From nobody Sat May 11 17:39:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1674660370; cv=pass; d=zohomail.com; s=zohoarc; b=OmegwJgiLiij5dZIx4PzA2p0tCCIPzGG/ezLW8ABXwJmjfMtK+87DXjsNkJwaW45/P7+tHWA0yP709Nn7xevqmf20wmmV+WGyGxjUZW3yWm2U2WGoW1V2qK1IoXON0gakqyvbNsdSWrWTcTqk+ocymdmXN1cO+A6QNVEgnvYBdk= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674660370; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=nQJ5ptgo3DhG6hsOaqhb2+eXMCyhMWsjUMcGzP04kEI=; b=XzE6xmGSTaWJZ/FuWD4LdWiQTLKVG66iDYEuNH4g6HHbVUQWQHcOZ/+0jnozJ5K+1yCeU6cVLLil7lDbpUtW3uCZpZXcqyaQnTOwmdhd5C8MV4IlU+Tkcod3JbdZqKPSHIM8PGEAnXPBjvYZYe2XuN4BBqkMT+fidjQ47rpbKEs= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674660370088680.2450631914307; Wed, 25 Jan 2023 07:26:10 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.484415.750978 (Exim 4.92) (envelope-from ) id 1pKheg-0008PW-3V; Wed, 25 Jan 2023 15:25:42 +0000 Received: by outflank-mailman (output) from mailman id 484415.750978; Wed, 25 Jan 2023 15:25:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKheg-0008PP-0c; Wed, 25 Jan 2023 15:25:42 +0000 Received: by outflank-mailman (input) for mailman id 484415; Wed, 25 Jan 2023 15:25:40 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhee-0008PB-Hv for xen-devel@lists.xenproject.org; Wed, 25 Jan 2023 15:25:40 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2081.outbound.protection.outlook.com [40.107.7.81]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8502e035-9cc4-11ed-b8d1-410ff93cb8f0; Wed, 25 Jan 2023 16:25:38 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by DU0PR04MB9347.eurprd04.prod.outlook.com (2603:10a6:10:357::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 15:25:36 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389%7]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 15:25:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8502e035-9cc4-11ed-b8d1-410ff93cb8f0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JkuE97FeZo59IOmaaHsSq4mfi/WArXPGMEinoOkarGnJwby13ZVTCO4+zLZKMgF/AyUFn5TkbBW4j0Ge4DpeB1w5mGAGk6kHZrNd/RQl7+P+hnSNOZZJIWJmoGDWU27IStLQA/+hjT6T2PPB2Q8AVpjU670qyJbuvH7gBF0OPx22/sfpNapjwgK/+JRISL8Lm55rDZ6TJERTpL8D6hykfuGe1Bwb0OmlhaWb/QzoaoDJMCTfWbM0LCt/aOUI94Wbr+D7ejnhJbiNmF7Vd7sj7WWD+Gbvb8iI9gzebI1tCv1JDtqqnm5ycSv2abjMbMCeHxLNv0G2sfCvVMXc2u3q1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nQJ5ptgo3DhG6hsOaqhb2+eXMCyhMWsjUMcGzP04kEI=; b=mcipZiIfxvBrt4hAo29yT6UYstrj+54BmDs+86z2G1Crd3QSPg9hqdFcgYmlS6ZNBydpYwJDQqxBCbWv5LUuZ7MTK77dDG6PGpEqLeanPFiNVBYGI+oNUEjyBFz8tZ/VGU0j1vc868nejjNVIb4lG07azHDkxUqTSEu4M76uoQyx9xMNcs8OtpLFn+LOgWLu+XThUPhao7LevthNXGMSF1GQqZFyVuq9HBa3lhZ5bwirCkyTeVDby8OWF0YZyESrVPwxG8CpK2irQcegR5f/fhpxeKTGq/ZzE12Ske38auVSLFronW4sFv57vq/gNUqFFkyg5Cb7vmxFcUNr7GAuEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nQJ5ptgo3DhG6hsOaqhb2+eXMCyhMWsjUMcGzP04kEI=; b=cWXtqxdk7ma7soXxvW5AnuwyYDfvH27WtAs/Vp+qhbJ6iNMujCv3q87Cgkno2DouWNJktEFs9qERw+9LMa8cE25oKSZ2qFd8Pw/yQu6fl0ITNsQ6OjBcdnyGaEr5OUDM+DDHb+j3degGkUS1p/2nKNXBanXkw4BJ9AzqOzpmrql12PkUUy0yJJ9qTnty2a+14o9NGQJFJq22K5YtQ9K6Yhs/+AyljhnusjVLxUG+i4/I0wrHkovRvsATP+7vv1F5gPd2BWBZ/YNVVzBNbCKczCdM4YQwvn9dxEUXtjdXZuKL/Wd6s3AB75+p/TmupEhGeFEYK5/VM2Zs84q8dDyf4Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <8ee98cc0-21d3-100a-ffcc-37cd466e7761@suse.com> Date: Wed, 25 Jan 2023 16:25:34 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: [PATCH v3 1/4] x86/spec-ctrl: add logic to issue IBPB on exit to guest Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , Kevin Tian , Jun Nakajima References: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> In-Reply-To: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR2P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::12) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|DU0PR04MB9347:EE_ X-MS-Office365-Filtering-Correlation-Id: 6bdc3063-2c0e-47b2-e53d-08dafee867f8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OdJsSHxnVG0lQv9L5ANexYP3pT4K4EC/c9HG1f3JXC5Cl4p0xpXgyj3RIpZ+o+/A1qCPZvSlDD1OEvwvqxmy+2YtqyqKZhc+xfWM4cURNnF4lWBPG2NaB5hENGEkdz+FyFUiavBFN/53hqM8T3tc//GlLQ2ST9KRqgFQWzhfQL6utxrwdt9gzh3WRXoHgKYXcW75VuzVngiwM3JWjpAb0yVapK2H1ynq7xCVH0T9ICbfqsovJQ6OWBEdomLHwo8mnZRmJ9mOZpkKeEODbZlXbczB8XUHZWJcdH8YKysEyoA+1ZIPpL1NfU5Q4U+XfuY82vZbK44pEQeefMNL1n7H11+U6OuI0VuVoxYin/Ud0VGvJrJwDNRXBSqEv23Ho1xMFHgaSn5BHCmjQOTM4XbJT6rDDh4wFbTdTFoJ1oLDuVKhE8NWZo02z6Qj2CSR0g1793OeyRnQhUk3K2znzWFcHt4T9RhYptawp8nATu8TsZMki91MQgMQ1PsXKxmLvU8/JpsmaXgRH5w/WW8yXklCEzsa1sCg8R+qwdGSNONIU8hhiLwduGKJ7ZTUVsrw+MyyM2jxiT6Wjuk31cTmZ9/o49kn3YSfa3H6X+2m06p2eKSzytbAqLwM+PGR3BdMkzH8tdV86KyvKIyPG2RwK1OayXxdRZNQvE/Y8l2AbsY93UzOmPk2Tmbl1lCH8XBTYSGPhfeYoAPjv0XoLrfJPqNEbIne23RXtYxDaoGfGEtZJfc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(346002)(136003)(366004)(396003)(376002)(451199018)(38100700002)(66946007)(36756003)(31696002)(66556008)(478600001)(6486002)(54906003)(31686004)(316002)(66476007)(6916009)(4326008)(8676002)(2906002)(86362001)(6506007)(186003)(26005)(2616005)(83380400001)(41300700001)(8936002)(5660300002)(6512007)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cU00V3ZXMHNTT0prakhqMzhLWjVnZjJjK01oNGh2dXhLOEYrenFvdmdENEg0?= =?utf-8?B?NkRBaXN5ZlVLNkFBV1I5TU1UUjRzUFRXTStiTDZxY0ZrMzQycTBhREVLTi9J?= =?utf-8?B?RXNzL1Q4NzVTaXlHZzB1VW1md3FiSWpJVElpeXlyVXVkbWxYbUpaOWY4b3lx?= =?utf-8?B?bjR6TGxGOXcvckU5dDlnMEpKY1JDeDlheUJnWTE1ZmhYTVM4Q2hibFlLR01L?= =?utf-8?B?bVhvazcrSEw3NEU0L2NtSTd0UjhzbitVOUhhVS9RZEgyT21DenM0YlkwR0d3?= =?utf-8?B?YUtpUjZCaFp5UTgwRllIaUF0VXdKSFltSnZrKzRwUjFWaHk1ajhyZjlPVzZj?= =?utf-8?B?NFhRTldrNTZlVnYwNkpIbTJBSkdHZXRYRnRPQmFCV1FrMHJXZVA0NndCZDN5?= =?utf-8?B?RzBmaE5sanZnUERRaFhLbDVHb1hYc0M4eGFmMTFXNThXTkMwRWNNak9TWlgx?= =?utf-8?B?dXJIUEt6ekd2M1JhT3lSWGVjaEtPUll1SDRWaGlMZy9DV2M3eWpqSVZuWnN2?= =?utf-8?B?RFFUc0YwT0ZINTQ4NDBrcG1JY1pDSjh2SThyRGltSFIxUlEvdmhtWiszZzEy?= =?utf-8?B?bzhZMnVNaHoxZXVqSjRoS2RSMUdCRktuQ3B0N0NUenVOMitHNHBwN2szRUlF?= =?utf-8?B?YnpDSEllN1c3VVQ3cENabE1wYlB5akpTbTF4SHNYUDJUMzB6WVR0Yk41TjUz?= =?utf-8?B?TXMzb0tUeVcvZ2xCRnk0SXovWHJaR3hXZjJZNVZoU1pBeXlwTDBNUkRINEhF?= =?utf-8?B?Q2xnMThSQ05raHhoaFlnYW54aHh1VHYrWm9LTFlacWhCZkdybGV2ZjgwSGNS?= =?utf-8?B?eFZqakxEMkpXOVNzTmx4Z1RyT2VldWo1ajZIMjFDZG14bFF0eHpyWXFnSjhv?= =?utf-8?B?S0JKdXhwenVuQyszVUwxS25EYjJwVU1KZ25STE1BSXQwNHROT3phei8rN1p1?= =?utf-8?B?RDc2b2pqWmc5bDRIMzgzUlVnWFhBbUg2Y0svTi9XRkljenhyYjJDb3F0cThp?= =?utf-8?B?c1VaVFhEWU5lLzRuWDcwaEQ1TGFlZXF4NnIwRjJ5b0lxbHJyTHJLYXo2VGFu?= =?utf-8?B?dlFBTXZnVFdQOERCTmRHcHVLVG84MnhrbC9vbU9pb3dhNzNadGNRc3ZIVXdo?= =?utf-8?B?WHFOQlBReitSbVFPY05uejlwM240MlBvS3o2eEV5dHBuK2Y4R0ZHWFRBZmNT?= =?utf-8?B?SXdVZENLWWI4UGNXM0hCYjgrOUgyREptM0RSR1VBSDJ4RjlQb0ZJdlFTUXdr?= =?utf-8?B?YndqODc1ODF5bVk0WE5yc1RIWjRnczJLNjVldXZuTUNGUkVCdUl1cTVNWkh0?= =?utf-8?B?bkl2SFFyL2VoS3pEU0V2U2pMREtPaVBCQ1Z5bGR1VG5WN2xkbGVxay9Kays4?= =?utf-8?B?RDFxbmxRMXh1YVZHRXFhcERSL0ZxTVpaWGpqb0FCNmlwQXBrZTBjUUswTDND?= =?utf-8?B?OG9ZRHQ2emUyVStEbDBBTlI1OEMzZDlZRlJNT1RnWUhDa0U4dnJDSUR6TXZM?= =?utf-8?B?RTdRL2FxV2syeHAxcG8rQzZrK0E1bC8zU0lraWlEYXJvSm50NitZTHFIWUlo?= =?utf-8?B?bG04N2lLZW4wZlhFeGZNWnhITmIzWTZWUTF3bWxrVGNXQjZPbHF1cXUzSWdu?= =?utf-8?B?Yzl2eloxV0JZNWg5cjlRT0V5MFJuWnFjZHYzUDFMQlp5dXRhdlJTdUovbldy?= =?utf-8?B?U21MUHVlRjlhbWF6YlVJZDJBRzJjbkx1cjk2RG12VzMzdlI0UytCQzVwbW9Q?= =?utf-8?B?SFJIbUJLc1p2VXpVYmpGVnIzN21hZHlxQy93akJVdjFjdkgybTFoVEdKM25R?= =?utf-8?B?d0N1MzlxdVZ4MmgvbmljaExURm9ReWFSbmVRNFpnOFpmQXZ6RlpwcXBveUpV?= =?utf-8?B?Ris5dStqWXM1eWpVQytJK1pPNVdhVDdSQTBTdnBIYWlueUFZYmFuWkFVNURV?= =?utf-8?B?eHEvL00zeUdmMFVLTit3VTZZUGNwMk1zTDJwUGFnZkNVRml3V3dsZ0ZNT3VK?= =?utf-8?B?aFdSRUZ2R0lsRDRhOXdQUlF2WlBsVEpseE9LTTJxUk91SmpyRCt6ckVnVkVG?= =?utf-8?B?UHNOR2dwQTk4YnVudlVOOFVOWndRcHQ3eFZHUU4vL0FUcFJvRzEwWWhJRzVC?= =?utf-8?Q?K1LWwO54gPWXPZWW92YBDeoTl?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6bdc3063-2c0e-47b2-e53d-08dafee867f8 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 15:25:35.8297 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 3vASHap+7b0xjNm+kcg8lgg9XU6B3vL4Ygt9XYF68WfkO1Xc/nobvhvlcBGqCM6dUjPjYrPYPYdnt/dtBKIduA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR04MB9347 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1674660371912100001 Content-Type: text/plain; charset="utf-8" In order to be able to defer the context switch IBPB to the last possible point, add logic to the exit-to-guest paths to issue the barrier there, including the "IBPB doesn't flush the RSB/RAS" workaround. Since alternatives, for now at least, can't nest, emit JMP to skip past both constructs where both are needed. This may be more efficient anyway, as the sequence of NOPs is pretty long. LFENCEs are omitted - for HVM a VM entry is immanent, which already elsewhere we deem sufficiently serializing an event. For 32-bit PV we're going through IRET, which ought to be good enough as well. While 64-bit PV may use SYSRET, there are several more conditional branches there which are all unprotected. Signed-off-by: Jan Beulich --- I have to admit that I'm not really certain about the placement of the IBPB wrt the MSR_SPEC_CTRL writes. For now I've simply used "opposite of entry". Since we're going to run out of SCF_* bits soon and since the new flag is meaningful only in struct cpu_info's spec_ctrl_flags, we could choose to widen that field to 16 bits right away and then use bit 8 (or higher) for the purpose here. --- v3: New. --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -75,6 +75,12 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM =20 + ALTERNATIVE "jmp 2f", __stringify(DO_SPEC_CTRL_EXIT_IBPB disp=3D(2= f-1f)), \ + X86_FEATURE_IBPB_EXIT_HVM +1: + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_BUG_IBPB_NO_RET +2: + pop %r15 pop %r14 pop %r13 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -86,7 +86,8 @@ UNLIKELY_END(realmode) jz .Lvmx_vmentry_restart =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=3Dregs/cpuinfo C= lob: */ + /* SPEC_CTRL_EXIT_TO_VMX Req: %rsp=3Dregs/cpuinfo C= lob: acd */ + ALTERNATIVE "", DO_SPEC_CTRL_EXIT_IBPB, X86_FEATURE_IBPB_EXIT_HVM DO_SPEC_CTRL_COND_VERW =20 mov VCPU_hvm_guest_cr2(%rbx),%rax --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -39,8 +39,10 @@ XEN_CPUFEATURE(XEN_LBR, X86_SY XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for i= dle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow St= acks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect = Branch Tracking */ -XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by X= en for PV */ -XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by X= en for HVM */ +XEN_CPUFEATURE(IBPB_ENTRY_PV, X86_SYNTH(28)) /* MSR_PRED_CMD used by X= en when entered from PV */ +XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by X= en when entered from HVM */ +XEN_CPUFEATURE(IBPB_EXIT_PV, X86_SYNTH(30)) /* MSR_PRED_CMD used by X= en when exiting to PV */ +XEN_CPUFEATURE(IBPB_EXIT_HVM, X86_SYNTH(31)) /* MSR_PRED_CMD used by X= en when exiting to HVM */ =20 /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,9 +55,13 @@ struct cpu_info { =20 /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; + /* + * spec_ctrl_flags can be accessed as a 32-bit entity and hence needs + * placing suitably. + */ + uint8_t spec_ctrl_flags; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; =20 /* * The following field controls copying of the L4 page table of 64-bit --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -36,6 +36,8 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_exit_ibpb_bit 6 +#define SCF_exit_ibpb (1 << SCF_exit_ibpb_bit) =20 /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -117,6 +117,27 @@ .L\@_done: .endm =20 +.macro DO_SPEC_CTRL_EXIT_IBPB disp=3D0 +/* + * Requires %rsp=3Dregs + * Clobbers %rax, %rcx, %rdx + * + * Conditionally issue IBPB if SCF_exit_ibpb is active. The macro invocat= ion + * may be followed by X86_BUG_IBPB_NO_RET workaround code. The "disp" arg= ument + * is to allow invocation sites to pass in the extra amount of code which = needs + * skipping in case no action is necessary. + * + * The flag is a "one-shot" indicator, so it is being cleared at the same = time. + */ + btrl $SCF_exit_ibpb_bit, CPUINFO_spec_ctrl_flags(%rsp) + jnc .L\@_skip + (\disp) + mov $MSR_PRED_CMD, %ecx + mov $PRED_CMD_IBPB, %eax + xor %edx, %edx + wrmsr +.L\@_skip: +.endm + .macro DO_OVERWRITE_RSB tmp=3Drax /* * Requires nothing @@ -272,6 +293,14 @@ #define SPEC_CTRL_EXIT_TO_PV \ ALTERNATIVE "", \ DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR_PV; \ + ALTERNATIVE __stringify(jmp PASTE(.Lscexitpv_done, __LINE__)), \ + __stringify(DO_SPEC_CTRL_EXIT_IBPB \ + disp=3D(PASTE(.Lscexitpv_done, __LINE__) - \ + PASTE(.Lscexitpv_rsb, __LINE__))), \ + X86_FEATURE_IBPB_EXIT_PV; \ +PASTE(.Lscexitpv_rsb, __LINE__): \ + ALTERNATIVE "", DO_OVERWRITE_RSB, X86_BUG_IBPB_NO_RET; \ +PASTE(.Lscexitpv_done, __LINE__): \ DO_SPEC_CTRL_COND_VERW =20 /* --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -8,6 +8,7 @@ #include #include #include +#include #include #include =20 @@ -156,7 +157,7 @@ ENTRY(compat_restore_all_guest) mov VCPUMSR_spec_ctrl_raw(%rax), %eax =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: cd */ + SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: acd */ =20 RESTORE_ALL adj=3D8 compat=3D1 .Lft0: iretq --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -9,6 +9,7 @@ #include #include #include +#include #include #include =20 @@ -187,7 +188,7 @@ restore_all_guest: mov %r15d, %eax =20 /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: cd */ + SPEC_CTRL_EXIT_TO_PV /* Req: a=3Dspec_ctrl %rsp=3Dregs/cpuinfo,= Clob: acd */ =20 RESTORE_ALL testw $TRAP_syscall,4(%rsp) From nobody Sat May 11 17:39:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1674660401; cv=pass; d=zohomail.com; s=zohoarc; b=imADJ7rWf0jEmXrWFTghJpAlUJjZBdk5D7pJtZoTWEUPyaal9o7GO/TXHMfukZveFfWgnks8q697rIP1F8lnYYuTjrUktcfrEVcEkmHxHfh8QTDM7TztAmbdNHWILTyyDw/iK3a6vw5FqVrpEaAjdzrQlyQPfQOjYN9zoC9Hx1Q= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674660401; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3hzT4IxLbkKQPfXvLmEol5is+s4A37v/BAV/NZrhc5o=; b=Fib8TIfvKukvnPSfRy1c/Q3RQxmA8TM9vIyuYnmP90GGkSG/6W+VS9xG7ax7NACnhTjyz9Bfmug9GxcZbFWveelZLRu6Mk0Pc/LWQpAtD0aZItnzD3XP2ww/X9dtjZGUo9fPGQYvXnNba2a7H+FszIiAAFEKMbLa91B3W2k9VeU= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674660401662621.4350925447013; Wed, 25 Jan 2023 07:26:41 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.484421.750988 (Exim 4.92) (envelope-from ) id 1pKhfE-0000Vs-Bk; Wed, 25 Jan 2023 15:26:16 +0000 Received: by outflank-mailman (output) from mailman id 484421.750988; Wed, 25 Jan 2023 15:26:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhfE-0000Vl-8z; Wed, 25 Jan 2023 15:26:16 +0000 Received: by outflank-mailman (input) for mailman id 484421; Wed, 25 Jan 2023 15:26:15 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhfD-0008PB-9z for xen-devel@lists.xenproject.org; Wed, 25 Jan 2023 15:26:15 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2086.outbound.protection.outlook.com [40.107.6.86]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 99fbe8b4-9cc4-11ed-b8d1-410ff93cb8f0; Wed, 25 Jan 2023 16:26:13 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AS8PR04MB8948.eurprd04.prod.outlook.com (2603:10a6:20b:42f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 15:26:12 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389%7]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 15:26:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 99fbe8b4-9cc4-11ed-b8d1-410ff93cb8f0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hOm0XeuodWHgs+yabik/SXDquFfo4rfPyVOeBtdw8w8xF0BaWzVgBdm52r3V6MiZZStFNl9wE4/MQhvB7rNlkecyia03bpUw9KLlesyubv9nWYpFz/HkSlw1TveebEv/EyB0dM93stxRqMyIEUcZ36+9gZjFSYq3z9L2kZFcN8Y7gJP1H0bhcr7pbhGgKMufDlQLJHgtDI1TvLnoXhVDZ4DKT05vlpotPiZkeXEMy9I2T6WWL1cPejv7rfzrjqSwfEahe/aXFjRYZAFYGk9VDb49bgO+nf9Nk/CWFknlZofU8LTNjPUdClu5ZkwJD7SPqDfaA71iNIWvOxsMyFWAiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3hzT4IxLbkKQPfXvLmEol5is+s4A37v/BAV/NZrhc5o=; b=n7a4k7R3vTNQPKtW4XWZBNdVmouCUvLIEBnhCPHnRYy88NTSWxikVAb6ObhdMHH52Y6cAXlPfqSEYlWwyEhHsMnHB5qpJpelyHa2DLrVnTO6L1PR3oRYGUuGAn84srTGGjqawdBe6yengvrSI4awYGKDpBHTsjviAf9Kj8yZakf9sOlZA9ChYOjju2n99a9DOFD3xT11RL70tN0321baZ8ifHgfnPaijhdG9P1qmc3wG0aUEDRQlXcCjG2lFoSApKhJL68yEPSlTT33Cdtr7vNMfBtNdbcNDrw8RZlVC3G/qMMVB1/Eto+kj0K0TJBGdFeiPXbfCMYVPsM+NaE+ARA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3hzT4IxLbkKQPfXvLmEol5is+s4A37v/BAV/NZrhc5o=; b=2Bf0exAKq/Rrs7XRlyXUtBVgpaFBSwfnyt/Zp8g7AUi8vJNWcq+aw4J70UKviNetaUHpxWx3FL2x6AJbgAvWLs084DIMHEP3HrAnRbLTGTXCnKaEM22JK89fz/1hzofFR+7T/KwPuZAHkHOdKxjLKSSIl44wfczSLmjTKwSV5/IEYsOm/Jkyk4CvUEvMAWSGDSPaFCFbOdUIpc5ZkxslQL+LYc4uil3Ph3XL59Dy54WhYloWmM538aM+oCFOgQtG8tzxDJN8CqeVwM+crOEFaMDqnQvokFHOzK3iaIAUodmQ94vN6fGIA9LArLx+pTJlQuAEk4MBiwqx5hhjVh9aDw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <23ea08db-3b64-5d1a-6743-19abb7bd6529@suse.com> Date: Wed, 25 Jan 2023 16:26:09 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: [PATCH v3 2/4] x86/spec-ctrl: defer context-switch IBPB until guest entry Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> In-Reply-To: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR2P281CA0149.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::10) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AS8PR04MB8948:EE_ X-MS-Office365-Filtering-Correlation-Id: c52ef015-6633-4f42-40ed-08dafee87d77 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dAZ259qQ1aY5wGjm3/NvDsMTezqLPgI9/jhGGMBEKngDQl7DSerJNPp9qwmZlXNw5Z8uGb5aqrf0TDkscENbOdoy997nskmlIm3SaqbB7XhxklLSeCbcieSEkvk7XDtGhAJyq9irU94QAjumF3jFK8LKEYQAtTSTO42frDI3TEs243gqQQa/9M2rjwUybFcssrFDNy43i93QIkpWkJMZWcc087Q3SbSke5yXkNVXHYvrhmhf5j1a4DSM6RvWWj6CThsJReoZ5tcYMEThgWKiOyDR2zJx3RLmbjXxiUTudAHA2CsuEK74YsiCU5UGfSSt4iM6K8SAMzc7QyLfdAxgqSWJEZemaFmBX3s6RT9/g0JLGKODFb/pZxgKyx4S0PjwKDSPaS5U3XTm2K9tVq0H3naK6aNsFUaDxtmZieC0eCaDxmoVrudd5nVWB7Tl26dOv9L4s4Nsf3NVawGTWRJ29gjngHZc99IefTMwl4VMwtZnyA0LXMCG8RRH5OUaW26NB4MoQvh7ESuJ0o3SvWb1P4on94Hzd9/RBAuFbKXVTm2j4yL0TjYYfcMdTOqcq5OfygKJEHF5KsRWNNjjJiLt40L1vramEodYsZ+bUDvhBkCvoGv7cKxvqUG0UM3L1TIrA65o0wJGyfdK/hf50ZBkOjq0fpCf1jhbO5h0y50alzuqqwx5328MSNVN8yr438OZxvEFnf2XAvb0Ptcqh1q56R0Qhu+g9wDH65I6T7j1I9I= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(396003)(366004)(376002)(346002)(136003)(451199018)(83380400001)(38100700002)(26005)(5660300002)(2906002)(41300700001)(86362001)(8936002)(4326008)(6666004)(6512007)(316002)(6506007)(8676002)(186003)(66476007)(66556008)(2616005)(54906003)(478600001)(6916009)(66946007)(36756003)(31696002)(6486002)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Rk42K1QwWlluM1d1dFhKY2RKRC9BSkpkRzdCeGV2SEgwNEJ2TTlwOCtwUEF0?= =?utf-8?B?K1pEOTczUkdtRnMvelBjeXR0NndVYUl0clgvUWZydHZ3QnpTNWd4T1ZrU29i?= =?utf-8?B?SGFUbXNvbG1RM1BsVzlFcklINi9nOG9iNlVjT2Q1THI4TUFMc05mMEwyUW9D?= =?utf-8?B?NlJxOVlZdi9kTHVTaUJ1SjlmNitSckxvbGZDNHZSdUVhaS9xejR1Q0d3ZU5o?= =?utf-8?B?cUEveU1VOCtZOUdtaVRwNGN4NVJCK0VVcFlQeno4dW5aZ0ExTWFkaUZIZmVL?= =?utf-8?B?NGdpMVJMSFljU3J0UVNPVTNKWmtMY01nV1o0a2VyUzJZd2ovZmV6OHNpSnpE?= =?utf-8?B?UU9yN3pRcTlIS2JEM1BZZjMyMmQxUDVyZkNBYjVaWm1XSU5GckltVWFWRk1t?= =?utf-8?B?NWlMRnlidXc2Y3F4OERDU0MzQnRYTVZZUy9CT25FK3Juc21tbXdVb2VRN2pn?= =?utf-8?B?L29JUzlBZFRESXB4RmcwSTNZME53ejRTTFJxTTlPUEEzZUllUEQyZjZPYWI3?= =?utf-8?B?OXlZVWp6a0pQT2FjdWNZZ3pWZnpNZEZ6a0NGUTVNQk1DMGVqYVoyZ0pQMnVJ?= =?utf-8?B?ZThCbUhOWEJOTHlZRno4aGFsNVJyUVNOYXdremUxcU5xTzRuWVFkRmNoOUd3?= =?utf-8?B?VFhxMEdqQUgrU3gyS2ZNcTJ5eWlqUElCRHBNaGxDbmRpejRaVlBqbXNxdmc1?= =?utf-8?B?LzloYkt6NXljWEdNN1FhdUVoRm9Vd1ZuQkhDR1AvcHRTckpYaUxwS1JmZFV0?= =?utf-8?B?QU51VDBvZGN4QnBzOGVnYUFvc0dNWjVRa05HOUpCb1NPY2dMZ1NzOFpyNmEw?= =?utf-8?B?L2YrUFJtVVFqMHdSdGU2bFZWTzhyMG02SHF4bmhwcGo0eS9oSXkzUFF6VEZx?= =?utf-8?B?YXJ6Tys3WFczQWw5MXZ1K3NBOWNxSThkeXVtMVJJUUthVSs2N3BBSG9ZYjQ1?= =?utf-8?B?cS8wektrcmQzVWsvRFRuRUY3TDl0RmN2MHArTFNXR3RPd294VU5VQjBvMmJB?= =?utf-8?B?SjlOVCt1TEhqc21oL3dqQ2xCVldyang0Q2RUeVJPcnk2cnUzV2ZVN2VhL3JN?= =?utf-8?B?em1kQ0t2aUUvT2RsWXArZkJUSTE2SXVWaGxabXNsYmp4NWYwdHcxVUJnZlNZ?= =?utf-8?B?TDM2NWRIMEtNaTNqZ0Zsd1MvYnJwVG0xbzJyMEZGTDlTTlJEcGlyK2ZpbFRj?= =?utf-8?B?enJONVNLOERwREhjZ1hFZk1TLzZnRG44dmxPTWxGS0ZoR0tWdkcwUlFsR2tq?= =?utf-8?B?eXg4TTdQMlhhSWhINWphbDI2MGFNNVp5TnZhQzQ4R29EYnFZcVdtVHJwc25t?= =?utf-8?B?bktiNjRKVkNkREJwRjFpcWNEY0U3ZHVNa0JRS2RJcnJOMlhwTVg5MVNUS1c5?= =?utf-8?B?RXZaYUozWXdmcmhrWGVhQ3liSUpmYytISVNUVTNueGNDcUZ4TTJMLzg3eERo?= =?utf-8?B?cFV2R3BSMENQQVNQU3lGZWZKK0xKWjVQWGMrSmNTaWdKQkw3ZFA0cE9nVmNy?= =?utf-8?B?ejgyU2dRYUhaNDljaXBkOWEyYmRHbkFTbVlxZGsrY3dYZFFmY3RvN1ROWXc4?= =?utf-8?B?VTRCTldsZy9pT0dpLy94OEpCMktiTTFnZWJXbzBXdXNNK1NHc3dFdy8well3?= =?utf-8?B?L3E4bUVTMUZubU5CdWFwMjNPMkNYblVJK3dQbWw4T0Y0cmU5M3hYYm8vUVUr?= =?utf-8?B?bGtEdFQxMmxMajQyZGtScXh2SFR3dVBRZDhCU3RWaC9YWXpJb3haZDJLQ2wr?= =?utf-8?B?dG0zRmM0WkJVZGhBWEtydC90d3ZxTTdXTUR0UGxlV1B3aFBrL1RZKzhDWVRz?= =?utf-8?B?akJ4cWJBejdTcDJUR2pVblIvbFdPRVoxL2VpdkNQQzVvT293c2huTkNTcnNs?= =?utf-8?B?akh0d0F1Nmw4OGg4eU9FRTJsVzhDWHJhc2UxR2pYZU9jVTd1Q3lkSUdtK042?= =?utf-8?B?UFJDTWxKdGlIaDJkVzVCYWNHYWNuVEc4YlhoS2lYbE5MQXB6VzRtMGV5ckl2?= =?utf-8?B?OGdLelpEUDl1RWlGbmR1RDM4cE1GeHN3TnN4MndKS1JvV1JlRnZVQ04rMUZn?= =?utf-8?B?RUhEUkZncWk1YklsbVpCM2FlcTM2Vnpld1hyNjNwUFE2bkdGcHlsTnpDWGhT?= =?utf-8?Q?WXf+b8UVx/VCssxpedJvdoemP?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: c52ef015-6633-4f42-40ed-08dafee87d77 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 15:26:11.9056 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FNOIvU6IDt41a0vuZYiCBYG+TcCTA9loUDmfyaG8tHSiVH8ToWZ8k/vM2V7AaKPOWBA9UZxBh6Y6jo8u0ow3AQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8948 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1674660402088100001 Content-Type: text/plain; charset="utf-8" In order to avoid clobbering Xen's own predictions, defer the barrier as much as possible. Merely mark the CPU as needing a barrier issued the next time we're exiting to guest context. Suggested-by: Andrew Cooper Signed-off-by: Jan Beulich --- I couldn't find any sensible (central/unique) place where to move the comment which is being deleted alongside spec_ctrl_new_guest_context(). --- v3: New. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2038,7 +2038,7 @@ void context_switch(struct vcpu *prev, s */ if ( *last_id !=3D next_id ) { - spec_ctrl_new_guest_context(); + info->spec_ctrl_flags |=3D SCF_exit_ibpb; *last_id =3D next_id; } } --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -67,28 +67,6 @@ void init_speculation_mitigations(void); void spec_ctrl_init_domain(struct domain *d); =20 -/* - * Switch to a new guest prediction context. - * - * This flushes all indirect branch predictors (BTB, RSB/RAS), so guest co= de - * which has previously run on this CPU can't attack subsequent guest code. - * - * As this flushes the RSB/RAS, it destroys the predictions of the calling - * context. For best performace, arrange for this to be used when we're g= oing - * to jump out of the current context, e.g. with reset_stack_and_jump(). - * - * For hardware which mis-implements IBPB, fix up by flushing the RSB/RAS - * manually. - */ -static always_inline void spec_ctrl_new_guest_context(void) -{ - wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); - - /* (ab)use alternative_input() to specify clobbers. */ - alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET, - : "rax", "rcx"); -} - extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; extern int8_t opt_eager_fpu; --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -854,6 +854,11 @@ static void __init ibpb_calculations(voi */ if ( opt_ibpb_ctxt_switch =3D=3D -1 ) opt_ibpb_ctxt_switch =3D !(opt_ibpb_entry_hvm && opt_ibpb_entry_pv= ); + if ( opt_ibpb_ctxt_switch ) + { + setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_PV); + setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_HVM); + } } =20 /* Calculate whether this CPU is vulnerable to L1TF. */ From nobody Sat May 11 17:39:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1674660434; cv=pass; d=zohomail.com; s=zohoarc; b=KmcQD3LBfflqHFrG5ZfRPcQ6gxwifOFa1wxJ5kRxqgRjjD/uebOFKt08IScX4BPo3x7E7I3bB44UFn42SLewxFxCIvvcT+LVYfwZo7yL6qBq7+BHHG8CYD7Zm+XR9lpqeWjNfvhGpZrhb3NaZz5YHwL1BpAhueKAq2hyStF/VLk= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674660434; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=DxE8sU+0fw6taHSR/FfhMJ8LA+rLgHnMSqhdgo6D/y0=; b=SxmYpr4XxOmnvQSoO/BCwhOmeRbvOliqIIzs1rSsw5KH28DgEX0dK6ABH/4DwSWiWK8Iq21m5xfCIPgWbKBr15oRfD/2uH9tuO7EqkF/lqvKD4RbmajEXRT0ALHv76NTeGXcSdE6sCNfhhfXlrWHVhIvpnKSNB9YjLFSRi+3J4c= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674660434224515.4316903778738; Wed, 25 Jan 2023 07:27:14 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.484425.750998 (Exim 4.92) (envelope-from ) id 1pKhfi-000134-Or; Wed, 25 Jan 2023 15:26:46 +0000 Received: by outflank-mailman (output) from mailman id 484425.750998; Wed, 25 Jan 2023 15:26:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhfi-00012v-KL; Wed, 25 Jan 2023 15:26:46 +0000 Received: by outflank-mailman (input) for mailman id 484425; Wed, 25 Jan 2023 15:26:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhfg-0008PB-Qd for xen-devel@lists.xenproject.org; Wed, 25 Jan 2023 15:26:44 +0000 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on2085.outbound.protection.outlook.com [40.107.14.85]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ab9f44a7-9cc4-11ed-b8d1-410ff93cb8f0; Wed, 25 Jan 2023 16:26:42 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AS8PR04MB8948.eurprd04.prod.outlook.com (2603:10a6:20b:42f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 15:26:41 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389%7]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 15:26:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ab9f44a7-9cc4-11ed-b8d1-410ff93cb8f0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CR/jY9DYtV8ZcBFm/SD/ViDqcDsMptrfwccZHAQWBZCpYuRjAxSv0vkuvgL1uJNnhjHstGyBi9LceuD4Tv8XxvXUUKZD7zUrdQ52AwfDhwVBJU/eCj+JWVJbYmU0k7f4JCmrPF1JH+BwG808c1DgBZmfQjJA3Dv+032qgfu2LRez8Ok6sCfsBoJo2TzFPiLlvlVGpkgggJGjwQrN4QcZxlL0iOcKXcH0iNAyAQmC4dFsOWG+T+HUKaEZUgNe7buVyUfQrb4p69lIwqPMhfoItl5r1AMphu89VFsuN8Pz/uNwhnFeKhRGPMRfOj1gvcOk+5W2sAe1mvLmfI3tchFcCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DxE8sU+0fw6taHSR/FfhMJ8LA+rLgHnMSqhdgo6D/y0=; b=giwGbcvOEsP2fp7R1guOV+dUq0VrCVqUBCkTf91MDVxrS192ASZHBDqRnb4Gu08Y3tpvtsCOjysy02slsRrKoT4Vd4b3z5NM4qF/QdQsEFf/cS3grbXJasA2zphyj6XBM8H1FqnEpzUCAZqWgoj8uQQb7Ep5SJR1o3UZjmPYOYjzxPcvKbUMueFAKCE+emdRmJXPVexdYPJf9AAAjY9hi1uNL+IOHTaABmO8bt3FygzLoTE0TekbProFWCJP3KuQWIMc5aJzsET3Cdpm+ZZ8E0CBCLKvdSFMBqnwzy4b7b4ANAu4QQE7jLRY7Q0drFqL/vjzuHuVdrcJKhfBaFVBEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DxE8sU+0fw6taHSR/FfhMJ8LA+rLgHnMSqhdgo6D/y0=; b=TUxuJNihnYbBRhav70J2n5dMIvXeBGJu6zwr9TThcv6uMQdBnwsDWqiTeRiHkhbTgMYW758y33kLV5Oa2P9E995dmEUu39/JzL3CcRee8TUcIdyilvZ4kxgq5iLGe2pUL7AjzmAkl9p5T9FXTe34TcQvI8j3RQ//HmsuEu2BBdtp5YioHem3cI9FnUBYcxsBm9KuhzjCEs8w2wyRpUGbyekArMIqdJoHluGG+9Ab1UmxtSNP46uYRHF0yy/gJgzPPr2y7tZgFi4/9MkYIHE1vRgGJ43teaA4jq3ooDl/vVNZI8L2JF70rLrtzO6vcVfD7vZ60NIJzY+3gTAkEoJ3BQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Wed, 25 Jan 2023 16:26:39 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: [PATCH v3 3/4] x86: limit issuing of IBPB during context switch Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> In-Reply-To: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0049.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4a::22) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AS8PR04MB8948:EE_ X-MS-Office365-Filtering-Correlation-Id: e7be8421-044f-4350-b2f4-08dafee88f0e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: h/nj97cr8vLxJVhcB/2C3S68VXOlpq1DL0vMgHYb/eQsjD17sxVwWJXDAt5hMe/rTOSE++pRDGVQmLW2GJVBfDUsDYSXwQ+wWMJ4rp4t/O6IwE0lRX7m/D9RLcanM1sQrr+OoJ9k/DtHiIhW2bnFYTWs1/Y8Xx+QFHu6vPc5XGbhvbsmAAZq0C9RiZoSBNbaqsG3s00L6v1g5v/TBJNsNWKHvF6hPn5ghP+LLbYVeSVLKLpj3umeea841J9waEwkaljEo+G43KCV6iAit/2rLSZBDE9JfE5xA/uR2G4KxEgL7qKIWok+Utwu6coupun4HB+CJIoKMG/DfyK9KafsMHdXAutESXGv7ecBK0x8sdY1TbLp1lf6znCKsPM9Q906wpXkBxuso/g+B1NmrFy400G50u1XPZtxR+S4Il/llYtP+hbAjzcMMr/p7O9p2vB1lVg5gSstCXUCh9zTCJOKTbH+vpqc03hXF8t5dlhIgqac6jDWSGhwTdM1lCiZLaJva9ISd2OHMuIHPpUGqMz379P7AfDVB4MoOwQr5rB0EMNiqNBlaDoA8BV1Dp9DzLrc7Pu1kH2s1VVKgPkOSOhk+DeEoxQDLV2Lx9BPVkyMd7/U7NR3Kj5a69N3rKLrEsymeEQrWI/FvPmk0Gp86Qf3Grm7h7WtV0GNOlGGUIwlbTk2EXRu0qcZIfIS49U6Gv5f2S9n7LDLN+ylkw3k2uD4bQHAEcQkYnfv+ZmC8t+zTFA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(39860400002)(396003)(366004)(376002)(346002)(136003)(451199018)(38100700002)(26005)(5660300002)(4744005)(2906002)(41300700001)(86362001)(8936002)(4326008)(6512007)(316002)(6506007)(8676002)(186003)(66476007)(66556008)(2616005)(54906003)(478600001)(6916009)(66946007)(36756003)(31696002)(6486002)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?S2ZFMjlVb283WUxwOGkyY2hKZkIvcDlaT1FDckJTTDhsRWxBQWJ5dGFRNTh4?= =?utf-8?B?SXhJekRaUXJjTnFYRVJScEpwTHhXcUlqbmJyOEs2dnhnbkhwTmZJZzVXNkFD?= =?utf-8?B?K1FYMUVTeElYcGRrWm4zWnFXQ2k5TGdzcWptVkMwUUdoc1daR2d2K2twZU14?= =?utf-8?B?M2xVOHZnYm5la2NlMW84QkVRNlNzMHArd0ordWd6V3FxejN0d0JneHgrdzBt?= =?utf-8?B?SFNuemdWcjlqSmhhb3JiMCtzaU9QZWJNNm8xaUhQaEtBVG14UlhvODFnTUpO?= =?utf-8?B?alRINTNyTWtwTG1aUzFNOXc5aGRLeWtEYjJtTmwwZUVZU3k4cVlBKzg3Z21x?= =?utf-8?B?aC9ZUURxV3VFVDF3VHFxUGhlMmFyeFFjYWordk5keUh3aUJiSWVOM0lraG1U?= =?utf-8?B?ZzFDRTZkOWVnS1RQZGhDdTlYSnJsWm44WStJbm82RGM2OWllTE51NUd5Y01t?= =?utf-8?B?VGtTbmlpMFVUNWlTZGZnclJsUFhMdHJFc25MTGlDYUhUNFU1dExTMEpMcllF?= =?utf-8?B?Y05oakl0VHRoUlVGdjJteGRkdG8wRW9uS0QwejdITEJoZzV0U0pTZVloU2dE?= =?utf-8?B?cEV1eUx1dWJvZHgyZFRJMGpPb3NDZWZPSHl6amFIbDVRYUFPeGEzNEpSaVNs?= =?utf-8?B?dUF4SGlNQVMram5HZ0V5bHRCMTF0M1NXREdGT2M1Y2YvRGxQMjU3TVJ2Yk1j?= =?utf-8?B?VncwdEYyK1hyTTVPcE9IU2pxa0J6bkJKVkFCcWNNRGloMU4wblNsV05rVFlP?= =?utf-8?B?c1JObHZQY2l4bnRYdGszdlpyNDhuTGQ4R0RQZDhDdnJnTll5ZUhRRnJoOEJH?= =?utf-8?B?dnI5VUZLQlZSYXR0VHptVFp2QVhuazFtOHRNZXhKaHpGRDdGeUtRb2x4bjBa?= =?utf-8?B?bTdON21YU1RYYXRXZkZnZWx6azMzcmhXV0U3QjVaOEE1R29YWCtHTlAva3hW?= =?utf-8?B?UnRYTnBPd3owSU5tYVVoSE4rSTJWOC82SnJENVZzN0xOdGhqKyt5N2o5dFYr?= =?utf-8?B?cDVDb05RYzZwQm42b2xQVTdpb1JWWnJIYjRKSHNUOGJ1YUFKV084WVVId0Vk?= =?utf-8?B?dFhMSlg1QmprTVRGQTU2clRYenNpSllrSHdUTEc3aEgrelpBWlRpdDdwcUJq?= =?utf-8?B?Q2d6V2o0aGxYSERURW83ZDdlUVUyWTdLZGo5akZLM0dHWXh1ZlI2WTQyVzU3?= =?utf-8?B?ajJkdm1QL0dRbE90STMxRFoyTHBSU2w3c2ZnYTVYSUljWnplVE5sY3JTbDZv?= =?utf-8?B?cjBqU1poS0p3MFZyZGplK2RtZGYxQzh5dWNteXkvYWZLNnVXankzK3hwOFUy?= =?utf-8?B?NFFoVk92dXB5S0tiT3VPamx2bUZhY1ZPaUtMR0pKcDFCMWFPQng2eERFMzBX?= =?utf-8?B?bTFFMzR4c3FYUXZGNkg5MzhzRTZERENoUDhpZnIvM2I2ZXYrT0dLWlBMMnFV?= =?utf-8?B?dUxEblVtMG1MNGZ5VWVrNGxuYy9NQk5FMlVoR0EzVFFmWlVremF3MVBaV0M3?= =?utf-8?B?dHNYTzVlTjBvUU1VZ0VITERmQ2oyNVVMcE5WMnB2NmlSMTVKUDNmZlVGZ2xM?= =?utf-8?B?UjQ1VCs1NS9XVHBCai9vMHp4UHZrS0UxN3VuZW84ZUNrUVhhV0Y1amxHN0ps?= =?utf-8?B?T2YyY1dKTVJ5SkNYYWsyT0RaTXpNTEI1eHNnNEVtajc5TXlueXNnaENTckx1?= =?utf-8?B?cnQ5dWdzQjdGRk02Z0ZqTE9CRG13V1VtaW1xMTlkR2lKOG8vcVFKRVc4am55?= =?utf-8?B?SmUweEpYeUM1L3JwMkZ2UjdVMlNSWHJvclh1NGpIUy9HSVhUOS94eS9pN3FV?= =?utf-8?B?NW56KzlZd3QyY0J0bWNWUFhSS2NBNWdpMStmY29ZSGtFZVRjZ0JKWHZDaC96?= =?utf-8?B?bG10ZzZ2UVl3T21JZTFXQTlwVFdGdDNCWjE1ckdaZEUrNlZGNmFocU1HWW12?= =?utf-8?B?UUd0UFExSlRsaklmK05Za2t4eStwSkN3OU9CWnUrbXRDUFV1cGhpckhyTzZn?= =?utf-8?B?UytJbnhhRDZ2MFdCWnY3eGpxbXZwOUp1S0VrQ08rcmd3QnhSYnpFT3pPVG5H?= =?utf-8?B?bFJsWmtqaGk0a0x0VEJRRnB6RXcvWTFYNS9QMmEvbTY2NUVEYWl0Q0JuRXdv?= =?utf-8?Q?iNND5m0FLichtQdvjmg/B6jIU?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: e7be8421-044f-4350-b2f4-08dafee88f0e X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 15:26:41.3725 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RIYie6s0JoJqtRru9GQK+4juuWunlc5kWx4e++VJaK11ykHnSEV9Sdor9Gz2duKJ+/lzJ2VMwxU2ZVoUcnWKUA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8948 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1674660436213100001 Content-Type: text/plain; charset="utf-8" When the outgoing vCPU had IBPB issued upon entering Xen there's no need for a 2nd barrier during context switch. Signed-off-by: Jan Beulich --- v3: Fold into series. --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2015,7 +2015,8 @@ void context_switch(struct vcpu *prev, s =20 ctxt_switch_levelling(next); =20 - if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) ) + if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) && + !(prevd->arch.spec_ctrl_flags & SCF_entry_ibpb) ) { static DEFINE_PER_CPU(unsigned int, last); unsigned int *last_id =3D &this_cpu(last); From nobody Sat May 11 17:39:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1674660460; cv=pass; d=zohomail.com; s=zohoarc; b=H5P4GxHSP2pHrpcx9J9Qs8usPXQtvfagC7QpXqGdVzknow58sUfYSLmZ4UMfH8EHLYaDu5X/+PBOE/Aa3odI1Awrxa566NIBuO8U0Xk4FuDFnrapSqPGivVx5CARaJaWAbEN3T1CtAMtvGlLUtUosx+9BzKbqULt0Rg1TIsz7UY= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674660460; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uPkRfwew94fNX+zunfbWzw+IG6xaC8yyVufkSJVeAIQ=; b=bwKrJX2fqCYb5sCcqYvy8pF0BrLuUPiyOuS5VhCin/+DWznGZqiKk2AzbmdHpxCSiQxlT3ukQOI2+7ZCkKetKfUxtThB3ut0Qvz3UPZYB6rLIai8+wvoapCTIwF+GeD1lf1eFYm12jdnsXzDH70OuNNlTmTNhuJS/WZWRaS8vJs= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674660460074698.0078135449231; Wed, 25 Jan 2023 07:27:40 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.484432.751007 (Exim 4.92) (envelope-from ) id 1pKhg9-0001ca-VF; Wed, 25 Jan 2023 15:27:13 +0000 Received: by outflank-mailman (output) from mailman id 484432.751007; Wed, 25 Jan 2023 15:27:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhg9-0001cT-ST; Wed, 25 Jan 2023 15:27:13 +0000 Received: by outflank-mailman (input) for mailman id 484432; Wed, 25 Jan 2023 15:27:13 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pKhg9-0008PB-BK for xen-devel@lists.xenproject.org; Wed, 25 Jan 2023 15:27:13 +0000 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2045.outbound.protection.outlook.com [40.107.8.45]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bc73d8e7-9cc4-11ed-b8d1-410ff93cb8f0; Wed, 25 Jan 2023 16:27:11 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AS8PR04MB8295.eurprd04.prod.outlook.com (2603:10a6:20b:3b0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 15:27:09 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389%7]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 15:27:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bc73d8e7-9cc4-11ed-b8d1-410ff93cb8f0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EmrsoaMcuaqEvysV4AVdeOJZhpbqg4/Wm77DCxX8k7qFrUudr3j0eWi8H7H6nodf+kvODhQsoF4JlM9U4ZkkV6kqw7iKraffDW+xBzk56jzF5z1JXPkzLUK29aaavnyJZ2JKimhq98e2KGhwz3RcHXDDDqJOqAytpFp2sVzF2x8tp0cpSWiWX+dkoolUIJFpuuoGRPzzcHfC5U1X+3ig0zUjtrnXMevGy2zsGIoF1o9MVfWJHFTg3hr9RXVYGJRGk9NAtZ18pSPS1u7JvqxMwOy0dp9+N1O5agWgJIBFEw7V79xVbsLjC4JMfjq2cKKtCo1GRUPiGVk8kh/w+S/iFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uPkRfwew94fNX+zunfbWzw+IG6xaC8yyVufkSJVeAIQ=; b=V5FJQnfdXphepJF44Tn1IE7c8gG5SWAnNgWCqfha7qxuTffv2Jf33tbZ0aFqiSjwVbPRonNpBQeaIqckfqL9eb7u/ElCojlm4eoxSvSJEk6kCgDYAm/LDAI2+hIBL5JhAjqLWPmHJaQwUnzjUzb0IUEs24zMeDrylZsSCiBgqtKoc1gHjzrPohZYli0FrWz8ET5LnIZfXStB/5TXFim3fD6Wx/Mt9e2lqtLvi6dDUd+irNhuo6W8zbro8UNU4msBrAWUU3knZOveqdl3tyvnNUzPaHSiVMRxEuOPbVrvp4uBkIgkmCOCEX9szlCyfCUqlpvuLITQQbMdjklDpfDvgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uPkRfwew94fNX+zunfbWzw+IG6xaC8yyVufkSJVeAIQ=; b=D5FmR54IefBLJmFMWH4qi+4qs+2q4u03PaRumYGktJMimE8YIEr8QNLVkNuY8z13MdLoj84CNlWe0MuRQuJa370x/bPNF55u4kfb5w4e18WooTMz9ku+pOanxfLVZr2UUHGqnTI6Uw2796PI6tsMCerDlzlePq5LDr/u7xExkTrYrInq0p0qyt4nJgc6ZF5A+VvdPqc1dxblc+49SRy1H+mOUaoV3cPfCQaM7gA3bgO9HaXIcmYgTpGWLG9drixMC81YprLfB4P5ssgD8ULPkL7mK8DshdAoigjmROC+337snxzzykRrHNeZRehfvYEXAsOK9v1Gon53BMq8/CyeoQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <33cf5bff-4d74-c5f5-0c2b-d773d10f2fb2@suse.com> Date: Wed, 25 Jan 2023 16:27:06 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: [PATCH v3 4/4] x86/PV: issue branch prediction barrier when switching 64-bit guest to kernel mode Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> In-Reply-To: <930254a6-d0c8-4910-982a-bfd227187240@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0129.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:97::15) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AS8PR04MB8295:EE_ X-MS-Office365-Filtering-Correlation-Id: 1287c27f-06d8-4f7c-a238-08dafee89ef6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: G0Xo+7iaaXzwQMF1BPJIZBnW9erBhL/AHcPCtqSTQ3RfFdUZTG52YuFX1WE9JqtMrrsk2rT31GHzXmnA0HYktdzZIYh3JP3sdQwyc8LMUiosx6hMG8uepWUJfjjFjn1lleQ4jHMHdsLKPl5rht4nFL8QVgBbjRukJVowl1XE8Z54gzAau2GawC61W0uF7JQvDDFjc6Raf53YvmdTYOGIYd7wieWRyJAFGcRd9afPZS1cnARZ1zRMu9xWxv/Cc18kxf2Q+9Zj9wDucFpaHCeMb/4Jh4GjXUtQyOTyROIscPCTGKktcnojt4+z1akPnWAlDxAM9ndT+e9LM0bFUxPYDGfJTlQHgnX5NVEdHjPU8IbgV6nniO5iq5ArsWFI9DqPWa28r7aS4GISogIBUy/BVGbngJM1vLr1OJduJ6bImOAz8zmZQC1KzDujhtubOKGl71wxYaV6m2R+GTEEfjY9IO+nxXBZDNzpxkFg70KlxEDVyVtZUigwvHFsZA65XKCULD5DGs0iLsJD7xTmMmCqpiy9vMWqhk20HLwp/poc33T182lnev2LVQijvAu/XIRMU5E8S0TPU45FLOpodwRSRgEim9u+b15bKNijs+fu3XuW3IMHvLgwL+GSNcR2iJFzjRdTGwxS87F76G5MRzwHgsddT4AoOcW5JumTk3w4OzgQL1TeD6XFAw9i33ZIXiJAmsxQYRjBFAU07ZC71e0VAhq0AJ0HxjXUXdB91UEthV0= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(346002)(366004)(39860400002)(376002)(136003)(396003)(451199018)(36756003)(86362001)(2906002)(4326008)(2616005)(83380400001)(8936002)(5660300002)(66476007)(31696002)(316002)(478600001)(6486002)(6512007)(31686004)(186003)(8676002)(6916009)(26005)(6506007)(38100700002)(66946007)(54906003)(66556008)(41300700001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RUhpQ1NEZnhQT2N0enFSUEFUTVRxcGROZmFUUmdRN094ZXNORzBZWWpHdFpJ?= =?utf-8?B?WFJDWnVtS2RaNG1uK3VzMk9RUHdSR1RnYUJxZXBXUUNNMGdoS3hvTFl4WEFj?= =?utf-8?B?ZXVRQlAwOFF6WlRvRjZnaE9USXFMUmpIdUNTelJDRU80dDFVUEVuUGViK3pE?= =?utf-8?B?eEZQTGVLcHpXbWc4d295V2JrK1ZBYkpHOHhUL0JpZC9abGU1dmZpRVU2SzF3?= =?utf-8?B?MEJLL1ZJQlg4OXBxTzBScm9oanFlN2hDbGtGV1A0MVlFTEgxK25oVkEzeWs0?= =?utf-8?B?eVdyeXEzMUNURVNDRGtMc1Rkc1RSQkFxTG9KTTZ5UXFlMU5UeWZ5UmJmUm9l?= =?utf-8?B?N3BsakVGRm03SkdRZG1FNzdDUFpNZ2JqUWd5RnRVdWJuZjZqL0NHZmE4YlQz?= =?utf-8?B?NkYrUGZvMUJBdk1NZHd5dUxPQ3RVd2MwaDVKRXR4dWNqVFRBQlVQOWY4TXk4?= =?utf-8?B?TFFlM0E1VkFFeFN5OFFPZ3Q2Rjh5aWI4N0FOYTA3Rm9jUm53OVNyZWo4OWRk?= =?utf-8?B?SEVMUmZLckFGWUxTeGUraVl0SFA2Q3pWV2I1dit2Kzh1cFd0bjBWNUZYYUNR?= =?utf-8?B?QVN5Z0JhQ0t6Mlh2ekw5T3RoM2hIWFQxRFhtWm9SSXllVmpOZmlZMWhmc09K?= =?utf-8?B?WG5HWnhhMUlFT0NlS1NVdE03TjZpVjZUQ203RkVaOXhnTUUxRGVLcnVWd0VF?= =?utf-8?B?Um4wbENtMVlFdXZEQ29mUTh2Rk96d00yRWNxRVZqTGFtTktoK2JPZDVManZZ?= =?utf-8?B?UE95ZEN5b3UzZisxdVJGYWd6WnNOQWc5MjdxbS84YkcyalNkMCsvRy8yeVZa?= =?utf-8?B?aHV3NFBBdExmSVZOYjQ4SW5ZRjFKeGJzSnQrZjBMVGF6QkJKMU00TDQ5YWtw?= =?utf-8?B?Q2ozbkJsVzdFdnhiWTQ0YTdUR05lcytIeld2cSs1Y3BmKzJOK002TGMwZmVs?= =?utf-8?B?M2djU2YyQXRsMEsxQTF4ZkFaRjNJLzFETmlwOFNZaXlWVTEzaFdxOVJoYjJa?= =?utf-8?B?bzU1NTU4VmZva3owUUVTS0pBckFjbGxVZHVPS0FlckoyNEVwUGNlNHBqNXZR?= =?utf-8?B?YnVqMTYxMzk4NklpZnFmMmk0TGJLTE4wNVZHeG9BZkdSUTUxZG53QkZLVVp4?= =?utf-8?B?c1JKSFdrS2pYV2c0dmNvMVlObHhFR0ZPbk5YUG8vU01YY2o4c2FXM04vdzJR?= =?utf-8?B?SExRWXhjdEFCN0FHa1BqaVM1ek8yMFNneWZXMlNhTmYxaUdiOFFDNmxGOVUx?= =?utf-8?B?ZWMwSG1pQ1hUOVdKUnJBd1lXVGRucHk5UmZnTmZBYzZpL1J5SVp2UjhFQnlI?= =?utf-8?B?b1hscnlqcWQwV1JINUMwenNtTFo0cHl6M1U2MzZQeE1iMTIvWTdRck9UTmZS?= =?utf-8?B?ZXhOV2NEWGRJY05QSjBZZUVTZUJlUEZsVmh4WkM4OS9uUUFBQmdta3dLcFRL?= =?utf-8?B?VG5FVHNVSjV2R3Aza0pUY0VpTm9QNEY4VDNrRCtTd1ZkWXY4cVhvbGxLeXNL?= =?utf-8?B?dldsSVhjQzZDYzhYM0pGWUpvaUVFOUFNeWxPbG5qZ1hGeUxDTkN1aWcwOE5x?= =?utf-8?B?b0FjYzhXV3lvYzIvalM0cjNzdUczT1JSREgzZVM5Z1ZtOUNlbzJ6ay9UZFNl?= =?utf-8?B?Yks5Smgyd1NUN2NtdFFYNTdIY1pLbFRyL25uWEdrSXNXdmdEZjVYaFNIWi9S?= =?utf-8?B?R1lvOHNwdElJUEIyT29YMm5jRjFjNVgwT2RrWEVTMjZuY2k5c3pQTDM5bUVU?= =?utf-8?B?MDN3eXBzenI0VDhjcmlMNkpndFRDZmR3Tkxwd1dSa1lXaG83NEI4V3V0dVhM?= =?utf-8?B?c3RiZUpVVjFpK0E5aCtBSmdIWEF6ZnhhWUpoQ2UxMnhpR1dFTG5Wci9BdU81?= =?utf-8?B?VDBZWVVYZkZFaFFSVlRjYThCYzdQTzM4UHpyQ1FveFFPVnl3SHNSeWNKdUdl?= =?utf-8?B?K3psdmdKYWMvL1JVenFCSnlhd2ZHSGhKQ0w5eXNiNkZTS0JpbTVQaWdjVDc2?= =?utf-8?B?c3RlQ3BDUTVORnRUVWFNbFBLTTFCcjM0azh0c1JTUU13ZlUrYm96U2dFY0NG?= =?utf-8?B?TkowZUUwWHpvVTdjYVZVa1RiYVoyUmxlMEhacUpaOW9IRFJWSCsyT0hxclc3?= =?utf-8?Q?TOtHAnN+D421NM3pGjigj6Rtt?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1287c27f-06d8-4f7c-a238-08dafee89ef6 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 15:27:08.0740 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: U3erKZWRXGrqZ9ZEY9zj75An4uY/+PkWG0p0l4H47jHyrusBWrmdK2/QSKupPPUWgai2w/oxYu9QF+Sqrb3mcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8295 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1674660460340100001 Content-Type: text/plain; charset="utf-8" Since both kernel and user mode run in ring 3, they run in the same "predictor mode". While the kernel could take care of this itself, doing so would be yet another item distinguishing PV from native. Additionally we're in a much better position to issue the barrier command, and we can save a #GP (for privileged instruction emulation) this way. To allow to recover performance, introduce a new VM assist allowing the guest kernel to suppress this barrier. Make availability of the assist dependent upon the command line control, such that kernels have a way to know whether their request actually took any effect. Note that because of its use in PV64_VM_ASSIST_MASK, the declaration of opt_ibpb_mode_switch can't live in asm/spec_ctrl.h. Signed-off-by: Jan Beulich --- Is the placement of the clearing of opt_ibpb_ctxt_switch correct in parse_spec_ctrl()? Shouldn't it live ahead of the "disable_common" label, as being about guest protection, not Xen's? Adding setting of the variable to the "pv" sub-case in parse_spec_ctrl() didn't seem quite right to me, considering that we default it to the opposite of opt_ibpb_entry_pv. --- v3: Leverage exit-IBPB. Introduce separate command line control. v2: Leverage entry-IBPB. Add VM assist. Re-base. --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2315,8 +2315,8 @@ By default SSBD will be mitigated at run ### spec-ctrl (x86) > `=3D List of [ , xen=3D, {pv,hvm}=3D, > {msr-sc,rsb,md-clear,ibpb-entry}=3D|{pv,hvm}=3D, -> bti-thunk=3Dretpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, -> eager-fpu,l1d-flush,branch-harden,srb-lock, +> bti-thunk=3Dretpoline|lfence|jmp, {ibrs,ibpb,ibpb-mode-swit= ch, +> ssbd,psfd,eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio}=3D ]` =20 Controls for speculative execution sidechannel mitigations. By default, X= en @@ -2398,7 +2398,10 @@ default. =20 On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibp= b=3D` option can be used to force (the default) or prevent Xen from issuing bran= ch -prediction barriers on vcpu context switches. +prediction barriers on vcpu context switches. On such hardware the +`ibpb-mode-switch` option can be used to control whether, by default, Xen +would issue branch prediction barriers when 64-bit PV guests switch from +user to kernel mode. If enabled, guest kernels can op out of this behavio= r. =20 On all hardware, the `eager-fpu=3D` option can be used to force or prevent= Xen from using fully eager FPU context switches. This is currently implemente= d as --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -742,6 +742,8 @@ static inline void pv_inject_sw_interrup pv_inject_event(&event); } =20 +extern int8_t opt_ibpb_mode_switch; + #define PV32_VM_ASSIST_MASK ((1UL << VMASST_TYPE_4gb_segments) | \ (1UL << VMASST_TYPE_4gb_segments_notify) | \ (1UL << VMASST_TYPE_writable_pagetables) | \ @@ -753,7 +755,9 @@ static inline void pv_inject_sw_interrup * but we can't make such requests fail all of the sudden. */ #define PV64_VM_ASSIST_MASK (PV32_VM_ASSIST_MASK | \ - (1UL << VMASST_TYPE_m2p_strict)) + (1UL << VMASST_TYPE_m2p_strict) | \ + ((opt_ibpb_mode_switch + 0UL) << \ + VMASST_TYPE_mode_switch_no_ibpb)) #define HVM_VM_ASSIST_MASK (1UL << VMASST_TYPE_runstate_update_flag) =20 #define arch_vm_assist_valid_mask(d) \ --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -455,6 +455,7 @@ static void _toggle_guest_pt(struct vcpu void toggle_guest_mode(struct vcpu *v) { const struct domain *d =3D v->domain; + struct cpu_info *cpu_info =3D get_cpu_info(); unsigned long gs_base; =20 ASSERT(!is_pv_32bit_vcpu(v)); @@ -467,15 +468,21 @@ void toggle_guest_mode(struct vcpu *v) if ( v->arch.flags & TF_kernel_mode ) v->arch.pv.gs_base_kernel =3D gs_base; else + { v->arch.pv.gs_base_user =3D gs_base; + + if ( opt_ibpb_mode_switch && + !(d->arch.spec_ctrl_flags & SCF_entry_ibpb) && + !VM_ASSIST(d, mode_switch_no_ibpb) ) + cpu_info->spec_ctrl_flags |=3D SCF_exit_ibpb; + } + asm volatile ( "swapgs" ); =20 _toggle_guest_pt(v); =20 if ( d->arch.pv.xpti ) { - struct cpu_info *cpu_info =3D get_cpu_info(); - cpu_info->root_pgt_changed =3D true; cpu_info->pv_cr3 =3D __pa(this_cpu(root_pgt)) | (d->arch.pv.pcid ? get_pcid_bits(v, true) : 0); --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -60,6 +60,7 @@ bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd =3D -1; =20 int8_t __ro_after_init opt_ibpb_ctxt_switch =3D -1; +int8_t __ro_after_init opt_ibpb_mode_switch =3D -1; int8_t __read_mostly opt_eager_fpu =3D -1; int8_t __read_mostly opt_l1d_flush =3D -1; static bool __initdata opt_branch_harden =3D true; @@ -111,6 +112,8 @@ static int __init cf_check parse_spec_ct if ( opt_pv_l1tf_domu < 0 ) opt_pv_l1tf_domu =3D 0; =20 + opt_ibpb_mode_switch =3D 0; + if ( opt_tsx =3D=3D -1 ) opt_tsx =3D -3; =20 @@ -271,6 +274,8 @@ static int __init cf_check parse_spec_ct /* Misc settings. */ else if ( (val =3D parse_boolean("ibpb", s, ss)) >=3D 0 ) opt_ibpb_ctxt_switch =3D val; + else if ( (val =3D parse_boolean("ibpb-mode-switch", s, ss)) >=3D = 0 ) + opt_ibpb_mode_switch =3D val; else if ( (val =3D parse_boolean("eager-fpu", s, ss)) >=3D 0 ) opt_eager_fpu =3D val; else if ( (val =3D parse_boolean("l1d-flush", s, ss)) >=3D 0 ) @@ -527,7 +532,7 @@ static void __init print_details(enum in =20 #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || @@ -536,7 +541,8 @@ static void __init print_details(enum in boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : = "", opt_eager_fpu ? " EAGER_FPU" : = "", opt_md_clear_pv ? " MD_CLEAR" : = "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : = ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : = "", + opt_ibpb_mode_switch ? " IBPB-mode-switch"= : ""); =20 printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -804,7 +810,8 @@ static void __init ibpb_calculations(voi /* Check we have hardware IBPB support before using it... */ if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBP= B) ) { - opt_ibpb_entry_hvm =3D opt_ibpb_entry_pv =3D opt_ibpb_ctxt_switch = =3D 0; + opt_ibpb_entry_hvm =3D opt_ibpb_entry_pv =3D 0; + opt_ibpb_mode_switch =3D opt_ibpb_ctxt_switch =3D 0; opt_ibpb_entry_dom0 =3D false; return; } @@ -859,6 +866,18 @@ static void __init ibpb_calculations(voi setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_PV); setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_HVM); } + +#ifdef CONFIG_PV + /* + * If we're using IBPB-on-entry to protect against PV guests, then + * there's no need to also issue IBPB on a guest user->kernel switch. + */ + if ( opt_ibpb_mode_switch =3D=3D -1 ) + opt_ibpb_mode_switch =3D !opt_ibpb_entry_pv || + (!opt_ibpb_entry_dom0 && !opt_dom0_pvh); + if ( opt_ibpb_mode_switch ) + setup_force_cpu_cap(X86_FEATURE_IBPB_EXIT_PV); +#endif } =20 /* Calculate whether this CPU is vulnerable to L1TF. */ --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -554,6 +554,16 @@ DEFINE_XEN_GUEST_HANDLE(mmuext_op_t); */ #define VMASST_TYPE_m2p_strict 32 =20 +/* + * x86-64 guests: Suppress IBPB on guest-user to guest-kernel mode switch. + * + * By default (on affected and capable hardware) as a safety measure Xen, + * to cover for the fact that guest-kernel and guest-user modes are both + * running in ring 3 (and hence share prediction context), would issue a + * barrier for user->kernel mode switches of PV guests. + */ +#define VMASST_TYPE_mode_switch_no_ibpb 33 + #if __XEN_INTERFACE_VERSION__ < 0x00040600 #define MAX_VMASST_TYPE 3 #endif