Xen project Mailing List

Re: [PATCH] x86/Xen: make use of IBPB controlling VM assist

From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

Date: Wed, 15 Feb 2023 18:22:37 -0500

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x5cHxNRsBgzP/65saTGrGlD/j2smdlH/nz5C+5CED94=; b=PIJhP5s8T4Xx9/F9l+GDt0MRdco9v2QAoJrboceL/PqVuH8wwdGEApB/ygfm10aEIV8fs4VRhEDDa5BEZWoWc4laqbZ7CVqWnvD3EqPnvJFE4pbgdO18b6PBgSBEK6BQHYg7+3OHvTwxP0As7C/Zso89MJD4BE9GGe9fXqPX4wN8fR6TfpmpRj+4IlxmR18FsyYJOA+SURyDOWYuZCplGHj5lZTRfAPGo/zc2t/XS2E+/Z06ah1tbpSPYYRXrKfIcBz6nfU50wJ8ZLMup4OJbTdBJ17lWfCrCqr91vKhIv4vdpvaJ6FO2U5FeIRtB3zmMS1g/nK1tSwqvWlukyub6w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MlFLqBYgn6N7rysXSMfEeW366I8XcpuD2ZlsdfMH7S8vAGEkZ0V//eitTWJ/vjfC1hUm9VKNFWGVzIFbOMIh+/Qp2cHA90t2g/pr0+eVHd+BbbcpIyZpA1+tQRl43ej3nrf3eq7ZQiAU8Pd/JViP3y3GCw9E8G5Qe7yUtma1oauP0QFGKppX88uBKqFVWxzljd0MXTynhDCb/wIaRl8n2fHDmqcMJVwMkpnlDOzd8QaCWBHGBi/a00gdxDiwRKbCu0uqsyr7K0HcID2lVUow8lYXrlGsK4liUYCXzmYeIGYFc/lWclcZzQXX/UHcDYUAykEUhSKQmCXHPYUTtp0mww==

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 15 Feb 2023 23:23:10 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2/15/23 3:31 AM, Jan Beulich wrote:

On 15.02.2023 01:07, Boris Ostrovsky wrote:

On 2/14/23 6:53 PM, Boris Ostrovsky wrote:

On 2/14/23 11:13 AM, Jan Beulich wrote:

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -18,6 +18,8 @@
   #include <linux/pgtable.h>
   #include <linux/bpf.h>
   +#include <xen/xen.h>
+
   #include <asm/spec-ctrl.h>
   #include <asm/cmdline.h>
   #include <asm/bugs.h>
@@ -32,6 +34,7 @@
   #include <asm/intel-family.h>
   #include <asm/e820/api.h>
   #include <asm/hypervisor.h>
+#include <asm/xen/hypervisor.h>
   #include <asm/tlbflush.h>
     #include "cpu.h"
@@ -934,7 +937,8 @@ do_cmd_auto:
           break;
         case RETBLEED_MITIGATION_IBPB:
-        setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB);
+        if (!xen_pv_domain() || xen_vm_assist_ibpb(true))


Is this going to compile without CONFIG_XEN?

Yes. The declaration of xen_vm_assist_ibpb() is visible (satisfying
the compiler) and DCE will eliminate the call to the function due to
xen_pv_domain() being constant "false" in that case, avoiding any
linking issues. The interesting case here really is building with
XEN but without XEN_PV: That's why I needed to put the function in
enlighten.c. This wouldn't be needed if xen_pv_domain() was also
constant "false" in that case (just like xen_pvh_domain() is when
!XEN_PVH).

I also think these two conditions should be wrapped into something to limit 
exposure of non-Xen code to Xen-specific primitives.

I would have done so, if I had any halfway sensible idea on how to
go about doing so in this particular case. In the absence of that it
looked okay-ish to me to reference Xen functions directly here.

Oh, and this needs x86 maintainers.

Eventually yes. But I would prefer to sort the above question first
(which I'm sure would have been raised by them, in perhaps more
harsh a way), hence the initially limited exposure.

I also think there is a bit of a disconnect between how the mitigation is reported in the log/sysfs (retbleed_mitigation is RETBLEED_MITIGATION_IBPB, so "Mitigation: IBPB") and, for example, lscpu (since X86_FEATURE_ENTRY_IBPB is not set anymore). -boris

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.