Xen project Mailing List

[PATCH v3 2/4] x86/spec-ctrl: defer context-switch IBPB until guest entry

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 25 Jan 2023 16:26:09 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3hzT4IxLbkKQPfXvLmEol5is+s4A37v/BAV/NZrhc5o=; b=n7a4k7R3vTNQPKtW4XWZBNdVmouCUvLIEBnhCPHnRYy88NTSWxikVAb6ObhdMHH52Y6cAXlPfqSEYlWwyEhHsMnHB5qpJpelyHa2DLrVnTO6L1PR3oRYGUuGAn84srTGGjqawdBe6yengvrSI4awYGKDpBHTsjviAf9Kj8yZakf9sOlZA9ChYOjju2n99a9DOFD3xT11RL70tN0321baZ8ifHgfnPaijhdG9P1qmc3wG0aUEDRQlXcCjG2lFoSApKhJL68yEPSlTT33Cdtr7vNMfBtNdbcNDrw8RZlVC3G/qMMVB1/Eto+kj0K0TJBGdFeiPXbfCMYVPsM+NaE+ARA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hOm0XeuodWHgs+yabik/SXDquFfo4rfPyVOeBtdw8w8xF0BaWzVgBdm52r3V6MiZZStFNl9wE4/MQhvB7rNlkecyia03bpUw9KLlesyubv9nWYpFz/HkSlw1TveebEv/EyB0dM93stxRqMyIEUcZ36+9gZjFSYq3z9L2kZFcN8Y7gJP1H0bhcr7pbhGgKMufDlQLJHgtDI1TvLnoXhVDZ4DKT05vlpotPiZkeXEMy9I2T6WWL1cPejv7rfzrjqSwfEahe/aXFjRYZAFYGk9VDb49bgO+nf9Nk/CWFknlZofU8LTNjPUdClu5ZkwJD7SPqDfaA71iNIWvOxsMyFWAiw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 25 Jan 2023 15:26:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

In order to avoid clobbering Xen's own predictions, defer the barrier as much as possible. Merely mark the CPU as needing a barrier issued the next time we're exiting to guest context. Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- I couldn't find any sensible (central/unique) place where to move the comment which is being deleted alongside spec_ctrl_new_guest_context(). --- v3: New. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2038,7 +2038,7 @@ void context_switch(struct vcpu *prev, s */ if ( *last_id != next_id ) { - spec_ctrl_new_guest_context(); + info->spec_ctrl_flags |= SCF_exit_ibpb; *last_id = next_id; } } --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -67,28 +67,6 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -/* - * Switch to a new guest prediction context. - * - * This flushes all indirect branch predictors (BTB, RSB/RAS), so guest code - * which has previously run on this CPU can't attack subsequent guest code. - * - * As this flushes the RSB/RAS, it destroys the predictions of the calling - * context. For best performace, arrange for this to be used when we're going - * to jump out of the current context, e.g. with reset_stack_and_jump(). - * - * For hardware which mis-implements IBPB, fix up by flushing the RSB/RAS - * manually. - */ -static always_inline void spec_ctrl_new_guest_context(void) -{ - wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); - - /* (ab)use alternative_input() to specify clobbers. */ - alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET, - : "rax", "rcx"); -} - extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -854,6 +854,11 @@ static void __init ibpb_calculations(voi */ if ( opt_ibpb_ctxt_switch == -1 ) opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); + if ( opt_ibpb_ctxt_switch ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_PV); + setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_HVM); + } } /* Calculate whether this CPU is vulnerable to L1TF. */

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.