On 14/03/18 09:48, Jan Beulich wrote:
On 26.02.18 at 15:08, jgross@suse.com wrote:
@@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled) static void xen_vcpu_notify_restore(void *data) {
- if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL))
wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl));- /* Boot processor notified via generic timekeeping_resume() */ if (smp_processor_id() == 0) return;
@@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data) static void xen_vcpu_notify_suspend(void *data) {
- u64 tmp;
- tick_suspend_local();
- if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
rdmsrl(MSR_IA32_SPEC_CTRL, tmp);this_cpu_write(spec_ctrl, tmp);wrmsrl(MSR_IA32_SPEC_CTRL, 0);- }
}
While investigating ways how to do something similar on our old, non-pvops kernels I've started wondering if this solution is actually correct in all cases. Of course discussing this is complicated by the fact that the change there might be a conflict with hasn't landed in Linus'es tree yet (see e.g. https://patchwork.kernel.org/patch/10153843/ for an upstream submission; I haven't been able to find any discussion on that patch or why it isn't upstream yet), but we have it in our various branches. The potential problem I'm seeing is with the clearing and re-setting of SPEC_CTRL around CPUs going idle. While the active CPU could have preemption disabled (if that isn't the case already), the passive CPUs are - afaict - neither under full control of drivers/xen/manage.c:do_suspend() nor excluded yet from any further scheduling activity. Hence with code like this (taken from one of our branches)
static void mwait_idle(void) { if (!current_set_polling_and_test()) { trace_cpu_idle_rcuidle(1, smp_processor_id()); if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) { smp_mb(); /* quirk */ clflush((void *)¤t_thread_info()->flags); smp_mb(); /* quirk */ }
x86_disable_ibrs(); __monitor((void *)¤t_thread_info()->flags, 0, 0); if (!need_resched()) __sti_mwait(0, 0); else local_irq_enable(); x86_enable_ibrs(); ...the MSR might get set to non-zero again after having been cleared by the code your patch adds. I therefore think that the only race free solution would be to do the clearing from stop-machine context. But maybe I'm overlooking something.
Currently and with the above mentioned patch there is no problem: Xen pv guests always use default_idle(), so mwait_idle() eventually playing with MSR_IA32_SPEC_CTRL won't affect us.
In order to ensure that won't change in future default_idle() should never modify MSR_IA32_SPEC_CTRL. In case something like that would be required we should rather add another idle function doing that.
Juergen
On 11.04.18 at 09:08, jgross@suse.com wrote:
On 14/03/18 09:48, Jan Beulich wrote:
On 26.02.18 at 15:08, jgross@suse.com wrote:
@@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled) static void xen_vcpu_notify_restore(void *data) {
- if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL))
wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl));- /* Boot processor notified via generic timekeeping_resume() */ if (smp_processor_id() == 0) return;
@@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data) static void xen_vcpu_notify_suspend(void *data) {
- u64 tmp;
- tick_suspend_local();
- if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
rdmsrl(MSR_IA32_SPEC_CTRL, tmp);this_cpu_write(spec_ctrl, tmp);wrmsrl(MSR_IA32_SPEC_CTRL, 0);- }
}
While investigating ways how to do something similar on our old, non-pvops kernels I've started wondering if this solution is actually correct in all cases. Of course discussing this is complicated by the fact that the change there might be a conflict with hasn't landed in Linus'es tree yet (see e.g. https://patchwork.kernel.org/patch/10153843/ for an upstream submission; I haven't been able to find any discussion on that patch or why it isn't upstream yet), but we have it in our various branches. The potential problem I'm seeing is with the clearing and re-setting of SPEC_CTRL around CPUs going idle. While the active CPU could have preemption disabled (if that isn't the case already), the passive CPUs are - afaict - neither under full control of drivers/xen/manage.c:do_suspend() nor excluded yet from any further scheduling activity. Hence with code like this (taken from one of our branches)
static void mwait_idle(void) { if (!current_set_polling_and_test()) { trace_cpu_idle_rcuidle(1, smp_processor_id()); if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) { smp_mb(); /* quirk */ clflush((void *)¤t_thread_info()->flags); smp_mb(); /* quirk */ }
x86_disable_ibrs(); __monitor((void *)¤t_thread_info()->flags, 0, 0); if (!need_resched()) __sti_mwait(0, 0); else local_irq_enable(); x86_enable_ibrs(); ...the MSR might get set to non-zero again after having been cleared by the code your patch adds. I therefore think that the only race free solution would be to do the clearing from stop-machine context. But maybe I'm overlooking something.
Currently and with the above mentioned patch there is no problem: Xen pv guests always use default_idle(), so mwait_idle() eventually playing with MSR_IA32_SPEC_CTRL won't affect us.
It's pretty unclear to me why default_idle() doesn't have this - in Xen we do it for all idle routines.
In order to ensure that won't change in future default_idle() should never modify MSR_IA32_SPEC_CTRL. In case something like that would be required we should rather add another idle function doing that.
This looks like a pretty strange/non-obvious requirement, which I don't think anyone would remember.
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
Jan
* Jan Beulich JBeulich@suse.com wrote:
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
The patch was merged 6 weeks ago and is now upstream:
71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
Thanks,
Ingo
On 11.04.18 at 13:53, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
The patch was merged 6 weeks ago and is now upstream:
71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
I'm sorry, but no, this isn't the patch I was inquiring about. Instead I'm wondering of the disposition of the patch disabling IBRS around a CPU going idle.
Jan
* Jan Beulich JBeulich@suse.com wrote:
On 11.04.18 at 13:53, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
The patch was merged 6 weeks ago and is now upstream:
71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
I'm sorry, but no, this isn't the patch I was inquiring about. Instead I'm wondering of the disposition of the patch disabling IBRS around a CPU going idle.
Got any specific link or subject line for that submission?
Thanks,
Ingo
On 12.04.18 at 09:32, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
On 11.04.18 at 13:53, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
The patch was merged 6 weeks ago and is now upstream:
71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
I'm sorry, but no, this isn't the patch I was inquiring about. Instead I'm wondering of the disposition of the patch disabling IBRS around a CPU going idle.
Got any specific link or subject line for that submission?
Sure, as written in the original response to Jürgen's patch: https://patchwork.kernel.org/patch/10153843/
Jan
* Jan Beulich JBeulich@suse.com wrote:
On 12.04.18 at 09:32, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
On 11.04.18 at 13:53, mingo@kernel.org wrote:
- Jan Beulich JBeulich@suse.com wrote:
Additionally, x86 maintainers: is there a particular reason this (or any functionally equivalent patch) isn't upstream yet? As indicated before, I had not been able to find any discussion, and hence I see no reason why this is a patch we effectively carry privately in our distro branches (and likely other distros do so too).
The patch was merged 6 weeks ago and is now upstream:
71c208dd54ab: x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
I'm sorry, but no, this isn't the patch I was inquiring about. Instead I'm wondering of the disposition of the patch disabling IBRS around a CPU going idle.
Got any specific link or subject line for that submission?
Sure, as written in the original response to Jürgen's patch: https://patchwork.kernel.org/patch/10153843/
Argh, indeed you did!
In any case, this submission from Tim Chen:
[PATCH v3 0/5] IBRS patch series
Contained a glaring bug in patch #2 which Thomas pointed out, and AFAICS the series was never resubmitted to lkml so it got lost.
In any case thanks for the reminder!
Thanks,
Ingo
linux-stable-mirror@lists.linaro.org
-
Ingo Molnar -
Jan Beulich -
Juergen Gross