[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Intended behavior/usage of SSBD setting
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Thu, 20 Oct 2022 15:56:22 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8yFRfr8cnUdEBiJSaoiDbirBa68tKKWtxyevbl7woHE=; b=ZWrYMrwwFzju9bMAm86spiZiMbWb68hvzUGldboo++HHQG9KcYCgE0EPQBsn+85ImuJTu0MU9IprW02sD54aLTzb5Kr3CiU0l3Vr1sbVclUZGiVdXHqIzVCqUwVQIU97uvNzVHdjQgQd/P2gLDZc+RcBQdze5vsyDx40h+Rqevc2ZFloYcOkqGwljgByV1+m2vvUDCrSRfPes0CTdNC8C7Cpw6vx+n0IBKhZ9vewTVLNdWd+Kry5MG2An8johdR9wMwMpfmTXxaAinr54m4BzmweKbEtKri3UWj1vN7HSiafSc9ZOvnaYLkJxekGBXwCO6hPyWRBo7az4X6S21iEOQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hg+9zx13zKJxdT2rHHTH8/S1TO139v8iasHDRnq8Opd2hFl/0RIdKakDTW3MEOSx5ObSkJzeCmZWT1Jl76UvFVrYL2Z+fIFs3r5xYKiCmcsYL4kPWMNQQbEP87g091uNBU/UyEocsbrqfKnSewQfazzqW48TeqvMf5v/2Tj411F/6SBr3NUPgAEdrui+H5Yq38Svh8ldpk7fwVLMrmnmicu9f6ImhaYyWUhBsPzYZ2IlinL7s9zzHLI61BKHRY81LutxZxZSQvaW0dVGfvO0hVy7GVWbwfHN5p/iJaV/3QzwQiugm+0smeyaPSygEze+KIELMz0BKJTQ7Ys/7RYzNQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Thu, 20 Oct 2022 13:56:44 +0000
- Ironport-data: A9a23:MuBnea7mLYw/okl9mhzxCwxRtC/GchMFZxGqfqrLsTDasY5as4F+v mUWUGyAP/iJNDemfNwnaouz8BsFvp6AzNM1Gwo6+Cw1Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvymTras1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPewP9TlK6q4mlB5gZmPakjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5FJTAes tkIGglTYyys17Pu6eylZeBV05FLwMnDZOvzu1lG5BSAVLMKZM6GRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dopTGMl2Sd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iL337KVx3ujMG4UPJrop/lmq3eS/2w0KhAQe2X8oKm/ukHrDrqzL GRRoELCt5Ma9kamU938VB2Qu2Ofs1gXXN84O/037kSBx7TZ5y6dB3MYVXhRZdo+rsg0SDc2k FiTkLvU6SdHtbSUTTeR8+mSpDbrYCwNdzZdPmkDUBcP5MTlrMcrlBXTQ91/EamzyNroBTX3x DPMpy8771kOsfM2O2yA1Qivq1qRSlLhFGbZOi2/srqZ0z5E
- Ironport-hdrordr: A9a23:+oGkUqpxYH5msdDxsm10ozoaV5uwL9V00zEX/kB9WHVpm5Oj+v xGzc5w6farsl0ssREb9uxo9pPwJE800aQFmbX5Wo3SJzUO2VHYVb2KiLGP/9SOIU3DH4JmpM Rdmu1FeafN5DtB/LnHCWuDYrEdKbC8mcjH5Ns2jU0dKz2CA5sQkzuRYTzrdnGeKjM2Z6bQQ/ Gnl7d6TnebCAIqR/X+IkNAc/nIptXNmp6jSRkaByQ/4A3LqT+z8rb1HzWRwx9bClp0sP8f2F mAtza8yrSosvm9xBOZ/2jP765OkN+k7tdYHsSDhuUcNz2poAe1Y4ZKXaGEoVkO0aiSwWdvtO OJjwYrPsx15X+UVmapoSH10w2l6zoq42+K8y7svVLT5ejCAB4qActIgoxUNjHD7VA7gd162K VXm0qEqpt+F3r77WjAzumNcysvulu/oHIkn+JWpWdYS5EiZLhYqpFa1F9JEa0HADnx5OkcYa RT5fnnlbhrmG6hHjHkVjEF+q3tYp1zJGbNfqE6gL3b79AM90oJjHfxx6Qk7wU9HdwGOtt5Dt //Q9RVfYF1P7ErhJ1GdZY8qOuMexjwqEH3QRWvCGWiMp07EFTwjLOyyIkJxYiRCe81Jd0J6d /8bG8=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Oct 20, 2022 at 03:25:38PM +0200, Jan Beulich wrote:
> On 20.10.2022 14:37, Roger Pau Monné wrote:
> > On Thu, Oct 20, 2022 at 01:22:20PM +0200, Jan Beulich wrote:
> >> On 20.10.2022 13:01, Roger Pau Monné wrote:
> >>> Hello,
> >>>
> >>> As part of some follow up improvements to my VIRT_SPEC_CTRL series we
> >>> have been discussing what the usage of SSBD should be for the
> >>> hypervisor itself. There's currently a `spec-ctrl=ssbd` option [0],
> >>> that has an out of date description, as now SSBD is always offered to
> >>> guests on AMD hardware, either using SPEC_CTRL or VIRT_SPEC_CTRL.
> >>>
> >>> It has been pointed out by Andrew that toggling SSBD on AMD using
> >>> VIRT_SPEC_CTRL or the non-architectural way (MSR_AMD64_LS_CFG) can
> >>> have a high impact on performance, and hence switching it on every
> >>> guest <-> hypervisor context switch is likely a very high
> >>> performance penalty.
> >>>
> >>> It's been suggested that it could be more appropriate to run Xen with
> >>> the guest SSBD selection on those systems, however that clashes with
> >>> the current intent of the `spec-ctrl=ssbd` option.
> >>>
> >>> I hope I have captured the expressed opinions correctly in the text
> >>> above.
> >>>
> >>> I see two ways to solve this:
> >>>
> >>> * Keep the current logic for switching SSBD on guest <-> hypervisor
> >>> context switch, but only use it if `spec-ctrl=ssbd` is set on the
> >>> command line.
> >>>
> >>> * Remove the logic for switching SSBD on guest <-> hypervisor context
> >>> switch, ignore setting of `spec-ctrl=ssbd` on those systems and run
> >>> hypervisor code with the guest selection of SSBD.
> >>
> >> * Give the guest the illusion of controlling the behavior, but run with
> >> SSBD always enabled when "spec-ctrl=ssbd" is in effect.
> >
> > Right, I've also thought about this option but forgot to add it to the
> > list. That would limit to only allowing enabling ssbd for the
> > hypervisor code, but not explicitly disabling it, ie:
> > `spec-ctrl=no-ssbd` won't be a valid option.
>
> Well, it would be valid to use to override an earlier "spec-ctrl=ssbd",
> to revert back to whatever the behavior is when no option is specified
> at all. It wouldn't strictly mean "no SSBD at all".
Hm, so using `spec-ctrl=no-ssbd` would mean 'use default value', but
it won't force SSBD off for hypervisor code execution. It would have
to be made clear on the documentation.
So we have 3 options.
Thanks, Roger.
|
