[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] x86/tsx: Implement controls for RTM force-abort mode
The CPUID bit and MSR are deliberately not exposed to guests, because they won't exist on newer processors. As vPMU isn't security supported, the misbehaviour of PCR3 isn't expected to impact production deployments. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> --- docs/misc/xen-command-line.pandoc | 17 ++++++++++++++++- tools/misc/xen-cpuid.c | 2 ++ xen/arch/x86/cpu/intel.c | 3 +++ xen/arch/x86/cpu/vpmu.c | 3 +++ xen/arch/x86/msr.c | 4 ++++ xen/include/asm-x86/cpufeature.h | 3 +++ xen/include/asm-x86/msr-index.h | 3 +++ xen/include/asm-x86/vpmu.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 9 files changed, 36 insertions(+), 1 deletion(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index ab853bd..a9fe449 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2114,7 +2114,7 @@ Use Virtual Processor ID support if available. This prevents the need for TLB flushes on VM entry and exit, increasing performance. ### vpmu (x86) - = List of [ <bool>, bts, ipc, arch ] + = List of [ <bool>, bts, ipc, arch, rtm-abort=<bool> ] Applicability: x86. Default: false @@ -2147,6 +2147,21 @@ provide access to a wealth of low level processor information. * The `arch` option allows access to the pre-defined architectural events. +* The `rtm-abort` boolean controls a trade-off between working Restricted + Transactional Memory, and working performance counters. + + All processors released to date (Q1 2019) supporting Transactional Memory + Extensions suffer an erratum which has been addressed in microcode. + + Processors based on the Skylake microarchitecture with up-to-date + microcode internally use performance counter 3 to work around the erratum. + A consequence is that the counter gets reprogrammed whenever an `XBEGIN` + instruction is executed. + + An alternative mode exists where PCR3 behaves as before, at the cost of + `XBEGIN` unconditionally aborting. Enabling `rtm-abort` mode will + activate this alternative mode. + *Warning:* As the virtualisation is not 100% safe, don't use the vpmu flag on production systems (see http://xenbits.xen.org/xsa/advisory-163.html)! diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 6e7ca8b..d87a72e 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -146,6 +146,8 @@ static const char *str_7d0[32] = { [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", + /* 12 */ [13] = "tsx-force-abort", + [26] = "ibrsb", [27] = "stibp", [28] = "l1d_flush", [29] = "arch_caps", /* 30 */ [31] = "ssbd", diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 65fa3d6..29c6b87 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -286,6 +286,9 @@ static void Intel_errata_workarounds(struct cpuinfo_x86 *c) if (c->x86 == 6 && cpu_has_clflush && (c->x86_model == 29 || c->x86_model == 46 || c->x86_model == 47)) __set_bit(X86_FEATURE_CLFLUSH_MONITOR, c->x86_capability); + + if (cpu_has_tsx_force_abort && opt_rtm_abort) + wrmsrl(MSR_TSX_FORCE_ABORT, TSX_FORCE_ABORT_RTM); } diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 8324d62..8f6daf1 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -45,6 +45,7 @@ CHECK_pmu_params; static unsigned int __read_mostly opt_vpmu_enabled; unsigned int __read_mostly vpmu_mode = XENPMU_MODE_OFF; unsigned int __read_mostly vpmu_features = 0; +bool __read_mostly opt_rtm_abort; static DEFINE_SPINLOCK(vpmu_lock); static unsigned vpmu_count; @@ -73,6 +74,8 @@ static int __init parse_vpmu_params(const char *s) vpmu_features |= XENPMU_FEATURE_IPC_ONLY; else if ( !cmdline_strcmp(s, "arch") ) vpmu_features |= XENPMU_FEATURE_ARCH_ONLY; + else if ( (val = parse_boolean("rtm-abort", s, ss)) >= 0 ) + opt_rtm_abort = val; else rc = -EINVAL; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 9bb38b6..4df4a59 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -131,6 +131,8 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) case MSR_PRED_CMD: case MSR_FLUSH_CMD: /* Write-only */ + case MSR_TSX_FORCE_ABORT: + /* Not offered to guests. */ goto gp_fault; case MSR_SPEC_CTRL: @@ -230,6 +232,8 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) case MSR_INTEL_PLATFORM_INFO: case MSR_ARCH_CAPABILITIES: /* Read-only */ + case MSR_TSX_FORCE_ABORT: + /* Not offered to guests. */ goto gp_fault; case MSR_AMD_PATCHLOADER: diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 1fb9af4..745801f 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -112,6 +112,9 @@ /* CPUID level 0x80000007.edx */ #define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC) +/* CPUID level 0x00000007:0.edx */ +#define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT) + /* Synthesized. */ #define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON) #define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING) diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 24d783a..c6e1d87 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -51,6 +51,9 @@ #define MSR_FLUSH_CMD 0x0000010b #define FLUSH_CMD_L1D (_AC(1, ULL) << 0) +#define MSR_TSX_FORCE_ABORT 0x0000010f +#define TSX_FORCE_ABORT_RTM (_AC(1, ULL) << 0) + /* Intel MSRs. Some also available on other CPUs */ #define MSR_IA32_PERFCTR0 0x000000c1 #define MSR_IA32_A_PERFCTR0 0x000004c1 diff --git a/xen/include/asm-x86/vpmu.h b/xen/include/asm-x86/vpmu.h index 5e778ab..1287b9f 100644 --- a/xen/include/asm-x86/vpmu.h +++ b/xen/include/asm-x86/vpmu.h @@ -125,6 +125,7 @@ static inline int vpmu_do_rdmsr(unsigned int msr, uint64_t *msr_content) extern unsigned int vpmu_mode; extern unsigned int vpmu_features; +extern bool opt_rtm_abort; /* Context switch */ static inline void vpmu_switch_from(struct vcpu *prev) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index fbc68fa..2bcc548 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -242,6 +242,7 @@ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ +XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */ -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |