[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/spec-ctrl: Use IST RSB protection for !SVM systems

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 15 Aug 2022 10:26:52 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cCQCyyLFFfrG6dQRFRh2PvV1OSYPMnaeEIoDz+lY5ZE=; b=bHY53VAvuYJl9NmS7aOffbe7e2GJ3oQ6UNRsjU6QClpSq3v5YMXqv1I8oLjU6Ls2cK2LbKVIbuTHvnlV7iLTeSoD+hNe6wikw40ErX1JGc+KErAhVaqtI5HHwM1yHJB/pM34VjgJLIEI0VO13fDURmdvghfPaDfXnOu0pEK5CYAYK4+zT7g/wjfdNyokNV8dQsgDxNi6AyHTIsZnqMT01+6Shvof4TgHuF3UOi7epweGOFSidooAIp6d8Fl/tKrWWhQkAVO+Eqn/p5fmVPPvOi3RR9F85iPWPHvpI03fMOn8zR8GItrIP+atP9XSds5TOdnRRbdS9EAtCwPOwDhgvQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TzofW9Mxik1BxuG+nRC76K2JteZ6LBGFmSnb1hZB/LRqgi0AGW4J0RQzVs/NYOrCTlvGcMSM+rbWaeGCmyfAs3uIHxjAKsL5pBwM0jyD1qRC8Lk+HyyQYR0EC5WzgFxw6/Q68vKmu/1rbQ/mX5bcTEK+e17uDZyyLy1sRQnMQYezSXMXur7E82ct9+Cv47sOg1M+ZtsQqEHrrRUQS2VnmIkBGpNjubW819yq1e0jMGd6xtxeFKIA/MWskZRfCVaVTE9rHBqfv8VsY1gTRxOUYvq7+4/mp1+z8LyIa328LHTOAM+PiHIVDsQQ4MuIzw3iOq9sevr/qvSYHsYzrK7vtw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 15 Aug 2022 08:27:01 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 05.08.2022 12:38, Andrew Cooper wrote:
> --- a/xen/arch/x86/spec_ctrl.c
> +++ b/xen/arch/x86/spec_ctrl.c
> @@ -1327,8 +1327,24 @@ void __init init_speculation_mitigations(void)
>       * mappings.
>       */
>      if ( opt_rsb_hvm )
> +    {
>          setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
>  
> +        /*
> +         * For SVM, Xen's RSB safety actions are performed before STGI, so
> +         * behave atomically with respect to IST sources.
> +         *
> +         * For VT-x, NMIs are atomic with VMExit (the NMI gets queued but not
> +         * delivered) whereas other IST sources are not atomic.  
> Specifically,
> +         * #MC can hit ahead the RSB safety action in the vmexit path.
> +         *
> +         * Therefore, it is necessary for the IST logic to protect Xen 
> against
> +         * possible rogue RSB speculation.
> +         */
> +        if ( !cpu_has_svm )
> +            default_spec_ctrl_flags |= SCF_ist_rsb;

Only now, when I'm about to backport this, it occurs to me to ask: Why
is this !cpu_has_svm rather than cpu_has_vmx? Plus shouldn't this further
be gated upon HVM actually being in use (i.e. in particular CONFIG_HVM=y
in the first place)?

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.