[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 1 Feb 2022 12:28:08 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0UJeKWARNCUtcyjUqQaNonTHuDI9HbUzQ6UuBPM+AfE=; b=mki7C1rsB0TL51LORBn8WggM9aeeVrfaq7wUJHk2c9AnKBOGARNfqZ/iyU0lD4p3s5Cmoe9mukj3mz5bG0Q9IOTgmiy9K8TPFU/mzBr7Aqf6WdEfXxt3v41RfjKyjJA9iCGDxzVd1WmUIED11UqV/NjBakAPoCc9vse3fjyVXha7dDeh7qrkUcxvPS9e4a8y0JgmsKqy5oTkk0Mj7UIULPY1rjZCYjiEjCRX2MycM8cyFeCt57gT2+IAsFcmME7ABqmoirKvAs9FVcp3+3ajvLbl2X/AdJMoegFqUSGQEfPRwdoyoipS/DHX0Cp5XyARpkDy4BWBkeqs3a4Yv9dEqg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y5nQDeQ+u1/zxew9evAu9eJoWVHw/V+uCrAEPobDJwCFx4uPZbUF7cDMGU0v1n9usksic5oSRQfLmXjHU2dmmUc79i1KSzIiIEPTukVOsVmS4bLjPIvycVj11kkmkLVyhFWLeHiPwHq70+rAC7Lo97UGG20OHPAC23CsysRWI3IXfhn/RG6sRjba+ncnbRauwM3zyTzLEWprpsN1a1klMJMKqsBhOCjNLXj8UCEtjaaFZEOXXfzg4C/Kt7sMFXQZqfP473s5WwdEUEZRdkzOqkL3MEEgGq36Q2t9qArJrQLqdOM8/soioyRf7figzth1nyEgN3fT5aH7aRjpExBi8w==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 01 Feb 2022 12:28:36 +0000
  • Ironport-data: A9a23:wIfhna3W/549BQgZhPbD5T52kn2cJEfYwER7XKvMYLTBsI5bpz1Vy DYXDD+AO6yMMWTxcox1aNm3o0NV7JTcnINkGQZtpC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCanAZqTNMEn9700o5w7dh2+aEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqh2OJf5 Y5juayJd1knAfPMnfYmaEJpHHQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1Er8IvNsT0eqgYvWlt12rxBvc6W5HTBa7N4Le02R9u3ZkUQKaDN 6L1bxJ2SSbCfxhAEGxPBZQmmfeS22n7dAVx/Qf9Sa0fvDGIkV0ZPKLWGMrYfJmGSNtYmm6cp 3na5CLpDxcCLtudxDGZtHW2iYfngifTSI8UUrqi+ZZCglee22gSAx0+TkagrL+yjUvWZj5EA xVKoGx09/F0rRH1CImmN/GlnJKallkudfcLPeEK0T/TxJWK4wOLPVNffzEUPbTKq/QKbTAt0 1aImfbgCjpurKCZRBqhy1uEkd+hEXNLdDFfPEfoWSNAuoC++99r0nojW/4+SPbdszHjJd3nL 9lmRgAajq5bs8ME3r7TEbvv02P1/cihouLYC2zqsoOZAuFROdTNi2+AswGzARN8wGCxFAPpU J8swJD20Qz2JcvR/BFhuc1UdF1T296LMSfHnXlkFIQ7+jKm9haLJN4Mu2wuex85bJdYKFcFh XM/XysLvve/21PxNcdKj3+ZUZx2ncAM6/y4PhwrUja+SscoL1LWlM2fTUWRw3rsgCARfVIXY v+mnTKXJS9CU8xPlWPuL89EiOND7n1gmQv7GM6qpzz6gev2TCPEEt8tbQrRBt3VGYvZ+m05B f4FaZvTo/ieOcWjChTqHXk7dA5SdSZjWcGp+qS6tIere2JbJY3oMNeIqZsJcI15haVF0ODO+ 3C2QEhDz1Tjw3bALG23hrpLMdsDhL5z8iA2OzICJ1Gt1yRxaIqj9v5HJZA2YaMm5KpoyvstF 6sJfMCJA/JuTDXb+mtCMcmh/dI6LBn71xiTOyeFYSQke8IyTQL+5dK5LBDk8zMDD3TruJJm8 aGgzA7SXbEKWx9mUJTNcPuqwl7o5Sodlet+UlHmON5WfEmwooFmJzao1q08It0WKAWFzTyfj l7EDRAdrOjLgok07NiW2vzU89b3S7NzRxMIEXPa4LC6MTjh0lCimYIQAvyVeT39VX/v/Pnwb +ti0PyhYuYMm0xHstQgHu8zn74+/dbmu5RT0h9gQCfQd12uB75tfiuG0M1IuvEfz7NVo1LrC EeG+90cMrSVIsL1VlUWIVN9POiE0PgVnBjU7Og0fxqmtHMmouLfXBUAJQSIhQxcMKBxYdEsz uoWscIL7xCy10gxOdGcgyEIr2mBIxTsiUn8Wk321GMztjcW9w==
  • Ironport-hdrordr: A9a23:9qqwY62eYOB+97YwUH5I0wqjBRRyeYIsimQD101hICG9Lfb3qy n+ppsmPEHP5Ar5AEtQ5expOMG7MBfhHQYc2/hRAV7QZniYhILOFvAj0WKC+UyvJ8SazI9gPM hbAtBD4bHLfDpHZIPBkXSF+rUbsZq6GcKT9JzjJh5WJGkAAcwBnmRE40SgYzdLrWF9dMcE/f Gnl616Tk+bCA0qh7OAdx84tob41rj2vaOjRSRDKw8s6QGIgz/twqX9CQKk0hAXVC4K6as+8E De+jaJpJmLgrWe8FvxxmXT55NZlJ/K0d1YHvGBjcATN3HFlhuoXoJ8QLeP1QpF5d1HqWxa1O UkkS1Qefib2EmhJ11dZiGdgzUI5QxerEMKD2Xo2kcL7/aJHg7SQPAx+76xOiGpmnbI+usMjJ 6jlljpxKa+R3n77VTAzsmNWBdwmkWup30+1eYVknxESIMbLKRctIoF4SpuYdo99Q/Bmcsa+d NVfYvhDTdtACSnRmGcunMqzM2nX3w1EBvDSk8eutaN2zwTmHxi1UMXyMEWg39FrfsGOtZ5zv WBNr4tmKBFT8cQY644DOAdQdGvAmiIRR7XKmqdLVnuCalCMXPQrJz85qkz+YiRCdA15Yp3nI 6EXEJTtGY0dU6rAcqS3IdT+hSIW2m5VSSF8LAX23G4gMy0eFPGC1z3dLkeqbrXnxxEOLyoZx +aAuMjP8Pe
  • Ironport-sdr: tTRB0ZNaEt3bSneN/l7m2N+qOFT187TSGiF/u8Y91jtSYoj/3yNaswPajDu1dBxxT8YljR2D6X /02iPtjCyqikR1++H4tWsBwyKag+h48lwMnku4l0GqCdJZUs803IROQFevIg3BXEdqXj6JE3zp c8G6uziTEwlShYjeQVWXENz34UP3mNB0CFhp85HFEznswEt3LqoUIMkF5KQGxcrydMAemQ2Gbx BarMJjonAl5v1Ur71SAuVuv6MSJ6SKr/Ka6U4+ZGb/F61F0HKlRWoaPiUE0Dt+II07YFtlxKp0 RArmX31KHp+XeT1nIcWqAqjz
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYFrhnGKPHuYBRW0udTNFT0Cg4lKx+lY8AgAALVgA=
  • Thread-topic: [PATCH v3 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL
On 01/02/2022 11:47, Jan Beulich wrote:
> On 31.01.2022 16:36, Andrew Cooper wrote:
>> Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests
>> run with the logical OR of both values.  Therefore, in principle we want to
>> clear Xen's value before entering the guest.  However, for migration
>> compatibility,
> I think you've explained this to me before, but I can't seem to put
> all of it together already now. Could expand on how a non-zero value
> behind a guest's back can help with migration compatibility? At the
> first glance I would be inclined to say only what the guest actually
> gets to see and use can affect its migration.

For VMs which see VIRT_SPEC_CTRL (compatibility with Fam15 thru Zen1),
writes of VIRT_SPEC_CTRL.SSBD (probably) need to use
SSBD-behind-the-guest's back.  I say probably, because I think this is
the least bad implementation option, but until we have working support,
it's still a guess.

For the ultra paranoid, a VM migrating in which can't see PSFD (e.g. for
compatibility with Zen2) should have PSFD set behind it's back.  Except
that SSBD also has an appropriate side effect so that existing "I'm a
piece of critical code" signals that have grown in various OSes continue
to do the safe thing on PSFD-capable hardware.  Given that we don't
activate SSBD by default, we shouldn't default disable PFSD behind an
unaware guest either.

That then leaves the meaning of spec-ctrl=ssbd,psfd because ssbd is
currently system wide (if enabled) on AMD.  This series changes that for
HVM guests, and it will change again shortly for PV guests, and this is
obviously the better default behaviour.  But we could have a system wide
option on top of guest support in most cases if someone sees a need.

>> and for performance reasons with SEV-SNP guests, we want the
>> ability to use a nonzero value behind the guest's back.

For completeness, for SEV-SNP, IBRS needs setting to avoid vmentry
issuing IBPB.  More specifically, the VMexit=>Entry path must not clear
IBRS, at which point hardware knows that nothing can have got into the
indirect predictor.


>>   Use vcpu_msrs to hold
>> this value, with the guest value in the VMCB.
>>
>> On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to
>> be atomic with respect to NMIs/etc.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Preferably with the above expansion and with one further style
> issue (see below) taken care of
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks

>
>> --- a/xen/arch/x86/hvm/svm/entry.S
>> +++ b/xen/arch/x86/hvm/svm/entry.S
>> @@ -55,11 +55,23 @@ __UNLIKELY_END(nsvm_hap)
>>          mov  %rsp, %rdi
>>          call svm_vmenter_helper
>>  
>> -        mov VCPU_arch_msrs(%rbx), %rax
>> -        mov VCPUMSR_spec_ctrl_raw(%rax), %eax
>> +        clgi
>>  
>>          /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */
>> -        /* SPEC_CTRL_EXIT_TO_SVM   (nothing currently) */
>> +        /* SPEC_CTRL_EXIT_TO_SVM       Req: b=curr %rsp=regs/cpuinfo, Clob: 
>> acd */
>> +        .macro svm_vmentry_spec_ctrl
>> +            mov    VCPU_arch_msrs(%rbx), %rax
>> +            movzbl CPUINFO_last_spec_ctrl(%rsp), %edx
>> +            mov    VCPUMSR_spec_ctrl_raw(%rax), %eax
>> +            cmp    %edx, %eax
>> +            je 1f  /* Skip write if value is correct. */
> Wold you mind padding the insn operand properly, in line with all
> others nearby?

Oops yes.  Fixed.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.