Re: [PATCH v10 05/50] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled

From: Dave Hansen
Date: Fri Oct 27 2023 - 17:50:51 EST

Next message: Patrick Thompson: "Re: [PATCH v2] net: r8169: Disable multicast filter for RTL_GIGA_MAC_VER_46"
Previous message: Thomas Gleixner: "Re: [PATCH v2 0/2] Fixes for s3 with parallel bootup"
In reply to: Borislav Petkov: "Re: [PATCH v10 05/50] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/16/23 06:27, Michael Roth wrote:
> Without SEV-SNP, Automatic IBRS protects only the kernel. But when
> SEV-SNP is enabled, the Automatic IBRS protection umbrella widens to all
> host-side code, including userspace. This protection comes at a cost:
> reduced userspace indirect branch performance.
>
> To avoid this performance loss, don't use Automatic IBRS on SEV-SNP
> hosts. Fall back to retpolines instead.

Thanks for the updated changelog:

Acked-by: Dave Hansen <dave.hansen@xxxxxxxxx>

BTW, have you given your hardware folks a hard time about this? It
seems _kinda_ silly to be using retpolines when the hardware has a
perfectly good IBRS implementation for the kernel.

Just please make sure there's a good underlying reason for this behavior
and as opposed to being some kind of inadvertent side effect.

I assume Auto-IBRS and SEV-SNP are going to be with us for a long time,
so it would be nice to have a long term solution here.

Next message: Patrick Thompson: "Re: [PATCH v2] net: r8169: Disable multicast filter for RTL_GIGA_MAC_VER_46"
Previous message: Thomas Gleixner: "Re: [PATCH v2 0/2] Fixes for s3 with parallel bootup"
In reply to: Borislav Petkov: "Re: [PATCH v10 05/50] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]