Xen project Mailing List

Re: [PATCH 8/8] x86/spec-ctrl: Mitigate the Zen1 DIV leakge

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 14 Sep 2023 12:52:24 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PCzOofodfWD6fPSmHYx/JbiHyD+NVIz1rT5NpRzq+sY=; b=Bh7nr/20UQBJYC+r0wqjzp1CcK4a7TB2X99OylaWALSGeXZvgZuGFWBcQ4ImVvzEP+1b26i8TqqrkeWAHy7ckd+izQLsmL7E9Yfw+Vzz8saGaVa2O2YMcd8/NdfGU8O5965QXbcFE/HUHtj17omjcCYLGg2JNbmVdOZno9S4pxuCxe4t9TVvT47MhEAnAQ/6Jis47q/zyXoNGSNk2oEOFOjN7vlmKFRNF+EFLq030lxIXpadpmOz0Wmeg67MxYB0GEOQpVeRbR0Gr1fycrcsdUEJzeKAArcoIWKwg4RT3HRiJSiAlO948VDbIuWO+34RrkSDWOCTiMFMK0L9KnJX4w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TbUY4fPRR8k+vqLBCiLrfuJq7Tjk0S8mafF2nDBr76is70anPErLVh1aVpAYFlHeI1fLwnoKgPvEM/aKgtDIEDITl6dyFJGmJcqGAH/RJl4J/M1kqmlNQWqrrgJ/NjtAre9vYYHk+ThclYBEbtOQJFdY2LGoOKvaKcbxGVd9oQNPWvFSVJZKpidpUa10etQBBb8T+aEEyg32V9owSL1ELlwiBDh6cWC8yoskmsnIkQhvQRQKBuoVV8/UXIyI5vIMgW9FDPM0hzu5oakzMi3O4h/KhHyEkcTpuaXKFiVi5uuSAebU2SSCNi3IvB7Kqetf6czij6IjW0eI7B+mFVKjoA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 14 Sep 2023 10:52:42 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.09.2023 22:27, Andrew Cooper wrote: > @@ -378,6 +392,8 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): > verw STACK_CPUINFO_FIELD(verw_sel)(%r14) > .L\@_verw_skip: > > + ALTERNATIVE "", DO_SPEC_CTRL_DIV, X86_FEATURE_SC_DIV > + > .L\@_skip_ist_exit: > .endm While we did talk about using alternatives patching here, I'm now in doubt again, in particular because the rest of the macro uses conditionals anyway, and the code here is bypassed for non-IST exits. If you're sure you want to stick to this, then I think some justification wants adding to the description. > @@ -955,6 +960,40 @@ static void __init srso_calculations(bool hw_smt_enabled) > setup_force_cpu_cap(X86_FEATURE_SRSO_NO); > } > > +/* > + * Div leakage is specific to the AMD Zen1 microarchitecure. Use STIBP as a > + * heuristic to select between Zen1 and Zen2 uarches. > + */ > +static bool __init has_div_vuln(void) > +{ > + if ( !(boot_cpu_data.x86_vendor & > + (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) > + return false; > + > + if ( (boot_cpu_data.x86 != 0x17 && boot_cpu_data.x86 != 0x18) || > + !boot_cpu_has(X86_FEATURE_AMD_STIBP) ) > + return false; > + > + return true; > +} > + > +static void __init div_calculations(bool hw_smt_enabled) > +{ > + bool cpu_bug_div = has_div_vuln(); > + > + if ( opt_div_scrub == -1 ) > + opt_div_scrub = cpu_bug_div; > + > + if ( opt_div_scrub ) > + setup_force_cpu_cap(X86_FEATURE_SC_DIV); Isn't this only lowering performance (even if just slightly) when SMT is enabled, without gaining us very much? > + if ( opt_smt == -1 && cpu_bug_div && hw_smt_enabled ) > + warning_add( > + "Booted on leaky-DIV hardware with SMT/Hyperthreading\n" > + "enabled. Please assess your configuration and choose an\n" > + "explicit 'smt=<bool>' setting. See XSA-439.\n"); > +} What about us running virtualized? The topology we see may not be that of the underlying hardware. Maybe check_smt_enabled() should return true when cpu_has_hypervisor is true? (In-guest decisions would similarly need to assume that they may be running on SMT-enabled hardware, despite not themselves seeing this to be the case.) Since we can't know for sure when running virtualized, that's a case where I would consider it useful to enable the workaround nevertheless (perhaps accompanied by a warning that whether this helps depends on the next level hypervisor). Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.