[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL



On 01/02/2022 12:40, Jan Beulich wrote:
> On 01.02.2022 13:28, Andrew Cooper wrote:
>> On 01/02/2022 11:47, Jan Beulich wrote:
>>> On 31.01.2022 16:36, Andrew Cooper wrote:
>>>> Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but 
>>>> guests
>>>> run with the logical OR of both values.  Therefore, in principle we want to
>>>> clear Xen's value before entering the guest.  However, for migration
>>>> compatibility,
>>> I think you've explained this to me before, but I can't seem to put
>>> all of it together already now. Could expand on how a non-zero value
>>> behind a guest's back can help with migration compatibility? At the
>>> first glance I would be inclined to say only what the guest actually
>>> gets to see and use can affect its migration.
>> For VMs which see VIRT_SPEC_CTRL (compatibility with Fam15 thru Zen1),
>> writes of VIRT_SPEC_CTRL.SSBD (probably) need to use
>> SSBD-behind-the-guest's back.  I say probably, because I think this is
>> the least bad implementation option, but until we have working support,
>> it's still a guess.
> So this is future work (and mentioning just this in the description
> would be enough to address my comment)

Near future, but yes.

> , but ...
>
>> For the ultra paranoid, a VM migrating in which can't see PSFD (e.g. for
>> compatibility with Zen2) should have PSFD set behind it's back.
> ... this is something we should be doing right away then?

Except for the second half of this paragraph which was an argument as to
why not.

What OSes expose to userspace for "I need speculative safety" works
whether the kernel can see PSFD or not.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.