[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 9 Jan 2018 13:30:52 +0000
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 Jan 2018 13:31:10 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 09/01/18 13:24, Jan Beulich wrote:
>>>> On 09.01.18 at 12:44, <andrew.cooper3@xxxxxxxxxx> wrote:
>> On 04/01/18 09:40, Jan Beulich wrote:
>>>>>> On 04.01.18 at 01:15, <andrew.cooper3@xxxxxxxxxx> wrote:
>>>> +    else
>>>> +    {
>>>> +        /*
>>>> +         * Evaluate the safest Branch Target Injection mitigations to use.
>>>> +         * First, begin with compiler-aided mitigations.
>>>> +         */
>>>> +        if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) )
>>>> +        {
>>>> +            /*
>>>> +             * AMD's recommended mitigation is to set lfence as being 
>>>> dispatch
>>>> +             * serialising, and to use IND_THUNK_LFENCE.
>>>> +             */
>>>> +            if ( cpu_has_lfence_dispatch )
>>>> +                thunk = THUNK_LFENCE;
>>>> +        }
>>>> +    }
>>> As asked elsewhere, is the CONFIG_INDIRECT_THUNK dependency
>>> here really meaningful for the overall effect? Surely if we can't use
>>> thunks in the first place it doesn't matter which variant of them we
>>> don't use?
>> In later patches, the lack of INDIRECT_THUNK causes us to choose to use
>> IBRS+ if available in microcode.
> Oh, I see, but that patch has no description so far, and hence it
> is not really clear what the backgrounds of the decisions there is
> (even to me, having been involved in this for some time). Is the
> expected (or measured?) overhead of using the thunks lower
> than that of IBRS?

These thunks have lower overhead that IBRS in all measurements I've
seen.  ISTR retpoline was specifically put together to combat the IBRS
perf hit.

One complication is that Skylake (and Broadwell before a specific
microcode version) are not safe even with retpoline, so IBRS is used
unconditionally.  (The microcode version to add IBRS to Broadwell causes
it to pass the retpoline-safety test).

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v6.5 00/26] x86: Mitigations for SP2/CVE-2017-5715/Branch Target Injection
  - From: Andrew Cooper
- [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v6.5 19/26] x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL, PRED_CMD}
Next by Date: Re: [Xen-devel] [PATCH RFC v1 52/74] xen: mark xenstore/console pages as RAM and add them to dom_io
Previous by thread: Re: [Xen-devel] [PATCH v6.5 14/26] x86: Introduce alternative indirect thunks
Next by thread: [Xen-devel] [PATCH v6.5 17/26] x86/msr: Emulation of MSR_{SPEC_CTRL, PRED_CMD} for guests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.