From: Paolo Bonzini <pbonzini@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Cc: mingo@redhat.com, Borislav Petkov <bp@alien8.de>,
rkrcmar@redhat.com, x86@kernel.org, kvm@vger.kernel.org,
stable <stable@vger.kernel.org>, Jiri Kosina <jkosina@suse.cz>,
David Woodhouse <dwmw@amazon.co.uk>, Jon Masters <jcm@redhat.com>
Subject: Re: [PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not
Date: Wed, 26 Jun 2019 13:23:00 +0200 [thread overview]
Message-ID: <b6c2ac14-d647-0fa2-f19d-88944c63c37a@redhat.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1906252019460.32342@nanos.tec.linutronix.de>
On 25/06/19 20:22, Thomas Gleixner wrote:
>> I think that even with that approach there is still an unsolved problem, as I
>> believe guests are allowed to write directly to SPEC_CTRL MSR without causing
>> a VMEXIT, which bypasses the host masking entirely. e.g. a guest using IBRS
>> writes frequently to SPEC_CTRL, and could turn off SSBD on the VPCU while is
>> running after the first non-zero write to the MSR. Do you agree?
> Indeed. Of course that was a decision we made _before_ all the other fancy
> things came around. Looks like we have to reopen that discussion.
It's not just that, it's a decision that was made because otherwise
performance is absolutely horrible (like 4-5x slower syscalls if the
guest is using IBRS).
I think it's better to leave the guest in control of SSBD even if it's
globally disabled. The harm cannot escape the guest and in particular
it cannot escape to the sibling hyperthread.
Paolo
next prev parent reply other threads:[~2019-06-26 11:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-10 17:20 [PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not Alejandro Jimenez
2019-06-25 15:28 ` Mark Kanda
2019-06-25 15:45 ` Paolo Bonzini
2019-06-25 16:05 ` Thomas Gleixner
2019-06-25 17:58 ` Alejandro Jimenez
2019-06-25 18:22 ` Thomas Gleixner
2019-06-26 11:23 ` Paolo Bonzini [this message]
2019-06-26 12:41 ` Thomas Gleixner
2019-06-26 13:10 ` Paolo Bonzini
2019-06-26 14:23 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b6c2ac14-d647-0fa2-f19d-88944c63c37a@redhat.com \
--to=pbonzini@redhat.com \
--cc=alejandro.j.jimenez@oracle.com \
--cc=bp@alien8.de \
--cc=dwmw@amazon.co.uk \
--cc=jcm@redhat.com \
--cc=jkosina@suse.cz \
--cc=kvm@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).