Xen project Mailing List

Re: [PATCH] x86/ucode: Refresh raw CPU policy after microcode load

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 4 May 2023 11:19:34 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JwqknuLbanHrBbQKXOwppLLuBzXBLyYx3ASMR+/7AdY=; b=V+Rw0mEnOsWiWwmnx+uXR6fNQbeWHMVLqfpFDbhH2jTtZNvgiFxGxl9AYjC+2TcfOqmsnAY870pGp3MWLdT4/PU/c64/u0EJapeNcqEXKHMPtr9RQrGdcNdutkQUcbGZZ/hGiX+wlqJgd1Ii+4CAgNcAAHvkkqx0QftLzWMMcPtQz5uJ2MC73/hFy7849IwJTKDifYG4GZ/cAW6xlJAKtsZckvXnxRxUXcPVTh0EzqRwqoGDtPI6NIB4ulHqlqROtVoAT4yyobsqW7NAmm3Ci+TSjUYDvLWGxRRp/F9SYUOIQuPeh+wNFF4TQXyvu9cVLPu8SZ62MA5czRH0R5kVxw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tuv1ZuCnvtBzUSePmJXJUxaH9PCNvJ0LqMyhV+dojnUMgwO2e26uBm7Ax14w995PaLXfygWAa8KtLAsJZcoF6ycpyoXpdWBFJstq7LJ/SgW2pOh7qDfn1VDAk50iLYCD93JkeOuHS7ijm7dTaYHkrfBAiuxe40kYiGC5ngm1S7zZ+p4+QBY8Q2+2YaikjNhoEFo1a+CvTIc9nwMBPGywpKQgZ87bL4HRV3O9ArvGrlv76CLOrtOLBTWsECI2zZRQQe9Vo59gQqnzwl/ICRuR2azI91Ul8YUxunXMChQaB9w1GmfhYrqG4BadkK9CWti2AHNKQAuXeTsT67AzuodlOA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 04 May 2023 10:20:05 +0000

Ironport-data: A9a23:Lfba7a6RpHkqwylLbcBhYQxRtBXGchMFZxGqfqrLsTDasY5as4F+v moWXzjTOP7eN2WmfIp1Ydjk8UMGvMTWz9Q2HVE//nw8Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7ZwehBtC5gZlPa0T4AeH/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5ms vEcMTkcdAu5hLiT752rSM5vu84zM5y+VG8fkikIITDxK98DGMqGb4CUoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnUoojuiF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNtKS+Tmq64y0TV/wEQuGkYobAW9scKZsUm0ZeBtM X5IoSoX+P1aGEuDC4OVsweDiHyOswMYWtFQO/Yn8wzLwa3Riy6GAkAUQzgHb8Yp3OcmSDpv2 lKXktfBAT10rKbTWX+b7q2Trz65JW4SN2BqWMMfZQ4M4t2mrIRtiBvKF4xnCPTs0I2zHizsy TeXqiR4n68UkcMAy6S8+xbAni6ooZ/KCAUy4207Q16Y0++wX6b9D6TA1LQRxa8owFqxJrVZg EU5pg==

Ironport-hdrordr: A9a23:5/cgh6iawKCwC+NFcdqiYLwm5HBQXt4ji2hC6mlwRA09TyXPrb HLoB1773/JYVkqM03I9errBEDiexLhHPxOjrX5Zo3SOTUO0VHARL2Ki7GO/9SKIUPDH4BmuZ uJ3MJFebrN5fQRt7eY3OEYeexQouW6zA==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04/05/2023 9:17 am, Jan Beulich wrote: > On 04.05.2023 10:08, Andrew Cooper wrote: >> On 04/05/2023 8:08 am, Jan Beulich wrote: >>> On 03.05.2023 20:58, Andrew Cooper wrote: >>>> Loading microcode can cause new features to appear. >>> Or disappear (LWP)? While I don't think we want to panic() in this >>> case (we do on the S3 resume path when recheck_cpu_features() fails >>> on the BSP), it would seem to me that we want to go a step further >>> than you do and at least warn when a feature went amiss. Or is that >>> too much of a scope-creeping request right here? >> You're correct that I ought to discuss the disappear case. But like >> livepatching, it's firmly in the realm of "the end user takes >> responsibility for trying this in their test system before running it in >> production". > Okay, with the case at least suitably mentioned > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Thanks, >> For LWP specifically, we ought to explicitly permit its disappearance in >> recheck_cpu_features(), because this specific example is known to exist, >> and known safe as Xen never used or virtualised LWP functionality. > Right, but iirc we did expose it to guests earlier on. And I've used it as > a known example only anyway. Who knows what vendors decide to make disappear > the next time round ... It's true that we used to expose the CPUID bit to guests, but IIRC we never virtualised it correctly which was my justification for hiding the feature bit when I was doing the original work to rationalise what guests saw. Removing LWP was an extraordinary situation, and AMD didn't do it lightly. What they did was sacrifice a fairly expensive LWP errata workaround to make space ucode space for IBPB instead. They hid the CPUID bit (and specifically by modifying the CPUID mask MSR only) because there were no known production users of LWP, and a consequence of the patch, an errata got unfixed. On real AMD systems which used to enumerate LWP, and subsequently ceased to, it was only "normal virt" levels of feature hiding. The LWP CPUID leaf still has real data in it, and you can still use %xcr0.lwp, and the LWP MSRs still function. Software which was genuinely using LWP, not tickling the errata case, and late loaded this patch wouldn't actually have anything malfunction underfoot. >> Crashing on S3 > I may guess you meant to continue "... is bad anyway"? Oops. I was clearly in a rush for my morning meeting. What I meant was "we probably shouldn't crash on S3 resume in this known-ok case". ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.