{stibp}
+
+Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
+operating systems.
+
+Must be explicitly turned on for all AMD CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
+
+
@item @code{virt-ssbd}
Required to enable the CVE-2018-3639 fix
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-03-07 12:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-07 12:18 [Qemu-devel] [PATCH 0/2] docs: a few updates to spectre CPU flag recommendations Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 1/2] docs: clarify that spec-ctrl is only needed for Spectre v2 Daniel P. Berrangé
2019-03-07 12:18 ` [Qemu-devel] [PATCH 2/2] docs: add note about stibp CPU feature for spectre v2 Daniel P. Berrangé
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.