[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/2] x86/cpuid: support LFENCE always serializing CPUID bit


  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 20 Apr 2021 13:49:36 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eY1Gk+EUG6GQcVxbsf3kwqpM8oM+KQ7/OZt6PWh+BJg=; b=IP0bpOBdAbRYbMJh/mbTID3Km7fjuXO+FnNQl8UVr/Bu8yjpuHbfXHARB/4CzRgQhx1K2oTEpp3RzgazeKNHyR2hYXha/PnhsddXdH3vpOmMVAfUc/K2rQjwvjYxi59+NVNQa930AkvOpc4AvDKp7gKjJNqfTyNcteWvKrVRihFZ7RTYw1RH7cKh0rfi7iiETEQ3tLcczDmD7frLt0UpwAckubTpJoLAG2bnCr9nZREU00LolBVObPHM/q2Lwv2UgKYIj+akGDlOFymRouY2NYzklLnrbIWpvW3dFbYzVRM0uoUGnd7vd0dlKntWgpaWXUvyCz3s68LpJryVxzibNg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Mks9l5J+jZwTyOQ1d+7QG5Gekad9j4C6oySuQ9wyy4iMa+HS+XUXCytOYgMyHQ08vHtcTOo3ykg9EtgfUkf3zdc4S0mUHjBnnts0LSSry1W6bqU2cYItB8qF24+itNVx4usMdWcRM8E9acC4wPJVNKJnI0V6cNPFGVYDpkoKv7L6BFqufT4QpjqmG4IpwOb0a7gskjy+jJtGgjyx1t2LMsxpXnjrAektT5akeh2X58sGJ0I0NWuvOhkV0DpIrNCGKBBj8dPi/LH7yG/TwP/HwkyWMGMWp9m5bHGKyeWhMBSkwo0ik1Aaa4KHt8V+Q7cWIWKdcR9TjGPPlelbvrxcJw==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • Delivery-date: Tue, 20 Apr 2021 12:49:54 +0000
  • Ironport-hdrordr: A9a23:qbH8Pa2oqPmXZfGk7lO50QqjBR93eYIsi2QD101hICF9Wvez0+ izgfUW0gL1gj4NWHcm3euNIrWEXGm0z/FIyKErF/OHUBP9sGWlaLtj44zr3iH6F0TFmtJ1/Z xLN5JzANiYNzVHpO7n/Qi1FMshytGb8KauwdzT1WtpUBsCUcBdxi1SYzzrd3Febg9AGJY/Cd 647s1IuzKvdR0sH7uGL1MCWPXOoMCOqYnvZgQICwVixA6Fiz6p77CSKWnl4j41VTRTzbA+tV XUigCR3NTfj9iX6D/5k1XS4ZNfhcf7xrJ4avCkp8AJJlzX+36VTat7XbnqhkFTnMiO7xIQnM DIs1McOa1ImgnsV0WUhTeo5AX6yjYp7BbZuCylqF/uu9bwSj5/K+cpv/MhTjLj50AtvM5x3c twtgrz3fonbmK0oA3H69fFTB1snEavyEBS9dI7tHBDTZAYLIZYsI13xjIkLL47ACn45Io7ed Meav302fA+SyL5U1nkpGV1hPSjUnMvdy32OXQqi4i+1jhbm21B1E0IxMATtWdozuNNd7B0o8 vDKahmj7dIU4s/ar98Hv4IRY+NBnXKWg+kChPcHX3XUIU8f17doZ/+57s4oMmsZZwz1ZM33L DMSklRu2Iec1/nYPf+kqFjw1ToeiGQTD7twsZR69xSobvnXofmNiWFVRQHj9agi+93OLyZZ9 +DfLZtR9PzJ2rnHohEmyfkXYNJFHUYWMoJ/v4mRlO1pN7RIIGCjJ2aTN/jYJ7WVRo0UGL2BX UOGBLpIt9b00ytUnjkxDfLXXfAfVH+4IJQHKDW8/N78vlJCqR89iwuzXip7MCCLjNP9oYsel FlHb/hmqSn4Um6lFy4q1lBC154NAJ48b/gW3RFqUshKEXva4sOvN2ZZCR31HuDLRlvctPOHG dk1hNK0JPyC6bV6TEpCtqhPG7fpWAUvmi2Q5AVnbDGwsv5ZJUiDNIDVLZqHQvGUzx58Dwa6V trWUshfAvyBznugaKqgNg/H+fEbeRxhw+tPIpzsnLQtUKVoOk1XXsFVzuSUcqa6DxeBQZ8tx lUyesykbCAkTGgJS8Um+IjKmBBb2yRHfZ7FgifXZ5VnbrqYQl0am+PiVWh+lcOU1uv039Xqn 3qLCWSd/2OJlZGoHhX3pzn905OenyHc1h9bW17toNBBX3L00wDo9OjV+6W6S+8e1ECyuYSPH X+bTweLhhH6vq32BSW8QzyX0kO99ELBKjwHb4je7bc1jeRM4WOj7gBBOIR1o1iLsrSvugCVv +/dweZICjjMf4g3xWYqx8eSXBJgUhhtcmt9Azu7WC+0nJ6POHbJ05+QaoHZ/6b9GrpSp+zod xEpONwmdH1FGr/atSLk/6KKxFCLw7eum6wQaUDr4tOsac7qbt0GN36XFLzpQZ69SR7CP2xsk UUBJlfyvTmHKREesQJYSJX/lYzjr20XQAWmz2zJtV7RE0nin/QAsiA7LXJo4c+G0HpnnqFBX Cvtwlmu8rfVySN1bQmG7s9DGRfZk878mlj9oq5BvvtITTvU+FI51yhNHChNJdbVaieAL0Vxy wKru2grquydyDi3hrXsiY+CqVS83y/Scf3JA6XA+ZH/5ibPluL65HarPKbvXPSSTGhbV4fip AAXUsMbt5bgj1ntbYJ6EGJO+TKi3NgtUBf7zFhnkPs3YbjwF6zJzA5DSTpxrNMXTdSNXCUi9 /i6ubw7gWk3AR4
  • Ironport-sdr: xlC/ltGjb8pJ/m68uU5CsWR7SlEmxqtyCGWrXDjDx0f2eNIpQdUPr1EDNdcdsDHTdubtk+arQw +aPcbHewJYzf5aoE5SnECZXDuBam5rn0ELR6MOwTzTrNkhRhqRXvZFhfhS5Ci0jXcnv7cS3818 68hGajrVJoC1j15ucngq4ydujMtRzgFEhgJgVO7oiwoG8VOaLhHyrHZfnj1Rtvaoh60LSBXb5c SzOISl5lMEpZuUfYGOCFUBzs8nZ6Mi9aZ3S+fgl9Gu3T3OhLOdQidDG5KXQ5ejz4hKAcgL9zow cY4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15/04/2021 15:47, Roger Pau Monne wrote:
> AMD Milan (Zen3) CPUs have an LFENCE Always Serializing CPUID bit in
> leaf 80000021.eax. Previous AMD versions used to have a user settable
> bit in DE_CFG MSR to select whether LFENCE was dispatch serializing,
> which Xen always attempts to set. The forcefully always on setting is
> due to the addition of SEV-SNP so that a VMM cannot break the
> confidentiality of a guest.
>
> In order to support this new CPUID bit move the LFENCE_DISPATCH
> synthetic CPUID bit to map the hardware bit (leaving a hole in the
> synthetic range) and either rely on the bit already being set by the
> native CPUID output, or attempt to fake it in Xen by modifying the
> DE_CFG MSR. This requires adding one more entry to the featureset to
> support leaf 80000021.eax.
>
> The bit is exposed to guests by default if the underlying hardware
> supports leaf 80000021, as a way to signal that LFENCE is always
> serializing. Hardware that doesn't have the leaf might also get the
> bit set because Xen has performed the necessary arrangements, but
> that's not yet exposed to guests. Note that Xen doesn't allow guests
> to change the DE_CFG value, so once set by Xen LFENCE will always be
> serializing.
>
> Note that the access to DE_CFG by guests is left as-is: reads will
> unconditionally return LFENCE_SERIALISE bit set, while writes are
> silently dropped.
>
> Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> ---
> Changes since v1:
>  - Rename to lfence+.
>  - Add feature to libxl_cpuid.c.
>  - Reword commit message.
> ---
> Note this doesn't yet expose the bit on hardware that doesn't support
> leaf 80000021. It's still TBD whether we want to hardcode this support
> manually, or instead rely on a more general approach like the one
> suggested by the shrink max CPUID leaf patch from Jan.

I'm going to insist on using the manual approach.  Upping max leaf is
strictly opposite to shrinking logic.

It's very rare that we'll want to extend max leaf beyond what hardware
supports, and it wants calling out clearly, along with identifying why
it is safe to do so in this specific case.

It is not safe or sensible to blindly escalate to the compile time max. 
The only cases where the differ are bugs needing fixing - the manual
approach has the special case clearly called out, while the blindly
escalate case has the bug hidden in derivation logic somewhere else.

~Andrew




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.