From patchwork Wed Jul 31 09:30:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jin Nan Wang X-Patchwork-Id: 11067435 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B5D6C1398 for ; Wed, 31 Jul 2019 09:48:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A26B31FE8E for ; Wed, 31 Jul 2019 09:48:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 96829287D3; Wed, 31 Jul 2019 09:48:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8F1021FE8E for ; Wed, 31 Jul 2019 09:48:11 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hslC0-0002Fb-EQ; Wed, 31 Jul 2019 09:46:44 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hsl2V-0001Nx-Eg for xen-devel@lists.xenproject.org; Wed, 31 Jul 2019 09:36:55 +0000 X-Inumbo-ID: b6e7acfe-b376-11e9-97f9-77a4fc412023 Received: from m9a0001g.houston.softwaregrp.com (unknown [15.124.64.66]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id b6e7acfe-b376-11e9-97f9-77a4fc412023; Wed, 31 Jul 2019 09:36:52 +0000 (UTC) Received: FROM m9a0001g.houston.softwaregrp.com (15.121.0.190) BY m9a0001g.houston.softwaregrp.com WITH ESMTP; Wed, 31 Jul 2019 09:36:47 +0000 Received: from M9W0068.microfocus.com (2002:f79:bf::f79:bf) by M9W0067.microfocus.com (2002:f79:be::f79:be) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Wed, 31 Jul 2019 09:30:20 +0000 Received: from NAM03-CO1-obe.outbound.protection.outlook.com (15.124.72.11) by M9W0068.microfocus.com (15.121.0.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10 via Frontend Transport; Wed, 31 Jul 2019 09:30:19 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N2KOca97gUd4xgDonFr4YKzXStEw1gU64qXFNx7DpsOgiCBdlRVG0/kf3lpqxmPfYstOvWEFrZU944/3XcaTFvuSZWLu00jugjM19ywOg4/ovfdbnnzQ00oILmrjeZycpjqRo9CfVCfkvz1i6QoEacJD+873Gx4lgskr2KKNujdCdNSGt5SGCn8DFSgYiqNrMP9mGo1/P0LIJsg7+g9pr/meeecqYGPFv4WPTRGptMaS0IZ2brmPBDUQpo6qSdjp25fgiMNO/uY44H/gTj4HbN8EcmNOGkWMJEaf+2zTiQfeTq0+wDc+OYKSbfpSkbtsuAA2rNM2SZxiMXe3GWULbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wfAC2jAR1hZ06ts/NAdqkSTn19yTQF+68ZyUJkWIxUQ=; b=fixT/kc4m5/qg4SjK8CCO3W3G3GXwWPU1EWN2ndLKC6FJLIr+93mtPcztK+Fb8pO1q623KToi5NpXrR2ApUNVGJCduYmHPMPPQUL1y3mhA2VY58X6IHgKvimaPsmCXpBpW5GNoBhnGvXW1KHa0GWFUKTPeGJXfdrM8QZhQuVZzH4kiwSwwSZsWMrFUINePqvPjBmlir0AcM6JOMCeDxepP77LoeAiwS3suD2uwZ2z/usf3YR1UOReq0R5rmg8aafgk/OpEQfQc5ZRY1mBTBMExsXiAoWZRriWqoIhQ5QdsTaZZlBWAAMeZ16wTv+p+6/hdbaptaoPq+4q4POr7amHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=suse.com;dmarc=pass action=none header.from=suse.com;dkim=pass header.d=suse.com;arc=none Received: from MN2PR18MB3184.namprd18.prod.outlook.com (10.255.236.145) by MN2PR18MB2542.namprd18.prod.outlook.com (20.179.82.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.13; Wed, 31 Jul 2019 09:30:17 +0000 Received: from MN2PR18MB3184.namprd18.prod.outlook.com ([fe80::8dd0:d80a:8bd4:c0b2]) by MN2PR18MB3184.namprd18.prod.outlook.com ([fe80::8dd0:d80a:8bd4:c0b2%6]) with mapi id 15.20.2115.005; Wed, 31 Jul 2019 09:30:17 +0000 From: Jin Nan Wang To: "xen-devel@lists.xenproject.org" Thread-Topic: [PATCH] Speculative mitigation facilities report wrong status Thread-Index: AQHVR4KQFSckKXZUXUiKuIVTbtEfig== Date: Wed, 31 Jul 2019 09:30:17 +0000 Message-ID: <20190731092959.21655-1-jnwang@suse.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SG2PR02CA0032.apcprd02.prod.outlook.com (2603:1096:3:18::20) To MN2PR18MB3184.namprd18.prod.outlook.com (2603:10b6:208:163::17) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jnwang@suse.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.22.0 x-originating-ip: [45.122.156.254] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6f636869-98be-4350-a8f5-08d71599b30c x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR18MB2542; x-ms-traffictypediagnostic: MN2PR18MB2542: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1728; x-forefront-prvs: 011579F31F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(136003)(346002)(396003)(376002)(39860400002)(199004)(189003)(86362001)(2351001)(186003)(5640700003)(71200400001)(64756008)(66446008)(26005)(71190400001)(6512007)(316002)(52116002)(66066001)(2906002)(36756003)(14454004)(386003)(6506007)(2501003)(6486002)(4326008)(2616005)(102836004)(66476007)(486006)(6436002)(99286004)(107886003)(476003)(66556008)(66946007)(3846002)(7736002)(81156014)(81166006)(6116002)(5660300002)(25786009)(50226002)(14444005)(478600001)(256004)(68736007)(54906003)(1076003)(53936002)(8676002)(8936002)(6916009)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR18MB2542; H:MN2PR18MB3184.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: suse.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 5WopPjdpMHc7nzH9umEj0r1M0NxQ0qBOHJYezmmd0wjivy//Mh1GQ1dfKIdpgJh0J2lxF2XdPSWfd/2d1/W/et1qZ2TpsBM+nEDSuo7RKAC+1Cb8t0Nh2t1zR1+e16t4pfkuXSDXXXYTxnaAMrjW65kfw9DrIdzQcATOHwAVM9bEGfmQAE7U4kOmfrZmkruzrrVa9Mz/+GVClTgowYK5kmXYLMDJaWBUNt1TTVXzw+ypchqVQhU5CvbzxVGWoMOF8nSH+9xqklINnAdSPFS20TbVDU4fsWGsyqlh/AYdxxK5S1zskaRDgLMaUu13im58l1tE778eL55vyQn+9kPb8XMSNLBEYe+VUMwx8+PZWS01sTuCcuLdvUVw4nk0j93WQh8SYml/NqUeo8DQNjx8RdvO0GtY58dkDqwen1KuzTM= Content-ID: <9C81F46B3B7FC142B9369F0F36120455@namprd18.prod.outlook.com> MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 6f636869-98be-4350-a8f5-08d71599b30c X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2019 09:30:17.6284 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 856b813c-16e5-49a5-85ec-6f081e13b527 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jnwang@suse.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2542 X-OriginatorOrg: suse.com X-Mailman-Approved-At: Wed, 31 Jul 2019 09:46:43 +0000 Subject: [Xen-devel] [PATCH] Speculative mitigation facilities report wrong status X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: "andrew.cooper3@citrix.com" , Jin Nan Wang , "wl@xen.org" , Jan Beulich , "roger.pau@citrix.com" Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Diff with 'spec-ctrl=no' and without. ==================================================== --- xen.dmesg.5.log 2019-07-31 14:55:38.138173874 +0800 +++ xen.dmesg.6.log 2019-07-31 14:59:50.223516313 +0800 @@ -7,7 +7,7 @@ (XEN) Xen version 4.12.0_14-1 (abuild@suse.de) (gcc (SUSE Linux) 4.8.5) debug=n Mon Jun 17 15:08:33 UTC 2019 (XEN) Latest ChangeSet: (XEN) Bootloader: GRUB2 2.02 -(XEN) Command line: vga=gfx-1024x768x16 crashkernel=251M<4G ucode=scan console=vga,com1 loglvl=all guest_loglvl=all +(XEN) Command line: vga=gfx-1024x768x16 crashkernel=251M<4G ucode=scan spec-ctrl=no console=vga,com1 loglvl=all guest_loglvl=all (XEN) Xen image load base address: 0 (XEN) Video information: (XEN) VGA is graphics mode 1024x768, 16 bpp @@ -159,12 +159,12 @@ (XEN) Speculative mitigation facilities: (XEN) Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD MD_CLEAR (XEN) Compiled-in support: INDIRECT_THUNK SHADOW_PAGING -(XEN) Xen settings: BTI-Thunk JMP, SPEC_CTRL: IBRS+ SSBD-, Other: IBPB L1D_FLUSH VERW +(XEN) Xen settings: BTI-Thunk JMP, SPEC_CTRL: IBRS- SSBD-, Other: (XEN) L1TF: believed vulnerable, maxphysaddr L1D 46, CPUID 46, Safe address 300000000000 -(XEN) Support for HVM VMs: MSR_SPEC_CTRL RSB EAGER_FPU MD_CLEAR -(XEN) Support for PV VMs: MSR_SPEC_CTRL RSB EAGER_FPU MD_CLEAR -(XEN) XPTI (64-bit PV only): Dom0 enabled, DomU enabled (with PCID) -(XEN) PV L1TF shadowing: Dom0 disabled, DomU enabled +(XEN) Support for HVM VMs: None MD_CLEAR +(XEN) Support for PV VMs: None MD_CLEAR +(XEN) XPTI (64-bit PV only): Dom0 disabled, DomU disabled (with PCID) +(XEN) PV L1TF shadowing: Dom0 disabled, DomU disabled (XEN) Using scheduler: SMP Credit Scheduler rev2 (credit2) (XEN) Initializing Credit2 scheduler (XEN) load_precision_shift: 18 ================================================== In "Support for HVM VMs: Support for PV VMs: " lines, Others feature is reported as "NONE", MD_CLEAR not. code review: xen/arch/x86/spec_ctrl.c: 99 disable_common: 100 opt_rsb_pv = false; 101 opt_rsb_hvm = false; 102 opt_md_clear_pv = 0; <----- they have been disable when 'spec-ctrl=no' 103 opt_md_clear_hvm = 0; 104 X86_FEATURE_SC_VERW_PV, X86_FEATURE_SC_VERW_HVM will not be enabled 1070 if ( opt_md_clear_pv ) 1071 setup_force_cpu_cap(X86_FEATURE_SC_VERW_PV); 1072 if ( opt_md_clear_pv || opt_md_clear_hvm ) 1073 setup_force_cpu_cap(X86_FEATURE_SC_VERW_IDLE); 1074 if ( opt_md_clear_hvm && !(caps & ARCH_CAPS_SKIP_L1DFL) && !opt_l1d_flush ) 1075 setup_force_cpu_cap(X86_FEATURE_SC_VERW_HVM); But when we report the status of MD_CLEAR, we use X86_FEATURE_MD_CLEAR to check. it seems not good. 360 printk(" Support for HVM VMs:%s%s%s%s%s\n", 361 (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || 362 boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || 363 opt_eager_fpu) ? "" : " None", 364 boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", 365 boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", 366 opt_eager_fpu ? " EAGER_FPU" : "", 367 ----> boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); 368 369 #endif 370 #ifdef CONFIG_PV 371 printk(" Support for PV VMs:%s%s%s%s%s\n", 372 (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || 373 boot_cpu_has(X86_FEATURE_SC_RSB_PV) || 374 opt_eager_fpu) ? "" : " None", 375 boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", 376 boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", 377 opt_eager_fpu ? " EAGER_FPU" : "", 378 ----> boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); There is a patch for this issue. diff -Nurp xen-4.12.0-testing.orig/xen/arch/x86/spec_ctrl.c xen-4.12.0-testing/xen/arch/x86/spec_ctrl.c --- xen-4.12.0-testing.orig/xen/arch/x86/spec_ctrl.c 2019-07-31 13:49:41.755568027 +0800 +++ xen-4.12.0-testing/xen/arch/x86/spec_ctrl.c 2019-07-31 15:08:10.158994444 +0800 @@ -360,22 +360,24 @@ static void __init print_details(enum in printk(" Support for HVM VMs:%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || + boot_cpu_has(X86_FEATURE_SC_VERW_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_SC_VERW_HVM) ? " MD_CLEAR" : ""); #endif #ifdef CONFIG_PV printk(" Support for PV VMs:%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || + boot_cpu_has(X86_FEATURE_SC_VERW_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_SC_VERW_PV) ? " MD_CLEAR" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", Signed-off-by: James Wang --- xen/arch/x86/spec_ctrl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cada9a058e..759eee452d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -366,22 +366,24 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk(" Support for HVM VMs:%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || + boot_cpu_has(X86_FEATURE_SC_VERW_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_SC_VERW_HVM) ? " MD_CLEAR" : ""); #endif #ifdef CONFIG_PV printk(" Support for PV VMs:%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || + boot_cpu_has(X86_FEATURE_SC_VERW_PV) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", - boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); + boot_cpu_has(X86_FEATURE_SC_VERW_PV) ? " MD_CLEAR" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled",