Xen project Mailing List

Re: [PATCH 1/3] x86/hvm: Introduce experimental guest CET support

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 28 Apr 2021 18:54:22 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8Tqwm8Fs2ADZOHdM1i3IdulpDkSnIyXb4xED76D59oY=; b=B67yk/fYpNAJTqbxgmVbhhA54KF5QcsjUTicOpXNPQHC/u3auG1nLYC0M+/AAmGH/7CJZ7ZUxKPmlOasmsHT4ye4mPkzL3tenjwmDByOhHOV4dZK4+xprwqJJhGOTLwlTG5003OvzJTUn3b8xs0ALrHIefbL0l7hziNL69NyCDIxeFv0tyk4x9bZUgP/arajYHwVlOYEVb22zVRG7MQXET3m68eWFVoMqbPYkC+yazFtcFs6oYXiCGxI+pGiMWb1ZRZiDpyoEkRPqXHUyaNLCQ06Xeg9eYejjuOmULBIexVwQ7Hz0RY+L6sucTFXL4XcMQd+howqy9MRkH3qLKHGbA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZRzuySKaLvpnVs9kMEIwGb22VaocQ9HShOtMQzjw0Qg0nBaUUtfJT7S1RXAdZCujL7PHaRtHKC5mCpBrOd8/jltpNERWUC/xVED79luQEyJlmIi4R8OvvA4rmMrFEv7/x/CsSokH6YLhCTZiZFJor6bdfRzKgOMVX1B8491sKsiQDuoUnaRlabN7s71TnM6L1FE49WdhgRASE8yT9cDprHyB4gtgaidKchHABo7YJByRLi0FhLEb5N/3PFzCuoS42uvjYFRfw3qowCwbwQkLMa+SRwhQw3BKaQ/S50lqQKdpQAKKpRlR/WYVNM5UwpIimdPQnSJC0AYtXSH6/o5Dbw==

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 28 Apr 2021 17:54:40 +0000

Ironport-hdrordr: A9a23:Q2Dj/6uvS/ntl+RkmN7HyzRa7skC24Yji2hD6mlwRA09T+WxrO rrtOgH1BPylTYaUGwhn9fFA6WbXXbA7/dOjrU5FYyJGC3ronGhIo0n14vtxDX8Bzbzn9Qw6Y 5JSII7MtH5CDFB4PrSyBWkEtom3dmM+L2pg+Cb9Ht2UQR2cchbjjtRICzzKDwSeCBtA50lGJ 2Aou9OoDS9cXoaB/7LeUUtde7FutHNidbaehYAHREq802jijmv5b78HXGjr2sjehlIxqov9n WArhzh6syYwoyG4zL/90uW1ZRZn9P91sBObfbjtuE5Iijh4zzYHLhJdKaFuFkO0YaSwXYs1O LBuhIxe/l0gkmhBF2dhTvI903e3C0163nkoGXo8kfLhcDiXjo1B45gqOtiA2LkwnEttt19z6 5Htljx3/E8bWKi7VHAzuPFWB1wmk2/rWBKq592s1VlXZYDc7gUlIQD/SpuYec9NRjn44MqGv QGNrC72N9qdzqhHhLkl1V0zMfpdno+GQrueDl4huWllxJSnHx/0nICwt0eknoq5PsGOuh5zt WBHaJymL5USMgKKYp7GecaWMOyTlfAWBTWLQupUBvaPZBCH0iIh4/84b0z6u3vUJsUzKEqkJ CEdF9Dr2Y9d2/nFMXm5uwEzjn9BEGGGRj9wMBX4JZ0/pfmQqDwDCGFQFcy1+O9vvQ2GKTgKr WOEaMTJ8WmAXrlGI5P0QG7cYJVM2MiXMocvct+c06So/jMNpbhuoXgAbbuDYuoNQxhdnL0A3 MFUjS2Dt5H9FqXVnjxhwWUdGjqfmD54JJsAInX9+Ue0+E2R8hxmzlQrW78ytCAKDVEvKBzVl B5OqnbnqSyonTz3Wug1RQsBjNtSmJupJnwWXJDogEHd2nud6wYhtmZcWdOmF+OJhp1SdLqAB dSzm4Hvp6fHti1/2QPGtinOmWVgz84v3SRVaoRnaWF+IPDdo4nCI0lHIh8Dx/CGRAwuQsCkh YDVCY0AmvkUh/+g6Ssi5IZQMvFccNnvQutKclI7VTFtUudoskrbmABXyGnVPOWhQpGfUsXun RBt4skxJaQkzemLmUyxM4iNkdXVWiRCLVaSDieaJ5sgbDtcgFoRWKsjTiX4itDPFbCxgE3vC jMPCeUcfbEDh54tmpD2qjnyl9ya16QZll9cHx8rI17G1nXo3ob6574WoODl0+qLncSyOAUNz /IJQEfJQ5j3Pib/h+YkjTqLwRt+rweesjmSJgzebDa3X2gbLCSnaYdBvlO4dJOL9b1qNIGVu qZZi6YJD71EPkSxgSQv3opURME8UUMoLfN4lnI/WK41HkwDb7uO1xgXagcOMzZwG7+RfqEua 8JxO4djK+VCCHWZdGHw62MMGIGBRPXvGKsT+Yn7bpTprk/sbNvH5/dFRvEvUs3qykWHYPRrg c5Rq8+3ZXqfqlIVOYWczhC/lUomM+URXFb+TDeM6sbRxUVk3TfP9m1+LLGprokP12ZqGLLSC 2i2hwY282AYjCK2rEbAZ8hOGh6aEAz73J54eOJHregfjmCRqVm/FCgNGW6f6IYYK+ZGa8Iph IS2aDEo8anMw750hvXpz11P+Zn9HumW9q7BEapFfRT+9K3fXSKja3C2r/+sB7HDR+6YV8fn4 tLaAg5adlCkCAriMkP6ReJI5aH6n4Noh95+jFollnkx4ig7iP6JCh9QHPkq6QTeyJSPHiOhd nC6s6C2h3GkWB45aU=

Ironport-sdr: qgj1cDKD7cQVnOjOnjfp1jkT2fBM0b73+U1gQkcBTRns3CwnefSbUmz6Yww7FoUe77Cz5vkJni owKIWI6XUbJdJTuEHTMTK0L75mYS0Lrege355s6PaKj8tN/1Gxq153+84TYxbKiaWu01zOw5JS WRja7yhTg2vqaPmgt2gNAuCsd2EkXITeqSBlYXhXrrBtGJ2B944ire+5zMgEsGQeC9OHbOOr2z W2v1s1CaOWvJBJp1nlr6YIEfMO+LloME43yKeZTP4cQ3O13Z/ouAZNQGODXkJnQ7sa2jB3rTnJ 898=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/04/2021 10:11, Jan Beulich wrote: > On 27.04.2021 19:39, Andrew Cooper wrote: >> On 27/04/2021 16:47, Jan Beulich wrote: >>> On 26.04.2021 19:54, Andrew Cooper wrote: >>>> --- a/xen/include/public/arch-x86/cpufeatureset.h >>>> +++ b/xen/include/public/arch-x86/cpufeatureset.h >>>> @@ -232,7 +232,7 @@ XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode >>>> Instruction Prevention */ >>>> XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace >>>> */ >>>> XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */ >>>> XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector >>>> Byte Manipulation Instrs */ >>>> -XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */ >>>> +XEN_CPUFEATURE(CET_SS, 6*32+ 7) /*h CET - Shadow Stacks */ >>>> XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */ >>>> XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */ >>>> XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less >>>> Multiplication Instrs */ >>>> @@ -267,7 +267,7 @@ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* >>>> MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. >>>> XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears >>>> microarchitectural buffers */ >>>> XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT >>>> */ >>>> XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ >>>> -XEN_CPUFEATURE(CET_IBT, 9*32+20) /* CET - Indirect Branch >>>> Tracking */ >>>> +XEN_CPUFEATURE(CET_IBT, 9*32+20) /*h CET - Indirect Branch >>>> Tracking */ >>>> XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used >>>> by Intel) */ >>>> XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ >>>> XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. >>>> */ >>> If by the time 4.16 finishes up the various todo items haven't been >>> taken care of, should we take note to undo these markings? I would >>> have suggested allowing them for debug builds only, but that's kind >>> of ugly to achieve in a public header. >> TBH, I still don't think this should be a public header. If I would >> have forseen how much of a PITA is it, I would have argued harder >> against it. >> >> It is, at best, tools-only (via SYSCTL_get_featureset), and I don't >> intend that interface to survive the tools ABI stabilisation work, as >> it has been fully superseded by the cpu_policy interfaces and libx86. > Well - what features we expose is part of the (or at least something > like an) ABI. Yes, but that ABI is called CPUID and MSRs, per Intel/AMD's spec. VM's see it via the real instructions. Control software sees it via a pair of arrays ({leaf, subleaf, a, b, c, d} and {idx, val}) expressed in terms of the vendors ABI. > The actual numbering of course isn't (or shouldn't be). > I'm in no way opposed to moving the header out of public/ (and until > now I was of the impression that it was you who put it there), but if > we do I think we will want an alternative way of expressing which > extended features we support. I say this in particular because I think > SUPPORT.md doesn't lend itself to documenting support status at this > level of granularity. I'd much rather see that file refer to this > header, even if this may mean some difficulty to non-programmers. We don't need to say or do anything for experimental features. Hitting Tech Preview and supported ought to be in release notes. I do agree that SUPPORT.md isn't great. >> As for the max markings themselves, I'm not sure they ought to be >> debug-only. Its important aspect of making guest support "tech preview" >> to ensure the logic works irrespective of CONFIG_DEBUG, and I think it >> is entirely fine for an experimental feature to be of status "your VM >> will explode if you enable this right now", even if that spills over >> into 4.17. > For a release I consider this undesirable. If a feature is in such a > state at the point of entering the RC phase, I think such markings > ought to be undone. Well no. They either don't go in in the first place, or they go in and stay. Putting them in with an expectation to take them out later is a recipe for forgetting to do so. I know we're making up our "how to do complicated experimental features" process as we go here, but nothing *in Xen* will malfunction if a user opts into CET_SS/IBT. Therefore I think they're fine to go in and stay. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.