[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/3] x86/amd: Enumeration for speculative features/hints


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 19 Aug 2021 16:47:47 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tHlRw4Ape6keRlyNKohKA+gC+7dHjAEEMAUc7hxgDOU=; b=fBMltH+IkkJMJl4MC7DILCCjXEHQhjVmxFyV9TAZ0vjPcdc5SqMPtNVt6ka+l9JyA0Ye3jv6Blhg1pl9LZRWPoAM67QMGZzv/ooHyuSwOIFyk1BP/IAFjcf/v6WDMecs5Dy2lX8EXH3Jaic8vtcVcjdUyMXjd5raYdjQ7TBr9ivZhxmIb3EL88FRN3JaoLBiTP2UDir+aicqWkMb0y0L73DA+ayeAvST4SGOKHFDawqlAfAEKLDihICkhxU7LYmNoKt0a3RSZEx8f5Zp0he1F0fxysdCpAhRnGnuAkxgk/ShI9U4JFuRorNm4UgvTUo52qNu7GT+Ubtp0yOE27HbMg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I9ews5PMLayYyqWg4pITvK5mnWOFlVORRKcG1NtIbhTx3Z+QEfgNxm9SiKjv0rKjcllggmZcBECq21YdQfzsQWz9k4kHO3N6wpFzWtSgS8RT5kLKQ6iPx25H+kAuOhVFMWAvr28GHTEZo7+IT1fj1+PpQiYht123B/pz11rsdpNSkg4HtXGTJfu9d8Y1srT4B5brS98CwTVVadODi22sqT7oGArHugtjnh2drLVkoXyaOMx3Nfu8TrzLyJZfKwRU+JYY6o56wqnXhCGdOb/H6BBviboamByEqMxQ+mqEZvdr4zCEUao0A9fM0ENaI6IBHI0EV1o075kiGDxbtmlrrA==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 19 Aug 2021 14:48:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.08.2021 16:30, Andrew Cooper wrote:
> There is a step change in speculation protections between the Zen1 and Zen2
> microarchitectures.
> 
> Zen1 and older have no special support.  Control bits in non-architectural
> MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to
> disable Memory Disambiguation (Speculative Store Bypass).  IBPB was
> retrofitted in a microcode update, and software methods are required for
> Spectre v2 protections.
> 
> Because the bit controlling Memory Disambiguation is model specific,
> hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which
> abstracts the model specific details.
> 
> Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and
> virtualise the interface for HVM guests to use.  A number of hint bits are
> specified too to help guide OS software to the most efficient mitigation
> strategy.
> 
> Zen3 introduced a new feature, Predictive Store Forwarding, along with a
> control to disable it in sensitive code.
> 
> Add CPUID and VMCB details for all the new functionality.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with one suggestion:

> --- a/tools/libs/light/libxl_cpuid.c
> +++ b/tools/libs/light/libxl_cpuid.c
> @@ -274,8 +274,18 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list 
> *cpuid, const char* str)
>          {"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1},
>          {"wbnoinvd",     0x80000008, NA, CPUID_REG_EBX,  9,  1},
>          {"ibpb",         0x80000008, NA, CPUID_REG_EBX, 12,  1},
> +        {"ibrs",         0x80000008, NA, CPUID_REG_EBX, 14,  1},
> +        {"amd-stibp",    0x80000008, NA, CPUID_REG_EBX, 15,  1},
> +        {"ibrs-always",  0x80000008, NA, CPUID_REG_EBX, 16,  1},
> +        {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17,  1},
> +        {"ibrs-fast",    0x80000008, NA, CPUID_REG_EBX, 18,  1},
> +        {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19,  1},

Here and below, how about dropping the "mode" part of the name?
I can't seem to be able to think of any other "same" that could
possibly apply here.

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.