[9/9] x86: PCID is unused when !PV

Message ID	f44f12f3-6449-8014-43e4-1f08100be251@suse.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <SRS0=cv0X=XG=lists.xenproject.org=xen-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9F1692084D From: Jan Beulich <jbeulich@suse.com> To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org> References: <f6accb8b-38d9-ad9a-ec68-992d75f36a88@suse.com> Message-ID: <f44f12f3-6449-8014-43e4-1f08100be251@suse.com> Date: Wed, 11 Sep 2019 17:26:46 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <f6accb8b-38d9-ad9a-ec68-992d75f36a88@suse.com> Content-Language: en-US Subject: [Xen-devel] [PATCH 9/9] x86: PCID is unused when !PV Precedence: list Cc: George Dunlap <George.Dunlap@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	XSA-292 follow-up \| expand [RESEND/PING,0/9] XSA-292 follow-up [1/9] x86: adjust cr3_pcid() return type [2/9] x86: limit the amount of TLB flushing in switch_cr3_cr4() [3/9] x86/mm: honor opt_pcid also for 32-bit PV domains [4/9] x86/HVM: move NOFLUSH handling out of hvm_set_cr3() [5/9] x86/HVM: refuse CR3 loads with reserved (upper) bits set [6/9] x86/HVM: relax shadow mode check in hvm_set_cr3() [7/9] x86/HVM: cosmetics to hvm_set_cr3() [8/9] x86/CPUID: drop INVPCID dependency on PCID [9/9] x86: PCID is unused when !PV

Message ID

f44f12f3-6449-8014-43e4-1f08100be251@suse.com (mailing list archive)

State

Superseded

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9F1692084D
From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
References: <f6accb8b-38d9-ad9a-ec68-992d75f36a88@suse.com>
Message-ID: <f44f12f3-6449-8014-43e4-1f08100be251@suse.com>
Date: Wed, 11 Sep 2019 17:26:46 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <f6accb8b-38d9-ad9a-ec68-992d75f36a88@suse.com>
Content-Language: en-US
Subject: [Xen-devel] [PATCH 9/9] x86: PCID is unused when !PV
Precedence: list
Cc: George Dunlap <George.Dunlap@eu.citrix.com>,
 Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

XSA-292 follow-up | expand

Comments

Roger Pau Monné Sept. 12, 2019, 3:31 p.m. UTC | #1

On Wed, Sep 11, 2019 at 05:26:46PM +0200, Jan Beulich wrote:
> This allows in particular some streamlining of the TLB flushing code
> paths.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> --- a/xen/arch/x86/flushtlb.c
> +++ b/xen/arch/x86/flushtlb.c
> @@ -24,6 +24,11 @@
>  #define WRAP_MASK (0x000003FFU)
>  #endif
>  
> +#ifndef CONFIG_PV
> +# undef X86_CR4_PCIDE
> +# define X86_CR4_PCIDE 0
> +#endif

I have to admit I find it quite ugly to have to mask PCID in such a
way. Playing with the hardware architecture defines seems like asking
for trouble. I would likely prefer to sprinkle IS_ENABLED(CONFIG_PV),
which should achieve the same compile time short circuiting.

> +
>  u32 tlbflush_clock = 1U;
>  DEFINE_PER_CPU(u32, tlbflush_time);
>  
> --- a/xen/include/asm-x86/processor.h
> +++ b/xen/include/asm-x86/processor.h
> @@ -289,7 +289,11 @@ static inline unsigned long cr3_pa(unsig
>  
>  static inline unsigned int cr3_pcid(unsigned long cr3)
>  {
> +#ifdef CONFIG_PV
>      return cr3 & X86_CR3_PCID_MASK;
> +#else
> +    return 0;
> +#endif

Won't:

return IS_ENABLED(CONFIG_PV) ? cr3 & X86_CR3_PCID_MASK : 0;

Achieve the same?

>  }
>  
>  static inline unsigned long read_cr4(void)
> @@ -301,8 +305,12 @@ static inline void write_cr4(unsigned lo
>  {
>      struct cpu_info *info = get_cpu_info();
>  
> +#ifdef CONFIG_PV
>      /* No global pages in case of PCIDs enabled! */
>      ASSERT(!(val & X86_CR4_PGE) || !(val & X86_CR4_PCIDE));
> +#else
> +    ASSERT(!(val & X86_CR4_PCIDE));

That assert seems quite pointless, you have set X86_CR4_PCIDE to 0, so
this is never going to trigger?

Thanks, Roger.

Jan Beulich Sept. 12, 2019, 3:46 p.m. UTC | #2

On 12.09.2019 17:31, Roger Pau Monné  wrote:
> On Wed, Sep 11, 2019 at 05:26:46PM +0200, Jan Beulich wrote:
>> This allows in particular some streamlining of the TLB flushing code
>> paths.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>
>> --- a/xen/arch/x86/flushtlb.c
>> +++ b/xen/arch/x86/flushtlb.c
>> @@ -24,6 +24,11 @@
>>  #define WRAP_MASK (0x000003FFU)
>>  #endif
>>  
>> +#ifndef CONFIG_PV
>> +# undef X86_CR4_PCIDE
>> +# define X86_CR4_PCIDE 0
>> +#endif
> 
> I have to admit I find it quite ugly to have to mask PCID in such a
> way. Playing with the hardware architecture defines seems like asking
> for trouble. I would likely prefer to sprinkle IS_ENABLED(CONFIG_PV),
> which should achieve the same compile time short circuiting.

Well, yes, this isn't entirely without risk. But #ifdef-ary
isn't either. And the above fits the title of this patch
pretty well.

Andrew (in particular) - do you have any strong preference here?

>> --- a/xen/include/asm-x86/processor.h
>> +++ b/xen/include/asm-x86/processor.h
>> @@ -289,7 +289,11 @@ static inline unsigned long cr3_pa(unsig
>>  
>>  static inline unsigned int cr3_pcid(unsigned long cr3)
>>  {
>> +#ifdef CONFIG_PV
>>      return cr3 & X86_CR3_PCID_MASK;
>> +#else
>> +    return 0;
>> +#endif
> 
> Won't:
> 
> return IS_ENABLED(CONFIG_PV) ? cr3 & X86_CR3_PCID_MASK : 0;
> 
> Achieve the same?

Yes. I can certainly switch to that.

>> @@ -301,8 +305,12 @@ static inline void write_cr4(unsigned lo
>>  {
>>      struct cpu_info *info = get_cpu_info();
>>  
>> +#ifdef CONFIG_PV
>>      /* No global pages in case of PCIDs enabled! */
>>      ASSERT(!(val & X86_CR4_PGE) || !(val & X86_CR4_PCIDE));
>> +#else
>> +    ASSERT(!(val & X86_CR4_PCIDE));
> 
> That assert seems quite pointless, you have set X86_CR4_PCIDE to 0, so
> this is never going to trigger?

Good point, this is a leftover from when I started with the
#ifdef-ary approach, before it became too many of them for
my taste.

Jan

Jan Beulich Sept. 12, 2019, 3:48 p.m. UTC | #3

On 12.09.2019 17:31, Roger Pau Monné  wrote:
> On Wed, Sep 11, 2019 at 05:26:46PM +0200, Jan Beulich wrote:
>> @@ -301,8 +305,12 @@ static inline void write_cr4(unsigned lo
>>  {
>>      struct cpu_info *info = get_cpu_info();
>>  
>> +#ifdef CONFIG_PV
>>      /* No global pages in case of PCIDs enabled! */
>>      ASSERT(!(val & X86_CR4_PGE) || !(val & X86_CR4_PCIDE));
>> +#else
>> +    ASSERT(!(val & X86_CR4_PCIDE));
> 
> That assert seems quite pointless, you have set X86_CR4_PCIDE to 0, so
> this is never going to trigger?

I was about to drop this, but I have to take back my earlier
reply: The #ifdef you talk about is in flushtlb.c, whereas
here we're in processor.h.

Jan

Roger Pau Monné Sept. 12, 2019, 3:57 p.m. UTC | #4

On Thu, Sep 12, 2019 at 05:48:16PM +0200, Jan Beulich wrote:
> On 12.09.2019 17:31, Roger Pau Monné  wrote:
> > On Wed, Sep 11, 2019 at 05:26:46PM +0200, Jan Beulich wrote:
> >> @@ -301,8 +305,12 @@ static inline void write_cr4(unsigned lo
> >>  {
> >>      struct cpu_info *info = get_cpu_info();
> >>  
> >> +#ifdef CONFIG_PV
> >>      /* No global pages in case of PCIDs enabled! */
> >>      ASSERT(!(val & X86_CR4_PGE) || !(val & X86_CR4_PCIDE));
> >> +#else
> >> +    ASSERT(!(val & X86_CR4_PCIDE));
> > 
> > That assert seems quite pointless, you have set X86_CR4_PCIDE to 0, so
> > this is never going to trigger?
> 
> I was about to drop this, but I have to take back my earlier
> reply: The #ifdef you talk about is in flushtlb.c, whereas
> here we're in processor.h.

Oh yes, sorry for not realizing. In order to avoid the ifdefary maybe
you could write the above as:

ASSERT((IS_ENABLED(CONFIG_PV) && !(val & X86_CR4_PGE)) ||
       !(val & X86_CR4_PCIDE));

I don't have a strong opinion though, maybe my proposed version is
actually harder to read than the ifdef'ed one.

Thanks, Roger.

--- a/xen/arch/x86/flushtlb.c
+++ b/xen/arch/x86/flushtlb.c
@@ -24,6 +24,11 @@ 
 #define WRAP_MASK (0x000003FFU)
 #endif
 
+#ifndef CONFIG_PV
+# undef X86_CR4_PCIDE
+# define X86_CR4_PCIDE 0
+#endif
+
 u32 tlbflush_clock = 1U;
 DEFINE_PER_CPU(u32, tlbflush_time);
 
--- a/xen/include/asm-x86/processor.h
+++ b/xen/include/asm-x86/processor.h
@@ -289,7 +289,11 @@  static inline unsigned long cr3_pa(unsig
 
 static inline unsigned int cr3_pcid(unsigned long cr3)
 {
+#ifdef CONFIG_PV
     return cr3 & X86_CR3_PCID_MASK;
+#else
+    return 0;
+#endif
 }
 
 static inline unsigned long read_cr4(void)
@@ -301,8 +305,12 @@  static inline void write_cr4(unsigned lo
 {
     struct cpu_info *info = get_cpu_info();
 
+#ifdef CONFIG_PV
     /* No global pages in case of PCIDs enabled! */
     ASSERT(!(val & X86_CR4_PGE) || !(val & X86_CR4_PCIDE));
+#else
+    ASSERT(!(val & X86_CR4_PCIDE));
+#endif
 
     /*
      * On hardware supporting FSGSBASE, the value in %cr4 is the kernel's
--- a/xen/include/asm-x86/pv/domain.h
+++ b/xen/include/asm-x86/pv/domain.h
@@ -50,8 +50,13 @@ 
  */
 static inline unsigned long get_pcid_bits(const struct vcpu *v, bool is_xpti)
 {
+#ifdef CONFIG_PV
     return X86_CR3_NOFLUSH | (is_xpti ? PCID_PV_XPTI : 0) |
            ((v->arch.flags & TF_kernel_mode) ? PCID_PV_PRIV : PCID_PV_USER);
+#else
+    ASSERT_UNREACHABLE();
+    return 0;
+#endif
 }
 
 #ifdef CONFIG_PV

[9/9] x86: PCID is unused when !PV

Commit Message

Comments

Patch