[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- Date: Mon, 31 Jan 2022 11:47:03 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EwMdjPZhW9E8oMhCWkr4EngvnoYzcRTUv9PqiHWtf80=; b=aCC6G9BzzhfY4Zrz7W7wYFs3vrMQykOg1X5lsElG53TrMXAaCmzzK9Swq8fsvXJVTkhnW/5NLJUGZ5kvlvtitdYBbUhqJKNbSCiq4jSluQwxTqpRlD9P/oPU2P+luIq2FrJTlFjvumI18+YR03BnTkBVpm4GXYiwQrLLiWmGbsVOhqVe+oY7FVh4kPFUhXp3gl9MarHnEQcouWOg1SHhdZ50Nc9hQqV2kVDlenY0k8yp793FNa/PvCNIL3ecF6Xa0/dhtNHkGRyAwcjJQpIbTPobTF2R/kfAFA/kNykOsGDEE0uCueF/xFYtA7nzlwFj2xlHLd2rNjg/2JzEhI92NA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JZRqhXkv4fuiFImsD8wFjIh7Bb52yymKdmqv8TpZ8DlnXsE2V7JB638suv75B11qV/uM5Kcy/6yRFkMRsrt1hp7Ni5XZYuvpyY3QnLXdX7HHwOOqW96UMSwp9m4UWxd2A4cyv0SV8ic2f8INr6qoYJZ3Zh0KlZH45cKxzoFGoF4ZgXksBhzUEpC2KmD5mn/4qFxwas97TYWbYMupWkdGo5s6wAcFR2rDBmAohR8nSDJJAz4Dm37hEpzxCJcGAIlG96iRqaKOHkp1611V+GQEQaOj1CjcPKtzJf1c/OZCjRYc6GcmPmjdJo1txchnuOMCYD/etIGpKgXhCu5NiBRqow==
- Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 31 Jan 2022 11:47:22 +0000
- Ironport-data: A9a23:Nwtqka75ZZjuMRKrsSt/XAxRtNXAchMFZxGqfqrLsTDasY5as4F+v mocXziGb/fbMTb3fNglPYTj9EMGsceAmNc3QFdv+Sw1Hi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FV8MpBsJ00o5wbZg2dcw2LBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z8 sVQvrioSQQSPvfMis0GSBZANH5gMvgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQRq6FP ZREMlKDajzORBhoOUgaNqg9jd6w31nZfDNIj3Ks8P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvTR4Y6BLC+sPlwjzW7xGYeFRkXXluTuuSihwi1XNc3F qAP0nNw9+5orhXtF4SjGU3jyJKZgvICc+BADuYe8AGO8aqO4xSwHXMLVhkedtNz4afaWgcW/ lOOmtroAxlmv7uUVW+R+9+okN+iBcQGBTRcPHFZFGPp9/Gm+dhu1UyXEr6PBYbo1oWdJN3m/ 9ydQMHSbZ03hNVD6ai09Euvb9mE9smQFV5dCuk6swuYAuJFiGyNOtbABbvzt68owGOlor+p5 iJsdy+2t7hmMH11vHbRKNjh5Znwjxp/DBXSgER0A74q/Cm39niocOh4uW8ifxo5bZ5UJ261M Sc/XD+9ArcJZhNGiocsO+qM5zkCl/C8RbwJqNiJBjaxXnSBXFDep3w/DaJh92vsjFItgckC1 WSzKq6R4YIhIf0/llKeHr5FuZdyn3xW7T6NGfjTkkr2uZLDNC/9YepUazOmM7FmhJ5oVS2Iq b6zwePQlUUGOAA/CwGKmbMuwacidCZjXc6u950IJ4Zu4GNOQQkcNhMY+pt4E6RNlKVJjObYu Ha7X05T0l3kgnPbbw6NbxhehHnHB/6TdFo3Yn4hO0iGwX8mbdr95asTbcJvL7Im6PZi3bh/S PxcI5eMBfFGSzLm/TUBbMai8Nw+JUrz3Q/ebTC4ZDUffoJ7Q1Cb8NHTYQaypjIFCTC6tJVir uT4hB/bW5cKWy9rEN3SNKC011q0sHVEwLByUkLEL8N9YkLp9IQ2eSX9guVue5MHKAnZxyvc3 AGTWE9Kqe7Iqo4z0d/ImaHb8Nv5T7ogRhJXRjCJ46y3OC/W+nuY7bVBCOvYLyrAUG7U+bm5Y bkHxf/LL/Bazk1BtJBxEug3wPtmtcfvvbJT0i9tAG7PMwawErplL3SLgZtPu6lKyuMLsAe6Q BvSqNxTOLHPM8L5Cl8BYgEia73bh/0TnzDT69UzIVn7u3ArrObWDx0KMknekjFZIZt0LJghk LUot8Mh4gCijgYnb4SdhSdO+mXQdnENXs3LbH3B7FMHXubz9mx/XA==
- Ironport-hdrordr: A9a23:fKkGlKjXFetcOHCiqp8YUt2dlXBQX3513DAbv31ZSRFFG/FwyP rAoB1L73PJYWgqNU3IwerwRZVpQRvnhPtICRF4B8btYOCUghrVEGgE1/qi/9SAIVywygc578 ldmsdFeaTN5DRB/KXHCUyDYqwdKbq8geCVbIXlvg9QpGhRAskKhWYYNu/YKDwMeOAvP+tiKH P23Lsim9PUQwVwUi3NPAhjYwGsnayoqLvWJTo9QzI34giHij2lrJTgFQKD4xsYWzRThZ8/7G nsiWXCl+aemsD+7iWZ+37Y7pxQltek4MBEHtawhs8cLSipohq0Zb5mR6aJsFkO0aOSARcR4Z zxSiUbToNOAkDqDyeISNzWqlDdOQMVmjvfIJmj8CPeSILCNWkH4oF69P1km1PimjQdVZdHof 92Niuixupq5VmrplWN2/HYEx5tjUa6unwkjKoaiGFeS5IXbPtLoZUY5149KuZLIMvW0vFuLA BVNrCW2B+WSyLvU1nJ+m10hNC8VHU6GRmLBkAEp8yOyjBT2HR01VERysATlmoJsMtVcegJ28 3UdqBz0L1eRM4faqxwQO8HXMusE2TIBRbBKnibL1jrHLwOf3jNt5n06rMo4/zCQu1E8LIi3J DaFF9Iv287fEzjTcWIwZ1Q6xjIBH6wWDz8o/surqSReoeMMoYDHRfzOmzGovHQ1Mn3WPerKM pbEKgmdsPeEQ==
- Ironport-sdr: xsCZRPnvS8x0h9qUVyFDyyoY6+NMqd/S0gGxmrmM7N3EUiFQ91oID8zBaWKjls/YMgYUPiplbo QxQzaKA8cUuybSz0kS/AcQrd2alNkom77F6YSNUfMr7Vht388UNM9mJZKkGTg5Re0ZtZ3yiTd3 hwSvAWWru1arJgNvY/VrFQNCv4W4oknYnRxP1nj64uL3/3Y0XkbuW1jifgnzs5GUmLxlQZiXl3 MOtBV2jR0qoCCGUGhExcZXxLgAaRXVv6unG+0CZq4PrqgyXpdVvmq+jqAtiNuVydG1U7OytgoB ZjBqsrRxJ6OqcP594DtIILnL
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHYFEsgduRKpPrES0uMVuwf+i5+76x881mAgAAUlgA=
- Thread-topic: [PATCH v2 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL
On 31/01/2022 10:33, Jan Beulich wrote:
> On 28.01.2022 14:29, Andrew Cooper wrote:
>> Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests
>> run with the logical OR of both values. Therefore, in principle we want to
>> clear Xen's value before entering the guest. However, for migration
>> compatibility, and for performance reasons with SEV-SNP guests, we want the
>> ability to use a nonzero value behind the guest's back. Use vcpu_msrs to
>> hold
>> this value, with the guest value in the VMCB.
>>
>> On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to
>> be atomic with respect to NMIs/etc. The loading of spec_ctrl_raw into %eax
>> was also stale from the unused old code, so can be dropped too.
>>
>> Implement both pieces of logic as small pieces of C, and alternative the call
>> to get there based on X86_FEATURE_SC_MSR_HVM. The use of double alternative
>> blocks is due to a quirk of the current infrastructure, where call
>> displacements only get fixed up for the first replacement instruction. While
>> adjusting the clobber lists, drop the stale requirements on the VMExit side.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Again technically:
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Thanks.
> But ...
>
>> --- a/xen/arch/x86/hvm/svm/entry.S
>> +++ b/xen/arch/x86/hvm/svm/entry.S
>> @@ -55,11 +55,12 @@ __UNLIKELY_END(nsvm_hap)
>> mov %rsp, %rdi
>> call svm_vmenter_helper
>>
>> - mov VCPU_arch_msrs(%rbx), %rax
>> - mov VCPUMSR_spec_ctrl_raw(%rax), %eax
>> + clgi
>>
>> /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */
>> - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */
>> + /* SPEC_CTRL_EXIT_TO_SVM Req: Clob:
>> C */
>> + ALTERNATIVE "", STR(mov %rbx, %rdi; mov %rsp, %rsi),
>> X86_FEATURE_SC_MSR_HVM
>> + ALTERNATIVE "", STR(call vmentry_spec_ctrl), X86_FEATURE_SC_MSR_HVM
> Is there a reason to use a macro for converting to a string here at
> all? There are no "inner" macros here which might need expanding. And
> "brevity" (as you have in the rev log) would call for
>
> ALTERNATIVE "", "mov %rbx, %rdi; mov %rsp, %rsi",
> X86_FEATURE_SC_MSR_HVM
> ALTERNATIVE "", "call vmentry_spec_ctrl", X86_FEATURE_SC_MSR_HVM
Good point. I'll switch to plain strings.
>
>
>> @@ -86,8 +86,10 @@ __UNLIKELY_END(nsvm_hap)
>>
>> GET_CURRENT(bx)
>>
>> - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob:
>> ac */
>> + /* SPEC_CTRL_ENTRY_FROM_SVM Req: Clob:
>> C */
>> ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM
>> + ALTERNATIVE "", STR(mov %rsp, %rdi), X86_FEATURE_SC_MSR_HVM
>> + ALTERNATIVE "", STR(call vmexit_spec_ctrl), X86_FEATURE_SC_MSR_HVM
> Same here then, obviously.
>
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -3086,6 +3086,33 @@ void svm_vmexit_handler(struct cpu_user_regs *regs)
>> vmcb_set_vintr(vmcb, intr);
>> }
>>
>> +/* Called with GIF=0. */
>> +void vmexit_spec_ctrl(struct cpu_info *info)
>> +{
>> + unsigned int val = info->xen_spec_ctrl;
>> +
>> + /*
>> + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] flushing
>> side
>> + * effect.
>> + */
>> + wrmsr(MSR_SPEC_CTRL, val, 0);
>> + info->last_spec_ctrl = val;
>> +}
>> +
>> +/* Called with GIF=0. */
>> +void vmentry_spec_ctrl(const struct vcpu *curr, struct cpu_info *info)
>> +{
>> + unsigned int val = curr->arch.msrs->spec_ctrl.raw;
>> +
>> + if ( val != info->last_spec_ctrl )
>> + {
>> + wrmsr(MSR_SPEC_CTRL, val, 0);
>> + info->last_spec_ctrl = val;
>> + }
>> +
>> + /* No Spectre v1 concerns. Execution is going to hit VMRUN imminently.
>> */
>> +}
> These living in SVM code I think their names want to avoid suggesting
> they could also be used for VMX (irrespective of us not meaning to use
> them there). Or else they want to move to common code, with comments
> slightly adjusted.
I'll add svm_ prefixes. I can't see these being useful elsewhere.
~Andrew
|