On 15/04/2021 15:47, Roger Pau Monne wrote: > AMD Milan (Zen3) CPUs have an LFENCE Always Serializing CPUID bit in > leaf 80000021.eax. Previous AMD versions used to have a user settable > bit in DE_CFG MSR to select whether LFENCE was dispatch serializing, > which Xen always attempts to set. The forcefully always on setting is > due to the addition of SEV-SNP so that a VMM cannot break the > confidentiality of a guest. > > In order to support this new CPUID bit move the LFENCE_DISPATCH > synthetic CPUID bit to map the hardware bit (leaving a hole in the > synthetic range) and either rely on the bit already being set by the > native CPUID output, or attempt to fake it in Xen by modifying the > DE_CFG MSR. This requires adding one more entry to the featureset to > support leaf 80000021.eax. > > The bit is exposed to guests by default if the underlying hardware > supports leaf 80000021, as a way to signal that LFENCE is always > serializing. Hardware that doesn't have the leaf might also get the > bit set because Xen has performed the necessary arrangements, but > that's not yet exposed to guests. Note that Xen doesn't allow guests > to change the DE_CFG value, so once set by Xen LFENCE will always be > serializing. > > Note that the access to DE_CFG by guests is left as-is: reads will > unconditionally return LFENCE_SERIALISE bit set, while writes are > silently dropped. > > Suggested-by: Andrew Cooper <andrew.coop...@citrix.com> > Signed-off-by: Roger Pau Monné <roger....@citrix.com> > --- > Changes since v1: > - Rename to lfence+. > - Add feature to libxl_cpuid.c. > - Reword commit message. > --- > Note this doesn't yet expose the bit on hardware that doesn't support > leaf 80000021. It's still TBD whether we want to hardcode this support > manually, or instead rely on a more general approach like the one > suggested by the shrink max CPUID leaf patch from Jan.
I'm going to insist on using the manual approach. Upping max leaf is strictly opposite to shrinking logic. It's very rare that we'll want to extend max leaf beyond what hardware supports, and it wants calling out clearly, along with identifying why it is safe to do so in this specific case. It is not safe or sensible to blindly escalate to the compile time max. The only cases where the differ are bugs needing fixing - the manual approach has the special case clearly called out, while the blindly escalate case has the bug hidden in derivation logic somewhere else. ~Andrew
