[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] x86: Add support for AMD's Automatic IBRS

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 1 Jun 2023 11:36:53 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=r6uMrUtOjclKHrAMyV/2RStXcsqO2auA9OKTC4MZnNA=; b=Rp3TTt6JWClppcXla86e+oYMrh24mXKgeIQ7VciaAbOsxZr7V3frbGn96HtGh3uhzINUlan9dALLtTbrcJ8LMABoBagPY4cE5zywf+yHrMkxg4fIU2YqoMO66dcJVT5vN66g3eBkgfHvuf/4hVXGZNNsfPNdgTbC9SdrYfYxARiSL+iYN3AjE1aKuBEkOm9OBDosNjtm5D6Cibx2966JnNbl6gdx36N56EhQVLGuheM9aHEwtYmz50KVvCKKLXHYfnSqF+IigKub3qBgmeHjNbPmL0G3Z3rL5gATH9C/DQa+ddXLnjIhpKee3WX3KknJoK6SaCJEai6DKL/SlwRPhg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dXU+h/C54jmxBxPOR0Ql/SLVYTpQoD59YJg1d/gMsNRRiqmiv2yzwulCUT7ACqPt+fOwQDFgEU6x7lW1797lURWJLdzDfnBRRQpix8LSHRiwhHpn75gVoH+sWHd/jS2f7/ToWMfePTSd26X+kPCsYsYsKqRDAe5V98q284JWZ0W95vep6SN1hpro56k4pOCg5GTeRR2fiomv+l4A5cedRilApR4qdPvVkli36LYZhJcZwSCkLhDzUn8U/bTG9io48i36OvAxefriKlOtzzw4ijwRCT850P/e7Y6bhejcgXgyYo69cgEKBDOXKy3lHHI0Rjzpa6hGlgXfqYdJxjzkFA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 01 Jun 2023 10:37:24 +0000
  • Ironport-data: A9a23:nHrdjKv4JmIssCB93WcE2rdqyefnVJdfMUV32f8akzHdYApBsoF/q tZmKWCDO/6LZDCnc4gkb4rl80oF65/cnYVqHQs6+X0wF38R+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4rKq4Fv0gnRkPaoQ5AGGziFPZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwIRcjcEyk1ryM/bfmZ9NNjeAYEOjiBdZK0p1g5Wmx4fcOZ7nmG/mPyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0oui/6xaLI5efTTLSlRtm+eq njL4CLSBRYCOcbE4TGE7mitlqnEmiaTtIc6TeThrq8x2wbMroAVIAY0eVrl8MilsGevQcNcC m4zww4EobdnoSRHSfG4BXVUukWsvBQRRt5RGO0S8xyWx+zf5APxLmEAQzxIbtA8s4koTDgu2 12Ot9jtAiFj9raSTBq16bO8vT60fy8PIgcqdSICCAcI/dTniIUylQ7UCMZuFravid/4Ei22x CqFxBXSnJ0WhM8Pkqm+o1bOhmrwooCTFlJtoALKQmii8wV1Ipa/YJCl4kTa6vAGK5uFSl6Gv z4PnM32AP0yMKxhXRelGI0ldIxFLd7cWNEAqTaDx6Ucygk=
  • Ironport-hdrordr: A9a23:JkgQqKxtNh8vnzb2EjbkKrPwIr1zdoMgy1knxilNoH1uHvBw8v rEoB1173DJYVoqNk3I++rhBEDwexLhHPdOiOF6UItKNzOW21dAQrsSiLfK8nnNHDD/6/4Y9Y oISdkbNDQoNykZsfrH
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 01/06/2023 11:35 am, Jan Beulich wrote:
> On 30.05.2023 15:58, Alejandro Vallejo wrote:
>> @@ -1150,15 +1155,20 @@ void __init init_speculation_mitigations(void)
>>      }
>>      else
>>      {
>> -        /*
>> -         * Evaluate the safest Branch Target Injection mitigations to use.
>> -         * First, begin with compiler-aided mitigations.
>> -         */
> This is the only place where BTI is spelled out, so ...
>
>> -        if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) )
>> +        /* Evaluate the safest BTI mitigations with lowest overhead */
> ... I'd like to ask that you replace the acronym here. Then
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>
>> @@ -1357,7 +1367,9 @@ void __init init_speculation_mitigations(void)
>>       */
>>      if ( opt_rsb_hvm )
>>      {
>> -        setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
>> +        /* Automatic IBRS wipes the RSB for us on VMEXIT */
>> +        if ( !(ibrs && cpu_has_auto_ibrs) )
>> +            setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
> I'll need to remember to adjust "x86: limit issuing of IBPB during context
> switch" once this change has gone in, as there's a use of the bit for
> other than alternatives patching.

Please hold off for the moment.  I think I've got a cleanup patch in
mind which ought to simplify this substantially, but I'll need a bit of
time to experiment.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.