Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cornelia Huck <cohuck@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>,
	qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Suraj Jitindar Singh <sjitindarsingh@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	David Gibson <david@gibson.dropbear.id.au>,
	David Hildenbrand <david@redhat.com>
Subject: Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1
Date: Wed, 14 Feb 2018 10:18:26 +0100	[thread overview]
Message-ID: <20180214101826.2a05bfd6.cohuck@redhat.com> (raw)
In-Reply-To: <7052eafd-b231-bb93-298d-95913e825c45@redhat.com>

On Wed, 14 Feb 2018 10:05:24 +0100
Thomas Huth <thuth@redhat.com> wrote:

> On 14.02.2018 01:11, Michael Roth wrote:

> > +## enabling mitigations for s390 KVM guests
> > +
> > +For s390 guests there are 2 CPU options relating to Spectre/Meltdown:
> > +
> > +* bpb: Branch prediction blocking
> > +* ppa15: PPA15 is installed
> > +
> > +**bpb** requires a host kernel patched with:
> > +
> > +    commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60
> > +    KVM: s390: wire up bpb feature
> > +
> > +and both **bpb** and **ppa15** require a firmware with the appropriate support
> > +level as well as guest kernel patches to enable the functionality within
> > +guests. Please check with your distro/vendor to confirm.
> > +
> > +Both **bpb** and **ppa15** are enabled by default with newer/patched host
> > +kernels, and can also be set manually. For example:
> > +
> > +    qemu-system-s390x -M s390-ccw-virtio-2.11 ... \
> > +      -cpu zEC12,bpb=on,ppa15=on   
> 
> IIRC we only enable them by default with "-cpu host" ? Cornelia, David,
> Christian, can you confirm?

-cpu host enables them if present, as does specifying the full model
(which will fail if not present on the host).

> So maybe better rephrase the above to:
> 
> Both **bpb** and **ppa15** are enabled by default when using "-cpu host"
> and when the host kernels supports these facilities. For other CPU

"and when both the host hardware and the host kernel supports..." ?

(Although that's still a bit misleading, as we only require the bpb KVM
interface; otherwise, the controls are pretty much independent from
what the host is doing IIUC.]

> models, the flags have to be set manually. For example:
> 
>     qemu-system-s390x -M s390-ccw-virtio-2.11 ... \
>       -cpu zEC12,bpb=on,ppa15=on
> 
> > +WRT to migration, enabling **bpb** requires the source/target also have **bpb**
> > +enabled. Since this is enabled by default, you must ensure that **bpb**=off if  
> 
> s/**bpb**=off/**bpb**=off is used/ ?
> 
> > +you wish to maintain migration compatibility with existing guests, or take
> > +steps to reboot guests with **bpb** enabled prior to migrating them.  
> 
>  Thomas

next prev parent reply	other threads:[~2018-02-14  9:18 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-14  0:11 [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1 Michael Roth
2018-02-14  4:39 ` Bruce Rogers
2018-02-14  8:51 ` Daniel P. Berrangé
2018-02-14 10:33   ` Paolo Bonzini
2018-02-14 14:56     ` Michael Roth
2018-02-14  9:05 ` Thomas Huth
2018-02-14  9:18   ` Cornelia Huck [this message]
2018-02-14  9:11 ` Cornelia Huck
2018-02-14  9:18   ` Christian Borntraeger
2018-02-14  9:48     ` David Hildenbrand
2018-02-14 16:50 ` Dr. David Alan Gilbert
2018-02-14 18:18   ` Michael Roth
2018-02-16 11:57     ` Dr. David Alan Gilbert
2018-02-21 10:09       ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180214101826.2a05bfd6.cohuck@redhat.com \
    --to=cohuck@redhat.com \
    --cc=borntraeger@de.ibm.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=david@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=sjitindarsingh@gmail.com \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.