Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
* Jan Beulich wrote: > >>> On 12.04.18 at 09:32, wrote: > > > * Jan Beulich wrote: > > > >> >>> On 11.04.18 at 13:53, wrote: > >> > * Jan Beulich wrote: > >> > > >> >> Additionally, x86 maintainers: is there a particular reason this (or > >> >> any functionally equivalent patch) isn't upstream yet? As indicated > >> >> before, I had not been able to find any discussion, and hence I > >> >> see no reason why this is a patch we effectively carry privately in > >> >> our distro branches (and likely other distros do so too). > >> > > >> > The patch was merged 6 weeks ago and is now upstream: > >> > > >> > 71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > >> > >> I'm sorry, but no, this isn't the patch I was inquiring about. > >> Instead I'm wondering of the disposition of the patch disabling > >> IBRS around a CPU going idle. > > > > Got any specific link or subject line for that submission? > > Sure, as written in the original response to Jürgen's patch: > https://patchwork.kernel.org/patch/10153843/ Argh, indeed you did! In any case, this submission from Tim Chen: [PATCH v3 0/5] IBRS patch series Contained a glaring bug in patch #2 which Thomas pointed out, and AFAICS the series was never resubmitted to lkml so it got lost. In any case thanks for the reminder! Thanks, Ingo ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
>>> On 12.04.18 at 09:32, wrote: > * Jan Beulich wrote: > >> >>> On 11.04.18 at 13:53, wrote: >> > * Jan Beulich wrote: >> > >> >> Additionally, x86 maintainers: is there a particular reason this (or >> >> any functionally equivalent patch) isn't upstream yet? As indicated >> >> before, I had not been able to find any discussion, and hence I >> >> see no reason why this is a patch we effectively carry privately in >> >> our distro branches (and likely other distros do so too). >> > >> > The patch was merged 6 weeks ago and is now upstream: >> > >> > 71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend >> >> I'm sorry, but no, this isn't the patch I was inquiring about. >> Instead I'm wondering of the disposition of the patch disabling >> IBRS around a CPU going idle. > > Got any specific link or subject line for that submission? Sure, as written in the original response to Jürgen's patch: https://patchwork.kernel.org/patch/10153843/ Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
* Jan Beulich wrote: > >>> On 11.04.18 at 13:53, wrote: > > * Jan Beulich wrote: > > > >> Additionally, x86 maintainers: is there a particular reason this (or > >> any functionally equivalent patch) isn't upstream yet? As indicated > >> before, I had not been able to find any discussion, and hence I > >> see no reason why this is a patch we effectively carry privately in > >> our distro branches (and likely other distros do so too). > > > > The patch was merged 6 weeks ago and is now upstream: > > > > 71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend > > I'm sorry, but no, this isn't the patch I was inquiring about. > Instead I'm wondering of the disposition of the patch disabling > IBRS around a CPU going idle. Got any specific link or subject line for that submission? Thanks, Ingo ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
>>> On 11.04.18 at 13:53, wrote: > * Jan Beulich wrote: > >> Additionally, x86 maintainers: is there a particular reason this (or >> any functionally equivalent patch) isn't upstream yet? As indicated >> before, I had not been able to find any discussion, and hence I >> see no reason why this is a patch we effectively carry privately in >> our distro branches (and likely other distros do so too). > > The patch was merged 6 weeks ago and is now upstream: > > 71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend I'm sorry, but no, this isn't the patch I was inquiring about. Instead I'm wondering of the disposition of the patch disabling IBRS around a CPU going idle. Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
* Jan Beulich wrote: > Additionally, x86 maintainers: is there a particular reason this (or > any functionally equivalent patch) isn't upstream yet? As indicated > before, I had not been able to find any discussion, and hence I > see no reason why this is a patch we effectively carry privately in > our distro branches (and likely other distros do so too). The patch was merged 6 weeks ago and is now upstream: 71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Thanks, Ingo ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
>>> On 11.04.18 at 09:08, wrote:
> On 14/03/18 09:48, Jan Beulich wrote:
> On 26.02.18 at 15:08, wrote:
>>> @@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled)
>>>
>>> static void xen_vcpu_notify_restore(void *data)
>>> {
>>> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL))
>>> + wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl));
>>> +
>>> /* Boot processor notified via generic timekeeping_resume() */
>>> if (smp_processor_id() == 0)
>>> return;
>>> @@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data)
>>>
>>> static void xen_vcpu_notify_suspend(void *data)
>>> {
>>> + u64 tmp;
>>> +
>>> tick_suspend_local();
>>> +
>>> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
>>> + rdmsrl(MSR_IA32_SPEC_CTRL, tmp);
>>> + this_cpu_write(spec_ctrl, tmp);
>>> + wrmsrl(MSR_IA32_SPEC_CTRL, 0);
>>> + }
>>> }
>>
>> While investigating ways how to do something similar on our old,
>> non-pvops kernels I've started wondering if this solution is actually
>> correct in all cases. Of course discussing this is complicated by the
>> fact that the change there might be a conflict with hasn't landed
>> in Linus'es tree yet (see e.g.
>> https://patchwork.kernel.org/patch/10153843/ for an upstream
>> submission; I haven't been able to find any discussion on that
>> patch or why it isn't upstream yet), but we have it in our various
>> branches. The potential problem I'm seeing is with the clearing
>> and re-setting of SPEC_CTRL around CPUs going idle. While the
>> active CPU could have preemption disabled (if that isn't the case
>> already), the passive CPUs are - afaict - neither under full control
>> of drivers/xen/manage.c:do_suspend() nor excluded yet from
>> any further scheduling activity. Hence with code like this (taken
>> from one of our branches)
>>
>> static void mwait_idle(void)
>> {
>> if (!current_set_polling_and_test()) {
>> trace_cpu_idle_rcuidle(1, smp_processor_id());
>> if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) {
>> smp_mb(); /* quirk */
>> clflush((void *)¤t_thread_info()->flags);
>> smp_mb(); /* quirk */
>> }
>>
>> x86_disable_ibrs();
>>
>> __monitor((void *)¤t_thread_info()->flags, 0, 0);
>> if (!need_resched())
>> __sti_mwait(0, 0);
>> else
>> local_irq_enable();
>>
>> x86_enable_ibrs();
>> ...
>>
>> the MSR might get set to non-zero again after having been
>> cleared by the code your patch adds. I therefore think that the
>> only race free solution would be to do the clearing from
>> stop-machine context. But maybe I'm overlooking something.
>
> Currently and with the above mentioned patch there is no problem: Xen pv
> guests always use default_idle(), so mwait_idle() eventually playing
> with MSR_IA32_SPEC_CTRL won't affect us.
It's pretty unclear to me why default_idle() doesn't have this - in
Xen we do it for all idle routines.
> In order to ensure that won't change in future default_idle() should
> never modify MSR_IA32_SPEC_CTRL. In case something like that would be
> required we should rather add another idle function doing that.
This looks like a pretty strange/non-obvious requirement, which I
don't think anyone would remember.
Additionally, x86 maintainers: is there a particular reason this (or
any functionally equivalent patch) isn't upstream yet? As indicated
before, I had not been able to find any discussion, and hence I
see no reason why this is a patch we effectively carry privately in
our distro branches (and likely other distros do so too).
Jan
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
On 14/03/18 09:48, Jan Beulich wrote:
On 26.02.18 at 15:08, wrote:
>> @@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled)
>>
>> static void xen_vcpu_notify_restore(void *data)
>> {
>> +if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL))
>> +wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl));
>> +
>> /* Boot processor notified via generic timekeeping_resume() */
>> if (smp_processor_id() == 0)
>> return;
>> @@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data)
>>
>> static void xen_vcpu_notify_suspend(void *data)
>> {
>> +u64 tmp;
>> +
>> tick_suspend_local();
>> +
>> +if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
>> +rdmsrl(MSR_IA32_SPEC_CTRL, tmp);
>> +this_cpu_write(spec_ctrl, tmp);
>> +wrmsrl(MSR_IA32_SPEC_CTRL, 0);
>> +}
>> }
>
> While investigating ways how to do something similar on our old,
> non-pvops kernels I've started wondering if this solution is actually
> correct in all cases. Of course discussing this is complicated by the
> fact that the change there might be a conflict with hasn't landed
> in Linus'es tree yet (see e.g.
> https://patchwork.kernel.org/patch/10153843/ for an upstream
> submission; I haven't been able to find any discussion on that
> patch or why it isn't upstream yet), but we have it in our various
> branches. The potential problem I'm seeing is with the clearing
> and re-setting of SPEC_CTRL around CPUs going idle. While the
> active CPU could have preemption disabled (if that isn't the case
> already), the passive CPUs are - afaict - neither under full control
> of drivers/xen/manage.c:do_suspend() nor excluded yet from
> any further scheduling activity. Hence with code like this (taken
> from one of our branches)
>
> static void mwait_idle(void)
> {
> if (!current_set_polling_and_test()) {
> trace_cpu_idle_rcuidle(1, smp_processor_id());
> if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) {
> smp_mb(); /* quirk */
> clflush((void *)¤t_thread_info()->flags);
> smp_mb(); /* quirk */
> }
>
> x86_disable_ibrs();
>
> __monitor((void *)¤t_thread_info()->flags, 0, 0);
> if (!need_resched())
> __sti_mwait(0, 0);
> else
> local_irq_enable();
>
> x86_enable_ibrs();
> ...
>
> the MSR might get set to non-zero again after having been
> cleared by the code your patch adds. I therefore think that the
> only race free solution would be to do the clearing from
> stop-machine context. But maybe I'm overlooking something.
Currently and with the above mentioned patch there is no problem: Xen pv
guests always use default_idle(), so mwait_idle() eventually playing
with MSR_IA32_SPEC_CTRL won't affect us.
In order to ensure that won't change in future default_idle() should
never modify MSR_IA32_SPEC_CTRL. In case something like that would be
required we should rather add another idle function doing that.
Juergen
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
>>> On 26.02.18 at 15:08, wrote:
> @@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled)
>
> static void xen_vcpu_notify_restore(void *data)
> {
> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL))
> + wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl));
> +
> /* Boot processor notified via generic timekeeping_resume() */
> if (smp_processor_id() == 0)
> return;
> @@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data)
>
> static void xen_vcpu_notify_suspend(void *data)
> {
> + u64 tmp;
> +
> tick_suspend_local();
> +
> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
> + rdmsrl(MSR_IA32_SPEC_CTRL, tmp);
> + this_cpu_write(spec_ctrl, tmp);
> + wrmsrl(MSR_IA32_SPEC_CTRL, 0);
> + }
> }
While investigating ways how to do something similar on our old,
non-pvops kernels I've started wondering if this solution is actually
correct in all cases. Of course discussing this is complicated by the
fact that the change there might be a conflict with hasn't landed
in Linus'es tree yet (see e.g.
https://patchwork.kernel.org/patch/10153843/ for an upstream
submission; I haven't been able to find any discussion on that
patch or why it isn't upstream yet), but we have it in our various
branches. The potential problem I'm seeing is with the clearing
and re-setting of SPEC_CTRL around CPUs going idle. While the
active CPU could have preemption disabled (if that isn't the case
already), the passive CPUs are - afaict - neither under full control
of drivers/xen/manage.c:do_suspend() nor excluded yet from
any further scheduling activity. Hence with code like this (taken
from one of our branches)
static void mwait_idle(void)
{
if (!current_set_polling_and_test()) {
trace_cpu_idle_rcuidle(1, smp_processor_id());
if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) {
smp_mb(); /* quirk */
clflush((void *)¤t_thread_info()->flags);
smp_mb(); /* quirk */
}
x86_disable_ibrs();
__monitor((void *)¤t_thread_info()->flags, 0, 0);
if (!need_resched())
__sti_mwait(0, 0);
else
local_irq_enable();
x86_enable_ibrs();
...
the MSR might get set to non-zero again after having been
cleared by the code your patch adds. I therefore think that the
only race free solution would be to do the clearing from
stop-machine context. But maybe I'm overlooking something.
Jan
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend
>>> On 26.02.18 at 15:08, wrote: > Older Xen versions (4.5 and before) might have problems migrating pv > guests with MSR_IA32_SPEC_CTRL having a non-zero value. So before > suspending zero that MSR and restore it after being resumed. > > Cc: sta...@vger.kernel.org > Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
