[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/3] x86: Expose Automatic IBRS to guests

  • To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 31 May 2023 13:38:56 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8OYiF6SPBjT7zP/qAx7QHPipcP5zT6XDLyGJG4Qf7+E=; b=V7D40nYqx84JN6vrjDgak3O4b1FOEZgBoirABZqVSbzgSsPLiXTKaoyT7l38gTI/B2Q/b3N3+fropGyz43bYOxKXSR47pVq6xRxdVMJ4snGOWXeKXSDDuc0Pa4BacVxn5MB1FuGyYyXmZqR1SQ0RA63tuxC628gYIP7coEwn9r6Fxss7qAJ2zOXIXQF00jejrkQ7iEBPiD35TiQQGjfCZA7VoYseVZ4Ug2cYKIMnjWEZ1ngbZ/3UWBYYP+3rb943LYO853adEJaD0+HLwKz702zx5fvf3iXPYXWP5pL6Sd7YS8OWuUMb18q5q6ms/Yc38krPhF5mh6IBvknLEFRTxw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UPoIFmHJALVL8yqSHPlMjOSl3eT8OrLAuxpksr7GJEGj8+acmRrLv+8wdh3eXEjjjdK2Ip/apJ2n9OfJsbM6m1V1qmHgUZSzO9SzdJ+KYdzYGlL1490rDyPpoaeSD/2nqdwVvH0cYKbqfgqOf27VSgHqZ3LiDoL0dtAQEWpDlrsQk4HFt+eDyzdUREyf+47aBQcQo5iojty+cZqL7JAlySsG0I4bbr6Vjcskgag8spNENMumPw4Yy4EZdPW2BHDn+h4CzU0+NHojkK1APwScI5PgUKRn7T4dGNAo9bkf/fAKHa1QqIj5a1Z2Mewfyokb9773RPF2hBwWyBisi6KWJg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 31 May 2023 12:39:23 +0000
  • Ironport-data: A9a23:lhib/K9pzdaDbNpPfe3FDrUDQH+TJUtcMsCJ2f8bNWPcYEJGY0x3x 2FOUTjTMqncZWr1ctwkPomy/ElXuMWAyYRqTVQ4/Ho8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ird7ks31BjOkGlA5AdmOKsS5AW2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklj/ 80Tcz4CQyyN3f2Z24uke8poiMMseZyD0IM34hmMzBn/JNN/GdXpZfqP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTeLilUpgdABM/KMEjCObexTklyVu STt+GPhDwtBHNee1SCE4jSngeqncSbTAdpDROfnp6Uw6LGV7m8KNloQfGHjm+u0sGKwf9lYJ Q8L6wN7+MDe82TuFLERRSaQqXqJvBcaV8BXVfMz7AWAyK386AKeG2RCRTlEAPQ2uclzSTE02 1uhm9LyGScpoLCTUWia9LqfsXW1Iyd9BW0IaDIATAAFy8L+u4x1hRXKJv58FIalg9uzHiv/q w1mtwA7jrQXyMQNiKOy+Amfhyr2/8CYCAko+g/QQ2SpqBtjY5KobJCp7l6d6utcKIGeTR+Ku 31sd9Wi0d3ixKqlzESlKNjh1pnwjxpZGFUwWWJSIqQ=
  • Ironport-hdrordr: A9a23:0gOv064GrLe6vD30JQPXwEHXdLJyesId70hD6qkRc3Bom6mj/P xG88566faZslcssTQb6Km90YO7MBThHP1OjrX5Q43SOjUO0VHAROsO0WKh+UyZJ8SZzJ8n6U 4KScZD4bPLfCRHpPe/zA6kE8sxhPmrmZrY+ts2Fk0dNz2CvZsQkjtRO0KgHkpqXxkDIJw2Gp aGj/A3xQaISDAsYsOnHWlAeu7MqdHR0LfrfhICbiRXjTWmvHeT5LnmCAjd5wwZUD9E3N4ZgA v4uj283KmlruqqjiTRzmrCq6lR8eGRrud+OA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31/05/2023 10:01 am, Alejandro Vallejo wrote:
> On Tue, May 30, 2023 at 06:31:03PM +0100, Andrew Cooper wrote:
>> I've committed this, but made two tweaks to the commit message.  First,
>> "x86/hvm" in the subject because it's important context at a glance.
> Sure, that makes sense.
>
>> Second, I've adjusted the bit about PV guests.  The reason why we can't
>> expose it yet is because Xen doesn't currently context switch EFER
>> between PV guests.
>>
>> ~Andrew
> We could of course context switch EFER sensibly, but what would that mean
> for Automatic IBRS? It can't be trivially used for domain-to-domain
> isolation because every domain is in a co-equal protection level. Is there
> a non-obvious edge that exposing some interface to it gives for PV? The
> only useful case I can think of is PVH, and that seems to be subsumed by
> HVM.

Hence why it's fine to not worry about PV for now.

Right now, when we decide to use IBRS on AMD, we set it unilaterally. 
This turns out to be better performance than flipping it on privilege
changes (whether that's non-Xen <-> Xen, or guest user <-> kernel).

PV guests are obscure corner cases these days, and fall outside of
anything the hardware vendors care about when it comes to prediction
mode.  The only sane option is to have Xen explicitly tell the the PV
guest what Xen is doing, and let the guest decide if it wants to do
anything further in terms of protections.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.