[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] x86/Xen: make use of IBPB controlling VM assist

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 14 Feb 2023 17:13:34 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VV1pzylMtiJbaf1DCMAdNM/POHYJ2+zwgryBLilgFJw=; b=di6OfBmhfou6ytaCxRPRqDG1ny8U88g8driL7OY2cY9NDjvINxJPMxIeYfMuO1e7jQNvnPCt1J7VvJFEplDErgxUSNJakbuqvC2PaVXXcmBi0gFIJlHfaNtZshfTa9/jg9sF8MbMkGxoWzxlKI0KkgRllxitm12/2HAdMlNGcspDCeWQBTcpLMyzodb3c9dJIj6f/cGTNz0w6+tKn2J8Choi1h/PIfektidsQEFPoP8hdVkiA0FHjEvsdv5vJ9/y+kcMklt10w1A2KC09dtV7Aeahm6P+KNcy+RoCGFoaF5GS4ToTtmQ5mTkfCGFYBFhoMrmIdVGSYlAaZhm53/uSw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yktr3axx8Bo53bYH9AmnGi+1CSs9jE1AveqZoO1ztUCo4OdQcNvXoq/psQ71GkQhCFmP3dECvhjkNmA9RGIuZ4Hc1GIYrIwKCm3UZ9WCWkvqy7eTGEXiReSheJ8waR84T6rBTNX9QJEmOx0lgRLR1QiwmIJVHn85bReZDE1X9f7O0l3POK6iwr0oq9Hm8R/PJe5p2yaJPvLkmjFjIgtaT2lq4Kdi0ERayvSlPyDepocAVd/EjNEsQiUYVP7NWB7G0IIY4LFQ5Mc6QIFO0qLz9v47BoJ5BBcZ7ftFIelQKD6lt/U6SzCOzoudNWbQNfRKDvsfVX3y7jimCAEa/ogRPA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
  • Delivery-date: Tue, 14 Feb 2023 16:13:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
If this VM assist is available (to PV guests only), use it to
- avoid issuing an IBPB ourselves upon entry from user mode (which the
  hypervisor would then have to emulate, as the MSR write traps),
- suppress the IBPB in the hypervisor if we don't mean to have one
  issued.

As there's no good place to have xen_vm_assist_ibpb() as an inline
function, make it an init-only out-of-line one.

While adjusting the Xen public header, drop the unused and no longer
applicable MAX_VMASST_TYPE (instead of modifying its value).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/arch/x86/include/asm/xen/hypervisor.h
+++ b/arch/x86/include/asm/xen/hypervisor.h
@@ -43,6 +43,8 @@ static inline uint32_t xen_cpuid_base(vo
        return hypervisor_cpuid_base("XenVMMXenVMM", 2);
 }
 
+int xen_vm_assist_ibpb(bool enable);
+
 struct pci_dev;
 
 #ifdef CONFIG_XEN_PV_DOM0
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -18,6 +18,8 @@
 #include <linux/pgtable.h>
 #include <linux/bpf.h>
 
+#include <xen/xen.h>
+
 #include <asm/spec-ctrl.h>
 #include <asm/cmdline.h>
 #include <asm/bugs.h>
@@ -32,6 +34,7 @@
 #include <asm/intel-family.h>
 #include <asm/e820/api.h>
 #include <asm/hypervisor.h>
+#include <asm/xen/hypervisor.h>
 #include <asm/tlbflush.h>
 
 #include "cpu.h"
@@ -934,7 +937,8 @@ do_cmd_auto:
                break;
 
        case RETBLEED_MITIGATION_IBPB:
-               setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+               if (!xen_pv_domain() || xen_vm_assist_ibpb(true))
+                       setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
                mitigate_smt = true;
                break;
 
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -294,6 +294,17 @@ int xen_panic_handler_init(void)
        return 0;
 }
 
+int __init xen_vm_assist_ibpb(bool enable)
+{
+       /*
+        * Note that the VM-assist is a disable, so a request to enable IBPB
+        * on our behalf needs to turn the functionality off (and vice versa).
+        */
+       return HYPERVISOR_vm_assist(enable ? VMASST_CMD_disable
+                                          : VMASST_CMD_enable,
+                                   VMASST_TYPE_mode_switch_no_ibpb);
+}
+
 void xen_pin_vcpu(int cpu)
 {
        static bool disable_pinning;
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -940,6 +940,13 @@ static void __init xen_pvmmu_arch_setup(
        HYPERVISOR_vm_assist(VMASST_CMD_enable,
                             VMASST_TYPE_pae_extended_cr3);
 
+       /*
+        * By default suppress the hypervisor issuing IBPB on our behalf.  In
+        * the RETBLEED_MITIGATION_IBPB case the VM assist will be disengaged
+        * again in retbleed_select_mitigation().
+        */
+       xen_vm_assist_ibpb(false);
+
        if (register_callback(CALLBACKTYPE_event,
                              xen_asm_exc_xen_hypervisor_callback) ||
            register_callback(CALLBACKTYPE_failsafe, xen_failsafe_callback))
--- a/include/xen/interface/xen.h
+++ b/include/xen/interface/xen.h
@@ -413,7 +413,15 @@ DEFINE_GUEST_HANDLE_STRUCT(mmuext_op);
  */
 #define VMASST_TYPE_runstate_update_flag 5
 
-#define MAX_VMASST_TYPE 5
+/*
+ * x86-64 guests: Suppress IBPB on guest-user to guest-kernel mode switch.
+ *
+ * By default (on affected and capable hardware) as a safety measure Xen,
+ * to cover for the fact that guest-kernel and guest-user modes are both
+ * running in ring 3 (and hence share prediction context), would issue a
+ * barrier for user->kernel mode switches of PV guests.
+ */
+#define VMASST_TYPE_mode_switch_no_ibpb  33
 
 #ifndef __ASSEMBLY__

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.