[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 24 Aug 2022 14:36:01 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9SBi/QAeVC+RyyzPvwa4UwQ9YIK4Ue1QN8J+f3w0pQs=; b=EHdzc/Pn6SBoIKklw8FIwTiiVt35u8VQxqCUqTPQ0Gmq3VbkEMOxgfWAxG8kLOfyRXk866JGT8jVM5sKQaUz7s4wwVplWeMTmj9x7d0FCeoGwEU/KzxPk0nc1gyIH91BAamIi6e3dDTvViQjnNYGO887qYGail1EMcv6QZaXSUncbPRWP1P/blij5szTOfu2nS6xY5DhH0Oe+VksztDftfI5kLFLDc4LXNki1M6F33coegTlOABnrHCl564oaiuehVRlfRGJUgTVVlF3CAW/AkNVuBMOEbQTNRpmDTw46lSdQIGCIe0aLc/4cu1YMAaNiy+8nOEQHFxP3LqGQO1y9w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BM65PopIy3fjoTxYYJ/Gvba3T/KzN5fL7b/uLDRtKNxmvggXT4kmySd6d7gf96QGQwr/f1uZwqHW2DcEnUDI6/T2k2DA1bIa1/IetylcD8TZgK5DtfoLze1/xVRkCZGIKIitQyc8xplPaVIoFjW04qiZP+K0201zN7aINoCTr4qDgjB+VwzV3GNpXu58Mvd8IyiezBAmkh0Kch8oMBwnz/KcCCFwH6muv3rhpWETYNvYVGUUKlgA1RLk8GsjmXHKJ8TOTOBraYHYl64QFFKJgT97hO8olRa235DaL1HPkgzgT7hj+7RDtWE4DCi/CqiWeETlmGdsdMAD5DTcnNIyAA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 24 Aug 2022 12:36:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24.08.2022 14:19, Andrew Cooper wrote:
> On 24/08/2022 07:00, Jan Beulich wrote:
>> On 23.08.2022 12:48, Andrew Cooper wrote:
>>> On 23/08/2022 10:27, Jan Beulich wrote:
>>>> On 23.08.2022 10:59, Andrew Cooper wrote:
>>>>> But this is going to further complicate my several-year-old series
>>>>> trying to get Xen's XSTATE handling into a position where we can start
>>>>> to offer supervisor states.
>>>> Where do you see further complication? The necessary fiddling with XSS
>>>> here would of course be dependent upon p->xstate.xsaves alone (or,
>>>> maybe better, on the set of enabled features in XSS being non-empty),
>>>> but that's simply another (inner) if().
>>>>
>>>> As an aside, I actually wonder what use the supplied size is to user
>>>> mode code when any XSS-controlled feature is enabled: They'd allocate
>>>> a needlessly large block of memory, as they would only be able to use
>>>> XSAVEC.
>>> This field is an already known kernel=>user infoleak.  There are threads
>>> about it on LKML.
>>>
>>> But it does highlight another problem.  This change does not fix Linux
>>> on AMD Zen3 hardware, where the kernel will find the CPUID value larger
>>> than it can calculate the size to be, because Xen's use of CET-SS will
>>> show up in the CPUID value.
>> Why would that be? We don't even have CET related defines for XCR0, so
>> we don't enable the states in XSS. And I don't see why we would. Even
>> for other XSTATE-managed but not XSTATE-enabled features we could
>> clear the respective bits around the CPUID invocation (just like we
>> may need to set some in XSS). We'd be in trouble only for any XSTATE-
>> enabled feature that we make use of ourselves.
> 
> It's not Xen's CPUID invocation which is relevant.  It's the guest
> kernels, which goes straight to hardware because AMD still doesn't have
> CPUID faulting.
> 
> And yes, right now none of Xen's CET state shows up in XSTATE, but that
> needs to change in order to support CET in HVM guests if we don't want
> an enormous extra overhead in the general context switch path.

Right. HVM guests, though, aren't affected by the CPUID limitation you
name for AMD. And PV guests could continue to be run with the bits off
in XSS (we need to context switch XSS and XCR0 anyway).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.