[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/SVM: restrict hardware SSBD update upon guest VIRT_SPEC_CTRL write

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Fri, 9 Dec 2022 10:35:20 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o35BP+XDZd5M2HlVpQVpmeE/cPxw11ex4+OapRecYpY=; b=Gc2BGLbvwNa7uXzs3FDYYoOaBJH5Xo8tKHLMb/KnalSbvLGf8Q3Yhh/mRXBp0Lqzn44B/VkBheQetfCLMzb1WfpSR7h8Nkv/vidZDk3gDYCa05c+e9KbpIba9GJdbJFXkLHBD072ofSmhdEaHl/iZnhjdfEhOLI4iKKqthx/G2XX/blmhwNrS1a36XM9hkJxqE9eE1jLIy8MNp3vOqE/ueQ7AGuS/0zJtevsshJoEOCWPr8Av2wmPnX9HkcRgeIdCW6S3UQ2Uf30WmuVY1gXiPK2PJ0Lk0R1tiq4zKIifdu2I+925tktD7CILKNdZdhj4/WmnbqhuRviM6DMhEUhUA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V1vNqb3YXl2c3TibOV+FgplKKN3j8Gjlak10pUmpxrlyZkgJbobvewlRlyzxI0sVBLtJzfs9cWp4xfAVIQO/GGojUsL3s9aJ/yQZjzi2PP5aLBQOTvmQIwDR9BtuG9rwNTV6gX/H9Sc0H2Io5YAHSVW5xYF5YG1Ja5y/8V5HlbbksMD0SyQens2afRo41Cqwc7xZSDMRKM7KEkUr4HUsTigSaPU7upqxMUTBePEw+lSxoMZ+gHAQd9nVIIk48DasAGmmvZ7ZOQbwRmAbgcVK5qGiTK5ZQh0Dud/oLcoMoGzXgPPyQUZPXkeNXqQ7xb4bEPhR9goa8kK2Oi/9m+AKzw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 09 Dec 2022 10:35:39 +0000
  • Ironport-data: A9a23:+VWtB6Dv2+GUNRVW/wviw5YqxClBgxIJ4kV8jS/XYbTApDsngTdTz WJKW2nXPvmJZzH8fopwYY++pE0PuZ/Smt9nQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nNHuCnYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFtcpvlDs15K6o4WlA7wRnDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw5fRuHXxgx MYhMDErayyIwL6sxYucY7w57igjBJGD0II3nFhFlGicIdN4BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI+uxuvDa7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prr+QwHmmBthCfFG+3uJvvh6R1moNMhk9ZUOpptXhhWqvUfsKf iT4/QJr98De7neDTNPwQhm5q36spQMHVpxbFOhSwBGAzO/Y7hiUAkAATyVdc5o2uckuXzso2 1SV2dTzClRHr7m9WX+bsLCOoluP1TM9KGYDYWoISFUD6ty6+YUr1EuQEJBkDbK/icDzFXfo2 TeWoSMihrIVy8kWy6G8+lOBiDWpznTUcjMICszsdjrNxmtEiESNO+RENXCzAS58Ebuk
  • Ironport-hdrordr: A9a23:G0G2faEPm+V0E1pBpLqE0ceALOsnbusQ8zAXPiFKOGVom6mj/f xG885rsCMc5AxhOk3I3OrwW5VoIkm8yXcW2/h0AV7KZmCP01dAbrsD0WKI+UyGJ8SRzJ866U 6iScRD4R/LYGSSQfyU3OBwKbgd/OU=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZCve5uOkbNmy6S06b6+y4P7v7ga5lU+cAgAAKCAA=
  • Thread-topic: [PATCH] x86/SVM: restrict hardware SSBD update upon guest VIRT_SPEC_CTRL write
On 09/12/2022 09:59, Roger Pau Monné wrote:
> On Thu, Dec 08, 2022 at 12:24:54PM +0100, Jan Beulich wrote:
>> core_set_legacy_ssbd() counts the number of times SSBD is being enabled
>> via LS_CFG on a core. This assumes that calls there only occur if the
>> state actually changes. While svm_ctxt_switch_{to,from}() conform to
>> this, guest_wrmsr() doesn't: It also calls the function when the bit
>> doesn't actually change. Extend the conditional there accordingly.
>>
>> Fixes: b2030e6730a2 ("amd/virt_ssbd: set SSBD at vCPU context switch")
>> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> This is the less intrusive but more fragile variant of a fix. The
>> alternative would be to have core_set_legacy_ssbd() record per-thread
>> state, such that the necessary checking can be done there.
> Hm, yes, it's going to take a bit more of memory to keep track of
> this.

It shouldn't.  Turn the count field into a bitmap of thread_ids.

The interface to this functionality should be WRMSR-like, and should
support repeated writes of the same value.  Anything else is a timebomb
which has already gone off once...

I'll have a play with this while looking into the repro I've got.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.