Xen project Mailing List

Re: [PATCH v3 0/3] amd/msr: implement MSR_VIRT_SPEC_CTRL for HVM guests

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Fri, 22 Apr 2022 18:49:57 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ku9iOS7qDiztKx5YVvBRja3pzeOHCfJTACA0ZiezsS8=; b=Wei6+WGhHoJgYX3E8YaE4pct5UUYpa7ZAjGZHpZciFH+PPt/QZosYFUw0H9iQ63nBNPWi3WkcLLR1pMo7f0/bxcbMv9iqT4JSju7sFM6cKFc2egu2FdUGeGrhg633BPfsaIemyVoyM+Q7npI/ZyPGYtY23+bPD3d3nXy8ucaJuX+1gQ1Lxq6TPxM8Pdm0zlfWa6PwSn/Qh6R6nUKHXkPlocT0lDgOiwc40oKHuRVK6YAGAc+XAOn7gECv8kW0KZLAGS7iqshEdb+S6yrfya1gW24rXAvCsuf87ByivXa/441O90bYy7yGy+1mQrnhMrE1suuloeJsLsM+4MBENsUyw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mSPzWISr1/bPwzdLT41sDLuGv5OU2sX0+uM7sEBPxzHT+PHZkt04u55BG17ie/4eOatlj632lKvzUfE6juiYdGLogXPmX0BTY+OIChTCwUu6F1+nj3nq7KOfDMBEo2mt2M6KKjW8OOBhKool6nNROuhcVF5F3Yi3C9Z7pUgieTEGaTORqN1D0m3WcP+RJiR2il5PG8bMCcmoYkPSnOfMv8lHmvnb0gcTmKY/48/WiJ4Q/kO+STOY9fkWFc7GfB7yeh9HXQl3ej4G8klE2UPifI07upgXh+Z0uXk2Z92fE/pD8945uQRcX8TWtW1k+/8jWURhZbgi2ubLIxno7JdjbA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Fri, 22 Apr 2022 18:50:15 +0000

Ironport-data: A9a23:oVT8BqNMZ9ttEhfvrR3WlsFynXyQoLVcMsEvi/4bfWQNrUol1GdUn 2AZXTiCMvyDamSjfY1zbIq1oUoGvMPUmN5rHgto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKlYAL/En03FFcMpBsJ00o5wbZl2NQw27BVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z7 vpz5aydVwQVD4rNorkAdxRRNTB/IvgTkFPHCSDXXc276WTjKiOp6dMxSUY8MMsf5/p9BnxI+ boAMjcRYxufhuWwhrWmVu1rgcdlJ87uVG8dkig4kXeFUrB5GdaaG/+iCdxwhV/cguhnG/rEa tVfQj1odBnaODVEO0sNCYJ4l+Ct7pX6W2MJ8QjE/vpti4TV5CFc9eTUaMrlQcODQeVQokqW/ Uf/xE2sV3n2M/Tak1Jp6EmEluLJ2C/2Ro8WPLm57eJxxk2ewHQJDx8bXkf9puO24ma8Ud9CL 00f+gI1sLM/skesS7HVQBmQsHOC+BkGVLJt//YS7QiMzu/e5VmfD21dFjpZMoV+7okxWCAg0 UKPk5XxHztzvbaJSHWbsLCJsTe1PitTJmgHDcMZcTY4DxDYiNlbpnryohxLSsZZUvWd9enM/ g23

Ironport-hdrordr: A9a23:Ul9vcKPFLk9OSMBcT5j255DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8wr4WBkb6LO90DHpewKRyXcH2/hqAV7EZniohILIFvAu0WKG+VHd8kLFh4lgPM tbEpSWTeeAdWSS7vyKrjVQcexQpuVvmZrA7Yix854ud3ASV0gK1XYaNu/vKDwTeOAwP+tdKH Pz3Kp6jgvlXU5SQtWwB3EDUeSGjcbMjojabRkPAANiwBWSjBuzgYSKUySw71M7aXdi0L0i+W /Kn0jS/aO4qcy2zRfayiv684lWot380dFObfb8yfT9aw+cyDpAVr4RH4FqjwpF591HL2xa1u Ukli1QevibLUmhJ11d7yGdgzUImwxelkMKgWXo/UcL5/aJBQ7SQvAx+76wOHHimjUdlcA536 RR022DsZ1LSRvGgSTm/tDNEwpnj0yuvBMZ4KYuZlFkIP0jgYVq3MUiFYJuYeU9NTO/7JpiHP hlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonJrtWE8y1FdyN0Un38G+p54Q55Y5/ 7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUB/aPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CES19cvX5aQTOYNSRP5uw+zvngehTMYd228LAu23FQgMyOeJP7dSueVVspj8ys5/0CH8yzYY fHBK5r

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYROG7H4IUo8Py9UONHlhaTBRq8az8acKA

Thread-topic: [PATCH v3 0/3] amd/msr: implement MSR_VIRT_SPEC_CTRL for HVM guests

On 31/03/2022 10:27, Roger Pau Monne wrote: > Hello, > > The following series implements support for MSR_VIRT_SPEC_CTRL > (VIRT_SSBD) on different AMD CPU families. > > Note that the support is added backwards, starting with the newer CPUs > that support MSR_SPEC_CTRL and moving to the older ones either using > MSR_VIRT_SPEC_CTRL or the SSBD bit in LS_CFG. > > Xen is still free to use it's own SSBD setting, as the selection is > context switched on vm{entry,exit}. > > On Zen2 and later, SPEC_CTRL.SSBD exists and should be used in > preference to VIRT_SPEC_CTRL.SSBD. However, for migration > compatibility, Xen offers VIRT_SSBD to guests (in the max CPUID policy, > not default) implemented in terms of SPEC_CTRL.SSBD. > > On Fam15h thru Zen1, Xen exposes VIRT_SSBD to guests by default to > abstract away the model and/or hypervisor specific differences in > MSR_LS_CFG/MSR_VIRT_SPEC_CTRL. > > Note that if the hardware itself does offer VIRT_SSBD (ie: very likely > when running virtualized on < Zen2 hardware) and not AMD_SSBD Xen will > allow untrapped access to MSR_VIRT_SPEC_CTRL for HVM guests. > > So the implementation of VIRT_SSBD exposed to HVM guests will use one of > the following underlying mechanisms, in the preference order listed > below: > > * SPEC_CTRL.SSBD. (patch 1) > * VIRT_SPEC_CTRL.SSBD (untrapped). (patch 2). > * Non-architectural way using LS_CFG. (patch 3) > > This has survived a XenRT basic set of tests on AMD machines. Sorry for the mixed feedback, but some is applicable across multiple patches. First, it is important to know why MSR_VIRT_SPEC_CTRL exists, because that informs what is, and is not, sensible to do with it. It exists to be a FMS-invariant abstraction of the DE_CFG interface, emulated by the hypervisor. At the time, we experimented with emulating MSR_SPEC_CTRL directly, but the results were unusable slow (legacy IBRS causing a vmexit on every syscall/interrupt entry&exit) so MSR_VIRT_SPEC_CTRL is also an explicit statement that it is an expensive operation and shouldn't be used frequently. In practice, this means "only for very very important processes, and not to be used more frequently than process context switch". Also, there is no hardware which implements MSR_VIRT_SPEC_CTRL, nor will there be. Patch 2 has added an extra two vmexits around each vmexit, in an effort to let L2 vmexit to L0 rather than L1 for what is likely to be 0 times in an L1 timeslice. It's not a credible optimisation, for something which isn't a production usecase. Yes - nested virt does exist, and is useful for dev, but noone runs a fully fat server virt hypervisor at L1 in production if they care in the slightest about performance. Either way, patch 2 is premature optimisation with a massive complexity cost. Furthermore, writes to LS_CFG are also incredibly expensive, even if you're not changing any bits. The AMD recommended algorithm specifically avoids rewriting it with the same value as before. Another thing is that Xen shouldn't touch LS_CFG like this if there is any hint of a hypervisor on the system. If there is a hypervisor and it doesn't offer VIRT_SPEC_CTRL, trying to play with LS_CFG isn't going to make the situation any better. As to the CPUID bit handling, on consideration of the whole series, it wants to be "!" only. ! is there to indicate "something complicated is going on with this bit", and life is too short to try and get the derivation logic right with both implicit and explicit conditions. Leave it without an s/S (so no auto propagation from the host policy), and set it in the max policy for LS_CFG || VIRT_SPEC_CTRL || SPEC_CTRL, and set it in the default policy for LS_CFG || VIRT_SPEC_CTRL, which will be far clearer to follow. For `struct ssbd_core`, the name isn't great. It's more ssbd_ls_cfg/state. Also, each array element wants 64 byte alignment, because that's the only way to avoid atomic cacheline pingpong from the spinlocks. Also, the accessors need to be raw, because GIF=0 context is weird and working around checklock with irqsave variants is not a clever move. It is not safe to printk()/bug/etc from GIF=0 context, so logic needs to be kept to an absolute bare minimum. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.