[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 8/8] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Thu, 27 Jan 2022 17:20:25 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GRlBy3Hcfv97HnRoqUHBr/B7nT/6blkzJcUtfOazMys=; b=YAJTkOyzWvUrXYymqzf9IyaLGjtKAm6k7GNOdgQDsc+Rq38VYLKr6uTVgMVFD8xhH4Q54pRF+F1xhaCn3+lxZLyku7VNKdPKnnwnGu1s5CLhTFTMh6FG8yE4Omhbq/nNFf5zj9i/aV9U/T0OYmg2fYzdmVHNq9eCmphmtMawWg1AMF0bR5gZuMGoMJFZLg2wNm9GNPm1dvuLBXy5sDC+9Tm5T17nIGKv0L3jEpOT4wcscOW6kMpasE/J9cnLHIojKYQ1v+sdodGgpyrZOgmDlm3cwHbQymXh59Gh6+qtbtdeOOI/AKYvCu5e5/N2Kpoh64X+elcCklWwgsgZebMSIg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CQlOzfKD+Czfo8wDB5wegPl5kWkqf2/9pQHNxZYA8ocDSlWViZpj89qT7ldIL+vTSCpk0sSrKTOtxc2aRO8ldnKnSlDmtY3qRpOpvtlouwwflDAfbNEFfpzQpHbPPI4BolJdmdNV8m+dVB7/sPmijgsbfGOAdGNu/bMHeKWqIrS7stq+nSwIOrry6XArAmcXtbgtlJ3tskKol5RWXlFqDHwwDEHrQ2lUxV0DWN768q+t1t0zLLurLLqm0q+YQXI4nFSIEsuWZVs3GWiiklV6zp0akFTQfXFPSO9p58s6yFGA6etpckt5jkAMVhCdZAPos3sWOYlJigWxTdHrrjS7aA==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 27 Jan 2022 17:25:38 +0000
  • Ironport-data: A9a23:5Fw4l6AYg2dDnBVW/8bkw5YqxClBgxIJ4kV8jS/XYbTApG90hjFSz DdKUD2FOf2Da2SgLYhzO4qx/ElUsMTdydNnQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WL6s1hxZH1c+En940007wYbVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/ghSrrvFdx Pt2noWBSSl3Do/sqeInekwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTY+9gnMk8auLsO5sSoCpIxjDFF/c2B5vERs0m4PcGhmxg25AQQZ4yY eITbTExRRLtTCdAZFtKMZllkOCGnmDwJmgwRFW9+vNsvjm7IBZK+KjgNp/Zd8KHQe1Rn12Ev STW8mLhGBYYOdeDjz2f/RqEmevnjS79HoUIG9WQ9PRnnVmSzWw7EwANWB2wpvzRt6Klc4sBc QpOoHNo9PVsshzwJjXgY/GmiHelnC89d9Z+KMYj2QGjlJr2wzefPEFRG1atd+canMMxQDUr0 HqAkNXoGSFjvdWpdJ6NyluHhWjsYHZIdAfucQdBFFJYuIe7/OnfmzqSFo4LLUKjsjHi9dgcK RiupTN2ubgchNVjO06TrQGe2GLESnQko2cICuTrsoCNs1sRiG2NPdXABb3nARBodtvxor6p5 yBspiRmxLpSZaxhbQTUKAn3IJmn5uyeLBrXikN1Ep8q+lyFoiD/JtoLuGogeR80Y67onAMFh meJ52u9A7cIZBOXgVJfOdrtW6zGM4C+fTgaahwkRoUXOcUgHON21CpveVSRzwjQfLsEyskC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eJ1mkgWmD2CLbimn0XP+efPPxa9FOZaWGZim8hktstoVi2Pr YYGXyZLoj0CONDDjt7/qN5KcgtSfCFlXPgbaaV/L4a+H+avI0l4Y9f5yrI9YY112aNTk+bD5 HamXUFEjlH4gBX6xc+iMSE6AF82dZog/389IwI2OlOkhyoqbYq1tf9NfJorZ7g3sudkyKcsH fUCfsyBBNVJSyjGpGtBPcWs8tQ6eUT5nx+KMgqkfCM7I8xqSTvW94K2ZQDo7iQPUHa67JNsv 7262wrHapMfXAA+Xt3OYfeiwgrp73gQke5/RWXSJdxXdBm++YRmMXWp3PQ2P9sNOVPIwT7Dj 1SaBhIRpO/spY4p8YaW2fDY/tnxS+YnRxhUBWjW67qyJBL2xGv7zN8SSvuMcBDcSHjwpPeoa 9JKwqyuK/YAhltL7dZxSu450aIk6tLzjLZG1QA4Tm7TZlGmB748cHmL2c5D6v9EyrND4FbkX 0uO/p9ROKmTOdOjG1kUfVJ3YuOG3PASuz/T8fVqfxmquH4ppOKKARdIIh2BqC1BN78kYooqz NAotNMS9wHi2AEhNcyLj3wM+mmBRpDav37Lan3O7FfXtzcW
  • Ironport-hdrordr: A9a23:N/WmHaMGSGEaXMBcT2X155DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjzjSWE9Qr4WBkb6LW90DHpewKTyXcH2/hsAV7EZnimhILIFvAs0WKG+VPd8kLFh5dgPM tbAstD4ZjLfCJHZKXBkUmF+rQbsaG6GcmT7I+0pRYMcegpUdAa0+4QMHfALqQcfngjOXNNLu v72iMxnUvGRZ14VLXYOlA1G8z44/HbnpPvZhALQzQ97hOVsD+u4LnmVzCFwxY3SVp0sPQf2F mAtza8yrSosvm9xBOZ/XTU9Y5qlNzozcYGLNCQi/ISNi7nhm+TFcZcsvy5zXUISdOUmREXee r30lEd1gNImirsl1SO0F/QMs/boW4TAjHZuASlaDDY0LPErXoBerR8bMRiA0bkAgMbzaFBOO gg5RPpi7NHSRzHhyjz/N7OSlVjkVe1u2MrlaoJg2VYSpZ2Us4akWUzxjIcLH47JlOw1GnnKp gbMOjMoPJNNV+KZXHQuWdihNSqQ3QoBx+DBkwPoNac3TRalG1wixJw/r1Sol4QsJYmD5VU7e XNNapl0LlIU88NdKp4QOMMW9G+BGDBSQ/FdGiSPVPkHqcaPG+lke+73JwloOWxPJAYxpo7n5 rMFFteqG4pYkrrTdaD2ZVamyq9CVlVnQ6dvP22y6IJyIEUdYCbRhFrEmpe4PdIi89vd/HmZw ==
  • Ironport-sdr: B1qimpH4pyBd93MQKgm/MspG8Hlr+M7HQteMCpgVQgAauF66rvFtXcV5HFgrI7VDJe0WWNQPTn 4Y6G28ZAgCT2VO69mAsbDehg03Sz9Se5/504DfYaqWTMbYu8zVp2n1gWlMSPkSc1FZ8n5YDHKX ctQ+vG8gsXr3sHNfc5WaojinWWE2FsiZ+iX/byo396YAFc5wlxx9CGchEfoCJeyVO1S40QWhQJ 15qPfrF0VYR3iiQ5rJ4TmuOEamOUY1RsZ16toH4OIfsOa+Nrx/qgSoztiIxN83P7vcN611Iajo Xv1mj1RaEniWn21XTWnW6KGb
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYEpESkkbYY5JPR0iMlxtcJtQdZax248qAgAA7a4A=
  • Thread-topic: [PATCH 8/8] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default
On 27/01/2022 13:47, Jan Beulich wrote:
> On 26.01.2022 09:44, Andrew Cooper wrote:
>> With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM 
>> guests.
>>
>> Update the CPUID derivation logic (both PV and HVM to avoid losing subtle
>> changes), and explicitly enable the CPUID bits for HVM guests.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> ---
>> CC: Jan Beulich <JBeulich@xxxxxxxx>
>> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>> CC: Wei Liu <wl@xxxxxxx>
>>
>> Given the adjustment to calculate_pv_max_policy(), we could use 'A' rather
>> than 'S' which would avoid a second same-sized diff to cpufeatureset.h, but
>> it's also a bit misleading to say 'A' when the PV side won't engage at all
>> yet.
> I agree with using 'S' at this point for most of them. I'm unsure for
> SSB_NO, though - there 'A' would seem more appropriate, and afaict it
> would then also be visible to PV guests (since you validly don't make
> it dependent upon IBRS or anything else). Aiui this could have been
> done even ahead of this work of yours.

Hmm.  There aren't any AMD CPUs I'm aware of which enumerate SSB_NO, but
it probably ought to be 'A'.  I'll pull this out into a separate change.

>> --- a/xen/arch/x86/cpuid.c
>> +++ b/xen/arch/x86/cpuid.c
>> @@ -433,6 +433,8 @@ static void __init 
>> guest_common_feature_adjustments(uint32_t *fs)
>>       */
>>      if ( test_bit(X86_FEATURE_IBRSB, fs) )
>>          __set_bit(X86_FEATURE_STIBP, fs);
>> +    if ( test_bit(X86_FEATURE_IBRS, fs) )
>> +        __set_bit(X86_FEATURE_AMD_STIBP, fs);
>>  
>>      /*
>>       * On hardware which supports IBRS/IBPB, we can offer IBPB independently
> Following this comment is a cross-vendor adjustment. Shouldn't there
> be more of these now? Or has this been a one-off for some reason?

MSR_PRED_CMD is easy to cross-vendor (just expose the CPUID bit and
MSR), but IIRC the intention here was to be able to configure an Intel
VM with IBPB only and no IBRS.

This was at the same time as the buggy MSR_SPEC_CTRL microcode was out
in the wild and a `1: wrmsr; jmp 1b` loop would reliably take the system
down.


For MSR_SPEC_CTRL, there are three substantially different behaviours. 
This is part of why this series has taken so long to get organised, and
why there's no PV guest support yet.

Attempting to cross-vendor anything related to MSR_SPEC_CTRL will be a
disaster.  Even if you can make the VM not crash (ought to be doable),
it's going to have a very broken idea of its Spectre-v2 safety.

>> @@ -456,11 +458,14 @@ static void __init calculate_pv_max_policy(void)
>>          pv_featureset[i] &= pv_max_featuremask[i];
>>  
>>      /*
>> -     * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of
>> -     * administrator choice, hide the feature.
>> +     * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional
>> +     * availability, or admin choice), hide the feature.
>> +     */
> Unintended replacement of "PV" by "HVM"?

Yes.  Too much copy&paste.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.