Xen project Mailing List

Re: [PATCH v2 3/3] x86/cpu-policy: Derive RSBA/RRSBA for guest policies

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 5 Jun 2023 10:04:09 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qCUgs5LvrhINOsk70XDEqLSdFRZiH9too8S7O00vAgo=; b=YUe8gI175fsb2WLUknJ/hpWesME19uBxXxHnCTvQP3ML7PMfSNKG+5OR+xMS/w10raBd5H1V1hhiZFWs48xBjfDARAkIVNf/QgibuSL863Pim2qV0WHQ7TEdAk4B/VEc+vC1zW4sSegNvgTuvhlUeUzMhUwfeA83yJVwWs9/ENXUCIytCpKvbEkwgsD0+ViEfrHDFP+SyODaVxTRRPUZCTca10GCrl83+klvdkz5jGWFUVje88n3O75PfsrulSJC3ow1+Cp3j9rZreVUyD+DqRL78LIoeVBxoUM3ncDFvx3XIMO23kL/00eFZye7Wfg5iUDmxvV3vnO/7k8iy5vqaw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Co9QDEmkzhGvdWJZVZpMyR4awR7KofDQCxkGh2fWhzTar1XSxRawlSEIyObg+L2LpzYcHv9Pqp5QuD3on7eBQaiXchZhSVCiIFKbiV/Ko6urROEnlgPkWemAI48y6fZjddpB3FQzc4KfyrThmIAtfO/2EisKNlC6KRkA0800Of0tGE29CHlIYsu+duQlbhIeKHvY24Lh8M0UdmXJ4wzul+Hb50tLHcK1brqoGpOkiod4BnWcG68CVdbdq/u2ylWURlL3oiC6KDsgK/NOvW/C0vAUcB2PKh6+YeEBYptCXUS8rzcVk1rBU2RMUmwBZ/pRvEWSeEwFulTDBm2ncmQ6Uw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 05 Jun 2023 08:04:28 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02.06.2023 17:38, Andrew Cooper wrote: > On 02/06/2023 4:29 pm, Andrew Cooper wrote: >> On 02/06/2023 11:20 am, Jan Beulich wrote: >>> On 01.06.2023 16:48, Andrew Cooper wrote: >>> What about a tool stack request leading to us setting the 2nd of the two >>> bits here, while the other was already set? IOW wouldn't we better clear >>> the other bit explicitly? (Due to the EIBRS dependency or RRSBA I think >>> this can really only happen when the tool stack requests RSBA+EIBRS, as >>> the deep deps clearing doesn't know the concept of "negative" >>> dependencies.) >> Hmm - I think there is a bug here, but it's not this simple. I think >> the only reasonable thing we can do is start rejecting bad input because >> I don't think Xen can fix up safely. >> >> Xen must not ever clear RSBA, or we've potentially made the VM unsafe >> behind the toolstack's back. >> >> If EIBRS != RRSBA, the toolstack has made a mistake. Equally too for >> RSBA && EIBRS. >> >> I think this is going to take more coffee to solve... > > Actually, no. > > I'm going to delete the hunk modifying recalculate_cpuid(), and move > this patch back to the meaning it had in v1 which is just "get the > policies looking correct". Hmm, and how are you intending to achieve that goal without adjusting behind the tool stack's back, and without it being an option (yet) to reject the input? Iirc you agreed with my v1 remark that some fixing that some fixing up is going to be necessary. Since as you say (and as I should have realized when writing the earlier reply) we may never clear RSBA, wouldn't it be an option to clear EIBRS instead? > It's still not supported for the toolstack to request ARCH_CAPS (the "a" > marking), and the safely logic for that can come in a subsequent series > along with the unit(ish) testing I was already planning to do. Yet it not being supported doesn't mean we should leave a broken result when we can fix things up (for the time being, i.e. until we can report back that we don't like this feature combination). Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.