Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC

From: Paolo Bonzini <pbonzini@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	bp@alien8.de, dwmw@amazon.co.uk, gregkh@linux-foundation.org,
	pjt@google.com, mingo@kernel.org, linux-kernel@vger.kernel.org,
	hpa@zytor.com, tim.c.chen@linux.intel.com,
	torvalds@linux-foundation.org, peterz@infradead.org,
	Dave Hansen <dave.hansen@intel.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	"Sironi, Filippo" <sironi@amazon.de>
Subject: Re: [tip:x86/pti] x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC
Date: Wed, 17 Jan 2018 18:53:37 +0100	[thread overview]
Message-ID: <b6fdc293-7ed4-e854-1728-7f9af099d9a3@redhat.com> (raw)
In-Reply-To: <e3778bbd-855f-e45a-534e-da73cd423cc6@amd.com>

On 17/01/2018 18:21, Tom Lendacky wrote:
> On 1/8/2018 11:01 AM, Paolo Bonzini wrote:
>> On 08/01/2018 17:48, Dr. David Alan Gilbert wrote:
>>>> If your hypervisor is lying to you about the primary family, then all
>>>> bets are off.  I don't expect there will be any production systems doing
>>>> this.
>>> It's not that an unusual thing to do on qemu/kvm - to specify the lowest
>>> common denominator of the set of CPUs in your data centre (for any one
>>> vendor); it does tend to get some weird combinations.
>>
>> Agreed.  But on a hypervisor we pretty much know that:
>>
>> - the MSR_AMD64_DE_CFG doesn't exist unless you have a fix
>>
>> - setting the MSR_AMD64_DE_CFG bit to 1 if you have a fix can be done
>> independent of the family
>>
>> So all KVM needs is a X86_FEATURE_LFENCE_SERIALIZE, it doesn't matter if
>> it's because of the family or because Linux has set MSR_F10H_DE_CFG.
>> The guest will either try setting the MSR bit and #GP, or it will find
>> it already set and do nothing.
>>
>> Of course no code for this has been written yet.
>>
> 
> Hi Paolo,
> 
> What would be the best way to approach the MSR support?  I was thinking of
> just recognizing a write to that MSR but not actually doing anything and,
> on read, just returning a value with the single bit set if LFENCE is
> serializing and not worrying about the full contents of the MSR.  Or I
> could save the value so that it could also be host initiated and only
> allow the LFENCE serialization bit to be set if the LFENCE_RDTSC feature
> is enabled.

Yes, the latter is the correct one.  We'll need changes in QEMU to add a
new feature bit in "-cpu" too.  The "-cpu" feature bit, if set, causes
QEMU to set the bit in the MSR at CPU creation time.  MSR-based features
are not yet a thing in QEMU, but we were planning to add them before
this whole kerfuffle started.

But indeed we need to return also whether the feature is supported on
the host, which would be similar to the first part (read-only, just
returning a value with the single bit set is LFENCE is serializing).  We
would add KVM_GET_MSRS and KVM_GET_MSR_INDEX_LIST ioctls on the VM file
descriptor for that, and a new capability KVM_CAP_GET_HOST_MSR (or
KVM_CAP_GET_MSR_VM, you choose :)).  QEMU can use these two ioctls to
query the available MSR-based CPU features.  These can include microcode
version, VMX features, LFENCE serialization, IA32_ARCH_FACILITIES, etc.

Thanks,

Paolo