Xen project Mailing List

Re: [PATCH 6/6] x86/boot: Expose MSR_ARCH_CAPS data in guest max policies

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 16 May 2023 15:06:47 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=moJmLOgtDRlXESsAoDIoMyj790eDY0yQoiZ2exwgRXU=; b=GCUdGsCtrVaRTTNhZF0JzYocNSkKA74jyAMH2yxXlbZ1PwXaw/MrL2TJ3ba6pLUwOJBG2Nf6s4jMcG0PJbTV+1ka546w6k3zXgRjL7NoEakxSlsWzdBApbsLZD3ZbIVU38Ww1pRlAPxuF9q3WlREQe+0JUF8WLyGZz4v+4iPW2xkW/WqH8ze/FyKgZQgW654tBrO0OjxOLLr/Ldh3iVdRCWYwIUYgEkYXQHfwaLa43qY5W6DdrZ5hkleIjrvPcBOF/OZQ2i+R8t+2w39DQdrX72q3tWY8O+lYWFcJ0nTooXcxzh/ab1ItqbODtdmrYfIjhIYsewUYRLw24/moMUzhA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QMHF1LrVUr4wlC6XcxpQeH9S8wl8QL1Vvs1toMUFeIAIHirkopZDEA+/IVPCNOXKFP+JXJQmDJb0g+/rMlPu1KrtXp/GEEgnTmHSp2iGxY5M06kGIiWmcO/qbAu6T3i1Yh2NvnVpCZPztb3fZFVaw0cQtuZVT3ajbB58XzZZNcafAPWl+b2TkrFi3y7ua1ZvYmoRT8uV4Y4EH3TfNEgxWeMVGflxAYCAgl5jjOXXE9m+jx781GFk51RsRMr0pthwg+MDrJrdQu6oOW3ezC482SQxjNh+wMk0BcrD3C6ZUkAcA+JeifFEnTbe5o4obir40nCAtcPkFPgpKQL5l8rfIQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 16 May 2023 13:07:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 15.05.2023 16:42, Andrew Cooper wrote: > --- a/xen/arch/x86/cpu-policy.c > +++ b/xen/arch/x86/cpu-policy.c > @@ -408,6 +408,25 @@ static void __init calculate_host_policy(void) > p->platform_info.cpuid_faulting = cpu_has_cpuid_faulting; > } > > +static void __init guest_common_max_feature_adjustments(uint32_t *fs) > +{ > + if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) > + { > + /* > + * MSR_ARCH_CAPS is just feature data, and we can offer it to guests > + * unconditionally, although limit it to Intel systems as it is > highly > + * uarch-specific. > + * > + * In particular, the RSBA and RRSBA bits mean "you might migrate to > a > + * system where RSB underflow uses alternative predictors (a.k.a > + * Retpoline not safe)", so these need to be visible to a guest in > all > + * cases, even when it's only some other server in the pool which > + * suffers the identified behaviour. > + */ > + __set_bit(X86_FEATURE_ARCH_CAPS, fs); > + } > +} The comment reads as if it wasn't applying to "max" only, but rather to "default". Reading this I'm therefore now (and perhaps even more so in the future, when coming across it) wondering whether it's misplaced, or and hence whether the commented code is also misplaced and/or wrong. Further is even just non-default exposure of all the various bits okay to other than Dom0? IOW is there indeed no further adjustment necessary to guest_rdmsr()? > @@ -828,7 +845,10 @@ void __init init_dom0_cpuid_policy(struct domain *d) > * domain policy logic gains a better understanding of MSRs. > */ > if ( is_hardware_domain(d) && cpu_has_arch_caps ) > + { > p->feat.arch_caps = true; > + p->arch_caps.raw = host_cpu_policy.arch_caps.raw; > + } Doesn't this expose all the bits, irrespective of their exposure annotations in the public header? I.e. even more than just the two bits that become 'A' in patch 4, but weren't ... > @@ -858,20 +878,6 @@ void __init init_dom0_cpuid_policy(struct domain *d) > p->platform_info.cpuid_faulting = false; > > recalculate_cpuid_policy(d); > - > - if ( is_hardware_domain(d) && cpu_has_arch_caps ) > - { > - uint64_t val; > - > - rdmsrl(MSR_ARCH_CAPABILITIES, val); > - > - p->arch_caps.raw = val & > - (ARCH_CAPS_RDCL_NO | ARCH_CAPS_IBRS_ALL | ARCH_CAPS_RSBA | > - ARCH_CAPS_SSB_NO | ARCH_CAPS_MDS_NO | > ARCH_CAPS_IF_PSCHANGE_MC_NO | > - ARCH_CAPS_TAA_NO | ARCH_CAPS_SBDR_SSDP_NO | ARCH_CAPS_FBSDP_NO | > - ARCH_CAPS_PSDP_NO | ARCH_CAPS_FB_CLEAR | ARCH_CAPS_RRSBA | > - ARCH_CAPS_BHI_NO | ARCH_CAPS_PBRSB_NO); > - } ... included here? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.