From: Paolo Bonzini <pbonzini@redhat.com>
To: Jinpu Wang <jinpuwang@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
"KVM-ML (kvm@vger.kernel.org)" <kvm@vger.kernel.org>
Subject: Re: [FYI PATCH 0/7] Mitigation for CVE-2018-12207
Date: Wed, 13 Nov 2019 15:44:08 +0100 [thread overview]
Message-ID: <6cb5e680-86f1-108d-92db-62e904dccb7c@redhat.com> (raw)
In-Reply-To: <CAD9gYJ+9sDYh+8RkbaaRrMEbJ1EJrkMdJFCa6HVPUE4_FA13ag@mail.gmail.com>
On 13/11/19 14:00, Jinpu Wang wrote:
> Hi Paolo, hi list,
>
> Thanks for info, do we need qemu patch for full mitigation?
> Debian mentioned:
> https://linuxsecurity.com/advisories/debian/debian-dsa-4566-1-qemu-security-update-17-10-10
> "
> A qemu update adding support for the PSCHANGE_MC_NO feature, which
> allows to disable iTLB Multihit mitigations in nested hypervisors
> will be provided via DSA 4566-1.
>
> "
> But It's not yet available publicly.
I will send it today, but it's not needed for full mitigation. It just
provides a knob to turn it on and off in nested hypervisors.
> About the performance hit, do you know any number? probably the answer
> is workload dependent.
We generally measured 0-4%. There can be latency spikes for RT, which I
will send a patch for soon.
Paolo
next prev parent reply other threads:[~2019-11-13 14:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 21:21 [FYI PATCH 0/7] Mitigation for CVE-2018-12207 Paolo Bonzini
2019-11-12 21:21 ` [PATCH 1/7] x86/bugs: Add ITLB_MULTIHIT bug infrastructure Paolo Bonzini
2019-11-12 21:21 ` [PATCH 2/7] x86/cpu: Add Tremont to the cpu vulnerability whitelist Paolo Bonzini
2019-11-12 21:21 ` [PATCH 3/7] cpu/speculation: Uninline and export CPU mitigations helpers Paolo Bonzini
2019-11-12 21:21 ` [PATCH 4/7] kvm: mmu: ITLB_MULTIHIT mitigation Paolo Bonzini
2019-11-12 21:21 ` [PATCH 5/7] kvm: Add helper function for creating VM worker threads Paolo Bonzini
2019-11-12 21:21 ` [PATCH 6/7] kvm: x86: mmu: Recovery of shattered NX large pages Paolo Bonzini
2019-11-12 21:21 ` [PATCH 7/7] Documentation: Add ITLB_MULTIHIT documentation Paolo Bonzini
2019-11-13 6:38 ` [FYI PATCH 0/7] Mitigation for CVE-2018-12207 Jan Kiszka
2019-11-13 8:23 ` Paolo Bonzini
2019-11-13 21:24 ` Dave Hansen
2019-11-14 1:17 ` Nadav Amit
2019-11-14 5:26 ` Dave Hansen
2019-11-14 6:02 ` Nadav Amit
2019-11-15 2:11 ` Pawan Gupta
2019-11-14 8:09 ` Jan Kiszka
2019-11-18 13:58 ` Ralf Ramsauer
2020-01-21 18:08 ` Jan Kiszka
2020-01-21 18:25 ` Dave Hansen
2019-11-13 23:25 ` Pawan Gupta
2019-11-14 8:13 ` Jan Kiszka
2019-11-15 2:23 ` Pawan Gupta
2019-11-13 13:00 ` Jinpu Wang
2019-11-13 14:44 ` Paolo Bonzini [this message]
2019-11-13 18:10 ` Nadav Amit
2019-11-13 18:33 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6cb5e680-86f1-108d-92db-62e904dccb7c@redhat.com \
--to=pbonzini@redhat.com \
--cc=jinpuwang@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox