Displaying 20 results from an estimated 57 matches for "ibr".
Did you mean:
ibm
2018 Mar 16
2
spectre variant 2
...ore CPU.
I note that when I run the redhat script to test for spectre & meltdown
I get this result for variant 2:
Variant #2 (Spectre): Vulnerable
CVE-2017-5715 - speculative execution branch target injection
- Kernel with mitigation patches: OK
- HW support / updated microcode: NO
- IBRS: Not disabled on kernel commandline
- IBPB: Not disabled on kernel commandline
and when I run the one from github I get this:
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable)...
2020 Sep 14
0
Re: [ovirt-users] Re: Testing ovirt 4.4.1 Nested KVM on Skylake-client (core i5) does not work
...eproduce libvirt bug.
The strange thing is that after playing with the XML generated by
virt-manager, using
[x] Copy host CPU configuration
Creating this XML:
<cpu mode='custom' match='exact' check='full'>
<model fallback='forbid'>Skylake-Client-IBRS</model>
<vendor>Intel</vendor>
<feature policy='require' name='ss'/>
<feature policy='require' name='vmx'/>
<feature policy='require' name='pdcm'/>
<feature policy='require' name='...
2018 Feb 07
0
retpoline mitigation and 6.0
...e the thread at
> https://lkml.org/lkml/2018/2/4/147
I'm strongly of the opinion that I think Arjan expressed:
- retpoline alone is probably fine with sufficient RSB stuffing patches in
the kernel
- if some folks are worried about the security risk here and running on
SKX, they should use IBRS.
Given the speed of IBRS on SKX and the complexity & runtime hit of thunking
ret, I really don't see a good motivation for us teaching the compiler how
to do this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/...
2018 Sep 30
1
libvirt reported capabilities doesn't match /proc/cpuinfo while the model does match
Hi,
According to virsh capabilities I only have the following cpu features:
<cpu>
<arch>x86_64</arch>
<model>IvyBridge-IBRS</model>
<vendor>Intel</vendor>
<microcode version='32'/>
<topology sockets='1' cores='4' threads='1'/>
<feature name='ds'/>
<feature name='acpi'/>
<feature name='ss&...
2018 Feb 07
3
retpoline mitigation and 6.0
On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote:
> >
> > That would be __x86_indirect_thunk but the kernel doesn't use it.
> > We use -mindirect-branch-register and only ever expect the compiler
> > to use the register versions which are CET-compatible.
> >
> > However, in at least one case in the 32-bit kernel we do emit the
> > old
2018 Mar 16
0
spectre variant 2
...edhat script to test for spectre & meltdown
> I get this result for variant 2:
>
> Variant #2 (Spectre): Vulnerable
> CVE-2017-5715 - speculative execution branch target injection
> - Kernel with mitigation patches: OK
> - HW support / updated microcode: NO
> - IBRS: Not disabled on kernel commandline
> - IBPB: Not disabled on kernel commandline
>
>
> and when I run the one from github I get this:
>
> CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> * Mitigated according to the /sys interface: NO (kernel...
2018 Feb 07
2
retpoline mitigation and 6.0
.../lkml/2018/2/4/147
>
>
> I'm strongly of the opinion that I think Arjan expressed:
>
> - retpoline alone is probably fine with sufficient RSB stuffing patches in
> the kernel
> - if some folks are worried about the security risk here and running on
> SKX, they should use IBRS.
>
> Given the speed of IBRS on SKX and the complexity & runtime hit of
> thunking ret, I really don't see a good motivation for us teaching the
> compiler how to do this.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm...
2018 Feb 07
0
retpoline mitigation and 6.0
...>
>> I'm strongly of the opinion that I think Arjan expressed:
>>
>> - retpoline alone is probably fine with sufficient RSB stuffing patches
>> in the kernel
>> - if some folks are worried about the security risk here and running on
>> SKX, they should use IBRS.
>>
>> Given the speed of IBRS on SKX and the complexity & runtime hit of
>> thunking ret, I really don't see a good motivation for us teaching the
>> compiler how to do this.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
U...
2004 Jan 13
1
tftpd-hpa suggestions
Hello, Peter and others!
there are some issues regarding the tftp-hpa server:
1. Running as Windows service seems to require that the application does
not detach (otherwise "net start" says smth. like "could not start,
the service didn't report any errors").
The attached patch adds the option "-n", which can be used to have
tftpd run in foreground.
2019 Jun 12
1
Speculative attack mitigations
...e4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm fsgsbase erms xsaveopt dtherm ida arat pln pts
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds
You will note that there is a lack of flags for ssbd, spec_ctrl, intel_stibp, flush_l1d, ibrs, etc.
# for i in /sys/devices/system/cpu/vulnerabilities/* ; do echo -n "$i : "; cat $i ; done
/sys/devices/system/cpu/vulnerabilities/l1tf : Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds : Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unk...
2020 May 10
0
Nested Virtualization on Google Cloud.
...with libvirt using qemu+kvm, however I observed
that <cpu mode='host-model'> is not exposing avx and avx2 instruction set
to the guest Linux instance. Google Cloud platform claims the CPU model of
the host compute instance is Broadwell, however libvirt capabilities maps
it to Westmere-IBRS and it has avx and avx2 features, yet host-model is not
exposing those.
As a workaround, I am using <cpu mode='host-passthrough'>, but I would like
to know what is going wrong here? I can also share the output of cpuid of
the host system, if that helps. I am not sure whether it...
2019 Aug 07
2
C7 Kernel module compilation
...FIG_RETPOLINE=y but not supported by the compiler. Compiler update
recomended. Stop."
I tried using scl gcc7 and 8 but get the same issue.
I checked that retpoline is related to Spectre but checking on centos with:
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
I get:
Mitigation: IBRS (kernel), IBPB
and RETPOLINE seems disabled (I'm wrong?).
I ridden in a blog post that I can disable this check commenting out
some lines starting from N. 166 of arch/Makefile but I don't think this
is the best approach.
At this point I can't understand what means the previous err...
2018 Jan 24
2
/lib/firmware/microcode.dat update on CentOS 6
...m for crashing) , but saw variant 2
Spectre mitigation with the 20180108 microcode, will lose full
mitigation until Intel gets its ducks into a row.
*eye roll*
> Linus Torvalds agrees:
> http://tcrn.ch/2n2mEcA
His comments aren't about microcode though. And it also looks like he
got IBRS and IBPB confused. The better post on this front is
https://lkml.org/lkml/2018/1/22/598
As far as I know, there still is no mitigation for Spectre variant 1.
--
Chris Murphy
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mail...
2020 Jun 15
1
Reintroduce modern CPU in model selection
Hi list,
in virt-manager ver. 2.2.1 (fully upgraded CentOS 8.1), the CPU model
list only shows ancient CPU (the most recent is Nehalem-IBRS).
On the other hand, in virt-manager 1.5.x (fully upgraded CentOS 7.8) we
have a rich selection of CPU (as recent as Icelake).
Why was the list in newer virt-manager so much trimmed? Is it possible
to enlarge it?
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it [1]...
2018 Feb 12
1
Meltdown and Spectre
Does anyone know if Red Hat are working on backporting improved mitigation techniques and features from newer, 4.14.14+ kernels?
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline
2019 Aug 08
2
C7 Kernel module compilation
..."
>>
>> I tried using scl gcc7 and 8 but get the same issue.
>>
>> I checked that retpoline is related to Spectre but checking on centos with:
>>
>> cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
>>
>> I get:
>>
>> Mitigation: IBRS (kernel), IBPB
>>
>> and RETPOLINE seems disabled (I'm wrong?).
>>
>> I ridden in a blog post that I can disable this check commenting out
>> some lines starting from N. 166 of arch/Makefile but I don't think this
>> is the best approach.
>>
>&g...
2008 Mar 31
1
[03/15][PATCH] kvm/ia64: Add header files for kvm/ia64. V8
Hi Xiantao,
Some more nit-picking, though some of this is a bit more important
to fixup.
Cheers,
Jes
> +typedef struct thash_data {
Urgh! argh! Please avoid typedefs unless you really need them, see
Chapter 5 of Documentation/CodingStyle for details.
> diff --git a/include/asm-ia64/kvm_host.h b/include/asm-ia64/kvm_host.h
> new file mode 100644
> index 0000000..522bde0
> ---
2008 Mar 31
1
[03/15][PATCH] kvm/ia64: Add header files for kvm/ia64. V8
Hi Xiantao,
Some more nit-picking, though some of this is a bit more important
to fixup.
Cheers,
Jes
> +typedef struct thash_data {
Urgh! argh! Please avoid typedefs unless you really need them, see
Chapter 5 of Documentation/CodingStyle for details.
> diff --git a/include/asm-ia64/kvm_host.h b/include/asm-ia64/kvm_host.h
> new file mode 100644
> index 0000000..522bde0
> ---
2018 Jan 18
3
/lib/firmware/microcode.dat update on CentOS 6
On 01/18/18 11:31, Matthew Miller wrote:
> On Thu, Jan 18, 2018 at 11:01:18AM -0500, Pete Geenhuizen wrote:
>> Do we update the microcode now or do we wait until the latest
>> microcode_ctl rpm is available and then tackle this issue?
> Check with your hardware vendor for BIOS/EFI firmware updates. Apply
> those.
>
>
>
Thanks for the reply, but you missed what I was
2018 Aug 09
0
Re: Windows Guest I/O performance issues (already using virtio) (Matt Schumacher)
...y VM config look reasonable for the latest releases of windows? Are there features I should be using that will help performance?
> 2. Why does the hypervclock timer make so much performance difference in windows VMs?
> 3. Does my virtualized CPU model make sense? I defined Haswell-noTSX-IBRS and libvirt added the features.
> 4. Which kernel branch offers the best stability and performance?
> 5. Are there performance gains in using UEFI booting the windows guest and defining ?<blockio logical_block_size='4096' physical_block_size='4096'/>?? Perhaps bett...