From: Sean Christopherson <seanjc@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Jon Kohler <jon@nutanix.com>, Dave Hansen <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Kyle Huey <me@kylehuey.com>,
"neelnatu@google.com" <neelnatu@google.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set
Date: Wed, 31 May 2023 15:02:27 -0700 [thread overview]
Message-ID: <ZHfD88N3PhqReu2z@google.com> (raw)
In-Reply-To: <20230531212907.GHZHe8I/DZUyzIXI2Q@fat_crate.local>
On Wed, May 31, 2023, Borislav Petkov wrote:
> On Wed, May 31, 2023 at 08:18:34PM +0000, Sean Christopherson wrote:
> > Assert that the to-be-checked bit passed to cpu_feature_enabled() is a
> > compile-time constant instead of applying the DISABLED_MASK_BIT_SET()
> > logic if and only if the bit is a constant. Conditioning the check on
> > the bit being constant instead of requiring the bit to be constant could
> > result in compiler specific kernel behavior, e.g. running on hardware that
> > supports a disabled feature would return %false if the compiler resolved
> > the bit to a constant, but %true if not.
>
> Uff, more mirroring CPUID inconsistencies.
>
> So *actually*, we should clear all those build-time disabled bits from
> x86_capability so that this doesn't happen.
Heh, I almost suggested that, but there is a non-zero amount of code that wants
to ignore the disabled bits and query the "raw" CPUID information. In quotes
because the kernel still massages x86_capability. Changing that behavior will
require auditing a lot of code, because in most cases any breakage will be mostly
silent, e.g. loss of features/performance and not explosions.
E.g. KVM emulates UMIP when it's not supported in hardware, and so advertises UMIP
support irrespective of hardware/host support. But emulating UMIP is imperfect
and suboptimal (requires intercepting L*DT instructions), so KVM intercepts L*DT
instructions iff UMIP is not supported in hardware, as detected by
boot_cpu_has(X86_FEATURE_UMIP).
The comment for cpu_feature_enabled() even calls out this type of use case:
Use the cpu_has() family if you want true runtime testing of CPU features, like
in hypervisor code where you are supporting a possible guest feature where host
support for it is not relevant.
That said, the behavior of cpu_has() is wildly inconsistent, e.g. LA57 is
indirectly cleared in x86_capability if it's a disabled bit because of this code
in early_identify_cpu().
if (!pgtable_l5_enabled())
setup_clear_cpu_cap(X86_FEATURE_LA57);
KVM works around that by manually doing CPUID to query hardware directly:
/* Set LA57 based on hardware capability. */
if (cpuid_ecx(7) & F(LA57))
kvm_cpu_cap_set(X86_FEATURE_LA57);
So yeah, I 100% agree the current state is messy and would love to have
cpu_feature_enabled() be a pure optimization with respect to boot_cpu_has(), but
it's not as trivial at it looks.
next prev parent reply other threads:[~2023-05-31 22:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 20:01 [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set Jon Kohler
2023-05-30 22:22 ` Dave Hansen
2023-05-31 3:04 ` Jon Kohler
2023-05-31 16:30 ` Sean Christopherson
[not found] ` <E17EFDD7-C54A-4532-B1D3-D567557FC54B@nutanix.com>
[not found] ` <ZHermsSGQBcDD07R@google.com>
2023-05-31 21:29 ` Borislav Petkov
2023-05-31 22:02 ` Sean Christopherson [this message]
[not found] ` <CBFC095A-10D1-4925-9F28-DEDEBBB38EF8@nutanix.com>
2023-06-05 13:23 ` Jon Kohler
2023-06-06 23:40 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZHfD88N3PhqReu2z@google.com \
--to=seanjc@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=me@kylehuey.com \
--cc=mingo@redhat.com \
--cc=neelnatu@google.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.