[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17 v3 1/2] amd/virt_ssbd: set SSBD at vCPU context switch

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Mon, 14 Nov 2022 21:39:50 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zq0RuLhePLvF8Xg/x4BQzr9TWL6VlQFUXzZ48ksxCro=; b=V0zTV4Cedyj/FjaYHbrakkn1BLCi3oKmGuQ7cr5Oj3Qx6ANjtWzN5oJLFl3rH4LAIGp7Y8+SKd0T2NWSt1AD/WibyUdSkkRu3Ot5WPQK6xqMCRvksxskXQn+8n3uXTKtApnqEfeQAn3NOyHL6I+8et+g9Vx9TeD8dlexqsVoyuXqB0H8g3b+2kPm00GRWfBOXsipnkvt/31Qqkv87rREkvVPP6zoTua/vC5KH8ThpHOCfxRHXijC8snpqukOiYyGUCMr+LwxPSBcvPL6n2fh4xf2dV3y+FUNB8WpLtOlCDDgHQwAQrk6OeTGS3EqNUzhGWUBkQY9RptoPcZcFASMjg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JG0m/dRrG3WZo7S7cXrRkUwGLWuz/sT5k3WsvFvTR96h0TpDRk+B3APnSwKE7Q5ltvpCK04JFaaab8jYOeNO3gI6rLh/HuDMIH8SkCvUrPEvzpJV98KpT3a4TgZesBMTE6Ex3eAoxQM4QIKQwV+4BRsuHiL/XhnJQLE2twsUAwU4nrbUG89FEG9LBLKk0HuMZWYmo3uUcDf7oDrJJFkCJa0M2p/rdxsvwlCnPTLEq7XTfummrqxON91pcfS2U5lLS2AeU11wLrW4Kg4/EiG4SEt6yWzvc5+8iAxY0PXqE2kZglaLGbw+vQ/QUlzNqmncK1c9wfXSJnwwl+jJDTHpAw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "Henry.Wang@xxxxxxx" <Henry.Wang@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Mon, 14 Nov 2022 21:40:17 +0000
  • Ironport-data: A9a23:SYiUIK7dmjkLWTXN+c8jXAxRtN7GchMFZxGqfqrLsTDasY5as4F+v mZMCmHVP//bamv8ftAnPYnl805XsZ/Vy9ZqSwto/301Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraBYnoqLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+4pwehBtC5gZkPKkS4AeE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m7 N0dChwWfjC6i+eQ5q2fWvhLlsYHM5y+VG8fkikIITDxK98DGMiGb4CUoNhS0XE3m9xEGuvYa 4wBcz1zYR/cYhpJfFAKFJY5m+TujX76G9FagAvN+exrvC6OnEooiOaF3Nn9I7RmQe18mEqCq 32A1GP+GhwAb/SUyCaf82LqjejK9c/+cNJOROfmp6c06LGV7kATIz8GSEODm9OWpX+FfeN5N mA95TV7+MDe82TuFLERRSaQsHOC+xIRRddUO+k78x2WjLrZ5R6DAWoJRSIHb8Yp3OcWSDowx xm2ltXmLTV1tfueTnf13rWeoC62OCMVBXQffiJCRgwAi/HhvYUygxTnXttlVqmvgbXdAirsy jqHqCw/gbQ7jsMR0ai/u1fdjFqEuZzhXgMzoALNUQqYAhhRYYekY8mk7Abd5PMZdIKBFADZ4 j4DhtSU6/0IAdeVjiuRTe4RHbavofGYLDnbhl0pFJ4kn9iwx0OekUlryGkWDC9U3gwsIFcFv Ge7Vdtt2aJu
  • Ironport-hdrordr: A9a23:w1oiAKg41OTHos0WpQ93eZVFJXBQXiAji2hC6mlwRA09TyX5ra 2TdTogtSMc6QxhPE3I/OrrBEDuexzhHPJOj7X5Xo3SOTUO2lHYT72KhLGKq1Hd8kXFndK1vp 0QEZSWZueQMbB75/yKnTVREbwbsaW6GHbDv5ag859vJzsaFZ2J921Ce2Gm+tUdfng8OXI+fq DsgPZvln6bVlk8SN+0PXUBV/irnaywqHq3CSR2fiLO8WO1/EuV1II=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHY76YmBe8QNIQ1KUWqToJPwoQsT64/A/IA
  • Thread-topic: [PATCH for-4.17 v3 1/2] amd/virt_ssbd: set SSBD at vCPU context switch
On 03/11/2022 17:02, Roger Pau Monne wrote:
> The current logic for AMD SSBD context switches it on every
> vm{entry,exit} if the Xen and guest selections don't match.  This is
> expensive when not using SPEC_CTRL, and hence should be avoided as
> much as possible.
>
> When SSBD is not being set from SPEC_CTRL on AMD don't context switch
> at vm{entry,exit} and instead only context switch SSBD when switching
> vCPUs.  This has the side effect of running Xen code with the guest
> selection of SSBD, the documentation is updated to note this behavior.
> Also note that then when `ssbd` is selected on the command line guest
> SSBD selection will not have an effect, and the hypervisor will run
> with SSBD unconditionally enabled when not using SPEC_CTRL itself.
>
> This fixes an issue with running C code in a GIF=0 region, that's
> problematic when using UBSAN or other instrumentation techniques.

This paragraph needs to be at the top, because it's the reason why this
is a blocker bug for 4.17.  Everything else is discussing why we take
the approach we take.

(and to be clear, it's slow even with MSR_SPEC_CTRL.  It's just that its
a whole lot less slow than with the LS_CFG MSR.)

>
> As a result of no longer running the code to set SSBD in a GIF=0
> region the locking of amd_set_legacy_ssbd() can be done using normal
> spinlocks, and some more checks can be added to assure it works as
> intended.
>
> Finally it's also worth noticing that since the guest SSBD selection
> is no longer set on vmentry the VIRT_SPEC_MSR handling needs to
> propagate the value to the hardware as part of handling the wrmsr.
>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> ---
> Changes since v2:
>  - Fix calling set_reg unconditionally.
>  - Fix comment.
>  - Call amd_set_ssbd() from guest_wrmsr().
>
> Changes since v1:
>  - Just check virt_spec_ctrl value != 0 on context switch.
>  - Remove stray asm newline.
>  - Use val in svm_set_reg().
>  - Fix style in amd.c.
>  - Do not clear ssbd
> ---
>  docs/misc/xen-command-line.pandoc | 10 +++---
>  xen/arch/x86/cpu/amd.c            | 55 +++++++++++++++++--------------
>  xen/arch/x86/hvm/svm/entry.S      |  6 ----
>  xen/arch/x86/hvm/svm/svm.c        | 45 ++++++++++---------------
>  xen/arch/x86/include/asm/amd.h    |  2 +-
>  xen/arch/x86/msr.c                |  9 +++++

Need to patch msr.h now that the semantics of virt_spec_ctrl have changed.


> diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
> index 98c52d0686..05d72c6501 100644
> --- a/xen/arch/x86/cpu/amd.c
> +++ b/xen/arch/x86/cpu/amd.c
> <snip>
> +void amd_set_ssbd(bool enable)
> +{
> +     if (opt_ssbd)
> +             /*
> +              * Ignore attempts to turn off SSBD, it's hardcoded on the
> +              * command line.
> +              */
> +             return;
> +
> +     if (cpu_has_virt_ssbd)
> +             wrmsr(MSR_VIRT_SPEC_CTRL, enable ? SPEC_CTRL_SSBD : 0, 0);
> +     else if (amd_legacy_ssbd)
> +             core_set_legacy_ssbd(enable);
> +     else
> +             ASSERT_UNREACHABLE();

This assert is reachable on Fam14 and older, I think.

> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
> index 1aeaabcb13..8b101d4f27 100644
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -973,6 +973,16 @@ static void cf_check svm_ctxt_switch_from(struct vcpu *v)
>  
>      /* Resume use of ISTs now that the host TR is reinstated. */
>      enable_each_ist(idt_tables[cpu]);
> +
> +    /*
> +     * Clear previous guest selection of SSBD if set.  Note that 
> SPEC_CTRL.SSBD
> +     * is already cleared by svm_vmexit_spec_ctrl.
> +     */
> +    if ( v->arch.msrs->virt_spec_ctrl.raw & SPEC_CTRL_SSBD )
> +    {
> +        ASSERT(v->domain->arch.cpuid->extd.virt_ssbd);
> +        amd_set_ssbd(false);
> +    }
>  }
>  
>  static void cf_check svm_ctxt_switch_to(struct vcpu *v)
> @@ -1000,6 +1010,13 @@ static void cf_check svm_ctxt_switch_to(struct vcpu *v)
>  
>      if ( cpu_has_msr_tsc_aux )
>          wrmsr_tsc_aux(v->arch.msrs->tsc_aux);
> +
> +    /* Load SSBD if set by the guest. */
> +    if ( v->arch.msrs->virt_spec_ctrl.raw & SPEC_CTRL_SSBD )
> +    {
> +        ASSERT(v->domain->arch.cpuid->extd.virt_ssbd);
> +        amd_set_ssbd(true);
> +    }

While this functions, it's still a perf problem.  You now flip the bit
twice when switching between vcpus with legacy SSBD.

This wouldn't be so bad if you'd also fixed the inner function to not do
a read/modify/write on the very slow MSR, because then we'd only be
touching it twice, not 4 times.

This isn't critical to fix for 4.17, but will need addressing in due course.

However, as the patch does need a respin, amd_set_ssbd() is too
generic.  It's previous name, amd_set_legacy_ssbd(), was more
appropriate, as it clearly highlights the fact that it's the
non-MSR_SPEC_CTRL path.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.