search for: ibr

Displaying 20 results from an estimated 54 matches for "ibr".

Did you mean: br
2018 Mar 16
2
spectre variant 2
...CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on kernel commandline - IBPB: Not disabled on kernel commandline and when I run the one from github I get this: CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerab...
2020 Sep 14
0
Re: [ovirt-users] Re: Testing ovirt 4.4.1 Nested KVM on Skylake-client (core i5) does not work
...eproduce libvirt bug. The strange thing is that after playing with the XML generated by virt-manager, using [x] Copy host CPU configuration Creating this XML: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Skylake-Client-IBRS</model> <vendor>Intel</vendor> <feature policy='require' name='ss'/> <feature policy='require' name='vmx'/> <feature policy='require' name='pdcm'/> <feature policy='re...
2018 Feb 07
0
retpoline mitigation and 6.0
...#47;/lkml.org/lkml/2018/2/4/147 I'm strongly of the opinion that I think Arjan expressed: - retpoline alone is probably fine with sufficient RSB stuffing patches in the kernel - if some folks are worried about the security risk here and running on SKX, they should use IBRS. Given the speed of IBRS on SKX and the complexity & runtime hit of thunking ret, I really don't see a good motivation for us teaching the compiler how to do this. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/piperma...
2018 Sep 30
1
libvirt reported capabilities doesn't match /proc/cpuinfo while the model does match
Hi, According to virsh capabilities I only have the following cpu features: <cpu> <arch>x86_64</arch> <model>IvyBridge-IBRS</model> <vendor>Intel</vendor> <microcode version='32'/> <topology sockets='1' cores='4' threads='1'/> <feature name='ds'/> <feature name='acpi'/> &...
2018 Feb 07
3
retpoline mitigation and 6.0
On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: > > > > That would be __x86_indirect_thunk but the kernel doesn't use it. > > We use -mindirect-branch-register and only ever expect the compiler > > to use the register versions which are CET-compatible. > > > > However, in at least one case in the 32-bit kernel we do emit the > > old
2018 Mar 16
0
spectre variant 2
...t script to test for spectre & meltdown > I get this result for variant 2: > > Variant #2 (Spectre): Vulnerable > CVE-2017-5715 - speculative execution branch target injection > - Kernel with mitigation patches: OK > - HW support / updated microcode: NO > - IBRS: Not disabled on kernel commandline > - IBPB: Not disabled on kernel commandline > > > and when I run the one from github I get this: > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: NO (ker...
2018 Feb 07
2
retpoline mitigation and 6.0
...47;2/4/147 > > > I'm strongly of the opinion that I think Arjan expressed: > > - retpoline alone is probably fine with sufficient RSB stuffing patches in > the kernel > - if some folks are worried about the security risk here and running on > SKX, they should use IBRS. > > Given the speed of IBRS on SKX and the complexity & runtime hit of > thunking ret, I really don't see a good motivation for us teaching the > compiler how to do this. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://li...
2018 Feb 07
0
retpoline mitigation and 6.0
...> >> I'm strongly of the opinion that I think Arjan expressed: >> >> - retpoline alone is probably fine with sufficient RSB stuffing patches >> in the kernel >> - if some folks are worried about the security risk here and running on >> SKX, they should use IBRS. >> >> Given the speed of IBRS on SKX and the complexity & runtime hit of >> thunking ret, I really don't see a good motivation for us teaching the >> compiler how to do this. >> > -------------- next part -------------- An HTML attachment was scrubbed... U...
2004 Jan 13
1
tftpd-hpa suggestions
Hello, Peter and others! there are some issues regarding the tftp-hpa server: 1. Running as Windows service seems to require that the application does not detach (otherwise "net start" says smth. like "could not start, the service didn't report any errors"). The attached patch adds the option "-n", which can be used to have tftpd run in foreground.
2019 Jun 12
1
Speculative attack mitigations
...e4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm fsgsbase erms xsaveopt dtherm ida arat pln pts bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds You will note that there is a lack of flags for ssbd, spec_ctrl, intel_stibp, flush_l1d, ibrs, etc. # for i in /sys/devices/system/cpu/vulnerabilities/* ; do echo -n "$i : "; cat $i ; done /sys/devices/system/cpu/vulnerabilities/l1tf : Mitigation: PTE Inversion /sys/devices/system/cpu/vulnerabilities/mds : V...
2020 May 10
0
Nested Virtualization on Google Cloud.
...with libvirt using qemu+kvm, however I observed that <cpu mode='host-model'> is not exposing avx and avx2 instruction set to the guest Linux instance. Google Cloud platform claims the CPU model of the host compute instance is Broadwell, however libvirt capabilities maps it to Westmere-IBRS and it has avx and avx2 features, yet host-model is not exposing those. As a workaround, I am using <cpu mode='host-passthrough'>, but I would like to know what is going wrong here? I can also share the output of cpuid of the host system, if that helps. I am not sure whether it...
2019 Aug 07
2
C7 Kernel module compilation
...supported by the compiler. Compiler update recomended. Stop." I tried using scl gcc7 and 8 but get the same issue. I checked that retpoline is related to Spectre but checking on centos with: cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 I get: Mitigation: IBRS (kernel), IBPB and RETPOLINE seems disabled (I'm wrong?). I ridden in a blog post that I can disable this check commenting out some lines starting from N. 166 of arch/Makefile but I don't think this is the best approach. At this point I can't understand what means the previous...
2018 Jan 24
2
/lib/firmware/microcode.dat update on CentOS 6
...ng) , but saw variant 2 Spectre mitigation with the 20180108 microcode, will lose full mitigation until Intel gets its ducks into a row. *eye roll* > Linus Torvalds agrees: > http://tcrn.ch/2n2mEcA His comments aren't about microcode though. And it also looks like he got IBRS and IBPB confused. The better post on this front is https://lkml.org/lkml/2018/1/22/598 As far as I know, there still is no mitigation for Spectre variant 1. -- Chris Murphy _______________________________________________ CentOS mailing list CentOS at centos.org h...
2020 Jun 15
1
Reintroduce modern CPU in model selection
Hi list, in virt-manager ver. 2.2.1 (fully upgraded CentOS 8.1), the CPU model list only shows ancient CPU (the most recent is Nehalem-IBRS). On the other hand, in virt-manager 1.5.x (fully upgraded CentOS 7.8) we have a rich selection of CPU (as recent as Icelake). Why was the list in newer virt-manager so much trimmed? Is it possible to enlarge it? Thanks. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it [1]...
2018 Feb 12
1
Meltdown and Spectre
Does anyone know if Red Hat are working on backporting improved mitigation techniques and features from newer, 4.14.14+ kernels? $ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
2019 Aug 08
2
C7 Kernel module compilation
...I tried using scl gcc7 and 8 but get the same issue. >> >> I checked that retpoline is related to Spectre but checking on centos with: >> >> cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 >> >> I get: >> >> Mitigation: IBRS (kernel), IBPB >> >> and RETPOLINE seems disabled (I'm wrong?). >> >> I ridden in a blog post that I can disable this check commenting out >> some lines starting from N. 166 of arch/Makefile but I don't think this >> is the best approach. >> &g...
2008 Mar 31
1
[03/15][PATCH] kvm/ia64: Add header files for kvm/ia64. V8
Hi Xiantao, Some more nit-picking, though some of this is a bit more important to fixup. Cheers, Jes > +typedef struct thash_data { Urgh! argh! Please avoid typedefs unless you really need them, see Chapter 5 of Documentation/CodingStyle for details. > diff --git a/include/asm-ia64/kvm_host.h b/include/asm-ia64/kvm_host.h > new file mode 100644 > index
2008 Mar 31
1
[03/15][PATCH] kvm/ia64: Add header files for kvm/ia64. V8
Hi Xiantao, Some more nit-picking, though some of this is a bit more important to fixup. Cheers, Jes > +typedef struct thash_data { Urgh! argh! Please avoid typedefs unless you really need them, see Chapter 5 of Documentation/CodingStyle for details. > diff --git a/include/asm-ia64/kvm_host.h b/include/asm-ia64/kvm_host.h > new file mode 100644 > index
2018 Jan 18
3
/lib/firmware/microcode.dat update on CentOS 6
On 01/18/18 11:31, Matthew Miller wrote: > On Thu, Jan 18, 2018 at 11:01:18AM -0500, Pete Geenhuizen wrote: >> Do we update the microcode now or do we wait until the latest >> microcode_ctl rpm is available and then tackle this issue? > Check with your hardware vendor for BIOS/EFI firmware updates. Apply > those. > > > Thanks for the reply, but you missed
2018 Aug 09
0
Re: Windows Guest I/O performance issues (already using virtio) (Matt Schumacher)
...y VM config look reasonable for the latest releases of windows? Are there features I should be using that will help performance? > 2. Why does the hypervclock timer make so much performance difference in windows VMs? > 3. Does my virtualized CPU model make sense? I defined Haswell-noTSX-IBRS and libvirt added the features. > 4. Which kernel branch offers the best stability and performance? > 5. Are there performance gains in using UEFI booting the windows guest and defining ?<blockio logical_block_size='4096' physical_block_size='4096'/>?? Perhaps...