[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wake-up from suspend to RAM broken under `retbleed=stuff`

  • To: Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Joan Bruguera <joanbrugueram@xxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 11 Jan 2023 11:39:57 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Npg4FEh7fyagYb+edMrpBphe4PX+wjiTOlTdbORlpiw=; b=NcxYxjRIVWzXsBw0/rCBpVQB7SQ9K8QFdojr88LyElAi2sH6mN8POPc8zICX+CGUy5LYPES6ia2L1P4KYOgIcj9cVqw1Tz39C8fEb1VbQA8gT9VISI/Y1PTBRJR0NNoo980uqW3CRuczC3HQcMe3TZVXE6z0rY1IUuOfvzu39Fz2Rqnm7ODfT6iOjCg2aAgXJfx2rEA/wyknqtMciDbWH9VMC1bUUsbxP63S85Wjd9C+hzLTwTnxZhU7w8Ahc6J7VI1h/cnGeemYlb4iJdaSK7iHPHYa5v/NwOAHKdU+eGkzIKHIE4FdqX7/Az9A+Fbfh0nmIoYBX1ndohQw7XTBwQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n9z0banVAMugsDsjsV0tOampXUeLXbTxzTf1kK7yOrDGo4UTiVNUXQSLuT+uqjTEmU3Hb1XLRVOfb8A9/LJqSBXJ0BJu32KIHrW8WO4B7UY2OfrdngNxNwNIuiM5viXA/FaMRWEpUGv7Ks1UU3q3AeE+JBH+QZ+weidcSBRn7btv3PettSk+wjkILIib8xNSao4l7spHfKbaaqMzvv2WSXnoQgxIvM0aNItLIg3VbRNs+UlDFUoCdpi2eloKZz6fmrlYy60SuzvWCtGLw5COWuzzp7Z61HOrqDggcl+h/5X8vBUo5YgNqPCEdfk9ukzadDuW3uufftELXDnF0gqXNw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Rafael J. Wysocki" <rafael@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 11 Jan 2023 11:40:15 +0000
  • Ironport-data: A9a23:IpC0JqMbyQodUq3vrR0QlsFynXyQoLVcMsEvi/4bfWQNrUoi3mcCm DZLC2vQPffbZzfwfI92Ydu+8RkP7MDWyNdmHgto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6jufQA+KmU4YoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9SuvzrRC9H5qyo42tB5wVmPJingXeF/5UrJMNHTU2OByOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0qFLAUp02 d1AFGAcfjWInNKMxKyHVOY506zPLOGzVG8ekldJ6GiDSNwAEdXESaiM4sJE1jAtgMwIBezZe 8cSdTtoalLHfgFLPVAUTpk5mY9EhFGmK2Ee9A3T+PdxujeIpOBy+OGF3N79U9qGX8hK2G2fo XrL5T/RCRAGLt2PjzGC9xpAg8eexH6rAd1PStVU8NZqsAKU+mZQFiEVUHm3mt6yrXPhQo1mf hl8Fi0G6PJaGFaQZsHwQxCislaFuBAGUtZdGuF87xuCooLW5A+fDHIZQSNMctUjnMAzTD0uk FSOmrvBAT1pra3QSn+H8LqQhS29NDJTLmIYYyIACwwf7LHLsNFtphHCVNBuFOiylNKdMS3/x yCiqCk4mqkJisgKx+O38DjvgT22oYPSZhUo/QiRVWWghitjbYCsaoiA6lXB6/tEaoGDQTGpr HUC3sST8u0KJZWMjzCWBvUAGqmz4PSIOyGahkRgd7Ej/Tmw/3+ofahL/SpzYkxuN645lSTBZ UbSvUZb4s9VNX7zN6tvOdvuUIIt0LTqEsnjWrbMdN1Sb5NtdQiBuiZzeUqX2GOrm08p+U0iB aqmnQ+XJS5yIcxaIPCeHo/xDZdDKvgC+F7u
  • Ironport-hdrordr: A9a23:aMabnKi4ttMCk/3wriADwlyW4XBQXh0ji2hC6mlwRA09TySZ// re+sjztCWVtN91YhodcL+7WZVoLUmskKKdgrNhRItKPjOWwFdARbsKheSN/9SJIVyEygc379 YFT0ERMqyWMXFKyevBzU2fNf1I+rW6GaaT79v2/jNWYTsvQYdGwCdWNj2yL21RY019KadRLu v+2uN34zWhfHgMbte2HBA+MtTrrcHQiZTjbQUnKnccmWuzsQ8=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZJa6+C7zgK+BmnkyxcC0/cTTk966ZF36A
  • Thread-topic: Wake-up from suspend to RAM broken under `retbleed=stuff`
On 11/01/2023 11:20 am, Peter Zijlstra wrote:
> On Mon, Jan 09, 2023 at 04:05:31AM +0000, Joan Bruguera wrote:
>> This fixes wakeup for me on both QEMU and real HW
>> (just a proof of concept, don't merge)
>>
>> diff --git a/arch/x86/kernel/callthunks.c b/arch/x86/kernel/callthunks.c
>> index ffea98f9064b..8704bcc0ce32 100644
>> --- a/arch/x86/kernel/callthunks.c
>> +++ b/arch/x86/kernel/callthunks.c
>> @@ -7,6 +7,7 @@
>>  #include <linux/memory.h>
>>  #include <linux/moduleloader.h>
>>  #include <linux/static_call.h>
>> +#include <linux/suspend.h>
>>  
>>  #include <asm/alternative.h>
>>  #include <asm/asm-offsets.h>
>> @@ -150,6 +151,10 @@ static bool skip_addr(void *dest)
>>      if (dest >= (void *)hypercall_page &&
>>          dest < (void*)hypercall_page + PAGE_SIZE)
>>              return true;
>> +#endif
>> +#ifdef CONFIG_PM_SLEEP
>> +    if (dest == restore_processor_state)
>> +            return true;
>>  #endif
>>      return false;
>>  }
>> diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
>> index 236447ee9beb..e667894936f7 100644
>> --- a/arch/x86/power/cpu.c
>> +++ b/arch/x86/power/cpu.c
>> @@ -281,6 +281,9 @@ static void notrace __restore_processor_state(struct 
>> saved_context *ctxt)
>>  /* Needed by apm.c */
>>  void notrace restore_processor_state(void)
>>  {
>> +    /* Restore GS before calling anything to avoid crash on call depth 
>> accounting */
>> +    native_wrmsrl(MSR_GS_BASE, saved_context.kernelmode_gs_base);
>> +
>>      __restore_processor_state(&saved_context);
>>  }
> Yeah, I can see why, but I'm not really comfortable with this. TBH, I
> don't see how the whole resume code is correct to begin with. At the
> very least it needs a heavy dose of noinstr.
>
> Rafael, what cr3 is active when we call restore_processor_state()?
>
> Specifically, the problem is that I don't feel comfortable doing any
> sort of weird code until all the CR and segment registers have been
> restored, however, write_cr*() are paravirt functions that result in
> CALL, which then gives us a bit of a checken and egg problem.
>
> I'm also wondering how well retbleed=stuff works on Xen, if at all. If
> we can ignore Xen, things are a little earier perhaps.

I really would like retbleed=stuff to work under Xen PV, because then we
can arrange to start turning off some even more expensive mitigations
that Xen does on behalf of guests.

I have a suspicion that these paths will be used under Xen PV, even if
only for dom0.  The abstraction for host S3/4/5 are not great.  That
said, at all points that guest code is executing, even after a logical
S3 resume, it will have a good GS_BASE  (Assuming the teardown logic
doesn't self-clobber.)

The bigger issue with stuff accounting is that nothing AFAICT accounts
for the fact that any hypercall potentially empties the RSB in otherwise
synchronous program flow.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.