lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <DS0PR12MB9273669FB9A3DBE8F53C51FA94E9A@DS0PR12MB9273.namprd12.prod.outlook.com>
Date: Thu, 16 Oct 2025 15:57:56 +0000
From: "Kaplan, David" <David.Kaplan@....com>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, "x86@...nel.org"
	<x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Josh Poimboeuf
	<jpoimboe@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini
	<pbonzini@...hat.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>, Asit Mallick
	<asit.k.mallick@...el.com>, Tao Zhang <tao1.zhang@...el.com>
Subject: RE: [PATCH v2 0/3] VMSCAPE optimization for BHI variant

[AMD Official Use Only - AMD Internal Distribution Only]

> -----Original Message-----
> From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> Sent: Wednesday, October 15, 2025 8:52 PM
> To: x86@...nel.org; H. Peter Anvin <hpa@...or.com>; Josh Poimboeuf
> <jpoimboe@...nel.org>; Kaplan, David <David.Kaplan@....com>; Sean
> Christopherson <seanjc@...gle.com>; Paolo Bonzini <pbonzini@...hat.com>
> Cc: linux-kernel@...r.kernel.org; kvm@...r.kernel.org; Asit Mallick
> <asit.k.mallick@...el.com>; Tao Zhang <tao1.zhang@...el.com>
> Subject: [PATCH v2 0/3] VMSCAPE optimization for BHI variant
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> v2:
> - Added check for IBPB feature in vmscape_select_mitigation(). (David)
> - s/vmscape=auto/vmscape=on/ (David)
> - Added patch to remove LFENCE from VMSCAPE BHB-clear sequence.
> - Rebased to v6.18-rc1.
>
> v1: https://lore.kernel.org/r/20250924-vmscape-bhb-v1-0-
> da51f0e1934d@...ux.intel.com
>
> Hi All,
>
> These patches aim to improve the performance of a recent mitigation for
> VMSCAPE[1] vulnerability. This improvement is relevant for BHI variant of
> VMSCAPE that affect Alder Lake and newer processors.
>
> The current mitigation approach uses IBPB on kvm-exit-to-userspace for all
> affected range of CPUs. This is an overkill for CPUs that are only affected
> by the BHI variant. On such CPUs clearing the branch history is sufficient
> for VMSCAPE, and also more apt as the underlying issue is due to poisoned
> branch history.
>
> Roadmap:
>
> - First patch introduces clear_bhb_long_loop() for processors with larger
>   branch history tables.
> - Second patch replaces IBPB on exit-to-userspace with branch history
>   clearing sequence.
>
> Below is the iPerf data for transfer between guest and host, comparing IBPB
> and BHB-clear mitigation. BHB-clear shows performance improvement over IBPB
> in most cases.
>
> Platform: Emerald Rapids
> Baseline: vmscape=off
>
> (pN = N parallel connections)
>
> | iPerf user-net | IBPB    | BHB Clear |
> |----------------|---------|-----------|
> | UDP 1-vCPU_p1  | -12.5%  |   1.3%    |
> | TCP 1-vCPU_p1  | -10.4%  |  -1.5%    |
> | TCP 1-vCPU_p1  | -7.5%   |  -3.0%    |
> | UDP 4-vCPU_p16 | -3.7%   |  -3.7%    |
> | TCP 4-vCPU_p4  | -2.9%   |  -1.4%    |
> | UDP 4-vCPU_p4  | -0.6%   |   0.0%    |
> | TCP 4-vCPU_p4  |  3.5%   |   0.0%    |
>
> | iPerf bridge-net | IBPB    | BHB Clear |
> |------------------|---------|-----------|
> | UDP 1-vCPU_p1    | -9.4%   |  -0.4%    |
> | TCP 1-vCPU_p1    | -3.9%   |  -0.5%    |
> | UDP 4-vCPU_p16   | -2.2%   |  -3.8%    |
> | TCP 4-vCPU_p4    | -1.0%   |  -1.0%    |
> | TCP 4-vCPU_p4    |  0.5%   |   0.5%    |
> | UDP 4-vCPU_p4    |  0.0%   |   0.9%    |
> | TCP 1-vCPU_p1    |  0.0%   |   0.9%    |
>
> | iPerf vhost-net | IBPB    | BHB Clear |
> |-----------------|---------|-----------|
> | UDP 1-vCPU_p1   | -4.3%   |   1.0%    |
> | TCP 1-vCPU_p1   | -3.8%   |  -0.5%    |
> | TCP 1-vCPU_p1   | -2.7%   |  -0.7%    |
> | UDP 4-vCPU_p16  | -0.7%   |  -2.2%    |
> | TCP 4-vCPU_p4   | -0.4%   |   0.8%    |
> | UDP 4-vCPU_p4   |  0.4%   |  -0.7%    |
> | TCP 4-vCPU_p4   |  0.0%   |   0.6%    |
>
> [1] https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-
> incomplete-branch-predictor-isolation-in-cloud-environments/
>
> ---
> Pawan Gupta (3):
>       x86/bhi: Add BHB clearing for CPUs with larger branch history
>       x86/vmscape: Replace IBPB with branch history clear on exit to userspace
>       x86/vmscape: Remove LFENCE from BHB clearing long loop
>
>  Documentation/admin-guide/hw-vuln/vmscape.rst   |  8 ++++
>  Documentation/admin-guide/kernel-parameters.txt |  4 +-
>  arch/x86/entry/entry_64.S                       | 63 ++++++++++++++++++-------
>  arch/x86/include/asm/cpufeatures.h              |  1 +
>  arch/x86/include/asm/entry-common.h             | 12 +++--
>  arch/x86/include/asm/nospec-branch.h            |  5 +-
>  arch/x86/kernel/cpu/bugs.c                      | 53 +++++++++++++++------
>  arch/x86/kvm/x86.c                              |  5 +-
>  8 files changed, 110 insertions(+), 41 deletions(-)
> ---
> base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787
> change-id: 20250916-vmscape-bhb-d7d469977f2f
>
> Best regards,
> --
> Pawan
>

Looks good to me.

Acked-by: David Kaplan <david.kaplan@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ