Message ID | 20220201164651.6369-1-roger.pau@citrix.com (mailing list archive) |
---|---|
Headers | show |
Series | amd/msr: implement MSR_VIRT_SPEC_CTRL for HVM guests | expand |
On 01/02/2022 16:46, Roger Pau Monne wrote: > Hello, > > The following series implements support for MSR_VIRT_SPEC_CTRL on > different AMD CPU families. > > Note that the support is added backwards, starting with the newer CPUs > that support MSR_SPEC_CTRL and moving to the older ones either using > MSR_VIRT_SPEC_CTRL or the SSBD bit in LS_CFG. > > First patch is quite clean, as it uses the shadow SPEC_CTRL in order to > set the SSBD bit and have it context switched by Xen using the existing > logic recently added. > > The next two patches introduce a different way to context switch SSBD > either depending on the underlying SSBD support, so it's either using > VIRT_SPEC_CTRL or the LS_CFG MSR. They also kind of overload the usage of > several spec_ctrl variables in the hypervisor in order to store the > status of SSBD even when not using MSR_SPEC_CTRL itself. I've tried to > document those in the commit messages, but it could be controversial. > > Thanks, Roger. I suspect it would help reviewing things to state what the end result is intended to be. 1) Xen should use the AMD provided algorithm for engaging SSBD itself. This includes using MSR_VIRT_SPEC_CTRL if Xen is nested under another hypervisor. In the current code, this is implemented by amd_init_ssbd() even if only limited to boot paths for simplicity. 2) On Fam15h thru Zen1, Xen should expose MSR_VIRT_SPEC_CTRL to guests by default to abstract away the model and/or hypervisor specific differences away in MSR_LS_CFG/MSR_VIRT_SPEC_CTRL. 3) On Zen2 and later, MSR_SPEC_CTRL exists and should be used in preference. However, for migration compatibility, Xen should be capable of offering MSR_VIRT_SPEC_CTRL to guests (max, not default) implemented in terms of MSR_SPEC_CTRL. This way, a VM levelled to run on Zen1 and Zen2 sees MSR_VIRT_SPEC_CTRL and can use it on both hosts, whereas a VM only intending to run on Zen2 gets MSR_SPEC_CTRL by default. Obviously this means that a VM on Zen2 can opt in to MSR_VIRT_SPEC_CTRL because of how max vs default works and this is a legal configuration, even if it's not one you'd expect to see outside of testing scenarios. ~Andrew