linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Kyle Huey <me@kylehuey.com>, Thomas Gleixner <tglx@linutronix.de>,
	John Stultz <john.stultz@linaro.org>,
	Ingo Molnar <mingo@redhat.com>, Michal Hocko <mhocko@suse.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Luis R. Rodriguez" <mcgrof@kernel.org>,
	Mateusz Guzik <mguzik@redhat.com>,
	Alex Thorlton <athorlton@sgi.com>,
	"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com>,
	Jiri Slaby <jslaby@suse.cz>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Ben Segall <bsegall@google.com>,
	"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
	<x86@kernel.org>, Denys Vlasenko <dvlasenk@redhat.com>,
	Paul Gortmaker <paul.gortmaker@windriver.com>,
	Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
	"Robert O'Callahan" <robert@ocallahan.org>,
	"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)" 
	<linux-kernel@vger.kernel.org>, Juergen Gross <jgross@suse.com>,
	Linux API <linux-api@vger.kernel.org>,
	Fenghua Yu <fenghua.yu@intel.com>,
	Kees Cook <keescook@chromium.org>,
	"Peter Zijlstra (Intel)" <peterz@infradead.org>,
	Borislav Petkov <bp@suse.de>, Len Brown <len.brown@intel.com>,
	Huang Rui <ray.huang@amd.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Jan Beulich <JBeulich@suse.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [PATCH] prctl,x86 Add PR_[GET|SET]_CPUID for controlling the CPUID instruction.
Date: Wed, 14 Sep 2016 20:42:23 +0100	[thread overview]
Message-ID: <15829dd7-387c-0eba-4301-7b2b53a3a2cc@citrix.com> (raw)
In-Reply-To: <CALCETrUkmiwLDD0V-b5woDncOzdqZaS4Pg5EnneXD4ZEN7ttbg@mail.gmail.com>

On 14/09/2016 20:36, Andy Lutomirski wrote:
> On Wed, Sep 14, 2016 at 12:28 PM, Andrew Cooper
> <andrew.cooper3@citrix.com> wrote:
>> On 14/09/2016 20:23, Boris Ostrovsky wrote:
>>> On 09/14/2016 02:52 PM, Andy Lutomirski wrote:
>>>> On Tue, Sep 13, 2016 at 11:13 PM, Kyle Huey <me@kylehuey.com> wrote:
>>>>> On Mon, Sep 12, 2016 at 9:56 AM, Andy Lutomirski <luto@amacapital.net> wrote:
>>>>>> You should explicitly check that, if the
>>>>>> feature is set under Xen PV, then the MSR actually works as
>>>>>> advertised.  This may require talking to the Xen folks to make sure
>>>>>> you're testing the right configuration.
>>>>> This is interesting.  When running under Xen PV the kernel is allowed
>>>>> to read the real value of MSR_PLATFORM_INFO and see that CPUID
>>>>> faulting is supported.  But as you suggested, writing to
>>>>> MSR_MISC_FEATURES_ENABLES doesn't actually enable CPUID faulting, at
>>>>> least not in any way that works.
>>>>>
>>>>> It's not obvious to me how to test this, because when this feature
>>>>> works, CPUID only faults in userspace, not in the kernel.  Is there
>>>>> existing code somewhere that runs tests like this in userspace?
>>>>>
>>>> Andrew, Boris: should we expect Xen PV to do anything sensible when we
>>>> write to MSR_PLATFORM_INFO to turn on CPUID faulting?  Should the Xen
>>>> PV rdmsr hooks or perhaps the hypervisor mask out the feature if it
>>>> isn't going to be supported?
>>> The hypervisor uses CPUID faulting so we shouldn't advertise this
>>> feature to guests.
>> In the case that the hardware has faulting, or for any HVM guest, the
>> extra cost to making the feature available to the guest is a single
>> conditional test in the cpuid path.  This is about as close to zero as a
>> feature gets.  We really should be offering the feature to guests, and
>> have it actually working.  The issue here is that it is leaking when we
>> weren't intending to offer it.
> As long as Xen can fix this one way or the other in reasonably short
> order, I think I'm okay with having Linux incorrectly think it works
> on old Xen hypervisors.

For now, unilaterally hiding CPUID faulting is easy, and simple to backport.

Making the feature available for guests to use is slightly more tricky,
as the toolstack still depends on not being faulted to construct HVM
domains properly.  This is the subject of my current CPUID project,
which will result in dom0 being no more special than any other domain
(in terms of hypervisor-side cpuid handling).

~Andrew

  reply	other threads:[~2016-09-14 19:42 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-12  0:29 [PATCH] prctl,x86 Add PR_[GET|SET]_CPUID for controlling the CPUID instruction Kyle Huey
2016-09-12  9:07 ` Borislav Petkov
2016-09-12 14:15   ` Kyle Huey
2016-09-12 14:34     ` Borislav Petkov
2016-09-13 18:42     ` Kyle Huey
2016-09-12 16:56 ` Andy Lutomirski
2016-09-12 17:18   ` Borislav Petkov
2016-09-12 17:56   ` Jann Horn
2016-09-12 21:07     ` Andy Lutomirski
2016-09-14  6:13   ` Kyle Huey
2016-09-14 18:52     ` Andy Lutomirski
2016-09-14 19:22       ` Andrew Cooper
2016-09-14 19:23       ` Boris Ostrovsky
2016-09-14 19:28         ` Andrew Cooper
2016-09-14 19:36           ` Andy Lutomirski
2016-09-14 19:42             ` Andrew Cooper [this message]
2016-09-12 17:37 ` Andi Kleen
2016-09-12 18:25   ` Henrique de Moraes Holschuh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=15829dd7-387c-0eba-4301-7b2b53a3a2cc@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=Aravind.Gopalakrishnan@amd.com \
    --cc=JBeulich@suse.com \
    --cc=akpm@linux-foundation.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=aryabinin@virtuozzo.com \
    --cc=athorlton@sgi.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=bp@suse.de \
    --cc=bsegall@google.com \
    --cc=dvlasenk@redhat.com \
    --cc=dvyukov@google.com \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=john.stultz@linaro.org \
    --cc=jslaby@suse.cz \
    --cc=keescook@chromium.org \
    --cc=len.brown@intel.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mcgrof@kernel.org \
    --cc=me@kylehuey.com \
    --cc=mguzik@redhat.com \
    --cc=mhocko@suse.com \
    --cc=mingo@redhat.com \
    --cc=mst@redhat.com \
    --cc=paul.gortmaker@windriver.com \
    --cc=peterz@infradead.org \
    --cc=rafael.j.wysocki@intel.com \
    --cc=ray.huang@amd.com \
    --cc=robert@ocallahan.org \
    --cc=srinivas.pandruvada@linux.intel.com \
    --cc=tglx@linutronix.de \
    --cc=vbabka@suse.cz \
    --cc=vladimir_zapolskiy@mentor.com \
    --cc=x86@kernel.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).