Xen project Mailing List

Re: [PATCH] x86/spec-ctrl: Support for SRSO_US_NO and SRSO_MSR_FIX

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 26 Mar 2024 14:15:31 +0100

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 26 Mar 2024 13:15:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.03.2024 12:33, Andrew Cooper wrote: > On 26/03/2024 9:13 am, Jan Beulich wrote: >> On 25.03.2024 19:18, Andrew Cooper wrote: >>> + /* Avoid reading BP_CFG if we don't intend to change anything. */ >>> + if (!new) >>> return; >>> >>> rdmsrl(MSR_AMD64_BP_CFG, val); >>> >>> - if (val & chickenbit) >>> + if ((val & new) == new) >>> return; >> Since bits may also need turning off: >> >> if (!((val ^ new) & (BP_CFG_SPEC_REDUCE | (1 << 5)))) >> return; >> >> and the !new early-out dropped, too? Looks like this wasn't quite right >> before, either. > > That's adding unnecessary complexity. It's unlikely that we'll ever > need to clear bits like this. Okay. Half a sentence in a comment would be nice, to make clear the behavior is intended to only ever set bits. >>> @@ -1078,22 +1082,41 @@ static void __init ibpb_calculations(void) >>> * Confusion. Mitigate with IBPB-on-entry. >>> */ >>> if ( !boot_cpu_has(X86_FEATURE_BTC_NO) ) >>> - def_ibpb_entry = true; >>> + def_ibpb_entry_pv = def_ibpb_entry_hvm = true; >>> >>> /* >>> - * Further to BTC, Zen3/4 CPUs suffer from Speculative Return Stack >>> - * Overflow in most configurations. Mitigate with IBPB-on-entry >>> if we >>> - * have the microcode that makes this an effective option. >>> + * Further to BTC, Zen3 and later CPUs suffer from Speculative >>> Return >>> + * Stack Overflow in most configurations. Mitigate with >>> IBPB-on-entry >>> + * if we have the microcode that makes this an effective option, >>> + * except where there are other mitigating factors available. >>> */ >> Hmm, is "Zen3 and later" really appropriate? > > Yes. > > SRSO isn't fixed until SRSO_NO is enumerated. IOW even on Zen5 that's going to be only by ucode update? >>> --- a/xen/include/public/arch-x86/cpufeatureset.h >>> +++ b/xen/include/public/arch-x86/cpufeatureset.h >>> @@ -304,7 +304,9 @@ XEN_CPUFEATURE(FSRSC, 11*32+19) /*A Fast >>> Short REP SCASB */ >>> XEN_CPUFEATURE(AMD_PREFETCHI, 11*32+20) /*A PREFETCHIT{0,1} >>> Instructions */ >>> XEN_CPUFEATURE(SBPB, 11*32+27) /*A Selective Branch >>> Predictor Barrier */ >>> XEN_CPUFEATURE(IBPB_BRTYPE, 11*32+28) /*A IBPB flushes Branch Type >>> predictions too */ >>> -XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable >>> to Speculative Return Stack Overflow */ >>> +XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulnerable >>> to Speculative Return Stack Overflow */ >>> +XEN_CPUFEATURE(SRSO_US_NO, 11*32+30) /*A Hardware not vulnerable >>> to SRSO across the User/Supervisor boundary */ >> Can we validly expose this to 64-bit PV guests, where there's no CPL >> boundary? Or else isn't my "x86/PV: issue branch prediction barrier >> when switching 64-bit guest to kernel mode" needed as a prereq? > > Based on uarch details, if BP-SPEC-REDUCE is active, we can advertise > SRSO_US_NO to PV guests. Which would make it at best !A, for the PV exposure then depending on the HVM side choice. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.