[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Spectre Mitigations in Xen 4.6

On Tue, Mar 20, 2018 at 11:20 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>> On 20.03.18 at 13:58, <jandryuk@xxxxxxxxx> wrote:
>> With that in place, I'm seeing Dom0 receive a general protection fault on
>> boot
>>
>> [   25.460035] general protection fault: 0000 [#1] SMP
>> [   25.460292] EIP: switch_mm_irqs_off+0xbe/0x600
>>
>> switch_mm_irqs_off+0xbe is the inlined
>> indirect_branch_prediction_barrier(void)
>> {
>>         alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
>>                               X86_FEATURE_USE_IBPB);
>> }
>>
>> The system boots when dom0 disables IBPB manipulation with
>> nospectre_v2 on the kernel
>> command line.
>>
>> I think Xen ends up here in xen/arch/x86/traps.c:emulate_privileged_op(),
>>         case MSR_PRED_CMD:
>>             domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
>>             domain_cpuid(currd, 0x80000008, 0, &dummy, &ebx, &dummy, &dummy);
>>             if ( !(edx & cpufeat_mask(X86_FEATURE_IBRSB)) &&
>>                  !(ebx & cpufeat_mask(X86_FEATURE_IBPB)) )
>>                 goto fail; /* MSR available? */
>>
>>             /*
>>              * The only defined behaviour is when writing PRED_CMD_IBPB.  In
>>              * practice, real hardware accepts any value without faulting.
>>              */
>>             if ( eax & PRED_CMD_IBPB )
>>                 wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
>>             break;
>>
>> ...but Dom0 doesn't have a cpuid policy configured, so the IBRSB/IBPB
>> check fails and we GP.
>> Did I read that correctly?  If that is the case, how should Dom0 be handled?
>
> Would you give the patch below a try? Its description doesn't
> fully fit 4.6, but newer versions (where I've done this first) can
> make more use of the new wrapper.

Thanks for the quick turn around.  Yup, seems to work.

> Jan
>
> x86/PV: also cover Dom0 in SPEC_CTRL / PRED_CMD emulation
>
> Introduce a helper wrapping the pv_cpuid()-style domain_cpuid() /
> cpuid_count() (or alike) invocations, and use it instead of plain
> domain_cpuid() in MSR access emulation.
>
> Reported-by: Jason Andryuk <jandryuk@xxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Tested-by: Jason Andryuk <jandryuk@xxxxxxxxx>

Thanks,
Jasonl

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.