Xen project Mailing List

Re: [PATCH 2/3] x86/amd: Enumeration for speculative features/hints

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 7 Sep 2021 17:12:52 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8OsbXCrpG5uZi/MCeMp64W912DDWz+WDnlhKCE3efRQ=; b=H0cSJ4A8CTdxL5zQNVo07fwWmN5V+yy5yAT3R/DCY86JaE78upTgbLcAMGhDHvMMppiKcYbVCETyiblKgaJ98CGLqOubYcIgVtPPMqMf+dXz1Xp5f7RDFOnjm2LsZdo4v834Dj0IqhtrPB7HqO3cgzFRBYry/7l512fPZWJchpEVINbz0PdyLpzEjtdnQBs5g+vyoeb+xg3t6cecPA6ya2vRAQC6dgrk9rj7jQwJ6VfTl+YfiyHOLjWnd/8lAX775cwWbsYUQcHlOOdzvgk/am8CJLXS5fEdVMpioN/xM7U4Lc1vf8cibOCLV3PKOJEJDadwbdouKvWsmWUnXJ2yWw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K7SlWlGwaXyjVtbqpkeq/EzSChgvLRV7UjG0eOT04HZDkCqujU+wBlpWeVuRjFpwMtyBVsxB5ODz944gHYHp2JP24QJ3aKw2k3+HYr/19u/2XX0bkzDE85mvTZFbXEWGNbWViqr3OCX/1H4QIfyIoLgP4sH3lyAJhk4ZuEnfU7EwB8Ypf55URoleztL2ds+BeeVZaBdKJ3yFrzP+uYMCjIjSgjN6twb/pfPGB9NETYyageS2+5j5niPIqtQNA3r6ZprJeJVGkqVasWhfvesrdZlmYqkEcIgduWVJcMy2xjhwpATwZFQlsLFpb9+g/GbyEX+dDRuktKtOoSoM9N1czA==

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 07 Sep 2021 16:13:29 +0000

Ironport-hdrordr: A9a23:Diz7g6NVyot3dcBcT1b155DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjztSWUtN4QMEtQ/OxoS5PwPk80kqQFnbX5XI3SITUO3VHHEGgM1/qb/9SNIVyYygcZ79 YbT0EcMqyBMbEZt7eC3ODQKb9Jq7PmgcPY9ts2jU0dKT2CA5sQnjuRYTzrdHGeKjM2Z6bRWK Dsnfau8FGbCAoqh4mAdzU4dtmGg+eOuIPtYBYACRJiwA6SjQmw4Lq/NxSDxB8RXx5G3L9nqA H+4kLEz5Tml8v+5g7X1mfV4ZgTsNz9yuFbDMjJrsQOMD3jhiuheYwkcbyfuzIepv2p9T8R4Z bxiiZlG/42x2Laf2mzrxeo8w780Aw243un8lOciWuLm72zeBsKT+56wa5JeBrQ7EQt+Ptm1r hQ4m6fv51LSTvdgSXU/bHzJlJXv3vxhUBnvf8YjnRZX4dbQqRWt5Yj8ERcF4pFND7m6bogDP JlAKjnlbZrmGuhHjXkV1RUsZiRtixZJGbAfqFCgL3V79FupgE686NCr/Zv2Evp9/oGOtF5Dq r/Q/1VfBwndL5gUUtHPpZ1fSKAMB2Fffv9ChPhHb3ZLtByB5vske+83Fxn3pDmRHQ3pKFC7q gpFmko7VIPRw==

Ironport-sdr: WeDhx3aZTsNwSrUt37wthJ203zdY78m4pOa6SDNNYr5t0GRjpqseDuASX5YpLqgC4jl2ewWWch d8f2CBraCCkGMPkrasv8pOtI/JaxV6DduaNkzHVV6oVwNft8VKpC/Ht70MEAjdtT64c5D5yTql PTKx/gi37ftDkVUPh4VeAG/tRPFJYv8duy8Vc0QrV//oEz/uoPhTEicKk/lzO0XMRpJqdmwdkl Lsm2QNq4NFP9Ib7ku743FRepIPgknZWsy2uZZ4L1KPi+dceRzV7vHQvYlQiEQB8FcnBuia80Fc lR5UXWG7Em49TbEUJ+6tgPbK

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24/08/2021 16:15, Jan Beulich wrote: > On 24.08.2021 15:26, Andrew Cooper wrote: >> On 19/08/2021 15:47, Jan Beulich wrote: >>> On 17.08.2021 16:30, Andrew Cooper wrote: >>>> There is a step change in speculation protections between the Zen1 and Zen2 >>>> microarchitectures. >>>> >>>> Zen1 and older have no special support. Control bits in non-architectural >>>> MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to >>>> disable Memory Disambiguation (Speculative Store Bypass). IBPB was >>>> retrofitted in a microcode update, and software methods are required for >>>> Spectre v2 protections. >>>> >>>> Because the bit controlling Memory Disambiguation is model specific, >>>> hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which >>>> abstracts the model specific details. >>>> >>>> Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and >>>> virtualise the interface for HVM guests to use. A number of hint bits are >>>> specified too to help guide OS software to the most efficient mitigation >>>> strategy. >>>> >>>> Zen3 introduced a new feature, Predictive Store Forwarding, along with a >>>> control to disable it in sensitive code. >>>> >>>> Add CPUID and VMCB details for all the new functionality. >>>> >>>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> >>> with one suggestion: >>> >>>> --- a/tools/libs/light/libxl_cpuid.c >>>> +++ b/tools/libs/light/libxl_cpuid.c >>>> @@ -274,8 +274,18 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list >>>> *cpuid, const char* str) >>>> {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1}, >>>> {"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1}, >>>> {"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1}, >>>> + {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1}, >>>> + {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1}, >>>> + {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1}, >>>> + {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1}, >>>> + {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1}, >>>> + {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1}, >>> Here and below, how about dropping the "mode" part of the name? >>> I can't seem to be able to think of any other "same" that could >>> possibly apply here. >> ibrs-same is very ambiguous. > I'm curious as to why you think so. Same what? There are load of plausible options, e.g. "privilege". "mode" is the second most important piece of info, behind ibrs. > >> The only other reasonable reasonable >> alternative I can think of is ibrs-psmp as an abbreviation for >> ProvideSameModeProtection. Obviously, the "Provides" bit of that can't >> be dropped. > Then better stay with what you have I would say - for me "psmp" > immediately raises the question "What strange kind of SMP?" > While not tied to any formal naming, I could see "ibrs-sm" as > an option ... That's an initialisation of a shortening, and too far removed from the original context IMO. Given nothing better, I'll stick with ibrs-same-mode. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.