[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/spec-ctrl: Use IST RSB protection for !SVM systems

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 15 Aug 2022 09:33:23 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8p54DIdYnoguQxyGemrB9b70hfH0YEL8q59qYyx8NVQ=; b=HmPR+fhesmybSQ2ajRhT8L6OGEk8fX9NgvpSnUjNSUw9BGkayWxiUztCEgSP5XL2XPoKbM6b2jIgF7bGtWufvCv7hTUIS+t1M2JEEFOXBwcB4byhg8tTy0H1fe+/Z1iG0PXGJQS8Mu8hS3GnmXZ8j6WQpAPKPwD8ZY0ReIcbURiYRTV6q6gGpN6uzNBFwPgpCEF6FqeisRgUTty0SPfziDtazh3H5SQCIDnNaTokQ43iKIdnSuSq4alZ1KqUUdnzOQX212xv20jZzDmmQ/WduTWPUbkBJUuiAWZ4x7ycYZJ/V2K575f9en+QMLCI+Aqsu2CE9AVe3WSFmegVkxZU7w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NI2YiHng/8hxI25CJoa4RjclngURjFNzK2oQ0jydwkVSeDXP3PiMaGmwvFanfAFvxXsi49aqwYf2WqscY1W6+hREyT2/9dO7UZdSUhbN8G4qdMUH0o+jzIPmcAE2UFU0UMhHA2T4LmOy32KJO3BKhlCE26AeILSZotLmDFx+Nca9QKDCg8WZSXleAbbX+R61ei4LdnqltwVgKOK2V+vvcwyCICVmgBg3d2DPuH1K1OePTThO4J0JypoZfSkYhXh0CU+UECDsgw3X/BOEDX+1xqXvdDFOLOnS19voD0Mv1ihjsWARIOBB8614a8wOJPPkTGgngfNYgjvAZVyxLz31Aw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 15 Aug 2022 09:33:41 +0000
  • Ironport-data: A9a23:1ToN4qMepHnPrubvrR28lsFynXyQoLVcMsEvi/4bfWQNrUohgWcHy DYYXziPOqqOYTbzctwlO4S/9xxV6sWGn9VjGQto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH3dOCJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kqsyj5UAbeKRWmthg vuv5ZyEULOZ82QsaDhMu/ve8EoHUMna41v0gHRvPZing3eG/5UlJMp3Db28KXL+Xr5VEoaSL woU5Ojklo9x105F5uKNyt4XQGVTKlLhFVHmZk5tc7qjmnB/Shkaic7XAha+hXB/0F1ll/gpo DlEWAfZpQ0BZsUgk8xFO/VU/r0X0QSrN9YrLFDm2fF/wXEqfFPIzalfBV5pOrFI0blWPG9c+ 9cGa2wSO0Xra+KemNpXS8FKr+F6dIzOA9lavXttizbEEfwhXJbPBb3Q4sNV1ysxgcYIGuvCY 80eanxkaxGojx9nYw9LTs5h2rr1wCCnKFW0q3rMzUYzy0HVwBZ8z/7GN93Nd8bRbc5UglyZt iTN+GGR7hQya4PPlWTfrSzEaunn2n/1ZKYgGOWC8/9Pr1rDyzIsD1oSbA7uyRW+ogvkMz5FE GQW8Cczqak59GSwU8LwGRa/pRasoRo0S9dWVeog52ml2qfSpgqUGGUAZjpAc8A98t87QyQw0 V2ElM+vAiZg2IB5UlqY/7aQ6DatYy4cKDZaYTdeFFNepd7+vIs0kxTDCM55F7K4hcH0Hje2x C2WqC85hPMYistjO7iHwG0rSgmE/vDhJjPZLC2NNo55xmuVvLKYWrE=
  • Ironport-hdrordr: A9a23:5johXq3CGqnDQ8WmK8k8YQqjBZpxeYIsimQD101hICG9Lfb0qy n+pp4mPEHP4wr5AEtQ4uxpOMG7MBDhHQYc2/hdAV7QZnidhILOFvAv0WKC+UyrJ8SazIJgPM hbAs9D4bHLbGSSyPyKmDVQcOxQj+VvkprY49s2pk0FJW4FV0gj1XYBNu/xKDwVeOAyP+tcKH Pq3Lsjm9PPQxQqR/X+IkNAc/nIptXNmp6jSRkaByQ/4A3LoSK05KX8Gx242A5bdz9U278t/U XMjgS8v8yYwrCG4y6Z81WWw4VdmdPnxNcGLMuQivINIjGpphe0aJ9nU7iiuilwhO208l4lnP TFvh9lFcVu7HH6eH2zvHLWqkfd+Qdrz0Wn5U6TgHPlr8C8bik9EdB9iYVQdQacw1Y8vflnuZ g7nF6xht5yN1ftjS7979/HW1VBjUyvu0cvluYVkjh2TZYeUrlMtoYSlXklUqvoXRiKrbzPIt MeS/0018wmN29yqEqp51WH9ebcGkjb2C32GnTq9PbliAS+10oJsnfwjPZv4kvosqhNC6Wsrt 60TJiB3tt1P7ArRLM4C+EbTcStDGvRBRrKLWKJOFziULoKInTXtvfMkfwIDcyRCes1JaEJ6e L8eUIdsXR3d1PlCMWI0pEO+hfRQH+lVTCozs1F/ZB2trD1WbKuaES4ORsTutrlp+9aDtzQWv 61Np4TC/j/LXH2EYIM2wHlQZFdJXQXTcVQsNcmXFCFpN7NN+TRx6TmWeeWIKCoHScvW2v5DH dGVD/vJN9Y5kTuQXP8iAi5YQKYRqU+x+MELEH3xZli9GFWDPw8juE8syXL2uibbTtfr6cxYE xyZLv6j6LTnxjFwVr1
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYqLeEZxQkjHD9vkKlqX0DT1YSA62vsBsAgAASlQA=
  • Thread-topic: [PATCH] x86/spec-ctrl: Use IST RSB protection for !SVM systems
On 15/08/2022 09:26, Jan Beulich wrote:
> On 05.08.2022 12:38, Andrew Cooper wrote:
>> --- a/xen/arch/x86/spec_ctrl.c
>> +++ b/xen/arch/x86/spec_ctrl.c
>> @@ -1327,8 +1327,24 @@ void __init init_speculation_mitigations(void)
>>       * mappings.
>>       */
>>      if ( opt_rsb_hvm )
>> +    {
>>          setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
>>  
>> +        /*
>> +         * For SVM, Xen's RSB safety actions are performed before STGI, so
>> +         * behave atomically with respect to IST sources.
>> +         *
>> +         * For VT-x, NMIs are atomic with VMExit (the NMI gets queued but 
>> not
>> +         * delivered) whereas other IST sources are not atomic.  
>> Specifically,
>> +         * #MC can hit ahead the RSB safety action in the vmexit path.
>> +         *
>> +         * Therefore, it is necessary for the IST logic to protect Xen 
>> against
>> +         * possible rogue RSB speculation.
>> +         */
>> +        if ( !cpu_has_svm )
>> +            default_spec_ctrl_flags |= SCF_ist_rsb;
> Only now, when I'm about to backport this, it occurs to me to ask: Why
> is this !cpu_has_svm rather than cpu_has_vmx?

Because it is only SVM known to be safe.

> Plus shouldn't this further
> be gated upon HVM actually being in use (i.e. in particular CONFIG_HVM=y
> in the first place)?

Perhaps, but not locally here.  All of init_speculation_mitigations()
wants reconsidering if you're going down that route.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.