qemu-ppc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-5.0?] target/ppc: Fix TCG temporary leaks in gen_slbia()

From: David Gibson
Subject: Re: [PATCH-for-5.0?] target/ppc: Fix TCG temporary leaks in gen_slbia()
Date: Tue, 21 Apr 2020 10:49:46 +1000 
On Mon, Apr 20, 2020 at 10:53:48PM +0000, Dennis Clarke wrote:
> On 4/20/20 6:56 PM, Peter Maydell wrote:
> > On Fri, 17 Apr 2020 at 10:08, Philippe Mathieu-Daudé <address@hidden> wrote:
> > > 
> > > This fixes:
> > > 
> > >    $ qemu-system-ppc64 \
> > >    -machine pseries-4.1 -cpu power9 \
> > >    -smp 4 -m 12G -accel tcg ...
> > >    ...
> > >    Quiescing Open Firmware ...
> > >    Booting Linux via __start() @ 0x0000000002000000 ...
> > >    Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries
> > >    Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries
> > >    Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries
> > > 
> > > [*] https://www.mail-archive.com/address@hidden/msg05400.html
> > > 
> > > Fixes: 0418bf78fe8 ("Fix ISA v3.0 (POWER9) slbia implementation")
> > > Reported-by: Dennis Clarke <address@hidden>
> > > Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> > 
> > I propose to apply this patch for 5.0 rc4 (as well as the
> > ppc pullreq already sent), since the iscsi bugfix means
> > we need an rc4 anyway. Any objections?
> > 
> 
> I have been running rc3 with this patch fine for some days now.  Both with
> and without a debug enabled build wherein the performance difference between
> the two is obvious.
> 
> However, I do see warnings from 5.0.0-rc3 that worry me :
> 
> $ /usr/local/bin/qemu-system-ppc64 \
> > -machine pseries-4.1 -cpu power9 -smp 4 -m 12G -accel tcg \
> > -drive file=/home/ppc64/ppc64le.qcow2 \
> > -device virtio-net-pci,netdev=usernet \
> > -netdev user,id=usernet,hostfwd=tcp::10000-:22 \
> > -serial stdio -display none -vga none
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-cfpc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-sbbc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ibs=workaround

These are completely unrelated to the slbia patch.

[snip]
> etc etc etc
> 
> What shall I do with "TCG doesn't support requested feature,
> cap-cfpc=workaround" ??

Ignore them, probably.  It means your TCG guest is insecure against
Spectre attacks, but it was always going to be one way or another.

You can suppress them with:
    -machine cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken

That doesn't make anything more secure, it just lets qemu know that's
what you intended, and in turn it will tell the guest that these
mitigations are not available.

These are enabled by default, because they're very important for
production KVM guests.  However, doing equivalent Spectre mitigation
for TCG is essentially infeasible.

-- 
David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!
http://www.ozlabs.org/~dgibson

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]