lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251016172302.a6uin2qqqyxmufxc@desk>
Date: Thu, 16 Oct 2025 10:23:02 -0700
From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To: "Kaplan, David" <David.Kaplan@....com>
Cc: "x86@...nel.org" <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Sean Christopherson <seanjc@...gle.com>,
	Paolo Bonzini <pbonzini@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	Asit Mallick <asit.k.mallick@...el.com>,
	Tao Zhang <tao1.zhang@...el.com>
Subject: Re: [PATCH v2 0/3] VMSCAPE optimization for BHI variant

On Thu, Oct 16, 2025 at 03:57:56PM +0000, Kaplan, David wrote:
> [AMD Official Use Only - AMD Internal Distribution Only]
> 
> > -----Original Message-----
> > From: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
> > Sent: Wednesday, October 15, 2025 8:52 PM
> > To: x86@...nel.org; H. Peter Anvin <hpa@...or.com>; Josh Poimboeuf
> > <jpoimboe@...nel.org>; Kaplan, David <David.Kaplan@....com>; Sean
> > Christopherson <seanjc@...gle.com>; Paolo Bonzini <pbonzini@...hat.com>
> > Cc: linux-kernel@...r.kernel.org; kvm@...r.kernel.org; Asit Mallick
> > <asit.k.mallick@...el.com>; Tao Zhang <tao1.zhang@...el.com>
> > Subject: [PATCH v2 0/3] VMSCAPE optimization for BHI variant
> >
> > Caution: This message originated from an External Source. Use proper caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > v2:
> > - Added check for IBPB feature in vmscape_select_mitigation(). (David)
> > - s/vmscape=auto/vmscape=on/ (David)
> > - Added patch to remove LFENCE from VMSCAPE BHB-clear sequence.
> > - Rebased to v6.18-rc1.
> >
> > v1: https://lore.kernel.org/r/20250924-vmscape-bhb-v1-0-
> > da51f0e1934d@...ux.intel.com
> >
> > Hi All,
> >
> > These patches aim to improve the performance of a recent mitigation for
> > VMSCAPE[1] vulnerability. This improvement is relevant for BHI variant of
> > VMSCAPE that affect Alder Lake and newer processors.
> >
> > The current mitigation approach uses IBPB on kvm-exit-to-userspace for all
> > affected range of CPUs. This is an overkill for CPUs that are only affected
> > by the BHI variant. On such CPUs clearing the branch history is sufficient
> > for VMSCAPE, and also more apt as the underlying issue is due to poisoned
> > branch history.
> >
> > Roadmap:
> >
> > - First patch introduces clear_bhb_long_loop() for processors with larger
> >   branch history tables.
> > - Second patch replaces IBPB on exit-to-userspace with branch history
> >   clearing sequence.
> >
> > Below is the iPerf data for transfer between guest and host, comparing IBPB
> > and BHB-clear mitigation. BHB-clear shows performance improvement over IBPB
> > in most cases.
> >
> > Platform: Emerald Rapids
> > Baseline: vmscape=off
> >
> > (pN = N parallel connections)
> >
> > | iPerf user-net | IBPB    | BHB Clear |
> > |----------------|---------|-----------|
> > | UDP 1-vCPU_p1  | -12.5%  |   1.3%    |
> > | TCP 1-vCPU_p1  | -10.4%  |  -1.5%    |
> > | TCP 1-vCPU_p1  | -7.5%   |  -3.0%    |
> > | UDP 4-vCPU_p16 | -3.7%   |  -3.7%    |
> > | TCP 4-vCPU_p4  | -2.9%   |  -1.4%    |
> > | UDP 4-vCPU_p4  | -0.6%   |   0.0%    |
> > | TCP 4-vCPU_p4  |  3.5%   |   0.0%    |
> >
> > | iPerf bridge-net | IBPB    | BHB Clear |
> > |------------------|---------|-----------|
> > | UDP 1-vCPU_p1    | -9.4%   |  -0.4%    |
> > | TCP 1-vCPU_p1    | -3.9%   |  -0.5%    |
> > | UDP 4-vCPU_p16   | -2.2%   |  -3.8%    |
> > | TCP 4-vCPU_p4    | -1.0%   |  -1.0%    |
> > | TCP 4-vCPU_p4    |  0.5%   |   0.5%    |
> > | UDP 4-vCPU_p4    |  0.0%   |   0.9%    |
> > | TCP 1-vCPU_p1    |  0.0%   |   0.9%    |
> >
> > | iPerf vhost-net | IBPB    | BHB Clear |
> > |-----------------|---------|-----------|
> > | UDP 1-vCPU_p1   | -4.3%   |   1.0%    |
> > | TCP 1-vCPU_p1   | -3.8%   |  -0.5%    |
> > | TCP 1-vCPU_p1   | -2.7%   |  -0.7%    |
> > | UDP 4-vCPU_p16  | -0.7%   |  -2.2%    |
> > | TCP 4-vCPU_p4   | -0.4%   |   0.8%    |
> > | UDP 4-vCPU_p4   |  0.4%   |  -0.7%    |
> > | TCP 4-vCPU_p4   |  0.0%   |   0.6%    |
> >
> > [1] https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-
> > incomplete-branch-predictor-isolation-in-cloud-environments/
> >
> > ---
> > Pawan Gupta (3):
> >       x86/bhi: Add BHB clearing for CPUs with larger branch history
> >       x86/vmscape: Replace IBPB with branch history clear on exit to userspace
> >       x86/vmscape: Remove LFENCE from BHB clearing long loop
> >
> >  Documentation/admin-guide/hw-vuln/vmscape.rst   |  8 ++++
> >  Documentation/admin-guide/kernel-parameters.txt |  4 +-
> >  arch/x86/entry/entry_64.S                       | 63 ++++++++++++++++++-------
> >  arch/x86/include/asm/cpufeatures.h              |  1 +
> >  arch/x86/include/asm/entry-common.h             | 12 +++--
> >  arch/x86/include/asm/nospec-branch.h            |  5 +-
> >  arch/x86/kernel/cpu/bugs.c                      | 53 +++++++++++++++------
> >  arch/x86/kvm/x86.c                              |  5 +-
> >  8 files changed, 110 insertions(+), 41 deletions(-)
> > ---
> > base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787
> > change-id: 20250916-vmscape-bhb-d7d469977f2f
> >
> > Best regards,
> > --
> > Pawan
> >
> 
> Looks good to me.
> 
> Acked-by: David Kaplan <david.kaplan@....com>

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ