From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Roger Pau Monné" <roger.pau@citrix.com>, "Wei Liu" <wl@xen.org>,
Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH] x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL
Date: Wed, 9 Jun 2021 13:19:03 +0100 [thread overview]
Message-ID: <8085dad5-2957-14a2-c259-87d8bdd388b7@citrix.com> (raw)
In-Reply-To: <72aedd57-9722-2c5b-7365-f46a0e0fe39d@suse.com>
On 09/06/2021 07:36, Jan Beulich wrote:
> On 08.06.2021 19:05, Andrew Cooper wrote:
>> --- a/xen/arch/x86/tsx.c
>> +++ b/xen/arch/x86/tsx.c
>> @@ -60,6 +60,38 @@ void tsx_init(void)
>> */
>>
>> /*
>> + * Probe for the June 2021 microcode which de-features TSX on
>> + * client parts. (Note - this is a subset of parts impacted by
>> + * the memory ordering errata.)
>> + *
>> + * RTM_ALWAYS_ABORT enumerates the new functionality, but is also
>> + * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before
>> + * we run.
>> + *
>> + * Undo this behaviour in Xen's view of the world.
>> + */
>> + bool has_rtm_always_abort = cpu_has_rtm_always_abort;
>> +
>> + if ( !has_rtm_always_abort )
>> + {
>> + uint64_t val;
>> +
>> + rdmsrl(MSR_TSX_FORCE_ABORT, val);
>> +
>> + if ( val & TSX_ENABLE_RTM )
>> + has_rtm_always_abort = true;
>> + }
>> +
>> + /*
>> + * Always force RTM_ALWAYS_ABORT to be visibile, even if it
>> + * currently is. If the user explicitly opts to enable TSX, we'll
>> + * set TSX_FORCE_ABORT.ENABLE_RTM and hide RTM_ALWAYS_ABORT from
>> + * the general CPUID scan later.
>> + */
>> + if ( has_rtm_always_abort )
>> + setup_force_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT);
> I understand the "we'll set" part, but I don't think "we'll hide"
> anything explicitly. Aiui it is ...
>
>> @@ -131,9 +170,36 @@ void tsx_init(void)
>> /* Check bottom bit only. Higher bits are various sentinels. */
>> rtm_disabled = !(opt_tsx & 1);
>>
>> - lo &= ~TSX_FORCE_ABORT_RTM;
>> - if ( rtm_disabled )
>> - lo |= TSX_FORCE_ABORT_RTM;
>> + lo &= ~(TSX_FORCE_ABORT_RTM | TSX_CPUID_CLEAR | TSX_ENABLE_RTM);
>> +
>> + if ( cpu_has_rtm_always_abort )
>> + {
>> + /*
>> + * June 2021 microcode, on a client part with TSX de-featured:
>> + * - There are no mitigations for the TSX memory ordering errata.
>> + * - Performance counter 3 works. (I.e. it isn't being used by
>> + * microcode to work around the memory ordering errata.)
>> + * - TSX_FORCE_ABORT.FORCE_ABORT_RTM is fixed read1/write-discard.
>> + * - TSX_FORCE_ABORT.TSX_CPUID_CLEAR can be used to hide the
>> + * HLE/RTM CPUID bits.
>> + * - TSX_FORCE_ABORT.ENABLE_RTM may be used to opt in to
>> + * re-enabling RTM, at the users own risk.
>> + */
>> + lo |= rtm_disabled ? TSX_CPUID_CLEAR : TSX_ENABLE_RTM;
> ... the setting of TSX_ENABLE_RTM here which, as a result, causes
> RTM_ALWAYS_ABORT to be clear. If that's correct, perhaps the wording
> in that earlier comment would better be something like "we'll set
> TSX_FORCE_ABORT.ENABLE_RTM and hence cause RTM_ALWAYS_ABORT to be
> hidden from the general CPUID scan later"?
Yes - that is the intended meaning. I'll adjust.
> If this understanding of mine is correct, then preferably with some
> suitable adjustment to the comment wording
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Thanks.
> Also Intel recommends this for SDVs only - can we consider such a
> setup supported (not to speak of security supported) at all? I guess
> you mean to express this by saying "at their own risk" in the
> cmdline doc? If so, perhaps mentioning this in SUPPORT.md would be
> a good thing nevertheless, notwithstanding the fact that we're not
> really good at expressing there how command line option use affects
> support status.
I think this is too fine grained to be expressed in SUPPORT.md, but
given that there is a very clear specific issue, I wouldn't consider
this an unsupported configuration overall.
I don't expect people to want to use TSX on these CPUs in the first
place (which was a factor in choosing off-by-default), but if they do,
there is one specific memory ordering issue of read/writes with a
committed transaction.
None of our code uses RTM, so issues in Xen which manifest with tsx=1
won't be related to TSX being enabled.
Obviously, if someone does report an issue, we can tell them to
re-confirm the issue without tsx=1 just to rule out interactions, but I
don't think it is likely for it to be relevant to reported issues.
~Andrew
prev parent reply other threads:[~2021-06-09 12:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 17:05 [PATCH] x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL Andrew Cooper
2021-06-09 6:36 ` Jan Beulich
2021-06-09 12:19 ` Andrew Cooper [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8085dad5-2957-14a2-c259-87d8bdd388b7@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.