[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] x86/cpuid: Rework HLE and RTM handling


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 27 May 2021 17:20:46 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b9kti0sSeNFYtvJ4yA4eu33vG6aQbwWAzTH/n6j6Z6c=; b=Xh5HmVvXGaolSm/FAAx1JzyfHlk7hlzxIGpi/Rpa3tesPx+WSIyceiHnm/JzWTw+vmflJWBcLm0FvrkN/lQH9BcaSNld8ypjKDfyhR75edKiIRfZp7ddGqO9bQ1pKlBrWqdbG39zVUOxDXTrOt7roGPOKIhisez79RyViL+YgPSJvlebYAuTJPPfaGRgz9hLdDhR1AcFVKgn/oK57xaPKgEUPfyrF/T1Ywii4fn9GIgi73egDNS2jgruXQSxCdv8nzFyu4oQ3avAigo8H+dkCVJxPl9+Pf8Vhkt/0nVbCRk/7RWuoL0bCzmqo1kMI4E0ZbrT9O7i/WFlgNPpDPp0Fg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h8opeJVxUGtClTjpm1QzlLg4SjlNR8fOJYbLG32wdWqHFBpP4OlJCcIfJ4wDoWjnd2rOBeK6vauwCIguhA2rplUZIHJRH7rC/uZxeZOfmBBYHfMg1y4FjsPS+cZ1S5r5O7rH8rrHz9Fewv9vImivvHsN3CAG8mOvkmfZjFFCNBslwUpmJ5ZI29FsQOSmqVhYB6t4SvUvr+RD3LTNb/GQD8pzAfzOGVMiRPpRAGb0B4sSo1e8MWpOBphYvvF89/3mo301Hu07w3g8WJUia+7SKMOLIazfs8LN2ZSd0ERnbEw/+u8SA20O70nm8VhqztyCaxq8veDZ32idz6sZ6SlBZg==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 27 May 2021 15:20:59 +0000
  • Ironport-hdrordr: A9a23:/LzkwKvghcrPG2K7m9/jSS5b7skDRdV00zEX/kB9WHVpm5qj5r mTdZMgpHrJYVcqKRMdcbLpAsO9qBznmKKdjbN8AV7AZniEhILLFuBfBNDZslvd8kTFn4Y36U 4HScdD4bbLbWSS4/yV3OEWeexQuOVuXMqT9IPjJ9YGd3AMV51d
  • Ironport-sdr: cwLL+AXADZOTc+lstAszYwWiaq0GqGwJBXqlm0XFPsxTJ8HTaiaHPspHHXUiJDRlcW6CE02v4C quVb6GWRyAHff/ZILgA/9HuyUw0ph+qtCSVoJK4OTrL8mUsfnGEP5lUi/hhxOu0uq+qRx8C56C CuwRkYmsGPity+pB6tnvcs3VilFHgz8hD8RA89ykgTUO2KW4WnvwDwDD01M1bTwt+3aKOMTKG/ AWaFI7G78hETqEx43chFe1KWSvz70cEv7gfHRY/LmF4F2vlDziXcIB4BGmZcW0PcRf1g86v+YK MOA=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, May 27, 2021 at 02:25:17PM +0100, Andrew Cooper wrote:
> The TAA mitigation offered the option to hide the HLE and RTM CPUID bits,
> which has caused some migration compatibility problems.
> 
> These two bits are special.  Annotate them with ! to emphasise this point.
> 
> Hardware Lock Elision (HLE) may or may not be visible in CPUID, but is
> disabled in microcode on all CPUs, and has been removed from the architecture.
> Do not advertise it to VMs by default.
> 
> Restricted Transactional Memory (RTM) may or may not be visible in CPUID, and
> may or may not be configured in force-abort mode.  Have tsx_init() note
> whether RTM has been configured into force-abort mode, so
> guest_common_feature_adjustments() can conditionally hide it from VMs by
> default.
> 
> The host policy values for HLE/RTM may or may not be set, depending on any
> previous running kernel's choice of visibility, and Xen's choice.  TSX is
> available on any CPU which enumerates a TSX-hiding mechanism, so instead of
> doing a two-step to clobber any hiding, scan CPUID, then set the visibility,
> just force visibility of the bits in the first place.
> 
> With the HLE/RTM bits now unilaterally visible in the host policy,
> xc_cpuid_apply_policy() can construct a more appropriate policy out of thin
> air for pre-4.13 VMs with no CPUID data in their migration stream, and
> specifically one where HLE/RTM doesn't potentially disappear behind the back
> of a running VM.
> 
> Fixes: 8c4330818f6 ("x86/spec-ctrl: Mitigate the TSX Asynchronous Abort 
> sidechannel")
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.