[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17 3/4] amd/ssbd: remove hypervisor SSBD selection


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 13 Oct 2022 15:50:20 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nsxRnJe6PHh0LuWq8mWDdYzXj3FlnsjYLNKKGA6jGI8=; b=bJYjLEHbBTaGubukXYQ3x6c58l6KCxv6VXre9DGBJLFUrzk2ejiEV9OqIvoK/VSDTMEIQawWK/E2iltcpaea2Akq+YqXT3X2nZe4lcCO2pZFE4nz7G25VQVQK0AmKQUSGypKOKQSTNYJwW6F0S/wy9kLBc0DU3f5LIAP9WpZyiel9jGa8sAW+Al+LdxUXzhNEtgR3ws08DMa3NZfHsaisCq+aAGb9s72puy1YSOYYj7H0h0J9VTQ1KB3J0r4KMvGsQAZvAARDBwefDaiWw2g9MCLcS/L5sDUPjh2mIfo3cgF1K5FZqihBv1jUA30mkphR9ELT5TlvotpePjrHMGBcw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BPuw7TAe5Ae/WNImbz/jrvWN4OIAqMo1oygcY3uSmh9VCKKuBwtYuRtC5eN87Fk+Ki+iP0ARyOhWYK0eyqKhdUSVNb1BUoEKpDFtVocGTRiUPlZmETNJjs/u1SU1p42ES0qXsFKCgLJmuWW8L+MmX2emTx4LGSCXt3DCrD+Kx4Rfg6SHna5vPgEkByJbHC9LI7d8COVrMxzhJny+AYA/qbem6b1wyGBhIxV3aLeMKGPjLJmA7oREHdknMl3JAsdfIh+cVNj9nKqGUdMKDa8yLTou1YKSkS1vUBYlRfiNKIabhWU6PkITmYX889+2MKGWNHwW+LRKCl16RTF9BiiNoQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Henry.Wang@xxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 13 Oct 2022 13:50:54 +0000
  • Ironport-data: A9a23:Q7JqK6JLZzSUJGNEFE+RDpQlxSXFcZb7ZxGr2PjKsXjdYENShmMOn TBLD2iHOK3eY2Txf9tyPYripBkHu56Ex95lGldlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/vOHtIQMcacUghpXwhoVSw9vhxqnu89k+ZAjMOwRgiAo rsemeWGULOe82MyYz98B56r8ks15q2q4WhA5zTSWNgQ1LPgvyhNZH4gDfnZw0vQGuF8AuO8T uDf+7C1lkuxE8AFU47Nfh7TKyXmc5aKVeS8oiM+t5uK23CukhcawKcjXMfwXG8M49m/c3Kd/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTGCFcpqHLWyKE/hlgMK05FbRF9eFsBjBUz tJbMBwHZzmEi8jrmZvuH4GAhux7RCXqFKU2nyg6iB38U7MhS52FRLjW79hF2jt2ntpJAfvVe 8seb3xocQjEZBpMfFwQDfrSns/x3iW5L2Ie9QPT/PRni4TQ5FUZPLzFKt3ad8bMXcxItk2Zu njH7yLyBRRy2Nm3mWParCz31rGncSXTQbxRSqaqrOxQnlTOhVcZGCA3bQOxrqzs4qK5c5cFQ 6AOwQIsp6Uv8E2gTvHmQga15nWDu3Y0e9dWCfx81wiLxYLd+QPfDW8BJhZDddgnuckeVTEsk FiTkLvBHidzubeYTXac8La8rj6oPyURa2gYakcsUg8t89Tl5oYpgXrnXttlVaK4kNDxMTXx2 CyR6jgzga0JiswG3Ln9+krI6w9AvbDMRw8xownSAGSs61ojYJb/PtL4r1/G8fxHMYCVCEGbu 2QJkNSf6+ZICoyRkCuKQ6MGG7TBC+u5DQAwSGVHR/EJnwlBMVb4FWyMyFmS/HtUD/s=
  • Ironport-hdrordr: A9a23:IGuPYa64la+7oj+ROgPXwUOBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhI03I6urwQpVoIEmsvaKdhLNxAV7MZniehILFFvAB0WKA+UyqJ8SdzJ8k6U 4IScEXY7ecbSkYsS+Q2njdLz9U+qjgzEnev5a4854Cd3AOV4hQqyNCTiqLGEx/QwdLQbAjEo CH28ZBrz28PVwKc8WSHBA+LqL+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwI0l7X POn2XCl+ieWrCAu1PhPl3ontprcejau5p+7Qu3+4gowwDX+0mVjUJaKv6/VX4O0aOSAR0R4a TxSl8bTrhOAjXqDySISd+H4Xim7N7ogEWSjWNwyEGT3vDRVXY0DdFMipledQac4008vMtk2K YOxG6BsYFLZCmw6xgVyuK4Ii2CrHDE1UYKgKoWlThSQIEeYLheocgW+15UCo4JGGb/5Jo8GO djAcnA7LIOGGnqJkzxry1q2pihT34zFhCJTgwLvdGUySFfmDR8w1EDzMISk38c/NY2SoVC5e 7DLqN0/Ys+OPM+fOZ4HqMMUMG3AmvCTVbFN3+TO03uEOUdN3fEu/fMkccIDSGRCe81JbcJ6e T8uQljxBAPkmrVeLyz4KE=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Oct 12, 2022 at 10:30:45AM +0200, Jan Beulich wrote:
> On 11.10.2022 18:02, Roger Pau Monne wrote:
> > @@ -2365,12 +2365,6 @@ On hardware supporting STIBP (Single Thread Indirect 
> > Branch Predictors), the
> >  By default, Xen will use STIBP when IBRS is in use (IBRS implies STIBP), 
> > and
> >  when hardware hints recommend using it as a blanket setting.
> >  
> > -On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=`
> > -option can be used to force or prevent Xen using the feature itself.
> 
> Why would we want to take away this level of control? Shouldn't we turn this
> on while in Xen if so requested? Which would then either mean enabling it on
> VMEXIT if a guest has it off, or running with it turned on using the OR of
> guest and host settings.

Right, but then we need to context switch the value on vm{entry,exit}
which is problematic.  I could move the context switch code code out
of the GIF=0 region, and assume that NMIs executing with the guest
selection of SSBD are OK.

Alternatively setting ssbd= on the command line could be taken as a
value to enforce for the whole system and prevent guest attempts to
change it, not exposing VIRT_SSBD, AMD_SSBD or SSBD (haven't
looked at whether not exposing the SSBD CPUID related to
SPEC_CTRL.SSBD will have impact on other features).

I was under the impression that the command line ssbd option was added
to cope with Xen not exposing the feature to guests. Now that the
feature is exposed guests should be free to make use of it, and hence
there's no need to force a value for Xen.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.