[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17 3/4] amd/ssbd: remove hypervisor SSBD selection

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 14 Oct 2022 12:34:28 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Al+wj885iQ4kSEujsp3hPPJiciOI+cKJD0CQ1H7TwtU=; b=glAjNyulStSqbQZmsI8zmeOQNHilhqzCjRefN7jBLdvFfww3sXKf6H4tsjvpvMTlA/vBHuQKAqUPz85RhHCKjzxEAMgX9AEUuAeoeYUpKhDvtfedo2LLPhEIqeb6k1dkXi8nGQ3JUg7r68CjmF6wUms8CjET+tJf6XhOS2LBkQoiMXFK6mjMkroB8nMM3i5Fn79V9b6lB51qLibkutC46+c9Wyf5ti6lqTKHFfo4HaD/+O2RIBvxA9Z0l1gOuFm6iEn7Y+uJ3RYRp66QSYTAitmtC0KhBgyc5lHVCtbMvsx60J5c//GfG5xfMHbNizE6zLGHv+wzBz4N3EZazZWRnw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AKesxqDXvwFdTOJP/WVDkg+fUbPTt1JeiigTuBYLDOKCnKmMHsxU/QBrUX7C8RwG2asoq8eXO5YUx3Fdtc6mJij3oi0E6Hh/5ygFG5RTUWQKZvuu3T56a6tqRCo7YQalYazUT4i/jgwc3N+xC3GtKMqYKQ97AH+jveIvgxOAWwORFeQ2AovU+Cl/3QTJXSQblraBK26QsOoD6v7Vk7j3sdDSz1pImMDsMvs/WtIIE1iTxPyIUQ7IGCDI1KXMSOhtEbSsE1wD0zqzGhQBPtNQV2ZQ9XU/Lflj5O/x8MnypzmQOBkm+12OV0YTl9d7wRB+X0YIKGbvKke61keRIAmIlQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Henry.Wang@xxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 14 Oct 2022 10:34:45 +0000
  • Ironport-data: A9a23:RqlUV6NG+0JkgInvrR16lsFynXyQoLVcMsEvi/4bfWQNrUp0gWNRx jdLXmyHPPiLM2Wketp1YYSypx8EucTRy4dlGQto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6j+fQLlbFILasEjhrQgN5QzsWhxtmmuoo6qZlmtH8CA6W0 T/Ii5S31GSNhnglbwr414rZ8Ek15ayr5GtC1rADTasjUGH2xiF94K03fcldH1OgKqFIE+izQ fr0zb3R1gs1KD90V7tJOp6iGqE7aua60Tqm0xK6aID76vR2nQQg075TCRYpQRw/ZwNlPTxG4 I4lWZSYEW/FN0BX8QgXe0Ew/ypWZcWq9FJbSJQWXAP6I0DuKhPRL/tS4E4eFpMFxKVVAk90/ O0qDT0Kdjugh+fv6efuIgVsrpxLwMjDGqo64ykl5xeGSPEsTNbEXrnA4sJe0HEonMdSEP3CZ s0fLz1ycBDHZB4JMVASYH48tL7w2j+jLHsH8BTM/fNfD2v7lWSd1JD3N9XYYJqSTNh9lUeEv GPWuW/+B3n2MfTPkGrZriLy3IcjmwvDe90WFr2op8dTu0ei5mATVAEoa3KS9KzRZkmWHog3x 1Yv0igkoLU29UerZsLgRBD+q3mB1jY8VtxKAqsF4QeC4qPO5kCSAW1sZjxcbN0rsucmSDps0 UWG9/vyHiBmurCRTXOb95+XoCm0NCxTKnUNDQcbSSMV7t+lp5s85jrfQ9AmHKOrg9ndHTDr3 yvMvCU4n68Uj8MAy+O851+vvt63jp3ATwpw7AOIWGugt1t9fNT8P9Xu7kXH5/FdKorfVkOGo HUPh8mZ6qYJEI2JkyuOBu4KGdlF+sq4DdEVunY3d7FJythn0yTLkVx4iN2mGHpUDw==
  • Ironport-hdrordr: A9a23:u5XtLK9s7honZd4S/7Fuk+FDdb1zdoMgy1knxilNoENuH/Bwxv rFoB1E73TJYVYqN03IV+rwXZVoZUmsjaKdhrNhRotKPTOWwVdASbsP0WKM+V3d8kHFh41gPO JbAtJD4b7LfCdHZKTBkW6F+r8bqbHokZxAx92uqUuFJTsaF52IhD0JbjpzfHcGJjWvUvECZe ehD4d81kydUEVSSv7+KmgOXuDFqdGOvJX6YSQeDxpizAWVlzun5JPzDhDdh34lInty6IZn1V KAvx3y562lvf3+4hjA11XL55ATvNf60NNMCOGFl8BQADTxjQSDYphnRtS5zXkIidDqzGxvvM jHoh8mMcg2w3TNflutqR+o4AXk2CZG0Q6W9XaoxV/Y5eDpTjMzDMRMwahDdAHC1kYmtNZglI pWwmOwrfNsfF/9tRW4w+KNewBhl0Kyr3Znu/UUlWZjXYwXb6IUhZAD/XlSDIwLEEvBmc0a+d FVfY/hDcttABKnhyizhBgu/DXsZAV4Iv6+eDlMhiTPuAIm30yQzCMjtb4idzk7hdAAoqJ/lp T525RT5c9zp/AtHNNA7cc6ML+K4z/2MGXxGVPXB2jbP4c6HF+Ig6LLwdwOlZKXkdozvdAPpK g=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Oct 14, 2022 at 11:00:10AM +0200, Jan Beulich wrote:
> On 14.10.2022 10:17, Roger Pau Monné wrote:
> > On Thu, Oct 13, 2022 at 04:20:45PM +0200, Jan Beulich wrote:
> >> On 13.10.2022 15:50, Roger Pau Monné wrote:
> >>> On Wed, Oct 12, 2022 at 10:30:45AM +0200, Jan Beulich wrote:
> >>>> On 11.10.2022 18:02, Roger Pau Monne wrote:
> >>>>> @@ -2365,12 +2365,6 @@ On hardware supporting STIBP (Single Thread 
> >>>>> Indirect Branch Predictors), the
> >>>>>  By default, Xen will use STIBP when IBRS is in use (IBRS implies 
> >>>>> STIBP), and
> >>>>>  when hardware hints recommend using it as a blanket setting.
> >>>>>  
> >>>>> -On hardware supporting SSBD (Speculative Store Bypass Disable), the 
> >>>>> `ssbd=`
> >>>>> -option can be used to force or prevent Xen using the feature itself.
> >>>>
> >>>> Why would we want to take away this level of control? Shouldn't we turn 
> >>>> this
> >>>> on while in Xen if so requested? Which would then either mean enabling 
> >>>> it on
> >>>> VMEXIT if a guest has it off, or running with it turned on using the OR 
> >>>> of
> >>>> guest and host settings.
> >>>
> >>> Right, but then we need to context switch the value on vm{entry,exit}
> >>> which is problematic.  I could move the context switch code code out
> >>> of the GIF=0 region, and assume that NMIs executing with the guest
> >>> selection of SSBD are OK.
> >>>
> >>> Alternatively setting ssbd= on the command line could be taken as a
> >>> value to enforce for the whole system and prevent guest attempts to
> >>> change it, not exposing VIRT_SSBD, AMD_SSBD or SSBD (haven't
> >>> looked at whether not exposing the SSBD CPUID related to
> >>> SPEC_CTRL.SSBD will have impact on other features).
> >>
> >> That would be my preference (albeit I'm uncertain about the "not exposing"
> >> part, as we don't want to misguide guests into thinking they're unsafe or
> >> can't guarantee safety when requested by user mode code), but ...
> > 
> > For ssbd=1 we could expose the SSBD controls, as the guest trying to
> > turn it off would have no effect and it would still be protected.
> > 
> > OTOH if the user sets ssbd=0 on the command line then exposing the
> > SSBD controls to the guest would be misleading, as the guest setting
> > SSBD will have no effect and thus it won't be protected when it thinks
> > it is.
> 
> Irrespective of your subsequent reply: Unlike "cpuid=no-ssbd",
> "spec-ctrl=no-ssbd" ought to affect only Xen itself:
> 
> "On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=`
>  option can be used to force or prevent Xen using the feature itself."

So that brings us back to having to context switch SSBD on guest entry
and exit, and we could only do the SSBD switch at context switch if no
ssbd= option is used.

That would also prevent us from dropping the synthetic feature leaf.

I will wait for Andrews opinion on this one, I would like to make sure
we have reached consensus before I send a new version.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.