[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] x86/cpu-policy: Derive {,R}RSBA for guest policies

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 30 May 2023 16:34:32 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EpRXDByoNE9WsjetOwuu1EtBBWEkCBfxMobchWVcKEU=; b=XMAymCj1pap7mEKwwjInHkub7tsQSF133uNLIhQoxM0+KNFotTkWde7sXggBU8MOUI912OR12VQ2GTwj3M3Wt+rtpWt3cHeLgaWc+rPWU+wszofexNVOOrTKJOCHa2PQ0b4/4H+tpmQip8pGAGRBjPrzJ7Fiwl37K70ayfSFgB4A7lM5UfTX/miGaPSi9KAB/53/C13kya1tv1MhNNIj/fdRUL58eWhPsGew2SVZP7cOk73a1DlU+lesSGs8NnyguZVE/E4RNg5N4ZN1S/6hARRhu/cPGZlsOqR83mWe7neT9VOK3uN/dyfxr7Xp6vIKRStnenhunUEalC9PHUJYCQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OqlHOmkFwOq0MffOw6VxBtT+NatYoJ2uTWYscWjZbl3n7XqmP4NANWp9qIEKM5PFjmOe0OxuUk7jHgrGJ3NQ3y8oRFHe+n6yOk1IYSiyogodHLnW9B/6uRv0l+lsj4t1hPDYcAH0pkPgedGwvVV3COOHiW5gXvKe/Zh23V3zCXwnUAJCL+Pnvs36h8bPDz/GFnk7OqRzqyD7jLf/yk8VcmePOgoCa07c/ZFKQaIsJj49s42YWHVxhWvkdPt14MvJ6RlfaOPQu2EHuwx4I4n+o+qBJ8MRzbIKxXfnhYTX+S+1FVI1XUgCqZtyL/fPXFmKBSqSHW2DBBGInfPfKWkH/A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 30 May 2023 14:34:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 30.05.2023 15:25, Andrew Cooper wrote:
> On 30/05/2023 10:40 am, Jan Beulich wrote:
>> On 26.05.2023 13:06, Andrew Cooper wrote:
>>> --- a/xen/arch/x86/cpu-policy.c
>>> +++ b/xen/arch/x86/cpu-policy.c
>>> @@ -423,8 +423,14 @@ static void __init 
>>> guest_common_max_feature_adjustments(uint32_t *fs)
>>>           * Retpoline not safe)", so these need to be visible to a guest in 
>>> all
>>>           * cases, even when it's only some other server in the pool which
>>>           * suffers the identified behaviour.
>>> +         *
>>> +         * We can always run any VM which has previously (or will
>>> +         * subsequently) run on hardware where Retpoline is not safe.  
>>> Note:
>>> +         * The dependency logic may hide RRSBA for other reasons.
>>>           */
>>>          __set_bit(X86_FEATURE_ARCH_CAPS, fs);
>>> +        __set_bit(X86_FEATURE_RSBA, fs);
>>> +        __set_bit(X86_FEATURE_RRSBA, fs);
>>>      }
>>>  }
>> Similar question to what I raised before: Can't this lead to both bits being
>> set, which according to descriptions earlier in the series and elsewhere
>> ought to not be possible?
> 
> In this case, no, because the max values are fully discarded when
> establishing the default policy.
> 
> Remember this value is used to decide whether an incoming VM can be
> accepted.  It doesn't reflect a sensible configuration to run.

Right. I should have dropped the question when seeing the "default"
counterpart's behavior.

> Whether or not both values ought to be visible is the subject of the
> outstanding question.

Pending the answer there (and whichever easy adjustment)
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

>>> --- a/xen/tools/gen-cpuid.py
>>> +++ b/xen/tools/gen-cpuid.py
>>> @@ -318,7 +318,7 @@ def crunch_numbers(state):
>>>          # IBRSB/IBRS, and we pass this MSR directly to guests.  Treating 
>>> them
>>>          # as dependent features simplifies Xen's logic, and prevents the 
>>> guest
>>>          # from seeing implausible configurations.
>>> -        IBRSB: [STIBP, SSBD, INTEL_PSFD],
>>> +        IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS],
>> Is this really an architecturally established dependency? From an abstract
>> pov having just eIBRS ought to be enough of an indicator?
> 
> This is the same as asking "can we hide AVX512F but expose AVX512_*"...
> 
>> And hence it would
>> be wrong to hide it just because IBRSB isn't also set.
> 
> EIBRS means "you should set MSR_SPEC_CTRL.IBRS once at the start of day
> and leave it set", which to me firmly states a dependency.

Hmm, yes, now that you put it that way, I agree.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.