Hello,

The following series implements support for MSR_VIRT_SPEC_CTRL on
different AMD CPU families.

Note that the support is added backwards, starting with the newer CPUs
that support MSR_SPEC_CTRL and moving to the older ones either using
MSR_VIRT_SPEC_CTRL or the SSBD bit in LS_CFG.

First patch is quite clean, as it uses the shadow SPEC_CTRL in order to
set the SSBD bit and have it context switched by Xen using the existing
logic recently added.

The next two patches introduce a different way to context switch SSBD
either depending on the underlying SSBD support, so it's either using
VIRT_SPEC_CTRL or the LS_CFG MSR. They also kind of overload the usage of
several spec_ctrl variables in the hypervisor in order to store the
status of SSBD even when not using MSR_SPEC_CTRL itself. I've tried to
document those in the commit messages, but it could be controversial.

Thanks, Roger.

Roger Pau Monne (3):
  amd/msr: implement VIRT_SPEC_CTRL for HVM guests on top of SPEC_CTRL
  amd/msr: allow passthrough of VIRT_SPEC_CTRL for HVM guests
  amd/msr: implement VIRT_SPEC_CTRL for HVM guests using legacy SSBD

 docs/misc/xen-command-line.pandoc           |   5 +-
 xen/arch/x86/cpu/amd.c                      | 116 +++++++++++++++++---
 xen/arch/x86/cpuid.c                        |  18 +++
 xen/arch/x86/hvm/hvm.c                      |   1 +
 xen/arch/x86/hvm/svm/entry.S                |   8 +-
 xen/arch/x86/hvm/svm/svm.c                  |  67 +++++++++++
 xen/arch/x86/include/asm/amd.h              |   3 +
 xen/arch/x86/include/asm/cpufeatures.h      |   2 +
 xen/arch/x86/include/asm/msr.h              |   6 +-
 xen/arch/x86/msr.c                          |  15 +++
 xen/arch/x86/spec_ctrl.c                    |  11 +-
 xen/include/public/arch-x86/cpufeatureset.h |   2 +-
 12 files changed, 230 insertions(+), 24 deletions(-)

-- 
2.34.1

On 01/02/2022 16:46, Roger Pau Monne wrote:
> Hello,
>
> The following series implements support for MSR_VIRT_SPEC_CTRL on
> different AMD CPU families.
>
> Note that the support is added backwards, starting with the newer CPUs
> that support MSR_SPEC_CTRL and moving to the older ones either using
> MSR_VIRT_SPEC_CTRL or the SSBD bit in LS_CFG.
>
> First patch is quite clean, as it uses the shadow SPEC_CTRL in order to
> set the SSBD bit and have it context switched by Xen using the existing
> logic recently added.
>
> The next two patches introduce a different way to context switch SSBD
> either depending on the underlying SSBD support, so it's either using
> VIRT_SPEC_CTRL or the LS_CFG MSR. They also kind of overload the usage of
> several spec_ctrl variables in the hypervisor in order to store the
> status of SSBD even when not using MSR_SPEC_CTRL itself. I've tried to
> document those in the commit messages, but it could be controversial.
>
> Thanks, Roger.

I suspect it would help reviewing things to state what the end result is
intended to be.

1) Xen should use the AMD provided algorithm for engaging SSBD itself. 
This includes using MSR_VIRT_SPEC_CTRL if Xen is nested under another
hypervisor.  In the current code, this is implemented by amd_init_ssbd()
even if only limited to boot paths for simplicity.

2) On Fam15h thru Zen1, Xen should expose MSR_VIRT_SPEC_CTRL to guests
by default to abstract away the model and/or hypervisor specific
differences away in MSR_LS_CFG/MSR_VIRT_SPEC_CTRL.

3) On Zen2 and later, MSR_SPEC_CTRL exists and should be used in
preference.  However, for migration compatibility, Xen should be capable
of offering MSR_VIRT_SPEC_CTRL to guests (max, not default) implemented
in terms of MSR_SPEC_CTRL.

This way, a VM levelled to run on Zen1 and Zen2 sees MSR_VIRT_SPEC_CTRL
and can use it on both hosts, whereas a VM only intending to run on Zen2
gets MSR_SPEC_CTRL by default.

Obviously this means that a VM on Zen2 can opt in to MSR_VIRT_SPEC_CTRL
because of how max vs default works and this is a legal configuration,
even if it's not one you'd expect to see outside of testing scenarios.

~Andrew