Xen project Mailing List

[PATCH v2] x86/cpu-policy: Advertise MSR_ARCH_CAPS to guests by default

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 26 Jul 2023 10:39:18 +0100

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Wed, 26 Jul 2023 09:39:38 +0000

Ironport-data: A9a23:MhnJoaqyXUPu7XnRYhhRBfcyG6xeBmIYZRIvgKrLsJaIsI4StFCzt garIBmEOPrbZzTwL4siYI2/8R8Hv5PSzoAwGwBtpH1hHi9DoJuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKq04GpwUmAWP6gR5weBzSRNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXABQETEmCmfCb+6rhWOdFo/8vFPGsOrpK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ eJAN2ApNk6ZJUQSZBFOUslWcOSA3xETdxVxrl6PqLVxyG/U1AFri5DmMcbPe8zMTsJQ9qqdj jufoDWgXE9FaLRzzxK6/UD1tOLLuhncUa9DH62V989Fr3a6kzl75Bo+CgLg/KjRZlSFc8JSL QkY9zQjqYA29Ve3VZ/tUhugunmGsxUAHd1KHIUS6guA167V6AaxHXUfQ3hKb9lOnNAybSwn0 BmOhdyBONB0mOTLEzTHrO7S9G7sf3FPdgfueBPoUyMh6vu6oZ8hoynXFMRtOYuOguXNXjfJl mXiQDcFu1kDsSIa//zlrAic2233+Mmhoh0dvVuOAD/8hu9tTMv8PtHztwCGhRpVBNzBJmRtq kTojCR3AAomKZiW3BKAT+wWdF1Cz6bUaWaM6bKD8nRIythMx5JAVdoKiN2GDB01WvvogBewC KMphStf5YVIIFyhZrJtboS6BqwClPaxTY+9B6CEN4EfM/CdkTNrGgk0PiZ8OEi0zSARfVwXY 8/HIa5A815EYUiY8NZGb7hEiuJ6rszP7WjSWYr633yaPUm2PRaopUM+GALWNIgRtfrUyDg5B v4Db6NmPT0DCryhCsQWmKZPRW03wY8TXM2r9p0NKbPfemKL2ggJUpfs/F/oQKQ994w9qwsC1 ijVtpNwoLYnuUD6FA==

Ironport-hdrordr: A9a23:boX9RK0pE7CyRpYUCRcFOAqjBIgkLtp133Aq2lEZdPU1SKClfq WV98jzuiWatN98Yh8dcLK7Scq9qALnlKKdiLN5Vd3OYOCBghrLEGgI1+vfKlPbakrD398Y+a B8c7VvTP3cZGIK6/oSOTPIdurIFuP3lJyVuQ==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

With xl/libxl now able to control the policy bits for MSR_ARCH_CAPS, it is safe to advertise to guests by default. In turn, we don't need the special case to expose details to dom0. This advertises MSR_ARCH_CAPS to guests on *all* Intel hardware, even if the register content ends up being empty. - Advertising ARCH_CAPS and not RSBA signals "retpoline is safe here and everywhere you might migrate to". This is important because it avoids the guest kernel needing to rely on model checks. - Alternatively, levelling for safety across the Broadwell/Skylake divide requires advertising ARCH_CAPS and RSBA, meaning "retpoline not safe on some hardware you might migrate to". On Cascade Lake and later hardware, guests can now see RDCL_NO (not vulnerable to Meltdown) amongst others. This causes substantial performance improvements, as guests are no longer applying software mitigations in cases where they don't need to. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Wei Liu <wl@xxxxxxx> Not to go in before Roger's libxl changes... v2: * Extend the commit message. --- xen/arch/x86/cpu-policy.c | 11 ----------- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index f40eeb8be8dc..1f954d4e5940 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -888,17 +888,6 @@ void __init init_dom0_cpuid_policy(struct domain *d) if ( cpu_has_itsc ) p->extd.itsc = true; - /* - * Expose the "hardware speculation behaviour" bits of ARCH_CAPS to dom0, - * so dom0 can turn off workarounds as appropriate. Temporary, until the - * domain policy logic gains a better understanding of MSRs. - */ - if ( is_hardware_domain(d) && cpu_has_arch_caps ) - { - p->feat.arch_caps = true; - p->arch_caps.raw = host_cpu_policy.arch_caps.raw; - } - /* Apply dom0-cpuid= command line settings, if provided. */ if ( dom0_cpuid_cmdline ) { diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index ce7407d6a10c..6d20810cb9d1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -271,7 +271,7 @@ XEN_CPUFEATURE(AVX512_FP16, 9*32+23) /*A AVX512 FP16 instructions */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */ -XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /*!a IA32_ARCH_CAPABILITIES MSR */ +XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /*!A IA32_ARCH_CAPABILITIES MSR */ XEN_CPUFEATURE(CORE_CAPS, 9*32+30) /* IA32_CORE_CAPABILITIES MSR */ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */ -- 2.30.2

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.