[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] x86/spec-ctrl: Reduce HVM RSB overhead where possible

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Thu, 11 Aug 2022 17:05:17 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ei7UImJjUhQiyB8Z2knWCeFrYrAfCUgsrtREqc3wWL4=; b=jB+5M5dWdIZqrqv1zlLESxhhDdKONFRi9OXjSF1ckJzZpWQjsY1dKLv9Xub1jJipfWhkcOS2bPjYZitIlH+GVlWoubvSeZX8K2B6vWwmcccC4zRzETQoCEmG7Kmf/irKzQBQasAm08MDmxtpYITPcPHnmL3wGKkjekOCeOzWZkkd6WgRBpQ9QjT3niGZX9hSxmVTXnRsZykBzcAD8+f2TQZvGhH/f0IFw5B33EOp1cc7cb4n0GhpSjlIDqr9h7KAvl8BJJyGdVj3qCKnqb/5OCaGwzMTEAxO8VEgfRLooOeWRctsaUE17qehEzkJ6KLZXdqcsKrrvvu5D3FH7IaohA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kqbvuZkGFBvQDZ1RfK1u0vAa32IpnZYzYviXZwoZrDf0fkjnt1AYKWYA9gOpM89IuCib8s+PFSN9C6hJEJ1vKjJHRkqML5va4ycnBGa/GRnRxYkdyx3sgGRf8bUDAsaWcx8fLMul/3MI73hQFUQm3OHY5QrTL+/Fp2nzI9ijMksDa2nBK79HQSE0Vyfqs8Gh0Y8HKrTRCSlbZYU/L8YVposabscgej6DfJgG20GZgHxrHzLIwL1HfEwQsrTtUF16bpa4PT/f1SqoV4oPvVre0sE9xjbu9nSOpsNUxBj1IRUvjv+5u+W1KV4HLeVeQ7pU4IYTFxD1qKdhapZcVEYcEQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 11 Aug 2022 17:05:29 +0000
  • Ironport-data: A9a23:er7/36jn6qMukWomouesw+hJX161VREKZh0ujC45NGQN5FlHY01je htvDDyBPfiIamP1Kd0iaY7ipBkOvcWDnIA1TQs4qi1gFCob9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6j+fQLlbFILasEjhrQgN5QzsWhxtmmuoo6qZlmtH8CA6W0 T/Ii5S31GSNhnglaQr414rZ8Ek15KSr4WtC1rADTasjUGH2xiF94K03fcldH1OgKqFIE+izQ fr0zb3R1gs1KD90V7tJOp6iGqE7aua60Tqm0xK6aID76vR2nQQg075TCRYpQRw/ZwNlPTxG4 I4lWZSYEW/FN0BX8QgXe0Ew/ypWZcWq9FJbSJQWXAP6I0DuKhPRL/tS4E4eP6cn5cB4Gj512 OE5GDtdYzC8o9qfz+fuIgVsrpxLwMjDGqo64ysl5xeJSPEsTNbEXrnA4sJe0HEonMdSEP3CZ s0fLz1ycBDHZB4JMVASYH48tL7w2j+jLHsF9RTM+vdfD2v7lWSd1JDENtbPd8PMbsJShkuC/ UrN/njjAwFcP9uaodaA2i383bSSzXqnMG4UPODk6KZBuQ2w/FUeLxQReX6UpsazkkHrDrqzL GRRoELCt5Ma9kWtQsPsQh6Qr3uNvxpaUN1Ve8Uq5QfIxqfK7gKxAmkfUiUHeNEgrNUxRzEhy hmOhdyBLR5FvaCRSHmd3qyJtj70Mi8QRUcdYQcUQA1D5MPsyLzflTrKR9dnVaSz3tv8HGiqx yjQ9XdjwbIOkcQMyqO3u0jdhC6hrYTISQhz4RjLWmWi7UVyY4vNi5GU1GU3JM1odO6xJmRtd lBe8yRCxIji1a2wqRE=
  • Ironport-hdrordr: A9a23:PVQdTq5UaohCK2YtLQPXweCCI+orL9Y04lQ7vn2ZFiY5TiXIra qTdaogviMc0AxhI03Jmbi7Scq9qeu1z+853WBjB8bZYOCAghrlEGgC1/qp/9SEIUHDH4FmpM BdmsRFaeEYSGIK9foSgzPIXOrIouP3lpxA7N22pxgCcegpUdAY0+4TMHf4LqQCfngjOXNPLu v42iMonVqdUEVSSv7+KmgOXuDFqdGOvJX6YSQeDxpixBiSgSiu4LvaFQHd+hsFSTtAzZor7G CAymXCl+SemsD+7iWZ+37Y7pxQltek4txfBPaUgsxQBiTwhh2ubIFBXaTHmDwuuumg5Hsjjd GJiRY9OMZY7W/XYwiO0FXQ8jil9Axrx27pyFeej3emi9f+XigGB81Igp8cWgfF6mI71esMk5 5j7ia8jd56HBnAlCPy65zjTBdxjHe5pnIkjKo6k2Ffa40Dc7VcxLZvvn+9Ua1wWR4S2rpXV9 WGP/usosq+tmnqNkwxi1MfhOBEmE5DRituDHJy4fB9mAIm4UyRh3FouPD32E1wtK7VAqM0md gteM5T5c5zZ95TYqRnCOgbR8yrTmTLXBLXKWqXZU/qDacdJhv22tfKCZgOlZaXkaYzve0PsY WEVEkduX85ekroB8HL1JpX8grVSGH4WTj20MlR65Vwp7W5HdPQQGa+YUFrl9Hlr+QUA8XdVf r2MJVKA+X7JW+rHYpSxQXxV5RbNHFbWswIvdQwXU6Iv6vwW8XXn/2edOyWKKvmED4iVG+6Cn wfXCLrLMEF9UyvUm+QummkZ5osQD2LwXtdKtmrwwFI8vl9CmRliHlntX2poseWNDZFrqs6OE NjPbKPqNLImVWL
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYrBGVOnpsJ3EHKEGHOuDU3gegNK2nAqkAgALuQgA=
  • Thread-topic: [PATCH 2/2] x86/spec-ctrl: Reduce HVM RSB overhead where possible
On 09/08/2022 21:20, Jason Andryuk wrote:
> On Tue, Aug 9, 2022 at 1:01 PM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 
> wrote:
>> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
>> index 17e103188a53..8a6a5cf20525 100644
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -3934,8 +3934,24 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>>  {
>>      unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0;
>>      unsigned int vector = 0, mode;
>> -    struct vcpu *v = current;
>> -    struct domain *currd = v->domain;
>> +    struct vcpu *v;
>> +    struct domain *currd;
>> +
>> +    /*
>> +     * To mitigate Post-Barrier RSB speculation, we must force one CALL
>> +     * instruction to retire before letting a RET instruction execute.
> I think it would be clearer if this comment mentioned LFENCE like the
> commit message does.  Looking at this change without the commit
> message the connection is not obvious to me at least.  Maybe "we must
> force one CALL instruction to retire (with LFENCE) before letting a
> RET instruction execute"?

While I'm sympathetic to trying to make this easier to follow, throwing
extra LFENCE's around isn't the right way forward IMO.

LFENCE *is* the basis of a lot of software mitigations, because it has
been specified by Intel and AMD to also be a dispatch barrier.

This has been covered in multiple whitepapers from both vendors, and has
been updated in the main manuals for 4 years or now now.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.