From: Cornelia Huck <cohuck@redhat.com>
To: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: qemu-devel@nongnu.org, Eduardo Habkost <ehabkost@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Suraj Jitindar Singh <sjitindarsingh@gmail.com>,
David Gibson <david@gibson.dropbear.id.au>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Thomas Huth <thuth@redhat.com>,
David Hildenbrand <david@redhat.com>
Subject: Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1
Date: Wed, 14 Feb 2018 10:11:28 +0100 [thread overview]
Message-ID: <20180214101128.1bc889ea.cohuck@redhat.com> (raw)
In-Reply-To: <20180214001105.21508-1-mdroth@linux.vnet.ibm.com>
On Tue, 13 Feb 2018 18:11:05 -0600
Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> This blog entry is intended as a follow-up to the original entry in
> January regarding Spectre/Meltdown and the proposed changes to address
> them in the upcoming 2.11.1 release.
>
> This entry is meant to accompany the 2.11.1 release (planned for
> 2018-02-14) and document how to make use of the new options for
> various architectures.
>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Cc: David Gibson <david@gibson.dropbear.id.au>
> Cc: Christian Borntraeger <borntraeger@de.ibm.com>
> Cc: Cornelia Huck <cohuck@redhat.com>
> Cc: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> ---
>
> The pseries/s390 bits have gotten some initial review (thanks Suraj/Christian),
> but it can definitely use some additional review on the x86 side of things.
>
> Also, Peter if think anything extra should to be mentioned on the ARM side just
> let me know what to add.
>
> .../2018-02-14-qemu-2-11-1-and-spectre-update.md | 180 +++++++++++++++++++++
> 1 file changed, 180 insertions(+)
> create mode 100644 _posts/2018-02-14-qemu-2-11-1-and-spectre-update.md
[some comments/questions regarding s390 cpu models, adding DavidH on cc:]
> +## enabling mitigations for s390 KVM guests
> +
> +For s390 guests there are 2 CPU options relating to Spectre/Meltdown:
s/options/feature bits/ ?
> +
> +* bpb: Branch prediction blocking
> +* ppa15: PPA15 is installed
> +
> +**bpb** requires a host kernel patched with:
> +
> + commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60
> + KVM: s390: wire up bpb feature
> +
> +and both **bpb** and **ppa15** require a firmware with the appropriate support
> +level as well as guest kernel patches to enable the functionality within
> +guests. Please check with your distro/vendor to confirm.
> +
> +Both **bpb** and **ppa15** are enabled by default with newer/patched host
> +kernels, and can also be set manually. For example:
> +
> + qemu-system-s390x -M s390-ccw-virtio-2.11 ... \
> + -cpu zEC12,bpb=on,ppa15=on
Do we also want to add that bpb/ppa15 are on if you use the _full_
model (as opposed to the _base_ model)? Or is this going into too much
detail about the cpu model?
> +
> +WRT to migration, enabling **bpb** requires the source/target also have **bpb**
Either "WRT migration", or "With regard to migration" :)
> +enabled. Since this is enabled by default, you must ensure that **bpb**=off if
> +you wish to maintain migration compatibility with existing guests, or take
> +steps to reboot guests with **bpb** enabled prior to migrating them.
This paragraph confuses me a bit. Both bpb and ppa15 are guest visible,
aren't they?
next prev parent reply other threads:[~2018-02-14 9:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-14 0:11 [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1 Michael Roth
2018-02-14 4:39 ` Bruce Rogers
2018-02-14 8:51 ` Daniel P. Berrangé
2018-02-14 10:33 ` Paolo Bonzini
2018-02-14 14:56 ` Michael Roth
2018-02-14 9:05 ` Thomas Huth
2018-02-14 9:18 ` Cornelia Huck
2018-02-14 9:11 ` Cornelia Huck [this message]
2018-02-14 9:18 ` Christian Borntraeger
2018-02-14 9:48 ` David Hildenbrand
2018-02-14 16:50 ` Dr. David Alan Gilbert
2018-02-14 18:18 ` Michael Roth
2018-02-16 11:57 ` Dr. David Alan Gilbert
2018-02-21 10:09 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180214101128.1bc889ea.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=ehabkost@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=sjitindarsingh@gmail.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.