[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Me
From: |
Cornelia Huck |
Subject: |
Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1 |
Date: |
Wed, 14 Feb 2018 10:18:26 +0100 |
On Wed, 14 Feb 2018 10:05:24 +0100
Thomas Huth <address@hidden> wrote:
> On 14.02.2018 01:11, Michael Roth wrote:
> > +## enabling mitigations for s390 KVM guests
> > +
> > +For s390 guests there are 2 CPU options relating to Spectre/Meltdown:
> > +
> > +* bpb: Branch prediction blocking
> > +* ppa15: PPA15 is installed
> > +
> > +**bpb** requires a host kernel patched with:
> > +
> > + commit 35b3fde6203b932b2b1a5b53b3d8808abc9c4f60
> > + KVM: s390: wire up bpb feature
> > +
> > +and both **bpb** and **ppa15** require a firmware with the appropriate
> > support
> > +level as well as guest kernel patches to enable the functionality within
> > +guests. Please check with your distro/vendor to confirm.
> > +
> > +Both **bpb** and **ppa15** are enabled by default with newer/patched host
> > +kernels, and can also be set manually. For example:
> > +
> > + qemu-system-s390x -M s390-ccw-virtio-2.11 ... \
> > + -cpu zEC12,bpb=on,ppa15=on
>
> IIRC we only enable them by default with "-cpu host" ? Cornelia, David,
> Christian, can you confirm?
-cpu host enables them if present, as does specifying the full model
(which will fail if not present on the host).
> So maybe better rephrase the above to:
>
> Both **bpb** and **ppa15** are enabled by default when using "-cpu host"
> and when the host kernels supports these facilities. For other CPU
"and when both the host hardware and the host kernel supports..." ?
(Although that's still a bit misleading, as we only require the bpb KVM
interface; otherwise, the controls are pretty much independent from
what the host is doing IIUC.]
> models, the flags have to be set manually. For example:
>
> qemu-system-s390x -M s390-ccw-virtio-2.11 ... \
> -cpu zEC12,bpb=on,ppa15=on
>
> > +WRT to migration, enabling **bpb** requires the source/target also have
> > **bpb**
> > +enabled. Since this is enabled by default, you must ensure that
> > **bpb**=off if
>
> s/**bpb**=off/**bpb**=off is used/ ?
>
> > +you wish to maintain migration compatibility with existing guests, or take
> > +steps to reboot guests with **bpb** enabled prior to migrating them.
>
> Thomas
- [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Michael Roth, 2018/02/13
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Bruce Rogers, 2018/02/13
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Daniel P . Berrangé, 2018/02/14
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Thomas Huth, 2018/02/14
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1,
Cornelia Huck <=
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Cornelia Huck, 2018/02/14
- Re: [Qemu-devel] [qemu-web PATCH] Add a blog post documenting Spectre/Meltdown options for QEMU 2.11.1, Dr. David Alan Gilbert, 2018/02/14