From nobody Thu May 9 20:42:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1676391068; cv=pass; d=zohomail.com; s=zohoarc; b=WtlXeE/j+yHZrnyca0zzRcrdi8Yn2A14NDLSPJC3aV9bk1+0bVLmaEstrIYG6ooxRO/PM8Y5CG5npqIzyVmKbNcmt7sGzcOrQBy7NkSMG9+tJCOPu3wWoA5UPAxql1cDm5rnD3rBLLxrFWlq19wRiT20MFttNJzENo63acfXPQw= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676391068; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qINV3D+ZcJrc3TgcCf9Vkqn39yRf5xgMpf87ZeAdksY=; b=dYhKa+ZWhh0RVAvaKDxk1IxxybwH4GCBGHYHA7HrxAq7rf9di8saA4ZnD0zi7h0W2bbkKWkO4CCO62jIapGq5gYhoeNpOB6GH018VPqX3wxwCYNwg5yeQLhHq4BQSNqIGk9Ftj3W2a2jDak7p9z286jmhPA1LuNg9da3aDXaA6o= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676391068810940.5870251540895; Tue, 14 Feb 2023 08:11:08 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.495268.765582 (Exim 4.92) (envelope-from ) id 1pRxtI-0002T9-Pq; Tue, 14 Feb 2023 16:10:48 +0000 Received: by outflank-mailman (output) from mailman id 495268.765582; Tue, 14 Feb 2023 16:10:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxtI-0002T2-Mv; Tue, 14 Feb 2023 16:10:48 +0000 Received: by outflank-mailman (input) for mailman id 495268; Tue, 14 Feb 2023 16:10:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxtG-0002M8-OA for xen-devel@lists.xenproject.org; Tue, 14 Feb 2023 16:10:46 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on062d.outbound.protection.outlook.com [2a01:111:f400:fe0c::62d]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 2331b82b-ac82-11ed-933c-83870f6b2ba8; Tue, 14 Feb 2023 17:10:46 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM8PR04MB7762.eurprd04.prod.outlook.com (2603:10a6:20b:241::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.23; Tue, 14 Feb 2023 16:10:44 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 16:10:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2331b82b-ac82-11ed-933c-83870f6b2ba8 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nHKqHtymeg5pIoAYTaJzCv65oMHyTg50dbwr8+PBPq8W/Z+lrfeqrhF5GmRlX6FqQRuAHq7CGy9p8O7y0FKm2XlwLdd9zCuJt/36OPmJPfIi3G8P/M1Merpl83ix1WV1eixZ8baOJf1KseFIwSrnu7IYUGuEwlMr5Yj0elI90Sat0pU/Mwg/OIJ4RD5hJnqyCDlbGBYPNsjgpL64wcmApwFuSnvQGqq4LWIFRZBz6tKODMgHoJ/GrA53UImEGdwL2+6eo+KmZK/FR7uaKb6fCHRn9CExlfD09UcDwpD3jGi6mMQOFWzQ3wmT5z3aDNlFbEpf6k9LD1xrOSo/2V+cvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qINV3D+ZcJrc3TgcCf9Vkqn39yRf5xgMpf87ZeAdksY=; b=MBJdaUF5CZYxI1cBaZt1i0YaIFapmY8uXsZAnwbfpa+cyjDg+pBAtTB0gYaKWP3eR+HWOBVg+xKJkyWo4ZA9u23F2nfMck91v9fcFv0hhpL/1BLlLmjfBGCZhkYhg1X5KJ9E2CmmXQeGEHCm3AhBraAF+wERkFw7A0EXZQc1HtTKW/erCQpTEcqpNMy/Wcx/itIeyJJGmueqvpNaF9pgz7JF9yMR9Gn4Tvqtr8jeMeb22GvR9HDbLbFKtZ5+LUwXdNDrkePYkSgZgwr9nlTiXELER4coy7KJ2pKgpL01gfpMfDDNrILmdxAmyGOQ4QMCOM+i8rX9L6nrc/9wFV3oZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qINV3D+ZcJrc3TgcCf9Vkqn39yRf5xgMpf87ZeAdksY=; b=JIk6Q64r4XADHN0wkRm+eFGpcSC+ZN/c6EpNS0x3QtZr/+XwBL/cVBj8xV7nmY7EcXAQ/xoVkmWbnoaiqhqHyYVhWinxKAUxeI/kvwu34KrqSOtUr2T0F5VCk/kUnojPGIepbtTsHUIY3iFvY0yfu4r4TTYHG9S3BdKXsPm0++2rmMMKzfLf0qw+QnwxAurRNz6A1Dx7LwZWy0gEwfPNFqwPdVHIYBTT+jTbJe8MCQQHkeTMAJcxnOPlGOT/0LoTVFf8Yn4Nh1TB4zrQz4xI3mGSXeYwWGVQgun+EiwYCfpFZciG/xxaRtX+8k8CH8wPgaMwJqqFMKnK+EsbMNLMeg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <31da79de-bd6b-af95-793a-c16516992bc7@suse.com> Date: Tue, 14 Feb 2023 17:10:42 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: [PATCH v4 1/4] x86/spec-ctrl: add logic to issue IBPB on exit to guest Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> In-Reply-To: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0015.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::13) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM8PR04MB7762:EE_ X-MS-Office365-Filtering-Correlation-Id: 1f0435f9-ef97-44bb-2f03-08db0ea60687 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: n86WPBjsffWLWWt3UNQYbrITvMKYI6KPsOnBeEVWiVhy83TzhLqiP7+G7loRTEqbQxSUJlkUO0FH+RhcGysigISHOzxKvD2FEPIlMxsnC1DjfIFixVzjQPYMehEA2zJBIZHelO1vLsRdapktmI+4paxUux0v5Hr6URpWiOvCpwOWOFm2m9S0j19I1yrjsde+T8qzMPuqTDjBYcD+X3YLHtg1TFnUB/ci8jBSeY+ClgUbnoizZ24ZngCFermN3mliMFZ64lgnK2qHgYm8GxUZqOy08fIsAuDPcIvZSYWB+eIFnjOAHG+LHHzOG4njLRIJLHfDHOkKipGO5kOT1+ZFDdDauS0HBm5sG+RaYdxssraGrTBcAKm9W2bY04ET96JIlMf8/dJWp1ZEIOzZ5V+hfPd2WgEwROqmLzHmQumHjboaQKyWYqkLZi8NQ1TxSZ8J5V7Y6es/a7zSdvD53qw+ABX4Z841F00hKxFSWVtiPT0S5CH87Y839JWZQ4/YSAgnETcrx1r7sSMdg+Coj05HwKR+ytuVC7dYIqToR37gEeJn3SVoFxxpKD8kXAEt+HkfinV7Bh6AtRPIa/UUnJ6/MxC1nHSRuvFMl9Q4rYnZkF36HLTraOwC1KBYrClDiB5bSZxN7cBZMji0FyvLAZi8Zy8ekdOgwLMw7uzT93gOp3ri9zjBSJBuvHltYc8221Azs9y55RyGAgel7HcLOZjjTdSkz2LlyvceNhQDUQT+GtQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(376002)(346002)(366004)(136003)(39860400002)(396003)(451199018)(478600001)(36756003)(38100700002)(66946007)(54906003)(66476007)(83380400001)(66556008)(6916009)(4326008)(8676002)(316002)(186003)(26005)(6506007)(5660300002)(6512007)(6486002)(41300700001)(8936002)(2616005)(31696002)(86362001)(2906002)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TDJBTzdUMmV2d1I2a3d3V1UwcjhZdEtzQ1V6SUxyRGlLVVhPUjc4YVZmYTNF?= =?utf-8?B?ck9BRlV5RnB0TGpwQzdNQ1haS3NkOVh0VE9wVDVsZkpVNGZ5REY1a0tPV0dB?= =?utf-8?B?bTZvbXQ1Y21qTmRkSWFlOEFTekpBYktlbGhuSVl0aktxdFk4RUFMZENkaExk?= =?utf-8?B?ZzZncFhwQTFxa04xVVJvQWxKRmZsQXI1S0FITWFBdXIzV0xyRm5NZHFJT0Zw?= =?utf-8?B?VVczL2JsdGdTM1IvcUpPUVZKbXNYT3BGQ1ZENWxGRlBWd1hoTWEzV1U5ZS9V?= =?utf-8?B?R0lHUE8xSlh4bkFEY2FIUFBMSkFqSWpWeHNwdTl2Slk3aVJ5Q0JISnJORElW?= =?utf-8?B?V0VzREVJNVJDNExvdDNMNFFCZHJrRWpueDN1ZE1Pa3hIK1RFWXBETUc0K28y?= =?utf-8?B?bVpyVHVKcG9LOVRPRUFJa0hKcUlQYkhPdU1XTE01NDNXZ0l6dTcvTHkwSmZx?= =?utf-8?B?UXQ2R2hSVjEyeFhoK0NSR1dmZDlYYXMzbEk0aG9aelBLRm9xb0cxTlcrZEpI?= =?utf-8?B?STg5WDZ6dWtHSUJEMHBmbmxmM1dqdTh6YisvL3piQVJ3VnE2RDhCSld3SVJw?= =?utf-8?B?WjN3aWpiekFqRkU3elpJdnc5bEMxY2NFR2pEbG1GUGR5amt2eGZBUHh1cXk2?= =?utf-8?B?blZ3aVJsSkRiWkZYdThYaFdkZlNvblFwcWtJL0JscHczN0I1YXlCKzR5RzhY?= =?utf-8?B?S3A3Y00ySDloZU9rS1JTWHh4WXZVdEIvVWc0M2crNkZBZ0JyenFyVUNhZnB6?= =?utf-8?B?RWVnUUNEbGJFQnFvMDg0TE5DRDhRcHRYMU9sZEFOWjJoKzRzUjVKOTVkR3NJ?= =?utf-8?B?RjZOQ3BUWmhqNWk1SE1nMXltcHlaSVZFbVI3SGF4REIxVnVVUWptMWVCVXhT?= =?utf-8?B?RWVGTzMyTUdPem82Qm1Zd3JkcXZ2c1pVaWozYnpub3JSRXcxbHF1UitmMzUy?= =?utf-8?B?UVhmVUhSL3B2c2FSZzE4d2p1QkVvdkd0K0RRTjVhWkViUm8vMU1YM2s2cDZ2?= =?utf-8?B?ZTFNVmYwbEpsNVUwY2I2emhYYzFWUm52cUhaSTVsaUcrN2wyRE1adndZenVX?= =?utf-8?B?WXpjSUZWTW5vZmFCSEJtMDJpeE1PNkNiblA1RXVDR2Z2QjFKakZqeFRObjBH?= =?utf-8?B?QjBZbzh2RE9LV2JKVmthWmRDSmdQR3Zob0xDSVJmLzVpdmdIcXNWOXl2bE12?= =?utf-8?B?dXpmdk05VkhBVTVWeTRzbWVQVm9yYkdqYUM2VExmTlc5OG9zOHJXQ2NXOXkz?= =?utf-8?B?bTNqRnkwMkdKbXRjakZkTTdsVlpLdzlYSXNUbFM0SWlMWnpTc1RNT2tHZzdE?= =?utf-8?B?NTF2bXVVUi9udmdEb0pGaktkcDRNRGFUTEhUMkxyaitUSTdwZWtSS1l3NUk2?= =?utf-8?B?eW1KNDBPa1QycDYvekhxTTh3VHdYdGt1YjMrOUs3dENyWjlJb0lmR3pUd1FY?= =?utf-8?B?anFBVVpKbzJkNlNNU0hhaTFBOEJzamxJUGNlSlVpTkhzQkc4MjRjYlhIazNv?= =?utf-8?B?ZUQ2YXFuMUp1N0g1QWE4TTE2NlhpL1pTdWtrVWJxVnl6T3hCUm5sTTY0NUtW?= =?utf-8?B?SkE5U1ZvL2lmT3hJK1ZTL1VzNDZCaU53Sm5rUkVwdmswZUNIbnJWOGI3TzB0?= =?utf-8?B?eldadDRzQVB3Rll3dWs2NHpyeTFja25UY1dDTDVMUEN0ZzQ4NlArQ2x1UWV1?= =?utf-8?B?bWtUNUd4aWR1aXdtdk42SnVnQS8yUFVuSkZzdXJlMUxQZjVVajByZ2dyMnEr?= =?utf-8?B?dWFENitVeCt5RWZxY3ErcnRFTmtlZDcvRWtSa0RwNzA1VXNLNGFMYWlpU0Fo?= =?utf-8?B?MXJGVW1vNGRtMXo1Um83c0xDd3Q1aWJFTlNkU1A4dEZDWEt4dC9TNys3Mmxl?= =?utf-8?B?N2NranhKRW9NN0I3UjlmdEluRXBsbnJzUmFKaFgzeWthS0NzQWhMRk1KVXNP?= =?utf-8?B?VVE0SlJZOHp3NEx5Z0l4UjhQQW5Da0h4czN2UXJYSGtkY2ZJdGc0MUdRdFJY?= =?utf-8?B?RlR4SStRYTJtM29BMjFWbW45ZkpQR1A5Wm1LV2tvem53a3AyM1BEdnJzcVli?= =?utf-8?B?WVJ4Q016a0ZScjg2MWRDTFhweTBuaWlaWjArWlpCQ3N5SW9QcTdKenkyZkVQ?= =?utf-8?Q?cfAXrVtjEpyY8dbP7SzswKsvX?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f0435f9-ef97-44bb-2f03-08db0ea60687 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 16:10:44.1346 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HSR4vY6U+bycIlNrgNO352A+Mq3+4nIL9IdVRDSRhDvccPhRwgfZmBdSf5m8IPSC4k+3jqkfudCtOCeC3adbFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR04MB7762 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1676391070371100001 Content-Type: text/plain; charset="utf-8" In order to be able to defer the context switch IBPB to the last possible point, add logic to the exit-to-guest paths to issue the barrier there, including the "IBPB doesn't flush the RSB/RAS" workaround. Since alternatives, for now at least, can't nest, emit JMP to skip past both constructs where both are needed. This may be more efficient anyway, as the sequence of NOPs is pretty long. As with all other conditional blocks on exit-to-guest paths, no Spectre-v1 protections are necessary as execution will imminently be hitting a serialising event. Signed-off-by: Jan Beulich --- I have to admit that I'm not really certain about the placement of the IBPB wrt the MSR_SPEC_CTRL writes. For now I've simply used "opposite of entry". Since we're going to run out of SCF_* bits soon and since the new flag is meaningful only in struct cpu_info's spec_ctrl_flags, we could choose to widen that field to 16 bits right away and then use bit 8 (or higher) for the purpose here. --- v4: Alter parts of the description. Re-word a comment. Rename flag and feature identifiers. v3: New. --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -75,6 +75,12 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM =20 + ALTERNATIVE "jmp 2f", __stringify(DO_SPEC_CTRL_EXIT_IBPB disp=3D(2= f-1f)), \ + X86_FEATURE_NEW_PRED_CTXT_HVM +1: + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_BUG_IBPB_NO_RET +2: + pop %r15 pop %r14 pop %r13 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -86,7 +86,8 @@ UNLIKELY_END(realmode) jz .Lvmx_vmentry_restart =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=3Dregs/cpuinfo C= lob: */ + /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=3Dregs/cpuinfo C= lob: acd */ + ALTERNATIVE "", DO_SPEC_CTRL_EXIT_IBPB, X86_FEATURE_NEW_PRED_CTXT_= HVM DO_SPEC_CTRL_COND_VERW =20 mov VCPU_hvm_guest_cr2(%rbx),%rax --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,8 +39,10 @@ XEN_CPUFEATURE(XEN_LBR, X86_SY XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for i= dle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow St= acks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect = Branch Tracking */ -XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by X= en for PV */ -XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by X= en for HVM */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by X= en when entered from PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by X= en when entered from HVM */ +XEN_CPUFEATURE(NEW_PRED_CTXT_PV, X86_SYNTH(30)) /* issue prediction barri= er when exiting to PV */ +XEN_CPUFEATURE(NEW_PRED_CTXT_HVM, X86_SYNTH(31)) /* issue prediction barri= er when exiting to HVM */ =20 /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,9 +55,13 @@ struct cpu_info { =20 /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; + /* + * spec_ctrl_flags is accessed as a 32-bit entity in certain cases. Pl= ace + * it accordingly. + */ + uint8_t spec_ctrl_flags; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; =20 /* * The following field controls copying of the L4 page table of 64-bit --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -36,6 +36,8 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_new_pred_ctxt_bit 6 +#define SCF_new_pred_ctxt (1 << SCF_new_pred_ctxt_bit) =20 /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -117,6 +117,27 @@ .L\@_done: .endm =20 +.macro DO_SPEC_CTRL_EXIT_IBPB disp=3D0 +/* + * Requires %rsp=3Dregs + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_new_pred_ctxt is active. The macro + * invocation may be followed by X86_BUG_IBPB_NO_RET workaround code. The + * "disp" argument is to allow invocation sites to pass in the extra amount + * of code which needs skipping in case no action is necessary. + * + * The flag is a "one-shot" indicator, so it is being cleared at the same = time. + */ + btrl $SCF_new_pred_ctxt_bit, CPUINFO_spec_ctrl_flags(%rsp) + jnc .L\@_skip + (\disp) + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + xor %edx, %edx + wrmsr +.L\@_skip: +.endm + .macro DO_OVERWRITE_RSB tmp=3Drax /* * Requires nothing @@ -272,6 +293,14 @@ #define SPEC_CTRL_EXIT_TO_PV \ ALTERNATIVE "", \ DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_PV; \ + ALTERNATIVE __stringify(jmp PASTE(.Lscexitpv_done, __LINE__)), \ + __stringify(DO_SPEC_CTRL_EXIT_IBPB \ + disp=3D(PASTE(.Lscexitpv_done, __LINE__) - \ + PASTE(.Lscexitpv_rsb, __LINE__))), \ + X86_FEATURE_NEW_PRED_CTXT_PV; \ +PASTE(.Lscexitpv_rsb, __LINE__): \ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_BUG_IBPB_NO_RET; \ +PASTE(.Lscexitpv_done, __LINE__): \ DO_SPEC_CTRL_COND_VERW =20 /* --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -8,6 +8,7 @@ #include #include #include +#include #include #include =20 @@ -156,7 +157,7 @@ ENTRY(compat_restore_all_guest) mov VCPUMSR_spec_ctrl_raw(%rax), %eax =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: cd */ + SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: acd */ =20 RESTORE_ALL adj=3D8 compat=3D1 .Lft0: iretq --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -9,6 +9,7 @@ #include #include #include +#include #include #include =20 @@ -187,7 +188,7 @@ restore_all_guest: mov %r15d, %eax =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: cd */ + SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: acd */ =20 RESTORE_ALL testw $TRAP_syscall,4(%rsp) From nobody Thu May 9 20:42:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1676391097; cv=pass; d=zohomail.com; s=zohoarc; b=iYKwPRRyelm3cdJklFwaqbccv1X9YwhTDDt8E++CcxA+2SVbOa/40mE+jm5Ke/H2VPinxROarUAiB4qdDmqmVno1yX7Op2xCmxCJF7ASiS8avAYFFhqvbQi8eHS/uLKKl17wQeqhm/84pKdFMZU1Iw3ueXuR+5vLUAXUFsbp9pM= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676391097; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=d+/DUjrNApE1of8R+q9OMsOXlsFTj99u5P7jS1EbUzw=; b=WWkWAeSdegHtOC/IuGury75zKoOIsEDYrRBYq7h8/PDDFtVOW7rWYUixs7I8CvG1XykVlDCbSIHcbbzfGCNuuTxOexdNTgVCmTsbkwG5Y0HMwl4GQ4MCwX2aOt0WwpmtBtv4ne1i5ktGt1ygHFRTqm972gEXRHojUTSsgQPhUoo= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676391097141494.26004379066546; Tue, 14 Feb 2023 08:11:37 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.495269.765593 (Exim 4.92) (envelope-from ) id 1pRxth-0002uK-38; Tue, 14 Feb 2023 16:11:13 +0000 Received: by outflank-mailman (output) from mailman id 495269.765593; Tue, 14 Feb 2023 16:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxtg-0002uD-W6; Tue, 14 Feb 2023 16:11:12 +0000 Received: by outflank-mailman (input) for mailman id 495269; Tue, 14 Feb 2023 16:11:11 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxtf-0002sY-MV for xen-devel@lists.xenproject.org; Tue, 14 Feb 2023 16:11:11 +0000 Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20627.outbound.protection.outlook.com [2a01:111:f400:fe13::627]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 316928c8-ac82-11ed-93b5-47a8fe42b414; Tue, 14 Feb 2023 17:11:09 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM0PR04MB6884.eurprd04.prod.outlook.com (2603:10a6:208:183::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 16:11:07 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 16:11:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 316928c8-ac82-11ed-93b5-47a8fe42b414 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C99l2jMkVu9rzdHMOsHKmHwNS9BXezQ2iP6vvNFPn7+Ff87icPa6QXJJSf69OqINNj+HFCHRqE1pW5f6y1Podjz4FckXyBrTJrH6NQPBIXHt89JmRkuab+M2fJMTqspvodejXDQrv0Rk2Hzxaz6UWl6+/nC/sC2jdRZuJn3vNOwDHUOVa3NXULbrx+3ZBZ5mTA330aiuykWUL1VdDxEYEeWVqQW7J+BKWRGpeWIk4mU2x1NaWOwwDbwhFFwBl8a5qNWfgSWU4+Tps5YRP5wwwyvjNcoDIHI9aWCG/Ev1KQU4w1Tiw2X+AoH0s0pQDocvvpVmBsTipiROv3ICVra/9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d+/DUjrNApE1of8R+q9OMsOXlsFTj99u5P7jS1EbUzw=; b=HlzK3w2z8vDcWlMOVrr3ldmCB5ym69dXwYYUT00Q9Da+RmIC1lzD/YbrFA2lb5yI65+WT9Ohn/LSiffFGlLnr6r+LaJntmrAM/CrWlZlzSufNcK908kkERraUTybrM8koUyX5OTYolKXZxyOgUF9RQbXe9f8ANTGxgT0V3Gu6tcYwQCFsm9P6YWw+oRcTi1tydtGOUfAXLv+fxWL45fTBlV3rQWR7X1AqTXe4NZ+Ud4nOdIzZ1/GidrCBE18V3YGX7vyLUjQfOS7h0bPmVouYbVZEVfNZ/qjY+LHy4CI9nmerebukVq78HXUHW8uh9HRbDL4ZLHRd4FkOtqRiCThUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d+/DUjrNApE1of8R+q9OMsOXlsFTj99u5P7jS1EbUzw=; b=mp379rXn8PAvUHg/0/2DNWWpDwNNxjCs8VFu5C9ewGCfl2xvKM91ZhuGzGwioznnlnmK+5ZAd7bc5XcPKkQZt42/61v2ZhD6ICwphB7Qvd0eh7JuAFKBXgmUa4Etf0O6O8e8a6afSqERds85Vk9b1g/n2uXW032z46hEvcMchvVuG3M9YUfKaDxHBasxJxN6Koqj161N/L3WCijP3qDIUY5AkcdWqCWN3/J4Mb9/kSOZK+zM0MX7+/vWhkQnZwO54xJ0i5HSKzmUszprnk0lAt2YvLuRorif8pmcAeLHHX4tVY5SJMU6oS6nuiF73s/HMEfIzjPDr76GrmL7W1/J0Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <83c2a504-bce4-d3e7-1d9a-76ac0ca17bab@suse.com> Date: Tue, 14 Feb 2023 17:11:05 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: [PATCH v4 2/4] x86/spec-ctrl: defer context-switch IBPB until guest entry Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> In-Reply-To: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0013.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::18) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM0PR04MB6884:EE_ X-MS-Office365-Filtering-Correlation-Id: 7d646964-26d3-445f-a041-08db0ea61462 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Tskmce7OGb43LH2g6WzEvYyOya1BIYP3xbYaiTLPk72ey6rs2j1yXUt0bcKOVtKSPNv8CYQJU1bQ0GFVTu5XXyZJf8SRH2yBiMNj86yI1tlFOvicEkgR1A2ZHTJ8EFgEpacGDab33LrxQmoDI0hjhgjeezlYRRP1k7oufuHDYmpyQ5zCyCklGn5CUSVWs2qFUAEWDeRxXe0TmRyKlESL7vxpVCpn0JOK+L5rsN3KNKzAJ601Nyfj2fuspOiU6YSU2uoGZhVgs1HmOUqtxjBmrNO859vXajhAZVjZeAJ8yOHkyMIwsNpuBSyxWUqk29ihuVO1iN+Q+BwvgbjCXZFP6Sa0d5ZTvg/tLzkb1uy66tHFxyCp6EdDVWdM112UtVuz7rqRILErt7dnaXjhdOn2M9zOGTBd7nv/xvO/U39Ag+04jW+oF2VEg+hsWTOFY/uwP5gHW1010FkEJmsa2hW1IYm9xIuO6Poo5qrUHh1Fz12PXfMI+Lx2i8oQjnwh0OgdWBFL7rAZr3vWKWy/x0oLtD033+8FBbrAJL15ugXfeIiF+wfzXkgS1ny3gLPFIE5mUHBhgMTkTSEFdwrer47mFgp3CbOXFDWuV+NK/2J6dyAq32VpSCAdTmNh4vpKzSHobQbd3XYG5lssxYfDRNt3WC7KgCl/VARjl9w0oVqGYvGWV+EomQ0aG8Lt35TzNehyCuUWjd4H2YIaOwbZq9UFJLwEChBBHFaC0hMgegIGulw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(376002)(366004)(39860400002)(396003)(346002)(136003)(451199018)(66476007)(66556008)(66946007)(6916009)(83380400001)(4326008)(31686004)(8676002)(41300700001)(316002)(8936002)(54906003)(36756003)(2906002)(5660300002)(26005)(31696002)(186003)(6486002)(478600001)(86362001)(6506007)(38100700002)(6512007)(2616005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?b25sVkF5ZDlOdmdhMUExaGNPNUZJdXhWYnFQaUZnbm5YNEoyU09pNmI2UzlE?= =?utf-8?B?ZGtuOHJVZWc5OGNxU2NLcS9CVHYxQ0tHblBNM1BMVUJRcmQrUSsxNFc5eGtu?= =?utf-8?B?WEZGWnBnRG43dmlMRmhWbXpqV2dIMUxrR1g1djV0dVEvTk5Vdk54TDJPaEVh?= =?utf-8?B?VFVUZEdJUU8wOEU2bWUwdHZMdDkrbTVjUSs5Zlkyak85a3FRbjd5cndEQWwx?= =?utf-8?B?SFNtV0hmSzg1M1h6emlxeWZkN2FPWTlCak0wT1BVWXJCYnZzUXhuaW4vVGkw?= =?utf-8?B?Zk1qNU9Ca2hRTEhpcDNSdC9qcnh5NzZ1MDc3Qmg2bkdDdGd3OThqazNBY3lx?= =?utf-8?B?WWg0N3MzaXd6VVB4VnFBVXBxYWhrTTZmQlBPeGROdnl2eXF2T2MrQUJUeTAv?= =?utf-8?B?aXdGTEYxWVM3aVFlMGtsWDFYalpaaFNob1lOYndmMlVkVkZ0Mld3VWcyK2Fw?= =?utf-8?B?RGIwUlhTYnA3c1FSWml6dGgvWENFMmNGUENrZFZXMWZyMnQzcEhhQ05NUVJj?= =?utf-8?B?OFJzSXFDMGI5MmIrY2RQR2haSFBXR1pCK3k0U2o4ek1JZmRSYzZQQ0JVV2Rx?= =?utf-8?B?SCtPbkt1YnJQa3JCaTNPWWpEM0VXNFJFRzVmL1pma0FHeWp1S3l0Y0sybFhR?= =?utf-8?B?YzRheXdEVUFFbDN4RXp0RWhXaGFxRklBRC9QTXRxYnVpZWNDd2NQdFFEaFpB?= =?utf-8?B?YzRwYWIyTFpBMm9EeHlUbEdrOHpjaDBKN2lVTHRjd3RJUGNZWEE0NFJINldw?= =?utf-8?B?akhkeGYyajA1SXdiRXlaSzZSWDlrbTJueFlzQUgwUG9helJFVmtuKzZIOG52?= =?utf-8?B?SzJJZW1sd0hMUDRjWXZCcDhzZjZhVDM1cWZRbVM1ZHhqMHpUSFFrOG1Ua0hO?= =?utf-8?B?a2QxNm5ISkd5SUtsYUJqWkRucEwxaStraWo3T3gydGdndndFRzdvMUNYaTNG?= =?utf-8?B?MWFVaUNuVFE1aHBpWnU0TmVtaC9QSk9Ga0FVSmtDVExjVk9TNnUvSkdLRlov?= =?utf-8?B?MjRtKys5ZHZYWnhaNUV5enNBS2xxL2hFMXNDRWs3WXV3L2d0c0pBb2VoSHF0?= =?utf-8?B?SUhVcVhaZncxNWVrS0lnakZFUjJPUzFpY2pmN1pCL0lDZmNOR0hVRTNYOUxX?= =?utf-8?B?elZGTjQzc0FBc251alYzRDlnUksveUJCMjFlNTJRWXNTb25kN2VwSFhnWE1r?= =?utf-8?B?dmpQcnJKUlB4c3E2R1JvWmNsczVtRWwrcFIraENOekFkYUxjSm5XMzZqN0Qw?= =?utf-8?B?NjVkV2MzYlRTSzIwNDMvR1ZSWjNiSWpsQ3JCRGJQQlFQNzRTN3ZaNGEwSkpT?= =?utf-8?B?Z0pscTA5dlA4cjVtd0svL0phYittNG11ZjJRQ042RlV1dE1xam1GVk1FRk9D?= =?utf-8?B?M1krM01xRHZMYWhqNFBPazJNR1Vzc3YwU1ZNTWw1UktRbjI5T1gvaE9yQ2Zx?= =?utf-8?B?ZlNqQWJYWmNwNFhhcGM0Q3RqZ1hpdEpJaHgzNUIvdHJ2NTVVbk9PZTNyRjAz?= =?utf-8?B?N3Iwc25WRS9FNHVWRXRoSE11Wnp2eGtYeGthUHBqalUyYWFjcm4wT2M2eWtX?= =?utf-8?B?UDlNaXVINWJnSFIxUStzNzFrTVNkM0VrSjB1WGFVdEVvYlJuTHZnb2hHOFU1?= =?utf-8?B?R1l4MmhVZkcxbDJkdmxGaGE0azdTdTBQSnprQUZNZTVxMC9MblpuVmlFWjZv?= =?utf-8?B?UnR0YmtUbXEwVXgwcVFFTXBFZjI1ekdzb1kvTEREZ0JDRzlxOEFyL0tWQmxt?= =?utf-8?B?Y2MvanY5QzFaRUFxdWxrRmpBVGRLZXdwNDNxZGVCSCtQelNhL2hWSVN0WHlO?= =?utf-8?B?b21vT0V6Ny9qWFZDbjlzNlpGQUxReVRCT3o3QjVVbG50cGVNbVlFMlNGdDh3?= =?utf-8?B?dTgrVWtDUVIrUEp4REVvOHhNbmwyNzRjSnUwVEpIZG1EdnczSWFWdFlXeVJn?= =?utf-8?B?QjBrckw4Q0drcmF1QWQwUWsyVlBSQTVtS3JBL2JGbXBZbVhtWG9XSTdEcVUz?= =?utf-8?B?aldvVVFxOThMYlhGV0pjcFlJZDNqS1ROaFBlZ1cwRHRSdXlLZUdpOFcrdGgy?= =?utf-8?B?eGo5NzQzZXRxZnhTL2VYUWJRcE4zcTJmVkdXQ2NQM3lzcG1sR0wzZktoSFFk?= =?utf-8?Q?W4uUW5EVMIB1wWlE8jp1aSQ6G?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d646964-26d3-445f-a041-08db0ea61462 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 16:11:07.3987 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: bVEwUtcvQJBdxzOzEFyBX9jSj1PP7UJMXhJxLjaPxUEEG3WcdQ2eleMwQKzAwuqbeIqrTiAVmW5qOyeXGCc/LQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6884 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1676391098947100001 Content-Type: text/plain; charset="utf-8" In order to avoid clobbering Xen's own predictions, defer the barrier as much as possible. Merely mark the CPU as needing a barrier issued the next time we're exiting to guest context. Suggested-by: Andrew Cooper Signed-off-by: Jan Beulich --- I couldn't find any sensible (central/unique) place where to move the comment which is being deleted alongside spec_ctrl_new_guest_context(). (If this patch is to survive in the first place, it was suggested to move to spect_ctrl_asm.h, next to the #define of the controlling bit.) --- v4: Re-base in particular over changes earlier in the series. v3: New. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2038,7 +2038,7 @@ void context_switch(struct vcpu *prev, s */ if ( *last_id !=3D next_id ) { - spec_ctrl_new_guest_context(); + info->spec_ctrl_flags |=3D SCF_new_pred_ctxt; *last_id =3D next_id; } } --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -67,28 +67,6 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); =20 -/* - * Switch to a new guest prediction context. - * - * This flushes all indirect branch predictors (BTB, RSB/RAS), so guest co= de - * which has previously run on this CPU can't attack subsequent guest code. - * - * As this flushes the RSB/RAS, it destroys the predictions of the calling - * context. For best performace, arrange for this to be used when we're g= oing - * to jump out of the current context, e.g. with reset_stack_and_jump(). - * - * For hardware which mis-implements IBPB, fix up by flushing the RSB/RAS - * manually. - */ -static always_inline void spec_ctrl_new_guest_context(void) -{ - wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); - - /* (ab)use alternative_input() to specify clobbers. */ - alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET, - : "rax", "rcx"); -} - extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -854,6 +854,11 @@ static void __init ibpb_calculations(voi */ if ( opt_ibpb_ctxt_switch =3D=3D -1 ) opt_ibpb_ctxt_switch =3D !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv= ); + if ( opt_ibpb_ctxt_switch ) + { + setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_PV); + setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_HVM); + } } =20 /* Calculate whether this CPU is vulnerable to L1TF. */ From nobody Thu May 9 20:42:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1676391125; cv=pass; d=zohomail.com; s=zohoarc; b=iolroHosS5bpyTlgvxAcH62HsPRNb9rR/Ou/Hxo5IS8rcwsLyFm4lRwnAX0v+uHHB+33r55VRypbOl89+3hM4hFwkviA0Z19qY/5yD1JbsVUQdLpsLJ42mhRQq/GnuX91FVYJA4aWLqTFkTbTrvmbuh+U1FPdNz9s6hrjtPOHkA= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676391125; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VsxokRwRk6IFeqdM2G8OVgIpJfgzhXYhcx1m6t7JxXU=; b=U34I57r70nEDZUV7T3/oeLqjc0V2H1muLCDRzK18MPUs+oro2/wDwBHv39cY0sRNCrUAkLbXH2d7cMX7u10FF66Pu7+W8kHPPjLyeaa7aO5AmG0T3VuAYVadSZqFl6VicmC7GJwq5ii8CcGzmYkXXlN/S1fma6MrUDTAPeIWx3k= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676391125701512.0768878190278; Tue, 14 Feb 2023 08:12:05 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.495279.765604 (Exim 4.92) (envelope-from ) id 1pRxuD-0003Y5-G2; Tue, 14 Feb 2023 16:11:45 +0000 Received: by outflank-mailman (output) from mailman id 495279.765604; Tue, 14 Feb 2023 16:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxuD-0003Xk-Bz; Tue, 14 Feb 2023 16:11:45 +0000 Received: by outflank-mailman (input) for mailman id 495279; Tue, 14 Feb 2023 16:11:44 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxuC-0002M8-0A for xen-devel@lists.xenproject.org; Tue, 14 Feb 2023 16:11:44 +0000 Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20621.outbound.protection.outlook.com [2a01:111:f400:fe13::621]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 45a4d807-ac82-11ed-933c-83870f6b2ba8; Tue, 14 Feb 2023 17:11:43 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM0PR04MB6884.eurprd04.prod.outlook.com (2603:10a6:208:183::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 16:11:42 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 16:11:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 45a4d807-ac82-11ed-933c-83870f6b2ba8 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JT8SwaaxGaqOdIlo6G/KwBNB0XjHtaMZzaQ7Y8YSFx8+2OIGnW20U4hPu2lYEs2aNrQf+QsXu79BcYBDZiKs0wVJ5HtLRvk+uX6CNZcALA/OwXBRg07zybGO0r+dnrWhXaPvTeznw893ZrXyDTE5Lb2sam2qgQVnLXAPAl1THgtwLyBaG+ibjiYJAartW8tNSCf+h5R1TJ1unVdx0u5jLNIlwRtiBnX1D9jn8aqtEZsZRH3BuO+UREgP/TQJF4HwVpVeR4xfXWgVr5uqFSzTjvOueemsy610vhp3Pzwze6OQWz1XdKRzd3H1tvLbbMrxkF4DwZJt7tnpoieyRW1LwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VsxokRwRk6IFeqdM2G8OVgIpJfgzhXYhcx1m6t7JxXU=; b=hRv+o2iB3ts4eeUUw7Eujg5jTu3qRqL/O2p7jQPPLlFul8LTiQKXFyuBaG+tQlHbjEP3AK/rPoVhAnMbPhI+NQOOUZEAKyhb9PRu7RcR61dcFf0y/fooWqqcvDO18ttuGHUPq50z33xgxqq5kurCm2/8hC7Lkly9MI+hxFVUCbFzVYj1UrWvAv06j/SbZ40tm7b9WkGQzocFm0KkncMZ5wKjQoVg+71b7hRi8QZBfa1T3TZf03g0aZP3NppXEuQltDqPNz4XgfyA2kn/DUhRsge6XibOAKrYABJ1fnbTrYguCWHe3FlesOISNmJKpvWPmzW3XdPZYyBtP+ow6KalRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VsxokRwRk6IFeqdM2G8OVgIpJfgzhXYhcx1m6t7JxXU=; b=U7XvhegJ8GMO1QT2UKrJfS6i+eB4NSGwMoO1BHUvguONKcFeHs5Ic6KoNjfUsuRMKE7bBXd14KAY9t4hegeo293e1kXWcd4fM1z0s76I011xLKh9xSYtwHLmfHCKnfvp1TX5vmph7ERjJU/KrmTUAo3GCirbF7dKIh3+c0fVLpCymY+Xbb2hyF6XDZQpYz3uLgfIgnL4zGxXnGehrcuhVBl4jtNGczkwBBGeh/rohmSTwBnGeCBxU4qMrfRPZ50juVSMJ+h0zO528STOXQ23+LDtxsedJa5DKb/p5ufmp+paDBESCyIyPcjWXky4EP6ZzhuQmJaQfj/wYncdPocpew== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <29e2b527-16b8-e72d-f625-781aedf21bc4@suse.com> Date: Tue, 14 Feb 2023 17:11:40 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: [PATCH v4 3/4] x86: limit issuing of IBPB during context switch Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> In-Reply-To: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0093.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a9::7) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM0PR04MB6884:EE_ X-MS-Office365-Filtering-Correlation-Id: 441e74e2-b448-4ad6-f2ec-08db0ea62913 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VqAyzyPwo07sJJyQli/aw7moJ+ZLsPQLdQDyk2II2UTRLq2wWLjs9Opf0No9cV+zhn+ftsKi7Tk+0BcqcD2HzlJbhdzMKYjqxfU59//ukDn77VLChp9o3qVErKd2fZ9W9RZe27UHo0g9NWB0lm2BYDAHnrA5iyuCp0eqB4gpE4Sy2bn0Z4O25gEi6oRbbnyuRP3eioy8gsXVbeBuh9yghg3ZyoRmcTZQhfmovuLjvWT53RogQHaaH1nlCHwGwEQmU0Cge7V2zCj0DpsyjaPcCFuWhOHWQo/22KFkngSmcRGoYEG6O6aAF8EmubcyKHDXCyE4yeGYvaWx+2bry+1chNzxY9MMuMNoRmdBTmV3TH9VvH92FWrW9VKB75spZj6yqamGZ5afO78hfa0TNpfaldY46wS+JSkbVE242Vt7M2qaxTXhDUTGpqlcWCSI0hGTOsO1SN8uUVsRNmRPdZ7HMHq151JMHlRPF3BBGDArUlIRBIAaVRlIEaNT3VERooHYSdEzSir15qNqsoSuMZw+F4Dwogs9qL6t469M4h4d8KAkqGEm69e52GGUXRVdgcH8SHBESyKcTzguaTyM+9MyiYOE3vcrUS5dcip9+HOoRjCNixjRp6LdvG/JZJSgq+P5GtuaKkQhMKxIrWz3mqdVEbatcoM/WCnUR4qXMdK1CG/wj+p0q7lWLNhoAuFyX/7zlSQxwYaGR73m2atO1ccT8kTXS1LbpMa6bmpQf0VhFH0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(376002)(366004)(39860400002)(396003)(346002)(136003)(451199018)(66476007)(66556008)(66946007)(6916009)(83380400001)(4326008)(31686004)(8676002)(41300700001)(316002)(8936002)(54906003)(36756003)(2906002)(5660300002)(26005)(31696002)(186003)(6486002)(478600001)(86362001)(6506007)(38100700002)(6512007)(2616005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MUsxQnFPRjMwL0lSdjUrQnl2SnR1Ym92djhPMmpVVWdNOEJVZVBzdFd0N3lQ?= =?utf-8?B?QS8vb3ZJd1ovK1RqNlZMSENobXJxN0U5ai9uNjZ2ejRUVUwwRmY1UUhJSm0w?= =?utf-8?B?c0lKeC9YaDAwWGo4WmU5dDY0Q0FtVGIzNDA0TTZlT0hxY1NVLzlvZ2hFK2tU?= =?utf-8?B?cFVXM2tnMGpIZkcvR3A1K3NDcGlyTGYxbjFhM1djam5TYkhQKzU2QWREZ29F?= =?utf-8?B?RSsyYWJaZlVtRld2RnlNUFBzZGZDSDNpK1hnSnpEdU1pZWtwODdQZTVmeEds?= =?utf-8?B?QmRpUTRHWVVtU0FzTzF0cG1vTW8wWEhySnZIaG5sWmhvd3ZTY0ErTWlLWGky?= =?utf-8?B?NTlKeWFEeGQ4Qkt1L2ViYUVaRUY3NVRDVWRHSVIvNllGZWt5TU5STW5pQ1dx?= =?utf-8?B?MEpPRWt1NVRUYnpZdm5tVThIMStHaWRwRWFjQXd5S3B2RUxJTFFXVUgybllD?= =?utf-8?B?VzhqTjY2Z21TWXcwczdkbjl6d0hsMXRNU0MzQmNlZk5GcXBrdnFPbUJZMHVY?= =?utf-8?B?RVd6Q1hxeGpBMjdzbHQ3bU9oZ1ZLbkF3SVNVSDBVNk5TTUVtcVVQRTBadno1?= =?utf-8?B?T0dSNGk0dDRBRVY4d3VhVXphZEg1YnprWnpMMkhFemdoVU8zOXdOZnlMbGVX?= =?utf-8?B?SWx6V01uSDM1Z3FDU3hLNHdmY1llVCtjTTM4endXUkpaaW9ja1NjMjBBMW1M?= =?utf-8?B?T25WQ1ZFRGczYUg5NjRRdFpVRXlpUHcxR2x1cTdXbDM1SVhvTlVmRUlMQUNL?= =?utf-8?B?Wk5qMlVuQXhqYzFCbXJPaDNvSHE1c2prNCt0VDgvWEkzNDFXb3JRUUZLNjEv?= =?utf-8?B?RHZGK0VuV0I5NTBKQ01URzhkbmpQMmd5Nm1BblpiQkVnSEVOZmhJRENpM0RI?= =?utf-8?B?K21HU2RzRmtUQmtTTDh1UW5raWg1YTYzaFFxeWpQeEJnT2pKM0tmMEhJOEUr?= =?utf-8?B?eXVZUVdsc3ZFRDViQmRTZ3o2T2svSkZtcUhNOGR2QjhzaVRVQUpzNkNRYkhW?= =?utf-8?B?QkY1SVhwVURxSzBoMWJSYkZ4MXBzSEVEZXZ4cW1RNHZmOTlJclJYVjg5T3d0?= =?utf-8?B?UzBXWnZPVjlHbmhkazd4c1R0SU9QVjlGcWlUbkc5NTIwRWZZd241ZjhkUHpv?= =?utf-8?B?c01ua21sRTU1clZwa0FMcFZzc2RMdEdSMXJocU1YUnVpbXJHN0IyNzlQeTJE?= =?utf-8?B?WTNRYk9GYmZ6WWptTURlYlZzNDc4bTJnbDRuZFNOVU1LdjMzaGovbGtyTWl0?= =?utf-8?B?Zm1Wd3lQK3o5VmliSDNERmZCMzlqQ0lTWmFGc2xzTDREK1NMRm4xRjRzYVVF?= =?utf-8?B?MWZWQWEyek5FclRBVUJyS2hMKzRISnlVa1JxK2dkOVk3NGVnYXd3RWtURUIx?= =?utf-8?B?TDNlNzlSQmJEYWNucW1aaWltV2R0amtITEtRRitvSTNiOFlQUEVZYmJTV1FV?= =?utf-8?B?Y05jU3NHWjZ3cVVjVWFuQjF5S21qWTA1bVdmeU9xSWM0eVJnb0dxU1ZZbmJU?= =?utf-8?B?Q2pNNU9iWXJSRngvSk8zaXM4L1lpRFV5YTVGVFV2aGxwM09Zdk82dUdsV1dt?= =?utf-8?B?RnY1N0hOc1FBeUcrUkoyVmJmM2Z6SlVzNTMyaUFKUGFVc1BBVnJUQnR3Ty90?= =?utf-8?B?dXJtS09ocXI1U2VFUjJMNVF4djM4S2FOdFF1V2s4MzloajlnS3RyOFN5Smc1?= =?utf-8?B?VzY3NUxXQjA0cDNoVW1QMlhBTmF5cFVoRWhINDJaRlk1ZDBKZkxuZC95RGxB?= =?utf-8?B?UzJtS3NDRUJXSW1VNmJRVWVZUEdCclcvK2pZMDk4QjVZa3JxcEpXaWg2Qkla?= =?utf-8?B?NmlOZll2LytQaVk1N2IyS3N4QkFYbFNxTWtZblVPSHB4L3lJc2VJdzZGNjE1?= =?utf-8?B?eUVPUTVZeGJ4dFhpakJTZWM3QXBDU21ZYkJCeXg3SmFWMGhYbWZMZEk5WWhI?= =?utf-8?B?eEZsR3pJbFlxR3JGY1VOanlUMnZLbnNZVFV2TzNUblZjL1YydGNoMzVqYWVi?= =?utf-8?B?enZkdThMQWQybG4yNVRxd0RpZlEvZnBzSUR6QldCalAvVWxMa2lOcy8zMERX?= =?utf-8?B?UVZLcGplWkFzMTIyTzhxclJ1akFaeHlPTzJJMC9BYTJqWmZ3MFpIR2RvdWxw?= =?utf-8?Q?3Nr04aSiZVmOa0FFlXn8p/7P/?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 441e74e2-b448-4ad6-f2ec-08db0ea62913 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 16:11:42.1465 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Alwjud9TwSgKoWatYLAs8MvH7BA1JUpP2babXVA/uSwGYMzvwgRUKF0Nr2dRxt7ZgBPlyW6vseW8J4KT1dI8Ow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6884 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1676391127121100001 Content-Type: text/plain; charset="utf-8" When the outgoing vCPU had IBPB issued and RSB overwritten upon entering Xen, then there's no need for a 2nd barrier during context switch. Note that SCF_entry_ibpb is always clear for the idle domain, so no explicit idle domain check is needed to augment the feature check (which is simply inapplicable to "idle"). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- v4: Tighten the condition. v3: Fold into series. --- I think in principle we could limit the impact from finding the idle domain as "prevd", by having __context_switch() tell us what kind domain's vCPU was switched out (it could still be "idle", but in fewer cases). --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2005,17 +2005,26 @@ void context_switch(struct vcpu *prev, s } else { + unsigned int feat_sc_rsb =3D X86_FEATURE_SC_RSB_HVM; + __context_switch(); =20 /* Re-enable interrupts before restoring state which may fault. */ local_irq_enable(); =20 if ( is_pv_domain(nextd) ) + { load_segments(next); =20 + feat_sc_rsb =3D X86_FEATURE_SC_RSB_PV; + } + ctxt_switch_levelling(next); =20 - if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) && + (!(prevd->arch.spec_ctrl_flags & SCF_entry_ibpb) || + /* is_idle_domain(prevd) || */ + !boot_cpu_has(feat_sc_rsb)) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id =3D &this_cpu(last); From nobody Thu May 9 20:42:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1676391159; cv=pass; d=zohomail.com; s=zohoarc; b=lynSkxbwQ+zwZPxHlNabzmEUru3QqYVWDaNN8QfLNXlOGQ181gdd+nGsm6bwvbrWj3i9zy8bNv0pjjSV2pnUCwLu1w2OnQtSQfLY8iaa682sneY8/qC660EP/P8sWsRW9EDWZtzvX+JtDvpX3pMu2I4gJqDDQAgmzERktHYc3O4= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676391159; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ft+1MjxIGwj0woDLn2mSZmpetZATFnBGj51IVbzpCU8=; b=OqyuTdubkQHKtqsmnEvS83bCfOF+yuw9eUuTrK6AVOgoo65X6P79/kdZLCo05HOpSxdHqlIfew5cTQMbNlicUStYFATKFZtyGyZGp2hmuVlKqebfjnLEKcdYHIeMEmJSPmQsrQ7zqJDuGL1ECXjhkPsnQMh1+Bdkid1mJs9+1ms= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676391159381281.3348606384036; Tue, 14 Feb 2023 08:12:39 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.495283.765615 (Exim 4.92) (envelope-from ) id 1pRxui-000489-PB; Tue, 14 Feb 2023 16:12:16 +0000 Received: by outflank-mailman (output) from mailman id 495283.765615; Tue, 14 Feb 2023 16:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxui-000482-MJ; Tue, 14 Feb 2023 16:12:16 +0000 Received: by outflank-mailman (input) for mailman id 495283; Tue, 14 Feb 2023 16:12:15 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxuh-00047a-HJ for xen-devel@lists.xenproject.org; Tue, 14 Feb 2023 16:12:15 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20627.outbound.protection.outlook.com [2a01:111:f400:7e1a::627]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 57902e97-ac82-11ed-93b5-47a8fe42b414; Tue, 14 Feb 2023 17:12:13 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM0PR04MB6802.eurprd04.prod.outlook.com (2603:10a6:208:184::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 16:12:10 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 16:12:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 57902e97-ac82-11ed-93b5-47a8fe42b414 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BbTV6KCWba1/xkE5SwMveZsXpKFdRmIfWVV5fihN92SKaucp6GS6eYC9Vse5qdutipfoDrj6JIWDUISxBV5P0o4lYmVQDtKiLTWK3PKfSSUbipe0iBPjyYRaben3/E8j5vAgknuB8nSDTyo2wy+PWheL9Oyqg6bmmhzu+Ir/mr79Pr7wkAEYdG52LelEfXOUoqca0hl91CeYQbgb1pXA0D36f/D0qXZCUT6R1HEx9LMYNiu5gYsTdoRM4oCMUib1jifT6AqCOxUTfPh2zbH+eGMUIzpc4jXk75byHpKf2SRsxB3s5+jk4zJfic6z4NHtFNB7N/aU1wtfBjaLG9XIpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ft+1MjxIGwj0woDLn2mSZmpetZATFnBGj51IVbzpCU8=; b=UEDQU7Rs29oAvn44b3icyDQ8RW/CV91enmVshkZYyncqsbaYGn3fc5WmVwhUCe2dm0b1bsRml/iCvTlpU1BxXL+ZYRAH2Z1V7nkHRPDS41MtbjMxwWHwJpt3fib4SjTs9RLEvn8fKNqZV9pSpc5sUWwIluxcFNcriCZ6M0YnhpCGYC2Iek0N1lDIiFwbQB0F6bswZaiujFSVxblc9vuj/DsGtfKhU8jWaLn8nYKMwV0ztho1NxOhSwPCfE9R52wvYVI6u+7m1wJTC6d251K8NAQRiS4kowCd2YAulpt9XMydpSRJJsFO3a1iAol/0vw6pLFx7VeFIZbzzksOxnZmhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ft+1MjxIGwj0woDLn2mSZmpetZATFnBGj51IVbzpCU8=; b=4gv63e1zH66qsFB7yleVVihSsrFA98MDy78+MK6wfS6V7JTM0cdWFGlWYYSPz0JCitec8AmeQnQBSfczYr3cpKG4hbk1A8sV0PkhNogJ2WuQ0mT89LH1f3eRzNWZZ7XDKgCY0+GTmL157cvbDeVn61rlX3pDKd2tRoFnE+zfyyGVQH+dp5XbS0q88I9KOr77f1hVLBaJsS43Ep0huilEXYa+AVkFxxBbj0yl6stskU7irUQ8D/I2xkQow26FnAL6KVnF7WXqHbtFxawsYgRH4rETNPpFebMFA8dNNwwSwmoq0Lz70H5ldgHVJQJ6QaemBzJafwTQL+rEJWnOJfNgvA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <2863b0a9-ca7c-3cce-104d-0b6685b0b383@suse.com> Date: Tue, 14 Feb 2023 17:12:08 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: [PATCH v4 4/4] x86/PV: issue branch prediction barrier when switching 64-bit guest to kernel mode Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> In-Reply-To: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0171.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a0::7) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM0PR04MB6802:EE_ X-MS-Office365-Filtering-Correlation-Id: 2176c0ae-0c2e-4a3d-d35b-08db0ea639d4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tbGKjhmnIqOu372RLOhYa9HjsThRc1WYJAhwKWMSuevo5L8cRYpG7GjHwRP4Jqjffz1YNfGuqaiRFgg0WhblYzYNroOp4VH3464C8hz9UanJoYrSXX2DRnJp4By5bUVtvog3Y8OGZCSGpcU6OV2x1I2B1Z4VAIXwVKKJq18LrcAaC63LYd8XWY8cPVBqz42uIczxaB0zJizPepOArrH3uG3x8QDFHv6vsx3cgmWzjk0IJ8cDWX9iMz6ejHIWixwGCtmlcOETaQFnHs8+caQSKzh6gyNj3r78HmckuvQ4vaV11zvuLl/YDhWgq4DadJDEO2aHeI2YMOPOe0BAK69y15AZw3OEl/ABAs8wIwH4iLh3G0Wj1jTlh7NQxRvMEqS6Tt/GPgdw7yflrqaWZno6sJtFDPE2ogtY7BNItcjxL41kWd7n9VCtlm1OaDuFMJPq4gC+aRei+1T5tjw0o5CsI1ktBPfwFZ0t+fud5F/dh3A+Te9UPrzhp+n//6ejI5Zhs5Ohtgud9WLW7jdBYZxTklnM8g7P/6l08wwTuw0sugUXX0eV9jWyVDeoknXuR60zW0u5zt7/KLJseggX5KO3XaWT5yStRka8SbqmAwPH6sqtk5l2xxWA+oK8d3X+B12vhCYD8E6G2H9tnR+6efInLFTNdAJJgE2Y3ptcox7OviAwyOlKJfpW+wMAoASDW0RG9JldEXpLFeAqRPvQ7wqBXYbfHuKVdBj4RP+2N1fbhqQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(366004)(346002)(39860400002)(376002)(136003)(396003)(451199018)(31686004)(6486002)(316002)(54906003)(83380400001)(4326008)(478600001)(8676002)(66556008)(2616005)(6916009)(66476007)(66946007)(41300700001)(8936002)(5660300002)(2906002)(38100700002)(6506007)(6512007)(26005)(186003)(86362001)(36756003)(31696002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?K0RJN2VKTVpEYmd2d0l4a3VNSk1GU2JFR3plV2E3Y3Ivd3QrNk9yUWhha213?= =?utf-8?B?UEtHakRKaDlwa2hJSjExblN0OXdVdytRSzh6Y2FWL051b3VsVWp1Z1RlcDR5?= =?utf-8?B?TExUUVUwRUpyZVFsYlJCa0RXNmI4bnY2UGIrc0VMbGRRR2Nsd3BJaHY3d1Bl?= =?utf-8?B?VFgyOVFIYUJiQ0UzV2F5RlFYaUFuNWVyMnNsZ0VJVHR1KzlGdXU1R3ppWnND?= =?utf-8?B?OEVMdVdpRjV4Znk5VGhhd09aMm1hMmlmR1BIM2RvU0FYR0ZCZmg4V3FHWitH?= =?utf-8?B?Rm5IWEl1blFnbU4xaEVZUGc3QzdqNlJsM29ZL2U1N2txdEhLSkN0S2RTejIv?= =?utf-8?B?eGFBckN4TWM1aFBoc2FsdUFOSEozVzdTUWRyR0t0V2owQXhjQ1dTMVpUbTEr?= =?utf-8?B?dm1yb0hjOGtITWpmS3ExQ0paYkpZblpJZVFxRmpzd1dGYVRDajhmMnowUlhG?= =?utf-8?B?YVpSMzBnam51czJzRHozOWprN3Q1K3gvVTVTZHZHenpFVnM4cVI4Y1NyWTh3?= =?utf-8?B?QUxkWEpvak12ZTViRVZva2N6dnV3TTI4b3RvUHdSWDZRY2RxektJajlReVJP?= =?utf-8?B?ZkF0dkxSM1dEU0RCUnJyQnZnYlI1dEN1U092YUhmbGNaU3pQMEZNMUdwMWdK?= =?utf-8?B?OFI5UUo1U01ORHA4RWpSTXZKT1VNQnZjYXcvRkpMck9kYzZYelN1MWhZYzll?= =?utf-8?B?MnZ5UnN1NzMrYXJ1UEFBVTVYdXkwdUlXbWdSZzJBbkdLRHF0STVDRHpqK2pD?= =?utf-8?B?ZGpiY0pWM2ZjS0pLN2FmZG4xTzJrMXVMbzAySG1mTUFqaTViRlZTTFRqLzdQ?= =?utf-8?B?eDh0NVc4Tk5VeHFaVVRkQktYRXVNd1h5RSsyTCs3VTg2NEh5ZFZsbFAzbjkz?= =?utf-8?B?bzRvUXZqUnptQmNua2VEY0k2bmFXbzNzSUhnVVhZTW9hOXRqeHFQaDhrdE9j?= =?utf-8?B?c0hsdG5FeGNnZmZpUTZ4Y0VQQldWS1hQc3Q1NUs2SEQyUTVuMXlnZUlyWGpt?= =?utf-8?B?aEphOUs1L3NMSm9QY1orNDlidDRrYk5EdEs5YlIrcTkzMFJWdUdFZW13Y2FT?= =?utf-8?B?Rm9LVklUMmJlOTZLSG1zVHBYS2lJV0tyNDlXbTlyR0UveXBwaUNTbHZMZXRu?= =?utf-8?B?b0JPNkNEanpGWVcvaW1LSCsxbkxNWGVhMjAyYTRvdUMrclpwNDlUcDlKNUF6?= =?utf-8?B?cVB0S0FoMzdWWEs5Q3RhMGNLalNOaVV1eVpic3hOUS9obWVxNStBeklxUVV1?= =?utf-8?B?S09kMTFQVDYxZTFsUy9XNDVYdncxa3l2UUczSzB2R0hoTVNMUGpKYzVHYmli?= =?utf-8?B?aUxESDFBTHZsTWhoSEs0aDhHM3VHRitkZHg1OTBVcjRTdFFmL1lyOEpiMVdq?= =?utf-8?B?R3FqMXJpUE9MdnZsMlh4WGRuM3d0eUE3eHR1aDhoM2hxbFRpcEViNGRLeVFF?= =?utf-8?B?VHFxU2JIWEtnQ2lycjFuZ3lMYWo3WmVFb1liQlZTMzZNQUdrYUt3ZGZPcTdG?= =?utf-8?B?Sko4eXIraUt2ZmxONGdBNWhlcnlPQ3J0U2h6Wkhqck5rTjEzOWVMZlRmNGpN?= =?utf-8?B?ZFVJeG9XY0RIZkdQRWsrckdLRFRCT2hzbUp0SUN5U0pSalVwMkM3WmhrWHFx?= =?utf-8?B?cDJlcXU1MTd4VWxYUjg1Vit1SlNJUHl1OEUzQ2pYb3YzM3VoQU93NWNKZkRw?= =?utf-8?B?YWF3UUFWYXg4TjJZOWd2aHNQSjVyVm0zeGtSUnNyOFZUVnd1TlA2YTR5c1R1?= =?utf-8?B?R0FHMGxLcHFrZ0JuRzQrWlI2Y1NBT21mWnZRaVF2K3I2LzNFMUxobFYxSGZM?= =?utf-8?B?a0t3NmJBMzhyWUN1WTNsT1NmcEZLaFZCUisyYUR1S1F0UzRySUVoYTFPOHJC?= =?utf-8?B?NlJ1dDlpM0JaeTFNdnVsWGw5VG81S0IxQkJVb29XQkx5OEhDNFFYdkJ4WTlL?= =?utf-8?B?dzJLNVp2UytNNUhXL1R1ZWR2YmVpaStERkpMTjJ1Q0g0YW4zZWFMS3RrS29v?= =?utf-8?B?emVNckpjZE1JaCs5cUliN3Vyejl2bXFVYVhGYmFjR3VNMVVKTzljSElpMGc0?= =?utf-8?B?MnV3UUNCUXI3NUNKNC9vYTZsaE9nUUhWb0szVS85eU5uQTljVGVqQmtpT1No?= =?utf-8?Q?KzTdw4EfVSeNh6D5MdzJ3TyBx?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2176c0ae-0c2e-4a3d-d35b-08db0ea639d4 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 16:12:10.2072 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oQaQ8gsgz5RRf3j7I2XFAY7RACKAwUPovBIQWh+TpPEJ1JJPdr0pjek1lvNXogV4o2y8YXT+G9KRaBHcKuchkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6802 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1676391161371100001 Content-Type: text/plain; charset="utf-8" Since both kernel and user mode run in ring 3, they run in the same "predictor mode". While the kernel could take care of this itself, doing so would be yet another item distinguishing PV from native. Additionally we're in a much better position to issue the barrier command, and we can save a #GP (for privileged instruction emulation) this way. To allow to recover performance, introduce a new VM assist allowing the guest kernel to suppress this barrier. Make availability of the assist dependent upon the command line control, such that kernels have a way to know whether their request actually took any effect. Note that because of its use in PV64_VM_ASSIST_MASK, the declaration of opt_ibpb_mode_switch can't live in asm/spec_ctrl.h. Signed-off-by: Jan Beulich --- Is the placement of the clearing of opt_ibpb_ctxt_switch correct in parse_spec_ctrl()? Shouldn't it live ahead of the "disable_common" label, as being about guest protection, not Xen's? Adding setting of the variable to the "pv" sub-case in parse_spec_ctrl() didn't seem quite right to me, considering that we default it to the opposite of opt_ibpb_entry_pv. --- v4: Correct the print_details() change. Re-base in particular over changes earlier in the series. v3: Leverage exit-IBPB. Introduce separate command line control. v2: Leverage entry-IBPB. Add VM assist. Re-base. --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2320,8 +2320,8 @@ By default SSBD will be mitigated at run ### spec-ctrl (x86) > `=3D List of [ , xen=3D, {pv,hvm}=3D, > {msr-sc,rsb,md-clear,ibpb-entry}=3D|{pv,hvm}=3D, -> bti-thunk=3Dretpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, -> eager-fpu,l1d-flush,branch-harden,srb-lock, +> bti-thunk=3Dretpoline|lfence|jmp, {ibrs,ibpb,ibpb-mode-swit= ch, +> ssbd,psfd,eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}=3D ]` =20 Controls for speculative execution sidechannel mitigations. By default, X= en @@ -2403,7 +2403,10 @@ default. =20 On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibp= b=3D` option can be used to force (the default) or prevent Xen from issuing bran= ch -prediction barriers on vcpu context switches. +prediction barriers on vcpu context switches. On such hardware the +`ibpb-mode-switch` option can be used to control whether, by default, Xen +would issue branch prediction barriers when 64-bit PV guests switch from +user to kernel mode. If enabled, guest kernels can op out of this behavio= r. =20 On all hardware, the `eager-fpu=3D` option can be used to force or prevent= Xen from using fully eager FPU context switches. This is currently implemente= d as --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -742,6 +742,8 @@ static inline void pv_inject_sw_interrup pv_inject_event(&event); } =20 +extern int8_t opt_ibpb_mode_switch; + #define PV32_VM_ASSIST_MASK ((1UL << VMASST_TYPE_4gb_segments) | \ (1UL << VMASST_TYPE_4gb_segments_notify) | \ (1UL << VMASST_TYPE_writable_pagetables) | \ @@ -753,7 +755,9 @@ static inline void pv_inject_sw_interrup * but we can't make such requests fail all of the sudden. */ #define PV64_VM_ASSIST_MASK (PV32_VM_ASSIST_MASK | \ - (1UL << VMASST_TYPE_m2p_strict)) + (1UL << VMASST_TYPE_m2p_strict) | \ + ((opt_ibpb_mode_switch + 0UL) << \ + VMASST_TYPE_mode_switch_no_ibpb)) #define HVM_VM_ASSIST_MASK (1UL << VMASST_TYPE_runstate_update_flag) =20 #define arch_vm_assist_valid_mask(d) \ --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -455,6 +455,7 @@ static void _toggle_guest_pt(struct vcpu void toggle_guest_mode(struct vcpu *v) { const struct domain *d =3D v->domain; + struct cpu_info *cpu_info =3D get_cpu_info(); unsigned long gs_base; =20 ASSERT(!is_pv_32bit_vcpu(v)); @@ -467,15 +468,21 @@ void toggle_guest_mode(struct vcpu *v) if ( v->arch.flags & TF_kernel_mode ) v->arch.pv.gs_base_kernel =3D gs_base; else + { v->arch.pv.gs_base_user =3D gs_base; + + if ( opt_ibpb_mode_switch && + !(d->arch.spec_ctrl_flags & SCF_entry_ibpb) && + !VM_ASSIST(d, mode_switch_no_ibpb) ) + cpu_info->spec_ctrl_flags |=3D SCF_new_pred_ctxt; + } + asm volatile ( "swapgs" ); =20 _toggle_guest_pt(v); =20 if ( d->arch.pv.xpti ) { - struct cpu_info *cpu_info =3D get_cpu_info(); - cpu_info->root_pgt_changed =3D true; cpu_info->pv_cr3 =3D __pa(this_cpu(root_pgt)) | (d->arch.pv.pcid ? get_pcid_bits(v, true) : 0); --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -60,6 +60,7 @@ bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd =3D -1; =20 int8_t __ro_after_init opt_ibpb_ctxt_switch =3D -1; +int8_t __ro_after_init opt_ibpb_mode_switch =3D -1; int8_t __read_mostly opt_eager_fpu =3D -1; int8_t __read_mostly opt_l1d_flush =3D -1; static bool __initdata opt_branch_harden =3D true; @@ -111,6 +112,8 @@ static int __init cf_check parse_spec_ct if ( opt_pv_l1tf_domu < 0 ) opt_pv_l1tf_domu =3D 0; =20 + opt_ibpb_mode_switch =3D 0; + if ( opt_tsx =3D=3D -1 ) opt_tsx =3D -3; =20 @@ -271,6 +274,8 @@ static int __init cf_check parse_spec_ct /* Misc settings. */ else if ( (val =3D parse_boolean("ibpb", s, ss)) >=3D 0 ) opt_ibpb_ctxt_switch =3D val; + else if ( (val =3D parse_boolean("ibpb-mode-switch", s, ss)) >=3D = 0 ) + opt_ibpb_mode_switch =3D val; else if ( (val =3D parse_boolean("eager-fpu", s, ss)) >=3D 0 ) opt_eager_fpu =3D val; else if ( (val =3D parse_boolean("l1d-flush", s, ss)) >=3D 0 ) @@ -527,16 +532,18 @@ static void __init print_details(enum in =20 #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - opt_eager_fpu || opt_md_clear_pv) ? "" : = " None", + opt_eager_fpu || opt_md_clear_pv || + opt_ibpb_mode_switch) ? "" : = " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : = "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : = "", opt_eager_fpu ? " EAGER_FPU" : = "", opt_md_clear_pv ? " MD_CLEAR" : = "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : = ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : = "", + opt_ibpb_mode_switch ? " IBPB-mode-switch"= : ""); =20 printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -804,7 +811,8 @@ static void __init ibpb_calculations(voi /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBP= B) ) { - opt_ibpb_entry_hvm =3D opt_ibpb_entry_pv =3D opt_ibpb_ctxt_switch = =3D 0; + opt_ibpb_entry_hvm =3D opt_ibpb_entry_pv =3D 0; + opt_ibpb_mode_switch =3D opt_ibpb_ctxt_switch =3D 0; opt_ibpb_entry_dom0 =3D false; return; } @@ -859,6 +867,18 @@ static void __init ibpb_calculations(voi setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_PV); setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_HVM); } + +#ifdef CONFIG_PV + /* + * If we're using IBPB-on-entry to protect against PV guests, then + * there's no need to also issue IBPB on a guest user->kernel switch. + */ + if ( opt_ibpb_mode_switch =3D=3D -1 ) + opt_ibpb_mode_switch =3D !opt_ibpb_entry_pv || + (!opt_ibpb_entry_dom0 && !opt_dom0_pvh); + if ( opt_ibpb_mode_switch ) + setup_force_cpu_cap(X86_FEATURE_NEW_PRED_CTXT_PV); +#endif } =20 /* Calculate whether this CPU is vulnerable to L1TF. */ --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -554,6 +554,16 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); */ #define VMASST_TYPE_m2p_strict 32 =20 +/* + * x86-64 guests: Suppress IBPB on guest-user to guest-kernel mode switch. + * + * By default (on affected and capable hardware) as a safety measure Xen, + * to cover for the fact that guest-kernel and guest-user modes are both + * running in ring 3 (and hence share prediction context), would issue a + * barrier for user->kernel mode switches of PV guests. + */ +#define VMASST_TYPE_mode_switch_no_ibpb 33 + #if __XEN_INTERFACE_VERSION__ < 0x00040600 #define MAX_VMASST_TYPE 3 #endif From nobody Thu May 9 20:42:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1676391246; cv=pass; d=zohomail.com; s=zohoarc; b=G3hCEbEHNKrlt4XqtOet0a/mtWzwRHZb+uk0VIc0bMLTFemp44LLwqQQ11EXgUpYtduT8kiX1eF2J0GOiY5tLYVLsLTD8u/Z0J15eP7SpaEBSEDb58lLd3NrvnHYikL/CqrRbt6VfKcw5/gq8HmNKsUP5JYJi7r05/CyjaQjE1U= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676391246; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VV1pzylMtiJbaf1DCMAdNM/POHYJ2+zwgryBLilgFJw=; b=c4KU6UP1nycMwPzQB8gVIgWVX7kRO4npftrK3aiwPcfd1nA1jMlHCMBljuPIpDs9V0PHqKrOzS4Fa99jX5IPmG5O2qEIBK5/yT29xCVikT2m+ySC6kpb8GSyrGwVhC4WS0XPIb0L8vLpgGiP+IBRfOMQgGt1vZtXjVSVNwm9NQI= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1676391246457593.71592434565; Tue, 14 Feb 2023 08:14:06 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.495292.765626 (Exim 4.92) (envelope-from ) id 1pRxw5-0004oL-5E; Tue, 14 Feb 2023 16:13:41 +0000 Received: by outflank-mailman (output) from mailman id 495292.765626; Tue, 14 Feb 2023 16:13:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxw5-0004oE-1v; Tue, 14 Feb 2023 16:13:41 +0000 Received: by outflank-mailman (input) for mailman id 495292; Tue, 14 Feb 2023 16:13:40 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pRxw4-0004nx-0J for xen-devel@lists.xenproject.org; Tue, 14 Feb 2023 16:13:40 +0000 Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on20622.outbound.protection.outlook.com [2a01:111:f400:fe12::622]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 89d5379a-ac82-11ed-93b5-47a8fe42b414; Tue, 14 Feb 2023 17:13:38 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM0PR04MB6802.eurprd04.prod.outlook.com (2603:10a6:208:184::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 16:13:36 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::e138:4fc3:705c:d178%7]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 16:13:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 89d5379a-ac82-11ed-93b5-47a8fe42b414 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yktr3axx8Bo53bYH9AmnGi+1CSs9jE1AveqZoO1ztUCo4OdQcNvXoq/psQ71GkQhCFmP3dECvhjkNmA9RGIuZ4Hc1GIYrIwKCm3UZ9WCWkvqy7eTGEXiReSheJ8waR84T6rBTNX9QJEmOx0lgRLR1QiwmIJVHn85bReZDE1X9f7O0l3POK6iwr0oq9Hm8R/PJe5p2yaJPvLkmjFjIgtaT2lq4Kdi0ERayvSlPyDepocAVd/EjNEsQiUYVP7NWB7G0IIY4LFQ5Mc6QIFO0qLz9v47BoJ5BBcZ7ftFIelQKD6lt/U6SzCOzoudNWbQNfRKDvsfVX3y7jimCAEa/ogRPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VV1pzylMtiJbaf1DCMAdNM/POHYJ2+zwgryBLilgFJw=; b=di6OfBmhfou6ytaCxRPRqDG1ny8U88g8driL7OY2cY9NDjvINxJPMxIeYfMuO1e7jQNvnPCt1J7VvJFEplDErgxUSNJakbuqvC2PaVXXcmBi0gFIJlHfaNtZshfTa9/jg9sF8MbMkGxoWzxlKI0KkgRllxitm12/2HAdMlNGcspDCeWQBTcpLMyzodb3c9dJIj6f/cGTNz0w6+tKn2J8Choi1h/PIfektidsQEFPoP8hdVkiA0FHjEvsdv5vJ9/y+kcMklt10w1A2KC09dtV7Aeahm6P+KNcy+RoCGFoaF5GS4ToTtmQ5mTkfCGFYBFhoMrmIdVGSYlAaZhm53/uSw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VV1pzylMtiJbaf1DCMAdNM/POHYJ2+zwgryBLilgFJw=; b=IsAHu7vwqnbaAPR8PWze+qTrR29Pw3RnVdDpgm6WIbJ26bKBf77iMiTZbe8Z+0eqDtdi9T22cH60/lR+GR40WkD3bLsLA7LfSfC3mSEVoFU66MtIEXWmB0rxRRrK35bfk7Biu3dAGIUl4NJQGofjpnpbQJ/CljJj0M189sLj3HCDqmXO7gDwi8tnYFZrkKzp9d9aqT1v4w/hb9RcWOBFuvPyI+g9N8Df/mGHoWF6pLeY0ijpSpsgw2XJbC57ShFsb0nt0tKKjMG4RYTpJSsti8NfyXmc3Y8uG6Kv3iCP/kwhdPtak6FMhz/WgvEfPd+tAMfY3YI4WZTFn0Y8/x7+jA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <51ae9cad-3644-02cb-9cc7-28229987487d@suse.com> Date: Tue, 14 Feb 2023 17:13:34 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: [PATCH] x86/Xen: make use of IBPB controlling VM assist Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Juergen Gross , Boris Ostrovsky References: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> In-Reply-To: <06591b64-2f05-a4cc-a2f3-a74c3c4a76d6@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0189.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a4::12) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM0PR04MB6802:EE_ X-MS-Office365-Filtering-Correlation-Id: ec8b2aa5-6fb2-4b64-02e0-08db0ea66d0d X-LD-Processed: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba,ExtFwd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 79THX79eiVsPKVw3HF8aN8G01+L1e91C7dgNBneXSsA+W4Z46XrSdIz11fG8xxBxfZl60+FpIlDmTvC0B95rmE2YP1doT5Pj7i2EFpvlmi2Law9+RxZRvYMjrK3m6IUNgXVhl7pIMn40A5Ts0fwfctiyoQPpbDYCFSjnMcvfohJ3IQ0T4AieAYHURp4NHOTmGWtoQvLDrM7PWkX83UNjBdxolrOud79O6EiGBRaIs3B+ovtAsLVtR8Lb9e3WZtK6IoOTaIcbI1qmtXN0o4LGAUmWFNQbPCPV3/zwb3C02BXj0bC42RUJYErCxDjjIaP1TyKhfqQoEIcVvgPVA04TSuQoZvltYv41MjwFUEw8ckBznxiGt240W2PZtw4T3xkUyH2d6xPb1LjxFLu7YhBDjxVLX2NSWx86xbpN8q0AN49yUKsisrQkYxLckK9UVWdlfNhyv61Dp88fKHngG9x+Z2J71UCXlMKG8V0XEk7k8XsKoE/e/DbD2XVsQ3k0PDymKXf5STNNofi36Eoacbg6Nr0Q6p3uno0SYax7WhH5Sz+EVBKYeT+N1yWOyoHjb2w1srjy4hTt12KIZJHVNtI3ssmncH8Oq4uijkLgJqEj57Z6N8ExYEUoLw5uGT/lx2fqQZcnQbZtk18xO7ICzPg5Y1OTurBwtULjodU+llTVKrOnG9cZb8mX6KCsTk6zwzWYxJYM1I/83x4VFaamqT99WXQlIXo7GK7T9OTAnoUcv74= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(366004)(346002)(39860400002)(376002)(136003)(396003)(451199018)(31686004)(6486002)(316002)(54906003)(83380400001)(4326008)(478600001)(8676002)(66556008)(2616005)(6916009)(66476007)(66946007)(41300700001)(8936002)(5660300002)(2906002)(38100700002)(6506007)(6512007)(26005)(186003)(86362001)(36756003)(31696002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Q0ZHNjk3amNNNVc0bHVZU3JKWlBlRzlVVUdFWjh0bGs5Wkd2dy9aZFF4OEk3?= =?utf-8?B?YnBDd0VMTGo3b2d2MkJKWVBLcWdhOUt4SHVBN1JSQ3NIOWtGVjhrQ1JqbkZi?= =?utf-8?B?cStmck1JOFczVXA0RmxEaVA3SHYrdTlFdnp3b1VpMXQ4cmFHS2VQR04rV2NW?= =?utf-8?B?RUpRNEJyYXBlTGRYTkIvNXBzcU5YUjFJVy91UEF3K3lOUWxvWVh2WnZWSjV4?= =?utf-8?B?U2tDdTZicUhkdHRiYUVycVFIbWVTK0xaS1dFNlFwL004UDlvK00xZjVQWjAr?= =?utf-8?B?NTJFRXRIRUhBSThvWEYxTXU0VkpXdTVXNUIvb0M5TE9zWk5HR0V4QkdKSXE3?= =?utf-8?B?VUIvbjREdEtFRUxDanZRWTN6enU1WTI1OTdMc1h6VFVsZW1nOFFrVlU0aXY2?= =?utf-8?B?L3dGR295bGZVYkRiMnFkQTRnRW9qaElOK3NldDR2SXZzaThKeXZxMTQyWm1w?= =?utf-8?B?ZWxzQ3dCbE94ZmtBdy9iaTRyLy9Cd1dlL3VLay9BUUVLZHlhNU55UW4wRVYw?= =?utf-8?B?eG5yd0p1SEJjOGY2T2JUS0xsWHdvWCtDY2twL3RNd28yeitsVDhmbUk2ZkxN?= =?utf-8?B?NnE0NkNYSENzRmMvQ2l1aHdSR0lhcEVzM0RIODRncmF4eXhhVUt2SWpNaVBN?= =?utf-8?B?NzIxQisxY1YyQnM5OHNrZDg3WEMyV1YwUDNnRE1xaklyM0tSK0sxVFVCbWNp?= =?utf-8?B?RHgyWVh2ME9BTWVUdzN5eXRJbTZlaHlxaWQyeC9qblhoRFBTUHdOMDdIeEhJ?= =?utf-8?B?YllUUGUvenpIeC90b3hKdWQ4OVlzZ0Vidno0VFEwMkhQUk1lTHpTRmpGeThI?= =?utf-8?B?d3pmb3l1ZXhHVlUyNjQxQXV1bURLaGk4UDQvL3F0MzJXeTB1UEFLdkhkQkxO?= =?utf-8?B?akRGb1F5NUd5T3FmN1RFM0NXK09nZ3RLR0JScGNhNUxZaDIyNWg3OVhOeHBN?= =?utf-8?B?MmdkQ3FEOW1hMDNMWFZoSXZyRVRrTE1VbjExK3Bsd3VzZ2RlSWpPckg0NWxE?= =?utf-8?B?bDlRZm5POWYvTmRzeHdWWldOY2UyZG9TZEdVc1NCdXRsVHR2SjY0SzJJMldu?= =?utf-8?B?UHU4TUVQS1RJMDJXNUtmL1E2YVgrVmFLRHBrRlhVYzBZYms5ODBYMGM1MWda?= =?utf-8?B?bVNxUU8vWXc0RXJQR2lldU5MK0N6T3JBQ3B1VmpEaXJRNGNyc2w2MWQ4T01y?= =?utf-8?B?SzU3SlB1UlB0b1U1MW9wUXNLQytoVEQ4dXRaVnNvUVlDOTBJcmJ2TlA4NGdU?= =?utf-8?B?cEZxS1BMQ3ZzNm5XZ1g1Y2drRFBRWVNqQmJ5T0l4N2l6dk1tZXp2OENSYVQ0?= =?utf-8?B?U3JGVU1VRWtObGVza2pyRjZrdm96aTdXTDZ5ZEVYRVNid1d2dy80bnFUcHBJ?= =?utf-8?B?cUFscjR4S1FQeUFXU0pVb1dNMzV3QlB6b25YQWpGYUF4RHIzWCtBM2wvSWs2?= =?utf-8?B?UDRDeFMvSlIvYTFOMmFIUUIyL2RROTF2eHNJT0VUK0tYc2xEUkZ0cmRRc1Ix?= =?utf-8?B?YmJhVUpKa1JkUUdUUDltQ1Zhalc2RFZPdGkwU1ZManJQTnJYMUcyUXRNZWFN?= =?utf-8?B?bm5iQjF0YzV3eVVvemozYllWSk5jOVNpcUpHMVN4MEVLbVpyMlJZelBsK2dB?= =?utf-8?B?ckt5bVhDYkk3dEhrNVdOcSt2UWYrcFA3WGxibkJ6bjNUMkJ3eE5UTmM4OFpN?= =?utf-8?B?cDhiOFVwK0JZSXBCcjRNRWpqZjVGdGQySWtYYVhNa0RESVZMRjE2YXQ0emcr?= =?utf-8?B?Vmtuanc4em5YWXRETWpMekdnbGVTQkF5L3NYUFkyeEFOSlFHWEQxaFpYR2NB?= =?utf-8?B?d2UxZmE3ZUk0R05JTXdpNDZhL1FKSFY4NytucXN3czJ5Z1ViODMzWUJRV0VU?= =?utf-8?B?RWo1T0o1UFA2d29JNzd6V2hReTBqRllDUnRnNEhXakQ5N0FsNVZQUWZJK1dH?= =?utf-8?B?OTNEQVd3UjM0MGoxVnZOOUVvOE5mU25rSFRsQUF5TGZGOURDMlVpU1B1MTls?= =?utf-8?B?ekxhUXArazdyNFFYRVllOUk0akNwMFZUUFVYeDBkaUJOcEQ5QS84Z1FBTXB3?= =?utf-8?B?clpQRlhlaUt4ekVvcktXUG9HRnRGVXZsWDA0OUg5aURYNnU2a21MT09iS01s?= =?utf-8?Q?Vnujn2Gyv+bTukpUf+MhBHfub?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: ec8b2aa5-6fb2-4b64-02e0-08db0ea66d0d X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2023 16:13:36.2798 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1KYVhP7Srnk0YZDEIWk+r/vrNuQ6YhxlE4IF5Er2t8XADsEcqhYA8Fa1DV0M9we8zsreMfsJ3SrWdI1h5Dj0BA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6802 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1676391247739100001 Content-Type: text/plain; charset="utf-8" If this VM assist is available (to PV guests only), use it to - avoid issuing an IBPB ourselves upon entry from user mode (which the hypervisor would then have to emulate, as the MSR write traps), - suppress the IBPB in the hypervisor if we don't mean to have one issued. As there's no good place to have xen_vm_assist_ibpb() as an inline function, make it an init-only out-of-line one. While adjusting the Xen public header, drop the unused and no longer applicable MAX_VMASST_TYPE (instead of modifying its value). Signed-off-by: Jan Beulich --- a/arch/x86/include/asm/xen/hypervisor.h +++ b/arch/x86/include/asm/xen/hypervisor.h @@ -43,6 +43,8 @@ static inline uint32_t xen_cpuid_base(vo return hypervisor_cpuid_base("XenVMMXenVMM", 2); } =20 +int xen_vm_assist_ibpb(bool enable); + struct pci_dev; =20 #ifdef CONFIG_XEN_PV_DOM0 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -18,6 +18,8 @@ #include #include =20 +#include + #include #include #include @@ -32,6 +34,7 @@ #include #include #include +#include #include =20 #include "cpu.h" @@ -934,7 +937,8 @@ do_cmd_auto: break; =20 case RETBLEED_MITIGATION_IBPB: - setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + if (!xen_pv_domain() || xen_vm_assist_ibpb(true)) + setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); mitigate_smt =3D true; break; =20 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -294,6 +294,17 @@ int xen_panic_handler_init(void) return 0; } =20 +int __init xen_vm_assist_ibpb(bool enable) +{ + /* + * Note that the VM-assist is a disable, so a request to enable IBPB + * on our behalf needs to turn the functionality off (and vice versa). + */ + return HYPERVISOR_vm_assist(enable ? VMASST_CMD_disable + : VMASST_CMD_enable, + VMASST_TYPE_mode_switch_no_ibpb); +} + void xen_pin_vcpu(int cpu) { static bool disable_pinning; --- a/arch/x86/xen/setup.c +++ b/arch/x86/xen/setup.c @@ -940,6 +940,13 @@ static void __init xen_pvmmu_arch_setup( HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_pae_extended_cr3); =20 + /* + * By default suppress the hypervisor issuing IBPB on our behalf. In + * the RETBLEED_MITIGATION_IBPB case the VM assist will be disengaged + * again in retbleed_select_mitigation(). + */ + xen_vm_assist_ibpb(false); + if (register_callback(CALLBACKTYPE_event, xen_asm_exc_xen_hypervisor_callback) || register_callback(CALLBACKTYPE_failsafe, xen_failsafe_callback)) --- a/include/xen/interface/xen.h +++ b/include/xen/interface/xen.h @@ -413,7 +413,15 @@ DEFINE_GUEST_HANDLE_STRUCT(mmuext_op); */ #define VMASST_TYPE_runstate_update_flag 5 =20 -#define MAX_VMASST_TYPE 5 +/* + * x86-64 guests: Suppress IBPB on guest-user to guest-kernel mode switch. + * + * By default (on affected and capable hardware) as a safety measure Xen, + * to cover for the fact that guest-kernel and guest-user modes are both + * running in ring 3 (and hence share prediction context), would issue a + * barrier for user->kernel mode switches of PV guests. + */ +#define VMASST_TYPE_mode_switch_no_ibpb 33 =20 #ifndef __ASSEMBLY__