From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1764201AbcINT30 (ORCPT <rfc822;w@1wt.eu>);
        Wed, 14 Sep 2016 15:29:26 -0400
Received: from ppsw-31.csi.cam.ac.uk ([131.111.8.131]:39765 "EHLO
        ppsw-31.csi.cam.ac.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1763906AbcINT3Y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Sep 2016 15:29:24 -0400
X-Greylist: delayed 356 seconds by postgrey-1.27 at vger.kernel.org; Wed, 14 Sep 2016 15:29:23 EDT
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Subject: Re: [PATCH] prctl,x86 Add PR_[GET|SET]_CPUID for controlling the
 CPUID instruction.
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Andy Lutomirski <luto@amacapital.net>, Kyle Huey <me@kylehuey.com>
References: <1473640169-24145-1-git-send-email-khuey@kylehuey.com>
 <CALCETrVJAib918qn9CL4Tvyfok-8eAHimYDabXUF=1Nsxo4-Pw@mail.gmail.com>
 <CAP045ApLcQXZP44wry8mofLz2ip1vQbvpnhCjQZsT+JxXmVEzg@mail.gmail.com>
 <CALCETrWo2XcOvnWOwU4oS-pU1+KL2PnoHa0pdFX=PA3xeM7eqg@mail.gmail.com>
 <e7b0b419-ed32-e35b-2f7b-eee71834fafd@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
        John Stultz <john.stultz@linaro.org>, Ingo Molnar <mingo@redhat.com>,
        Michal Hocko <mhocko@suse.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Mateusz Guzik <mguzik@redhat.com>, Alex Thorlton <athorlton@sgi.com>,
        "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com>,
        Jiri Slaby <jslaby@suse.cz>, Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Ben Segall <bsegall@google.com>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>,
        Denys Vlasenko <dvlasenk@redhat.com>,
        Paul Gortmaker <paul.gortmaker@windriver.com>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        "Robert O'Callahan" <robert@ocallahan.org>,
        "open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
        <linux-kernel@vger.kernel.org>,
        Juergen Gross <jgross@suse.com>, Linux API <linux-api@vger.kernel.org>,
        Fenghua Yu <fenghua.yu@intel.com>, Kees Cook <keescook@chromium.org>,
        "Peter Zijlstra (Intel)" <peterz@infradead.org>,
        Borislav Petkov <bp@suse.de>, Len Brown <len.brown@intel.com>,
        Huang Rui <ray.huang@amd.com>, "H. Peter Anvin" <hpa@zytor.com>
From: Andrew Cooper <andrew.cooper3@citrix.com>
Message-ID: <2c7b1052-be5a-f776-60e5-23136cd7443c@citrix.com>
Date: Wed, 14 Sep 2016 20:28:55 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <e7b0b419-ed32-e35b-2f7b-eee71834fafd@oracle.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 14/09/2016 20:23, Boris Ostrovsky wrote:
> On 09/14/2016 02:52 PM, Andy Lutomirski wrote:
>> On Tue, Sep 13, 2016 at 11:13 PM, Kyle Huey <me@kylehuey.com> wrote:
>>> On Mon, Sep 12, 2016 at 9:56 AM, Andy Lutomirski <luto@amacapital.net> wrote:
>>>> You should explicitly check that, if the
>>>> feature is set under Xen PV, then the MSR actually works as
>>>> advertised.  This may require talking to the Xen folks to make sure
>>>> you're testing the right configuration.
>>> This is interesting.  When running under Xen PV the kernel is allowed
>>> to read the real value of MSR_PLATFORM_INFO and see that CPUID
>>> faulting is supported.  But as you suggested, writing to
>>> MSR_MISC_FEATURES_ENABLES doesn't actually enable CPUID faulting, at
>>> least not in any way that works.
>>>
>>> It's not obvious to me how to test this, because when this feature
>>> works, CPUID only faults in userspace, not in the kernel.  Is there
>>> existing code somewhere that runs tests like this in userspace?
>>>
>> Andrew, Boris: should we expect Xen PV to do anything sensible when we
>> write to MSR_PLATFORM_INFO to turn on CPUID faulting?  Should the Xen
>> PV rdmsr hooks or perhaps the hypervisor mask out the feature if it
>> isn't going to be supported?
> The hypervisor uses CPUID faulting so we shouldn't advertise this
> feature to guests.

In the case that the hardware has faulting, or for any HVM guest, the
extra cost to making the feature available to the guest is a single
conditional test in the cpuid path.  This is about as close to zero as a
feature gets.  We really should be offering the feature to guests, and
have it actually working.  The issue here is that it is leaking when we
weren't intending to offer it.

~Andrew

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org>
Subject: Re: [PATCH] prctl,x86 Add PR_[GET|SET]_CPUID for controlling the
 CPUID instruction.
Date: Wed, 14 Sep 2016 20:28:55 +0100
Message-ID: <2c7b1052-be5a-f776-60e5-23136cd7443c@citrix.com>
References: <1473640169-24145-1-git-send-email-khuey@kylehuey.com>
 <CALCETrVJAib918qn9CL4Tvyfok-8eAHimYDabXUF=1Nsxo4-Pw@mail.gmail.com>
 <CAP045ApLcQXZP44wry8mofLz2ip1vQbvpnhCjQZsT+JxXmVEzg@mail.gmail.com>
 <CALCETrWo2XcOvnWOwU4oS-pU1+KL2PnoHa0pdFX=PA3xeM7eqg@mail.gmail.com>
 <e7b0b419-ed32-e35b-2f7b-eee71834fafd@oracle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Return-path: <linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
In-Reply-To: <e7b0b419-ed32-e35b-2f7b-eee71834fafd-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
To: Boris Ostrovsky <boris.ostrovsky-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>, Kyle Huey <me-OhBmq/TcCDJWk0Htik3J/w@public.gmane.org>
Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>, John Stultz <john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>, Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Michal Hocko <mhocko-IBi9RG/b67k@public.gmane.org>, Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>, "Michael S. Tsirkin" <mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Alexander Shishkin <alexander.shishkin-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>, Aravind Gopalakrishnan <Aravind.Gopalakrishnan-5C7GfCeVMHo@public.gmane.org>, Vlastimil Babka <vbabka-AlSwsSmVLrQ@public.gmane.org>, "Luis R. Rodriguez" <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Mateusz Guzik <mguzik-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Alex Thorlton <athorlton-sJ/iWh9BUns@public.gmane.org>, "Rafael J. Wysocki" <rafael.j.wysocki-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Dmitry Vyukov <dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Vladimir Zapolskiy <vladimir_zapolskiy-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>, Jiri Slaby <jslaby-AlSwsSmVLrQ@public.gmane.org>, Andrey Ryabinin <aryabinin-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org>, Ben Segall <bsegall-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, maintainer:X86 ARCHITECTURE (32-BIT
List-Id: linux-api@vger.kernel.org

On 14/09/2016 20:23, Boris Ostrovsky wrote:
> On 09/14/2016 02:52 PM, Andy Lutomirski wrote:
>> On Tue, Sep 13, 2016 at 11:13 PM, Kyle Huey <me-OhBmq/TcCDJWk0Htik3J/w@public.gmane.org> wrote:
>>> On Mon, Sep 12, 2016 at 9:56 AM, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote:
>>>> You should explicitly check that, if the
>>>> feature is set under Xen PV, then the MSR actually works as
>>>> advertised.  This may require talking to the Xen folks to make sure
>>>> you're testing the right configuration.
>>> This is interesting.  When running under Xen PV the kernel is allowed
>>> to read the real value of MSR_PLATFORM_INFO and see that CPUID
>>> faulting is supported.  But as you suggested, writing to
>>> MSR_MISC_FEATURES_ENABLES doesn't actually enable CPUID faulting, at
>>> least not in any way that works.
>>>
>>> It's not obvious to me how to test this, because when this feature
>>> works, CPUID only faults in userspace, not in the kernel.  Is there
>>> existing code somewhere that runs tests like this in userspace?
>>>
>> Andrew, Boris: should we expect Xen PV to do anything sensible when we
>> write to MSR_PLATFORM_INFO to turn on CPUID faulting?  Should the Xen
>> PV rdmsr hooks or perhaps the hypervisor mask out the feature if it
>> isn't going to be supported?
> The hypervisor uses CPUID faulting so we shouldn't advertise this
> feature to guests.

In the case that the hardware has faulting, or for any HVM guest, the
extra cost to making the feature available to the guest is a single
conditional test in the cpuid path.  This is about as close to zero as a
feature gets.  We really should be offering the feature to guests, and
have it actually working.  The issue here is that it is leaking when we
weren't intending to offer it.

~Andrew