|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 8/9] x86/amd: Virtualise MSR_VIRT_SPEC_CTRL for guests
The semantics of MSR_VIRT_SPEC_CTRL are that unknown bits are write-discard
and read as zero. Only VIRT_SPEC_CTRL.SSBD is defined at the moment.
To facilitate making this per-guest, the legacy SSBD state needs context
switching between vcpus. amd_ctxt_switch_legacy_ssbd() is updated to take the
vcpus setting into account. Furthermore, the guests chosen value needs
preserving across migrate.
This marks a subtle change in how `ssbd=` behaves. If Xen wishes SSBD to be
asserted, it remains set in hardware all the time. In the default case of Xen
wishing SSBD not to be asserted, the value set in hardware is the guests
choice.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Brian Woods <brian.woods@xxxxxxx>
---
docs/misc/xen-command-line.markdown | 13 +++++++++----
xen/arch/x86/cpu/amd.c | 4 +++-
xen/arch/x86/domain.c | 2 ++
xen/arch/x86/domctl.c | 1 +
xen/arch/x86/hvm/hvm.c | 1 +
xen/arch/x86/msr.c | 17 +++++++++++++++++
xen/include/asm-x86/msr.h | 9 +++++++++
7 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/docs/misc/xen-command-line.markdown
b/docs/misc/xen-command-line.markdown
index 764f33a..696744e 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1904,10 +1904,15 @@ option can be used to force (the default) or prevent
Xen from issuing branch
prediction barriers on vcpu context switches.
On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=`
-option can be used to force or prevent Xen using the feature itself. On AMD
-hardware, this is a global option applied at boot, and not virtualised for
-guest use. On Intel hardware, the feature is virtualised for guests,
-independently of Xen's choice of setting.
+option can be used to force or prevent Xen using the feature itself.
+
+* On hardware supporting SSBD in MSR\_SPEC\_CTRL, Xen maintains distinct guest
+ and host state, and will virtualise SSBD for guests.
+
+* On some AMD hardware where only legacy LS\_CFG is available, Xen offers the
+ MSR\_VIRT\_SPEC\_CTRL interface to guests, but is unable to maintain
+ distinct guest and host state. The value set in hardware is the logical OR
+ of the Xen and guest settings.
On all hardware, the `eager-fpu=` option can be used to force or prevent Xen
from using fully eager FPU context switches. This is currently implemented as
diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index 3a8ead9..c766497 100644
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -450,7 +450,9 @@ void amd_ctxt_switch_legacy_ssbd(const struct vcpu *next)
{
static DEFINE_PER_CPU(bool, ssbd);
bool *this_ssbd = &this_cpu(ssbd);
- bool disable = opt_ssbd;
+ bool disable = opt_ssbd ?:
+ (next && !is_idle_vcpu(next) &&
+ (next->arch.msrs->virt_spec_ctrl & SPEC_CTRL_SSBD));
struct cpuinfo_x86 *c = ¤t_cpu_data;
unsigned int socket = c->phys_proc_id, core = c->cpu_core_id;
struct ssbd_ls_cfg *cfg;
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index b4d5948..d5df67e 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -1801,6 +1801,8 @@ void context_switch(struct vcpu *prev, struct vcpu *next)
load_segments(next);
ctxt_switch_levelling(next);
+ if ( cpu_has_legacy_ssbd )
+ amd_ctxt_switch_legacy_ssbd(next);
if ( opt_ibpb && !is_idle_domain(nextd) )
{
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index aa8ad19..cc9f8cd 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1274,6 +1274,7 @@ long arch_do_domctl(
static const uint32_t msrs_to_send[] = {
MSR_SPEC_CTRL,
MSR_INTEL_MISC_FEATURES_ENABLES,
+ MSR_VIRT_SPEC_CTRL,
MSR_AMD64_DR0_ADDRESS_MASK,
MSR_AMD64_DR1_ADDRESS_MASK,
MSR_AMD64_DR2_ADDRESS_MASK,
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index e2e4204..a2c3533 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1305,6 +1305,7 @@ static int hvm_load_cpu_xsave_states(struct domain *d,
hvm_domain_context_t *h)
static const uint32_t msrs_to_send[] = {
MSR_SPEC_CTRL,
MSR_INTEL_MISC_FEATURES_ENABLES,
+ MSR_VIRT_SPEC_CTRL,
MSR_AMD64_DR0_ADDRESS_MASK,
MSR_AMD64_DR1_ADDRESS_MASK,
MSR_AMD64_DR2_ADDRESS_MASK,
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 76cb6ef..84e97aa 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -183,6 +183,13 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr,
uint64_t *val)
ARRAY_SIZE(msrs->dr_mask))];
break;
+ case MSR_VIRT_SPEC_CTRL:
+ if ( !cp->extd.virt_sc_ssbd )
+ goto gp_fault;
+
+ *val = msrs->virt_spec_ctrl;
+ break;
+
default:
return X86EMUL_UNHANDLEABLE;
}
@@ -323,6 +330,16 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
wrmsrl(msr, val);
break;
+ case MSR_VIRT_SPEC_CTRL:
+ if ( !cp->extd.virt_sc_ssbd )
+ goto gp_fault;
+
+ msrs->virt_spec_ctrl = (val & SPEC_CTRL_SSBD);
+
+ if ( v == curr )
+ amd_ctxt_switch_legacy_ssbd(curr);
+ break;
+
default:
return X86EMUL_UNHANDLEABLE;
}
diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h
index 05d905b..51d1bed 100644
--- a/xen/include/asm-x86/msr.h
+++ b/xen/include/asm-x86/msr.h
@@ -289,6 +289,15 @@ struct vcpu_msrs
} misc_features_enables;
/*
+ * 0xc001011f - MSR_VIRT_SPEC_CTRL
+ *
+ * For the subset of bits implemented, functionality shared with
+ * MSR_SPEC_CTRL, but the MSR is expected to be intercepted. For
+ * compatibility, unsupported bits are write-discard/read-as-zero.
+ */
+ uint32_t virt_spec_ctrl;
+
+ /*
* 0xc00110{27,19-1b} MSR_AMD64_DR{0-3}_ADDRESS_MASK
*
* Loaded into hardware for guests which have active %dr7 settings.
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |