From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
"Jan Beulich" <JBeulich@suse.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH v2] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch
Date: Fri, 5 Apr 2024 14:07:22 +0100 [thread overview]
Message-ID: <20240405130722.2891221-1-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <Zg1stUacaDBkyDOn@mail-itl>
It turns out there is something wonky on some but not all CPUs with
MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think
it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions
genuinely #UD.
Spot this case and try to back out as cleanly as we can.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
v2:
* Adjust wording.
---
xen/arch/x86/tsx.c | 55 +++++++++++++++++++++++++++++++++++++---------
1 file changed, 45 insertions(+), 10 deletions(-)
diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c
index 50d8059f23a9..fbdd05971c8b 100644
--- a/xen/arch/x86/tsx.c
+++ b/xen/arch/x86/tsx.c
@@ -1,5 +1,6 @@
#include <xen/init.h>
#include <xen/param.h>
+#include <asm/microcode.h>
#include <asm/msr.h>
/*
@@ -9,6 +10,7 @@
* -1 => Default, altered to 0/1 (if unspecified) by:
* - TAA heuristics/settings for speculative safety
* - "TSX vs PCR3" select for TSX memory ordering safety
+ * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch)
* -3 => Implicit tsx=1 (feed-through from spec-ctrl=0)
*
* This is arranged such that the bottom bit encodes whether TSX is actually
@@ -114,11 +116,50 @@ void tsx_init(void)
if ( cpu_has_tsx_force_abort )
{
+ uint64_t val;
+
/*
- * On an early TSX-enable Skylake part subject to the memory
+ * On an early TSX-enabled Skylake part subject to the memory
* ordering erratum, with at least the March 2019 microcode.
*/
+ rdmsrl(MSR_TSX_FORCE_ABORT, val);
+
+ /*
+ * At the time of writing (April 2024), it was discovered that
+ * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6)
+ * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other
+ * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8)
+ * operate as expected.
+ *
+ * In this case:
+ * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated.
+ * - XBEGIN instructions genuinely #UD.
+ * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to
+ * hold its value.
+ * - HLE and RTM are not enumerated, despite
+ * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear.
+ *
+ * Spot RTM being unavailable without CLEAR_CPUID being set, and
+ * treat it as if no TSX is available at all. This will prevent
+ * Xen from thinking it's safe to offer HLE/RTM to VMs.
+ */
+ if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm )
+ {
+ printk(XENLOG_ERR
+ "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n",
+ boot_cpu_data.x86, boot_cpu_data.x86_model,
+ boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev);
+
+ setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT);
+ setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT);
+
+ if ( opt_tsx < 0 )
+ opt_tsx = -2;
+
+ goto done_probe;
+ }
+
/*
* Probe for the June 2021 microcode which de-features TSX on
* client parts. (Note - this is a subset of parts impacted by
@@ -128,15 +169,8 @@ void tsx_init(void)
* read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before
* we run.
*/
- if ( !has_rtm_always_abort )
- {
- uint64_t val;
-
- rdmsrl(MSR_TSX_FORCE_ABORT, val);
-
- if ( val & TSX_ENABLE_RTM )
- has_rtm_always_abort = true;
- }
+ if ( val & TSX_ENABLE_RTM )
+ has_rtm_always_abort = true;
/*
* If no explicit tsx= option is provided, pick a default.
@@ -191,6 +225,7 @@ void tsx_init(void)
setup_force_cpu_cap(X86_FEATURE_RTM);
}
}
+ done_probe:
/*
* Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts.
base-commit: 270588b9b2b751b0bb6b36f4853cb13005e4706f
--
2.30.2
next prev parent reply other threads:[~2024-04-05 13:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 14:50 text-tsx fails on Intel core 8th gen system Marek Marczykowski-Górecki
2024-04-03 15:04 ` Jan Beulich
2024-04-03 16:41 ` Marek Marczykowski-Górecki
2024-04-04 6:07 ` Jan Beulich
2024-04-03 17:09 ` Andrew Cooper
2024-04-04 10:41 ` [PATCH] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Andrew Cooper
2024-04-04 11:02 ` Marek Marczykowski-Górecki
2024-04-04 12:45 ` Jan Beulich
2024-04-04 13:22 ` Andrew Cooper
2024-04-04 13:32 ` Jan Beulich
2024-04-05 13:01 ` Andrew Cooper
2024-04-05 13:25 ` Jan Beulich
2024-04-05 13:07 ` Andrew Cooper [this message]
2024-04-05 13:40 ` [PATCH v2] " Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240405130722.2891221-1-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=marmarek@invisiblethingslab.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.