From patchwork Thu Mar 21 19:35:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eduardo Habkost X-Patchwork-Id: 1060420 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44QHB547lMz9sQr for ; Fri, 22 Mar 2019 06:37:33 +1100 (AEDT) Received: from localhost ([127.0.0.1]:45739 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h73VL-0003Jb-Ax for incoming@patchwork.ozlabs.org; Thu, 21 Mar 2019 15:37:31 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59042) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h73UT-0003HP-Bj for qemu-devel@nongnu.org; Thu, 21 Mar 2019 15:36:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h73US-0007Gi-DG for qemu-devel@nongnu.org; Thu, 21 Mar 2019 15:36:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47138) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h73US-0007Fq-4z for qemu-devel@nongnu.org; Thu, 21 Mar 2019 15:36:36 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 66DCA308429D; Thu, 21 Mar 2019 19:36:35 +0000 (UTC) Received: from localhost (ovpn-116-26.gru2.redhat.com [10.97.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id E7B9C1001DC1; Thu, 21 Mar 2019 19:36:34 +0000 (UTC) From: Eduardo Habkost To: Peter Maydell , qemu-devel@nongnu.org Date: Thu, 21 Mar 2019 16:35:59 -0300 Message-Id: <20190321193600.15935-5-ehabkost@redhat.com> In-Reply-To: <20190321193600.15935-1-ehabkost@redhat.com> References: <20190321193600.15935-1-ehabkost@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 21 Mar 2019 19:36:35 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 4/5] docs: clarify that spec-ctrl is only needed for Spectre v2 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Eduardo Habkost , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Daniel P. Berrangé The docs currently say that the spec-ctrl feature is needed for both Spectre variants, but it is only used to address Spectre v2. Also remove the note about retpolines. The guest OS is usually treated as a blackbox from host mgmt pov, so it won't have knowledge about use of retpolines and thus should unconditionally expose spec-ctrl, allowing the guest to decide whether to use it or not. Signed-off-by: Daniel P. Berrangé Message-Id: <20190307121838.6345-2-berrange@redhat.com> Signed-off-by: Eduardo Habkost --- docs/qemu-cpu-models.texi | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi index 1b72584161..0ce528806d 100644 --- a/docs/qemu-cpu-models.texi +++ b/docs/qemu-cpu-models.texi @@ -158,8 +158,7 @@ support this feature. @item @code{spec-ctrl} -Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix, -in cases where retpolines are not sufficient. +Required to enable the Spectre v2 (CVE-2017-5715) fix. Included by default in Intel CPU models with -IBRS suffix. @@ -249,8 +248,7 @@ included if using "Host passthrough" or "Host model". @item @code{ibpb} -Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix, -in cases where retpolines are not sufficient. +Required to enable the Spectre v2 (CVE-2017-5715) fix. Included by default in AMD CPU models with -IBPB suffix.