Xen project Mailing List

[PATCH v4 2/4] x86/spec-ctrl: defer context-switch IBPB until guest entry

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 14 Feb 2023 17:11:05 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d+/DUjrNApE1of8R+q9OMsOXlsFTj99u5P7jS1EbUzw=; b=HlzK3w2z8vDcWlMOVrr3ldmCB5ym69dXwYYUT00Q9Da+RmIC1lzD/YbrFA2lb5yI65+WT9Ohn/LSiffFGlLnr6r+LaJntmrAM/CrWlZlzSufNcK908kkERraUTybrM8koUyX5OTYolKXZxyOgUF9RQbXe9f8ANTGxgT0V3Gu6tcYwQCFsm9P6YWw+oRcTi1tydtGOUfAXLv+fxWL45fTBlV3rQWR7X1AqTXe4NZ+Ud4nOdIzZ1/GidrCBE18V3YGX7vyLUjQfOS7h0bPmVouYbVZEVfNZ/qjY+LHy4CI9nmerebukVq78HXUHW8uh9HRbDL4ZLHRd4FkOtqRiCThUA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C99l2jMkVu9rzdHMOsHKmHwNS9BXezQ2iP6vvNFPn7+Ff87icPa6QXJJSf69OqINNj+HFCHRqE1pW5f6y1Podjz4FckXyBrTJrH6NQPBIXHt89JmRkuab+M2fJMTqspvodejXDQrv0Rk2Hzxaz6UWl6+/nC/sC2jdRZuJn3vNOwDHUOVa3NXULbrx+3ZBZ5mTA330aiuykWUL1VdDxEYEeWVqQW7J+BKWRGpeWIk4mU2x1NaWOwwDbwhFFwBl8a5qNWfgSWU4+Tps5YRP5wwwyvjNcoDIHI9aWCG/Ev1KQU4w1Tiw2X+AoH0s0pQDocvvpVmBsTipiROv3ICVra/9g==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 14 Feb 2023 16:11:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

In order to avoid clobbering Xen's own predictions, defer the barrier as much as possible. Merely mark the CPU as needing a barrier issued the next time we're exiting to guest context. Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- I couldn't find any sensible (central/unique) place where to move the comment which is being deleted alongside spec_ctrl_new_guest_context(). (If this patch is to survive in the first place, it was suggested to move to spect_ctrl_asm.h, next to the #define of the controlling bit.) --- v4: Re-base in particular over changes earlier in the series. v3: New. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2038,7 +2038,7 @@ void context_switch(struct vcpu *prev, s */ if ( *last_id != next_id ) { - spec_ctrl_new_guest_context(); + info->spec_ctrl_flags |= SCF_new_pred_ctxt; *last_id = next_id; } } --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -67,28 +67,6 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); -/* - * Switch to a new guest prediction context. - * - * This flushes all indirect branch predictors (BTB, RSB/RAS), so guest code - * which has previously run on this CPU can't attack subsequent guest code. - * - * As this flushes the RSB/RAS, it destroys the predictions of the calling - * context. For best performace, arrange for this to be used when we're going - * to jump out of the current context, e.g. with reset_stack_and_jump(). - * - * For hardware which mis-implements IBPB, fix up by flushing the RSB/RAS - * manually. - */ -static always_inline void spec_ctrl_new_guest_context(void) -{ - wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); - - /* (ab)use alternative_input() to specify clobbers. */ - alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET, - : "rax", "rcx"); -} - extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -854,6 +854,11 @@ static void __init ibpb_calculations(voi */ if ( opt_ibpb_ctxt_switch == -1 ) opt_ibpb_ctxt_switch = !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv); + if ( opt_ibpb_ctxt_switch ) + { + setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_PV); + setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_HVM); + } } /* Calculate whether this CPU is vulnerable to L1TF. */

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.