From patchwork Thu Dec 8 11:24:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13068301 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AB2EFC4332F for ; Thu, 8 Dec 2022 11:25:28 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.457045.714880 (Exim 4.92) (envelope-from ) id 1p3F1S-0006Nm-27; Thu, 08 Dec 2022 11:25:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 457045.714880; Thu, 08 Dec 2022 11:25:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1p3F1R-0006Nf-U6; Thu, 08 Dec 2022 11:25:01 +0000 Received: by outflank-mailman (input) for mailman id 457045; Thu, 08 Dec 2022 11:25:00 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1p3F1Q-0006NN-Hv for xen-devel@lists.xenproject.org; Thu, 08 Dec 2022 11:25:00 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2062f.outbound.protection.outlook.com [2a01:111:f400:7d00::62f]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ecf0a414-76ea-11ed-8fd2-01056ac49cbb; Thu, 08 Dec 2022 12:24:49 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by AM8PR04MB8020.eurprd04.prod.outlook.com (2603:10a6:20b:244::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Thu, 8 Dec 2022 11:24:57 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::4da2:ea8b:e71e:b8d8]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::4da2:ea8b:e71e:b8d8%4]) with mapi id 15.20.5880.014; Thu, 8 Dec 2022 11:24:56 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ecf0a414-76ea-11ed-8fd2-01056ac49cbb ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KfEvJxxvojO48+hClQQdu3DFqnRLS1TMlgW9hHwqMNvhbrClCHXu1cfuvLByLNIYsUK6vxI5l2wAoLoFZBTmbYFl32wHo5K02dl9M4olDfl3NLR1MIWzvXsjUXrwlb91+oEnP1U0y+SiGTVa69ptGjKrQZSx1fH7XlaP5HWNtHeY/4Smph7Id3v81UG9FzvfAkntqBXx62BsZ6TB82b/a7Jacrm8DQaptACSHci0ljzlUsibSElmX9KXMb6ocTJapgW8Du5IwymXnJJxdQoejFjASekB4XZ+qJR1kencjiimEwtrAAuDEqxsRTtPbKtx4wxpap2ZQ/mYWz+hK59hLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9Fjreq8M49cgfRSguLDlB8os5Le7I82LY33Pfvxzqu4=; b=bKuUNZatmZEMAGZQjStFEbM0rhIxyogcgibXsPbCHKpyIqDtcKSngydVI5hz8aecIgh2MWbYxFHI5WExMqFfB+QTbTg4U8mg37wLte0O7IYvWbsXEnl3m4FJR8oZtiuByEWT2604VmxELqOg+Qu6SyZyyksAakIjQB699JOn3bO3GTh/kPAQMqUbWBhR6CsMARpwqBhUQxZsuG1wdLR0oDTUe2ded6pUsEn72OrVaxXy9Xtbd5YWwO+W9F3N7UHUTBhYBHeX/3olNFHoZtygwOnuk0KeO88XIHNu9LZP1UZJT8bvG8pxwl//+bdW7GHCqJa0qOY+qkJwR1/p1KjkMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Fjreq8M49cgfRSguLDlB8os5Le7I82LY33Pfvxzqu4=; b=higBIdDWHmzhWyfKQG7RSDtIjB1TEj5arM6lqXb8oLkzjxBO2Vksg4hqEipqPC3B3ng3bm/tW69Ny1csZljasabD5d8AzjJh0VVapaY0gY5qU6CcnGh5IkZZoNyHb3Ekz1jmAAxd8JGcFbGY0e0ACg3wEGj4vHU4ZgpwGuJ/Wx1KqP1QO9b2L3pfuLThAz0Sc3w9WNfdl5KPGLwpTHoSqRFjHrP7hR4suobvn5lTn1gsB1NghH0iBSKNxlUgNA46fukgNxfL6qtFLK1Btir+S1sfuWeIl/5qtn86ice/zS3fEOxANeWUKREAyp10G5M6u8PM5PURiCVmiqwo4lK+Ng== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <6189fed4-2aac-8ca3-90f6-7a750a8993dd@suse.com> Date: Thu, 8 Dec 2022 12:24:54 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: en-US To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= From: Jan Beulich Subject: [PATCH] x86/SVM: restrict hardware SSBD update upon guest VIRT_SPEC_CTRL write X-ClientProxiedBy: FR0P281CA0065.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:49::18) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|AM8PR04MB8020:EE_ X-MS-Office365-Filtering-Correlation-Id: af85afc7-4e71-41c7-8401-08dad90ed598 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jQ5bUZh3BJLOu87zLCBrk3dHQW/eEpH4XpINuUQvsTFW2v8Cm3OnbB7aWbcJQKp2LwDaJ8KK/giWu+82+5i9uDjBN2uIifbqNdayBWB+JqMk2/VbalveQI6fSVkVIl23/qPQR4ro8oKA8rK7lnQeXPjGgdsxAc093JmIpebya3jM14Wj8i01csIKT3K+suFmyuH9DzxRodSx9UVJQjGNcacPrr38mA4EvVdUASiu9WKrlxXRhRqFUDeWIymf6JlNg84dnz0Ol5aGLPOOqiYSMFAVdkDpAwMOGZ6XRoGKagMuplD8UJLfmQGCMgDyFRMoxYPBdp6u7i5x+Q/Fg36w2KdsIX9ah1uRG49unf7alsYlbL54FEkr4H0iscV9Ltb5wuyAz5D1y+ti8W8srgsbHZ3TNbvE/zL5rnAIERUCJW19KOHVp4fg4BJ+zEngQVftGnrYDONyYHWEHWxlQ11xY+1Aws0HsWmalKKOPQ2nKHycicZ6WXux6dE1MVwBpmc72o/DGh4+hjV8Iqtd8P1WO7P7zZJ5OOObwTri1HIAyyNSaL1TCb/S8Q6XQYol1z18R/ZhyF07afU5q7zgsu9fSwADgizm3/3UqYx5GcGjsMusJV50zr4ZGUhZe3mIgPxueetMF6JoI5N6KkCRD70F9+snSLp17Ld7kRT/O1JJ0Ii3H7G3akS8443x9LmLQWyF59LAmX7Ic9vliGTPfesxVYNxXPNxRY5LvyGv/Rjukfk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(376002)(366004)(39860400002)(346002)(136003)(451199015)(36756003)(31696002)(86362001)(6916009)(6486002)(54906003)(316002)(478600001)(4326008)(41300700001)(66556008)(5660300002)(66946007)(66476007)(8676002)(8936002)(2906002)(6512007)(6506007)(38100700002)(26005)(2616005)(186003)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?5wlz74IrepO1eDXr4MzashQTvR/7?= =?utf-8?q?wIQrrxuQIX97f1OFKogd2wuT5z/AAH9F4b5y/c6oPwac/xF2f0IbXpEJC8U/Cx8h/?= =?utf-8?q?Tw59+6vRVrJVGmC5X5GDO5XL0PZOERwyaZ9nOhfvVUfzKB82Dc2f5ivEgu+6IzEn8?= =?utf-8?q?8R6xuMq0s5ylyhBsrIA59HhLflyX8r1lM+hKnqjsMp1z9b1iC4wnwuf2GT9sJHIk0?= =?utf-8?q?XsiORPTksphO1mYVhY+J4fkR2qtBj8aSoNYJRSFTzQ80GORcyjRvMIBl9KmNsy9wh?= =?utf-8?q?qJjuwILSmXymAflYhK/3p09Ti+4vHALjedhHwwh4kfLS1p2Xq9FBvlAujdzTVqEsu?= =?utf-8?q?b17Ute51jIvfR7jrKdekC0/2gnZNuAgcohcwap7bL+tQr72pFqeM7K6f/wBk8/4+u?= =?utf-8?q?p3nrqRdONek2SEKiArJTasWDytmcDhWGevVPmANgaHFNeke0OV6NQVa10ybopqqB9?= =?utf-8?q?myoSsu8HEqhjq6ZqEZQhrehb33F6Cbqai9uSLjtIjp3SM41wfCsZyuWAVPwSJUOjf?= =?utf-8?q?L85qEEGvLyeGcjTy0WShYdRJ56NqeLf0ynfp/YJSje0chGKOVyoyolU/Qhdn26xlH?= =?utf-8?q?veIwkxJOMrRZBq4kT8PdnIn86nRqhSt5ZQFjyajweH5xcwFutVn6Fp07Ez62XfHpc?= =?utf-8?q?R6ZMcdvMsgj0kKtdcr3CnlODeQlZ5LYjo/Ooe8pmIJbxPzKQGM0XCEMYho7qqs/kD?= =?utf-8?q?wx1lCqfXthJnn31drQ2kyHo4RKOrWUtVoaP7O/m2+yv7KM2v7OzTXrV+xfo1/DTdY?= =?utf-8?q?i+2S4+jH1IUKF26k4PEL/hXm79PBZI8jxdb9lC6Ar6tM1+4YARgzdUmZELP3ixbNH?= =?utf-8?q?dz5pTGqLPyDrVpK68GmVFvQv3YNPnY2iwW7zX9pRO/vFTXe2j5U+gJgaJD6bO8uVz?= =?utf-8?q?kHlKRVdkXBtrzZ+TExWmSEAmb1fLwcPbvPhXG6RFValicm7OE4eG6GGwWhzg/knVz?= =?utf-8?q?zI8f0Y33kMd58TNoIEj6uA7ZLpHSyHQNSy5YW7OeeWZnk3I5c+iTtT4l2w8jU1oCQ?= =?utf-8?q?onys1AnIj4TPKqourkvT6DvhRQCvP5ydH9GPgxIE7VfBkUd7F+FlLZDl+7WG8PgJd?= =?utf-8?q?/lOvscyX1IYeQk+u79bm3m9NTu1yQwgA8aeLfpMYP+aU2zo+QWMARCNLJD+sH+y2j?= =?utf-8?q?5jjOElxXTSDle7QGdb0MkqraS1NKk4YlgoP/BKEm53XvJGQAVuqMqxWWufA5v0Yuz?= =?utf-8?q?1NYFHDnFwtXWw4oiPYZlpRWFyrryhaSY4B5DE8uoJWZoIO3WhXQZijzXRAp5EVPRG?= =?utf-8?q?xRv1Ri+VqBbmG2HKBUaAM+9nyQgp73WlnZRfziEbjTeXCoigBTPQhfKWDmTVI9+4K?= =?utf-8?q?EaeXZA9C0w5BBQBqZaQS5q9vXGj0DTZGUWDW5xKspIfAjOsNsGvCLMcWcAdpxRMj7?= =?utf-8?q?LgXBU0+hWX8Wq2TA+0He2Seve7XcByi143LjfReO/kxa8rco5BpjlJmoxxuRQocqR?= =?utf-8?q?rZUe8rPbhyRJUusjDBWj+142IK16g+N2dwyrMwUBqlfNHiLV1RvessxLqinK6SaKK?= =?utf-8?q?gWO1r1YUAdYv?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: af85afc7-4e71-41c7-8401-08dad90ed598 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2022 11:24:56.4689 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: emwER9Z1xJ249Q17zdhRTnTbGoxoMU0GD6P2FQxQxOpN1kTkdy85KJt+P8+Rkqw6uIF4Mnjb1zVMbWheIiaAsw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR04MB8020 core_set_legacy_ssbd() counts the number of times SSBD is being enabled via LS_CFG on a core. This assumes that calls there only occur if the state actually changes. While svm_ctxt_switch_{to,from}() conform to this, guest_wrmsr() doesn't: It also calls the function when the bit doesn't actually change. Extend the conditional there accordingly. Fixes: b2030e6730a2 ("amd/virt_ssbd: set SSBD at vCPU context switch") Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- This is the less intrusive but more fragile variant of a fix. The alternative would be to have core_set_legacy_ssbd() record per-thread state, such that the necessary checking can be done there. This wants properly testing on affected hardware. From Andrew's description it's also not clear whether this really is addressing that problem, or yet another one in this same area. --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -699,12 +699,16 @@ int guest_wrmsr(struct vcpu *v, uint32_t } else { + uint64_t orig = msrs->virt_spec_ctrl.raw; + msrs->virt_spec_ctrl.raw = val & SPEC_CTRL_SSBD; - if ( v == curr ) - /* - * Propagate the value to hardware, as it won't be set on guest - * resume path. - */ + if ( v == curr && + /* + * Propagate the value to hardware, as it won't be set on guest + * resume path. But only do so if the bit actually changed, to + * avoid issues with core_set_legacy_ssbd()'s refcounting. + */ + ((val ^ orig) & SPEC_CTRL_SSBD) ) amd_set_legacy_ssbd(val & SPEC_CTRL_SSBD); } break;