Re: [PATCH v10 05/50] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/16/23 06:27, Michael Roth wrote:
> Without SEV-SNP, Automatic IBRS protects only the kernel. But when
> SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all
> host-side code, including userspace. This protection comes at a cost:
> reduced userspace indirect branch performance.
> 
> To avoid this performance loss, don't use Automatic IBRS on SEV-SNP
> hosts. Fall back to retpolines instead.

Thanks for the updated changelog:

Acked-by: Dave Hansen <dave.hansen@xxxxxxxxx>

BTW, have you given your hardware folks a hard time about this?  It
seems _kinda_ silly to be using retpolines when the hardware has a
perfectly good IBRS implementation for the kernel.

Just please make sure there's a good underlying reason for this behavior
and as opposed to being some kind of inadvertent side effect.

I assume Auto-IBRS and SEV-SNP are going to be with us for a long time,
so it would be nice to have a long term solution here.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux