[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/6] x86/cpu-policy: MSR_ARCH_CAPS feature names

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 16 May 2023 13:56:30 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pTJ8dqIoUz5dD8/hena/jJbV1TPDKcWDlD2f6+2LorI=; b=IBlmvXzKqasdb6qZpPGtqDFSQOVve+1XFp141eULRPcbGrIwOpUktmBKHjOec2yMc7FK1EhtlJfs9Bbx98zB4nGOKadlM6t3L0r1386pL5xxpRgeo4aB3SdOR5M7MUyyypphpVioLOZQEOuRpzZnCjnOgGWhPY3QlqRbu8MCku1kjfK/GIlTGQqF/byRrj8xXErOFec6yNup5hEXNY2r3pM1I07nnQicKtKQkbZV0OLS+BClbONEugyzD07hsfXUb03zOKY28inMeUgSjopfB3kzdrRxpl/Lx8wE6AlSUT9NQd5q4UiisaIyCf1PTfydEiTa8Rly48BunBQ1uxbq3w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tzy3vsZzWGu1rzpXVfobulIvqjsEytuJSwVfytWNr+Zl1YudfXamVZU+0R7CZV+lKsjj0uMEbVGot1Zg4PZ/qAQc6lLWKPpO6sHk6QK5IcQbo/GecyHLv1H4oWDySOhDHoy2HFzeusxDkN5hh+sW3Qz33f3RhCrMPkKY/ALRHAHEUMKbZddP8OR8oMeLxsnCenq+qctJdIJWF6Rlu9tb8p8G5WD4z6Ry490ASTGgDnhCrkc7dqVD8HwND5PC5ZCzrrmvuxl8qHASzk9ynvl+wthqTk2zQ2ngaC1GfkLNRFC3Ndr7fp24OOwuJkvnx+OHhLL+mi/0LmAEXLmwr6PhlQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 16 May 2023 12:56:52 +0000
  • Ironport-data: A9a23:dI8maas++0FwbNIglj867ui6UOfnVHtfMUV32f8akzHdYApBsoF/q tZmKWCOOq2CYWb2eIx0O9m390pVsJ7XyYcxGlZv/y9mEnsT+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj6Vv0gnRkPaoQ5AKHySFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwE2E0YR26ueKKkeiUEsY93eQfEuDqFdZK0p1g5Wmx4fcOZ7nmGv+Pz/kImTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osjf60b4S9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOThr6A12AXNlgT/DjUTaVWKgKGF1XWFQo57c xIPx3d0lpQboRnDot7VGkfQTGS/lhwWVsdUEuY6wBqQ0aeS6AGcbkAbShZRZdpgs9U5LRQ62 1nMk973CDhHtLyOVWnb5rqStSm1OyUeMSkFfyBscOcey9zqoYV2hBSfSN9mSfSxloesRm+2x C2Wpi8jgblVldQMy6iw4VHAhXSru4TNSQk2oA7QWwpJ8z9EWWJsXKTwgXCz0BqKBNrxooWp1 JTcp/Wj0Q==
  • Ironport-hdrordr: A9a23:dVASba3TylDOJY5VpOPAPQqjBIMkLtp133Aq2lEZdPUCSL38qy nOpoVh6faQslx9ZJhOo6HmBEDtewKkyXcX2+gs1NWZLW3bUQKTRekI0WKF+UyCJ8TQzJ8+6U 4KSdkZNDSfNykDsS842maF+hQbrOVvPJrHuQ4W9RdQcT0=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16/05/2023 1:27 pm, Jan Beulich wrote:
> On 15.05.2023 16:42, Andrew Cooper wrote:
>> Seed the default visibility from the dom0 special case, which for the most
>> part just exposes the *_NO bits.
> EIBRS and SKIP_L1DFL are outliers here, in not presently being exposed
> to Dom0. If (latent) exposing of them wasn't an oversight, then this would
> imo want justifying here. They'll get exposed, after all, ...

EIBRS is exposed to dom0.  I've intentionally renamed it from
ARCH_CAPS_IBRS_ALL because EIBRS is by far the more recognisable name now.


SKIP_L1DFL is more complicated, but on yet more consideration I think
it's probably wrong here.

The confusion is regarding L1 Terminal Fault, where RDCL_NO was
retroactively declared to mean "also fixes L1TF".  SKIP_L1DFL means "you
don't need to flush on vmentry", which is advertised by real hardware
that also advertises RDCL_NO, but should also be advertised on
vulnerable hardware by the L0 hypervisor to an L1 to say "don't worry,
I'm already taking care of that for you".

So on consideration, I think SKIP_L1DFL should not be visible by
default, and when we start doing nested virt, should be reintroduced
with a dependency on the VMX feature.

>> +    [12] = "doitm",               [13] = "sbdr-ssdp-no",
>> +    [14] = "fbsdp-no",            [15] = "psdp-no",
>> +    /* 16 */                      [17] = "fb-clear",
>> +    [18] = "fb-clear-ctrl",       [19] = "rrsba",
>> +    [20] = "bhi-no",              [21] = "xapic-status",
>> +    /* 22 */                      [23] = "ovrclk-status",
>> +    [24] = "pbrsb-no",
>>  };
>>  
>>  static const char *const str_10Ah[32] =
>> --- a/xen/include/public/arch-x86/cpufeatureset.h
>> +++ b/xen/include/public/arch-x86/cpufeatureset.h
>> @@ -308,6 +308,29 @@ XEN_CPUFEATURE(AVX_NE_CONVERT,     15*32+ 5) /*A  
>> AVX-NE-CONVERT Instructions */
>>  XEN_CPUFEATURE(CET_SSS,            15*32+18) /*   CET Supervisor Shadow 
>> Stacks safe to use */
>>  
>>  /* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.eax, word 16 */
>> +XEN_CPUFEATURE(RDCL_NO,            16*32+ 0) /*A  No Rogue Data Cache Load 
>> (Meltdown) */
>> +XEN_CPUFEATURE(EIBRS,              16*32+ 1) /*A  Enhanced IBRS */
>> +XEN_CPUFEATURE(RSBA,               16*32+ 2) /*!A RSB Alternative 
>> (Retpoline not safe) */
>> +XEN_CPUFEATURE(SKIP_L1DFL,         16*32+ 3) /*A  Don't need to flush L1D 
>> on VMEntry */
>> +XEN_CPUFEATURE(INTEL_SSB_NO,       16*32+ 4) /*A  No Speculative Store 
>> Bypass */
>> +XEN_CPUFEATURE(MDS_NO,             16*32+ 5) /*A  No Microarchitectural 
>> Data Sampling */
>> +XEN_CPUFEATURE(IF_PSCHANGE_MC_NO,  16*32+ 6) /*A  No Instruction fetch #MC 
>> */
>> +XEN_CPUFEATURE(TSX_CTRL,           16*32+ 7) /*   MSR_TSX_CTRL */
>> +XEN_CPUFEATURE(TAA_NO,             16*32+ 8) /*A  No TSX Async Abort */
>> +XEN_CPUFEATURE(MCU_CTRL,           16*32+ 9) /*   MSR_MCU_CTRL */
>> +XEN_CPUFEATURE(MISC_PKG_CTRL,      16*32+10) /*   MSR_MISC_PKG_CTRL */
>> +XEN_CPUFEATURE(ENERGY_FILTERING,   16*32+11) /*   
>> MSR_MISC_PKG_CTRL.ENERGY_FILTERING */
> These last two aren't exactly in sync with the SDM; I assume that's
> intended?

Yeah.  I'm bored of Intel failing with naming consistency.  This one, I
was assured that the draft was going to be fixed before publishing it,
and yet...

>
>> +XEN_CPUFEATURE(DOITM,              16*32+12) /*   Data Operand Invariant 
>> Timing Mode */
>> +XEN_CPUFEATURE(SBDR_SSBD_NO,       16*32+13) /*A  No Shared Buffer Data 
>> Read or Sideband Stale Data Propagation */
> SBDR_SSDP_NO?
>
>> +XEN_CPUFEATURE(FBDSP_NO,           16*32+14) /*A  No Fill Buffer Stale Data 
>> Propagation */
> FBSDP_NO?

Oops.  I hate the MMIO vulns especially because they're too similar to
other vulns.  Will fix.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.