[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH for-4.11 00/10] x86: Improvements and fixes to Spectre handling

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 11 May 2018 11:38:04 +0100
Cc: Juergen Gross <jgross@xxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 11 May 2018 10:38:37 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

In hindsight, the end result of the Spectre mitigations aren't as great as I'd
hoped, and have several inefficiencies.  Also, the `bti=` command line option
isn't as flexible as intended.

This series does four things:

  1) Some internal cleanup, for clarity and to help the other features
  2) Introduce `spec-ctrl=no-pv` mode.  XenServer's performance measurements
     see a 10% net/disk performance improvement in some production scenarios.
  3) Introduce the ability to use IBPB-only mode for guests.  This was
     discussed by Amazon during the Spectre work, but I don't have any
     performance numbers to hand.
  4) Avoid imposing IBRS mode while dom0 is booting.  This was reported by
     Oracle on the list, and speeds up boot time on some servers by 50s.

I know this series is rather late for 4.11, but seeing as I've managed to
complete it before 4.12 opens, it should be considered at this point, as all
of the Spectre code is new in 4.11.

Andrew Cooper (10):
  x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once
  x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable
  x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into 
spec_ctrl_flags
  x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES together
  x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT
  x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants
  x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value
  x86/cpuid: Improvements to guest policies for speculative sidechannel features
  x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace 
`bti=`
  x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible

 docs/misc/xen-command-line.markdown |  49 +++++++
 xen/arch/x86/acpi/power.c           |   4 +-
 xen/arch/x86/cpuid.c                |  60 +++++----
 xen/arch/x86/hvm/svm/entry.S        |   4 +-
 xen/arch/x86/hvm/vmx/entry.S        |   4 +-
 xen/arch/x86/setup.c                |   7 +
 xen/arch/x86/smpboot.c              |   8 ++
 xen/arch/x86/spec_ctrl.c            | 258 ++++++++++++++++++++++++++++--------
 xen/arch/x86/x86_64/asm-offsets.c   |   4 +-
 xen/arch/x86/x86_64/compat/entry.S  |   2 +-
 xen/arch/x86/x86_64/entry.S         |   2 +-
 xen/include/asm-x86/cpufeatures.h   |   9 +-
 xen/include/asm-x86/current.h       |   4 +-
 xen/include/asm-x86/spec_ctrl.h     |  20 +--
 xen/include/asm-x86/spec_ctrl_asm.h | 131 +++++++++---------
 15 files changed, 396 insertions(+), 170 deletions(-)

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH for-4.11 00/10] x86: Improvements and fixes to Spectre handling
  - From: Juergen Gross
- Re: [Xen-devel] [PATCH for-4.11 00/10] x86: Improvements and fixes to Spectre handling
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH for-4.11 00/10] x86: Improvements and fixes to Spectre handling
  - From: Wei Liu
- [Xen-devel] [PATCH 10/10] x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible
  - From: Andrew Cooper
- [Xen-devel] [PATCH 06/10] x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants
  - From: Andrew Cooper
- [Xen-devel] [PATCH 09/10] x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=`
  - From: Andrew Cooper
- [Xen-devel] [PATCH 08/10] x86/cpuid: Improvements to guest policies for speculative sidechannel features
  - From: Andrew Cooper
- [Xen-devel] [PATCH 03/10] x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags
  - From: Andrew Cooper
- [Xen-devel] [PATCH 07/10] x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value
  - From: Andrew Cooper
- [Xen-devel] [PATCH 05/10] x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT
  - From: Andrew Cooper
- [Xen-devel] [PATCH 01/10] x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once
  - From: Andrew Cooper
- [Xen-devel] [PATCH 02/10] x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable
  - From: Andrew Cooper
- [Xen-devel] [PATCH 04/10] x86/spec_ctrl: Fold the XEN_IBRS_{SET, CLEAR} ALTERNATIVES together
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH 04/10] x86/spec_ctrl: Fold the XEN_IBRS_{SET, CLEAR} ALTERNATIVES together
Next by Date: [Xen-devel] [PATCH 02/10] x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable
Previous by thread: [Xen-devel] Xen Security Advisory 261 (CVE-2018-10982) - x86 vHPET interrupt injection errors
Next by thread: [Xen-devel] [PATCH 04/10] x86/spec_ctrl: Fold the XEN_IBRS_{SET, CLEAR} ALTERNATIVES together
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.