[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] x86/spec-ctrl: Use IST RSB protection for !SVM systems
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Mon, 15 Aug 2022 10:26:52 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cCQCyyLFFfrG6dQRFRh2PvV1OSYPMnaeEIoDz+lY5ZE=; b=bHY53VAvuYJl9NmS7aOffbe7e2GJ3oQ6UNRsjU6QClpSq3v5YMXqv1I8oLjU6Ls2cK2LbKVIbuTHvnlV7iLTeSoD+hNe6wikw40ErX1JGc+KErAhVaqtI5HHwM1yHJB/pM34VjgJLIEI0VO13fDURmdvghfPaDfXnOu0pEK5CYAYK4+zT7g/wjfdNyokNV8dQsgDxNi6AyHTIsZnqMT01+6Shvof4TgHuF3UOi7epweGOFSidooAIp6d8Fl/tKrWWhQkAVO+Eqn/p5fmVPPvOi3RR9F85iPWPHvpI03fMOn8zR8GItrIP+atP9XSds5TOdnRRbdS9EAtCwPOwDhgvQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TzofW9Mxik1BxuG+nRC76K2JteZ6LBGFmSnb1hZB/LRqgi0AGW4J0RQzVs/NYOrCTlvGcMSM+rbWaeGCmyfAs3uIHxjAKsL5pBwM0jyD1qRC8Lk+HyyQYR0EC5WzgFxw6/Q68vKmu/1rbQ/mX5bcTEK+e17uDZyyLy1sRQnMQYezSXMXur7E82ct9+Cv47sOg1M+ZtsQqEHrrRUQS2VnmIkBGpNjubW819yq1e0jMGd6xtxeFKIA/MWskZRfCVaVTE9rHBqfv8VsY1gTRxOUYvq7+4/mp1+z8LyIa328LHTOAM+PiHIVDsQQ4MuIzw3iOq9sevr/qvSYHsYzrK7vtw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 15 Aug 2022 08:27:01 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 05.08.2022 12:38, Andrew Cooper wrote:
> --- a/xen/arch/x86/spec_ctrl.c
> +++ b/xen/arch/x86/spec_ctrl.c
> @@ -1327,8 +1327,24 @@ void __init init_speculation_mitigations(void)
> * mappings.
> */
> if ( opt_rsb_hvm )
> + {
> setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
>
> + /*
> + * For SVM, Xen's RSB safety actions are performed before STGI, so
> + * behave atomically with respect to IST sources.
> + *
> + * For VT-x, NMIs are atomic with VMExit (the NMI gets queued but not
> + * delivered) whereas other IST sources are not atomic.
> Specifically,
> + * #MC can hit ahead the RSB safety action in the vmexit path.
> + *
> + * Therefore, it is necessary for the IST logic to protect Xen
> against
> + * possible rogue RSB speculation.
> + */
> + if ( !cpu_has_svm )
> + default_spec_ctrl_flags |= SCF_ist_rsb;
Only now, when I'm about to backport this, it occurs to me to ask: Why
is this !cpu_has_svm rather than cpu_has_vmx? Plus shouldn't this further
be gated upon HVM actually being in use (i.e. in particular CONFIG_HVM=y
in the first place)?
Jan
|