From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>,
Jan Beulich <JBeulich@suse.com>,
Oleksii Kurochko <oleksii.kurochko@gmail.com>
Subject: Re: [PATCH v3] x86/spec-ctrl: Support for SRSO_U/S_NO and SRSO_MSR_FIX
Date: Thu, 2 Jan 2025 16:31:53 +0100 [thread overview]
Message-ID: <Z3axaRUXroc9SyzC@macbook.local> (raw)
In-Reply-To: <20241220193424.470994-1-andrew.cooper3@citrix.com>
On Fri, Dec 20, 2024 at 07:34:24PM +0000, Andrew Cooper wrote:
> AMD have updated the SRSO whitepaper[1] with further information. These
> features exist on AMD Zen5 CPUs and are necessary for Xen to use.
>
> The two features are in principle unrelated:
>
> * SRSO_U/S_NO is an enumeration saying that SRSO attacks can't cross the
> User(CPL3) / Supervisor(CPL<3) boundary. i.e. Xen don't need to use
> IBPB-on-entry for PV64. PV32 guests are explicitly unsupported for
> speculative issues, and excluded from consideration for simplicity.
>
> * SRSO_MSR_FIX is an enumeration identifying that the BP_SPEC_REDUCE bit is
> available in MSR_BP_CFG. When set, SRSO attacks can't cross the host/guest
> boundary. i.e. Xen don't need to use IBPB-on-entry for HVM.
>
> Extend ibpb_calculations() to account for these when calculating
> opt_ibpb_entry_{pv,hvm} defaults. Add a `bp-spec-reduce=<bool>` option to
> control the use of BP_SPEC_REDUCE, with it active by default.
>
> Because MSR_BP_CFG is core-scoped with a race condition updating it, repurpose
> amd_check_erratum_1485() into amd_check_bp_cfg() and calculate all updates at
> once.
>
> Xen also needs to to advertise SRSO_U/S_NO to guests to allow the guest kernel
> to skip SRSO mitigations too:
>
> * This is trivial for HVM guests. It is also is accurate for PV32 guests
> too, but we have already excluded them from consideration, and do so again
> here to simplify the policy logic.
>
> * As written, SRSO_U/S_NO does not help for the PV64 user->kernel boundary.
> However, after discussing with AMD, an implementation detail of having
> BP_SPEC_REDUCE active causes the PV64 user->kernel boundary to have the
> property described by SRSO_U/S_NO, so we can advertise SRSO_U/S_NO to
> guests when the BP_SPEC_REDUCE precondition is met.
>
> Finally, fix a typo in the SRSO_NO's comment.
>
> [1] https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
FTAOD, my RB tag stands given the changes in v3.
Thanks, Roger.
prev parent reply other threads:[~2025-01-02 15:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-20 19:34 [PATCH v3] x86/spec-ctrl: Support for SRSO_U/S_NO and SRSO_MSR_FIX Andrew Cooper
2024-12-23 10:50 ` Oleksii Kurochko
2024-12-27 9:34 ` Jan Beulich
2025-01-02 15:31 ` Roger Pau Monné [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z3axaRUXroc9SyzC@macbook.local \
--to=roger.pau@citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=oleksii.kurochko@gmail.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.