From: Sean Christopherson <seanjc@google.com>
To: Amit Shah <amit@kernel.org>
Cc: pbonzini@redhat.com, x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, amit.shah@amd.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, hpa@zytor.com,
kim.phillips@amd.com, david.kaplan@amd.com
Subject: Re: [PATCH v4] KVM: SVM: let alternatives handle the cases when RSB filling is required
Date: Tue, 10 Sep 2024 12:59:24 -0700 [thread overview]
Message-ID: <ZuClHCQJf6JY5gMe@google.com> (raw)
In-Reply-To: <20240807123531.69677-1-amit@kernel.org>
On Wed, Aug 07, 2024, Amit Shah wrote:
> From: Amit Shah <amit.shah@amd.com>
>
> Remove superfluous RSB filling after a VMEXIT when the CPU already has
> flushed the RSB after a VMEXIT when AutoIBRS is enabled.
>
> The initial implementation for adding RETPOLINES added an ALTERNATIVES
> implementation for filling the RSB after a VMEXIT in
>
> commit 117cc7a908c836 ("x86/retpoline: Fill return stack buffer on vmexit")
Nit, no need for 14 digits, 12 is still the "official" recommendation. To make
this flow better, I would also prefer to not have each commit reference be on
its own line.
> Later, X86_FEATURE_RSB_VMEXIT was added in
>
> commit 2b129932201673 ("x86/speculation: Add RSB VM Exit protections")
Oh, the irony. That commit didn't add RSB_VMEXIT, it added RSB_VMEXIT_LITE.
Commit 9756bba28470 ("x86/speculation: Fill RSB on vmexit for IBRS") added the
"heavy" version. This is also a good opportunity to call out with RSB_VMEXIT
actually does.
> The AutoIBRS (on AMD CPUs) feature implementation added in
>
> commit e7862eda309ecf ("x86/cpu: Support AMD Automatic IBRS")
>
> used the already-implemented logic for EIBRS in
> spectre_v2_determine_rsb_fill_type_on_vmexit() -- but did not update the
> code at VMEXIT to act on the mode selected in that function -- resulting
> in VMEXITs continuing to clear the RSB when RETPOLINES are enabled,
> despite the presence of AutoIBRS.
>
> Signed-off-by: Amit Shah <amit.shah@amd.com>
>
> ---
> diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S
> index a0c8eb37d3e1..69d9825ebdd9 100644
> --- a/arch/x86/kvm/svm/vmenter.S
> +++ b/arch/x86/kvm/svm/vmenter.S
> @@ -209,10 +209,14 @@ SYM_FUNC_START(__svm_vcpu_run)
> 7: vmload %_ASM_AX
> 8:
>
> -#ifdef CONFIG_MITIGATION_RETPOLINE
> - /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */
> - FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
> -#endif
> + /*
> + * IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET!
> + *
> + * Unlike VMX, AMD does not have the hardware bug that necessitates
> + * RSB_VMEXIT_LITE
> + */
I would rather do nothing than carry these comments. Long term, I would still
prefer to have RSB_VMEXIT_LITE, but that's not a hill worth dying on, and I am
a-ok waiting to deal with that if/when I (or someone else) takes on the task
of unifying the VM-Enter/VM-Exit flows.
So, with the comment changes dropped and the changelog massaged to this:
Remove superfluous RSB filling after a VMEXIT when the CPU already has
flushed the RSB after a VMEXIT when AutoIBRS is enabled.
The initial implementation for adding RETPOLINES added an ALTERNATIVES
implementation for filling the RSB after a VMEXIT in commit 117cc7a908c8
("x86/retpoline: Fill return stack buffer on vmexit").
Later, X86_FEATURE_RSB_VMEXIT was added in commit 9756bba28470
("x86/speculation: Fill RSB on vmexit for IBRS") to handle stuffing the
RSB if RETPOLINE=y *or* KERNEL_IBRS=y, i.e. to also stuff the RSB if the
kernel is configured to do IBRS mitigations on entry/exit.
The AutoIBRS (on AMD) feature implementation added in commit e7862eda309e
("x86/cpu: Support AMD Automatic IBRS") used the already-implemented logic
for EIBRS in spectre_v2_determine_rsb_fill_type_on_vmexit() -- but did not
update the code at VMEXIT to act on the mode selected in that function --
resulting in VMEXITs continuing to clear the RSB when RETPOLINES are
enabled, despite the presence of AutoIBRS.
Applied to kvm-x86 svm.
[1/1] KVM: SVM: let alternatives handle the cases when RSB filling is required
https://github.com/kvm-x86/linux/commit/4440337af4d4
--
https://github.com/kvm-x86/linux/tree/next
prev parent reply other threads:[~2024-09-10 19:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-07 12:35 [PATCH v4] KVM: SVM: let alternatives handle the cases when RSB filling is required Amit Shah
2024-08-22 14:09 ` Shah, Amit
2024-09-10 19:59 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZuClHCQJf6JY5gMe@google.com \
--to=seanjc@google.com \
--cc=amit.shah@amd.com \
--cc=amit@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david.kaplan@amd.com \
--cc=hpa@zytor.com \
--cc=kim.phillips@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.