Xen project Mailing List

Re: [PATCH 1/3] amd/msr: implement VIRT_SPEC_CTRL for HVM guests on top of SPEC_CTRL

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 9 Mar 2022 18:04:12 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AKdSvgH0ZDjtJ82QEizepRe+KX43zcsKwVMkl7A8GSM=; b=dBeHRf5+aSs8MYLRoxZ3A7ig1XSiIS6lRYhRZKbqfh7vsFjoMVCxnEjcE1EbVoM1gf5RlkNLrUgWebxYxivUJJYOFjSZLb0NE7mvnEKoNFJTfzjTO+yvDVfFBBFlh8sRLgWcYbCkdJVcAfRST1g9V86nCvcMYAEFBUkY7/S+x8acEbspeQbLVGPbR8ytWtv4RxaxVONujb1wqzvfVlFJC5N6nhmtNtyqWVhuVcaTcs3J5DwfZSqUUXtb3FY90yoLmnosU62ef5KdGqY0NmSPKrxXP/S5SlpOAupTEThgvx1mY8geVdQPPtsdNBHyJRXZi4LOFN3h8O8kJBeZXJzoyA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ADNptanbCyeEuuJdq5tXYbZGwgEbcPgaigxyluGf5RtvFkBzaD8BOfkF9hor0NH/NMY3ALwKvdkV+YYfHcx+1i+Hh1vhJiLvMk6Hya05n2JO0QQpH+fnOrzuhGmleYoNsoBT3yhVnlrKx2KnTCxai0yAj1JmF3qsyJ7nRcZiHJFCnqygfQ/Vvn7LNRgFO3HaA8vMbT1HdYZGLEX/mKD1b/MHbfBxNyCKsOhqmngmIQIV5edf3r8wlz/9K4wW24qk4P4SH45fczzw8t94ewvjWaS2j12PDw3hbThEmC2XUgA672X+p0+pTva4Lnf2TRBxNDM1jb30WF/Mt7dZTRTO2A==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 09 Mar 2022 17:04:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 09.03.2022 17:31, Roger Pau Monné wrote: > On Wed, Mar 09, 2022 at 04:40:24PM +0100, Jan Beulich wrote: >> On 09.03.2022 16:03, Roger Pau Monné wrote: >>> On Mon, Feb 14, 2022 at 04:07:09PM +0100, Jan Beulich wrote: >>>> On 01.02.2022 17:46, Roger Pau Monne wrote: >>>>> --- a/docs/misc/xen-command-line.pandoc >>>>> +++ b/docs/misc/xen-command-line.pandoc >>>>> @@ -2273,8 +2273,9 @@ to use. >>>>> * `pv=` and `hvm=` offer control over all suboptions for PV and HVM >>>>> guests >>>>> respectively. >>>>> * `msr-sc=` offers control over Xen's support for manipulating >>>>> `MSR_SPEC_CTRL` >>>>> - on entry and exit. These blocks are necessary to virtualise support >>>>> for >>>>> - guests and if disabled, guests will be unable to use >>>>> IBRS/STIBP/SSBD/etc. >>>>> + and/or `MSR_VIRT_SPEC_CTRL` on entry and exit. These blocks are >>>>> necessary to >>>> >>>> Why would Xen be manipulating an MSR it only brings into existence for its >>>> guests? >>> >>> Well, that's not exactly true. Xen does use VIRT_SPEC_CTRL (see >>> amd_init_ssbd). >>> >>> I'm unsure how to express support for VIRT_SPEC_CTRL, as it does rely >>> on SPEC_CTRL when available. >> >> I wonder whether the command line doc needs to go into this level of >> detail. > > Right, so you would be fine with leaving the command line option > description alone. Yes. >>>>> --- a/xen/arch/x86/include/asm/msr.h >>>>> +++ b/xen/arch/x86/include/asm/msr.h >>>>> @@ -291,6 +291,7 @@ struct vcpu_msrs >>>>> { >>>>> /* >>>>> * 0x00000048 - MSR_SPEC_CTRL >>>>> + * 0xc001011f - MSR_VIRT_SPEC_CTRL >>>>> * >>>>> * For PV guests, this holds the guest kernel value. It is accessed >>>>> on >>>>> * every entry/exit path. >>>>> @@ -301,7 +302,10 @@ struct vcpu_msrs >>>>> * For SVM, the guest value lives in the VMCB, and hardware >>>>> saves/restores >>>>> * the host value automatically. However, guests run with the OR of >>>>> the >>>>> * host and guest value, which allows Xen to set protections behind >>>>> the >>>>> - * guest's back. >>>>> + * guest's back. Use such functionality in order to implement >>>>> support for >>>>> + * VIRT_SPEC_CTRL as a shadow value of SPEC_CTRL and thus store the >>>>> value >>>>> + * of VIRT_SPEC_CTRL in this field, taking advantage of both MSRs >>>>> having >>>>> + * compatible layouts. >>>> >>>> I guess "shadow value" means more like an alternative value, but >>>> (see above) this is about setting for now just one bit behind the >>>> guest's back. >>> >>> Well, the guest sets the bit in VIRT_SPEC_CTRL and Xen sets it on >>> SPEC_CTRL in order for it to have effect. I can use 'alternative >>> value' if that's clearer. >> >> Well, as I tried to express in my earlier reply, I view "shadow value" >> to mean "alternative value", so replacing wouldn't help. The question >> whether it acts like the shadow values we know elsewhere (VMX'es CR0 >> and CR4, for example). If it does, using the same term is of course >> fine. But it didn't look to me as if it would, hence I'd prefer to >> avoid ambiguity. But please realize that I may have misunderstood >> things ... > > No, you are OK to ask. When developing the series I went back and > forth myself deciding whether 'hijacking' the spec_ctrl field to > implement VIRT_SPEC_CTRL was OK. > > If host has AMD_SSBD: VIRT_SPEC_CTRL.SSBD will use the SPEC_CTRL.SSBD > bit in the spec_ctrl field, but it will be set behind the guests back. > If guests sets VIRT_SPEC_CTRL.SSBD but not SPEC_CTRL.SSBD, reads of > SPEC_CTRL.SSBD from guest context will return 0, but the bit will be > set. > > I called it 'shadow' because the underlying SPEC_CTRL.SSBD bit will > get set, but reading SPEC_CTRL.SSBD could return 0 if the bit has been > set from VIRT_SPEC_CTRL. > > Do you think that's a suitable use of 'shadow'? Not sure, but since I don't have a good alternative suggestion, please keep using "shadow". Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.