[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 22/34] spapr: Enable DD2.3 accelerated count cache flush in pserie
From: |
David Gibson |
Subject: |
[PULL 22/34] spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine |
Date: |
Fri, 31 Jan 2020 17:09:12 +1100 |
For POWER9 DD2.2 cpus, the best current Spectre v2 indirect branch
mitigation is "count cache disabled", which is configured with:
-machine cap-ibs=fixed-ccd
However, this option isn't available on DD2.3 CPUs with KVM, because they
don't have the count cache disabled.
For POWER9 DD2.3 cpus, it is "count cache flush with assist", configured
with:
-machine cap-ibs=workaround,cap-ccf-assist=on
However this option isn't available on DD2.2 CPUs with KVM, because they
don't have the special CCF assist instruction this relies on.
On current machine types, we default to "count cache flush w/o assist",
that is:
-machine cap-ibs=workaround,cap-ccf-assist=off
This runs, with mitigation on both DD2.2 and DD2.3 host cpus, but has a
fairly significant performance impact.
It turns out we can do better. The special instruction that CCF assist
uses to trigger a count cache flush is a no-op on earlier CPUs, rather than
trapping or causing other badness. It doesn't, of itself, implement the
mitigation, but *if* we have count-cache-disabled, then the count cache
flush is unnecessary, and so using the count cache flush mitigation is
harmless.
Therefore for the new pseries-5.0 machine type, enable cap-ccf-assist by
default. Along with that, suppress throwing an error if cap-ccf-assist
is selected but KVM doesn't support it, as long as KVM *is* giving us
count-cache-disabled. To allow TCG to work out of the box, even though it
doesn't implement the ccf flush assist, downgrade the error in that case to
a warning. This matches several Spectre mitigations where we allow TCG
to operate for debugging, since we don't really make guarantees about TCG
security properties anyway.
While we're there, make the TCG warning for this case match that for other
mitigations.
Signed-off-by: David Gibson <address@hidden>
---
hw/ppc/spapr.c | 5 ++++-
hw/ppc/spapr_caps.c | 21 +++++++++++++++++----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index a0076e5fbd..fe8266a1d1 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4397,7 +4397,7 @@ static void spapr_machine_class_init(ObjectClass *oc,
void *data)
smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
- smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
+ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
spapr_caps_add_properties(smc, &error_abort);
smc->irq = &spapr_irq_dual;
smc->dr_phb_enabled = true;
@@ -4465,8 +4465,11 @@ DEFINE_SPAPR_MACHINE(5_0, "5.0", true);
*/
static void spapr_machine_4_2_class_options(MachineClass *mc)
{
+ SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
spapr_machine_5_0_class_options(mc);
compat_props_add(mc->compat_props, hw_compat_4_2, hw_compat_4_2_len);
+ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
}
DEFINE_SPAPR_MACHINE(4_2, "4.2", false);
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 481dfd2a27..7f933a98ed 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -485,11 +485,24 @@ static void cap_ccf_assist_apply(SpaprMachineState
*spapr, uint8_t val,
uint8_t kvm_val = kvmppc_get_cap_count_cache_flush_assist();
if (tcg_enabled() && val) {
- /* TODO - for now only allow broken for TCG */
- error_setg(errp,
-"Requested count cache flush assist capability level not supported by tcg,"
- " try appending -machine cap-ccf-assist=off");
+ /* TCG doesn't implement anything here, but allow with a warning */
+ warn_report("TCG doesn't support requested feature,
cap-ccf-assist=on");
} else if (kvm_enabled() && (val > kvm_val)) {
+ uint8_t kvm_ibs = kvmppc_get_cap_safe_indirect_branch();
+
+ if (kvm_ibs == SPAPR_CAP_FIXED_CCD) {
+ /*
+ * If we don't have CCF assist on the host, the assist
+ * instruction is a harmless no-op. It won't correctly
+ * implement the cache count flush *but* if we have
+ * count-cache-disabled in the host, that flush is
+ * unnnecessary. So, specifically allow this case. This
+ * allows us to have better performance on POWER9 DD2.3,
+ * while still working on POWER9 DD2.2 and POWER8 host
+ * cpus.
+ */
+ return;
+ }
error_setg(errp,
"Requested count cache flush assist capability level not supported by kvm,"
" try appending -machine cap-ccf-assist=off");
--
2.24.1
- [PULL 05/34] target/ppc: Clarify the meaning of return values in kvm_handle_debug, (continued)
- [PULL 05/34] target/ppc: Clarify the meaning of return values in kvm_handle_debug, David Gibson, 2020/01/31
- [PULL 06/34] spapr: Fail CAS if option vector table cannot be parsed, David Gibson, 2020/01/31
- [PULL 11/34] ppc/pnv: remove useless "core-pir" property alias., David Gibson, 2020/01/31
- [PULL 12/34] ppc/pnv: Add support for "hostboot" mode, David Gibson, 2020/01/31
- [PULL 16/34] tpm_spapr: Support suspend and resume, David Gibson, 2020/01/31
- [PULL 09/34] spapr: Don't allow multiple active vCPUs at CAS, David Gibson, 2020/01/31
- [PULL 08/34] target/ppc: add support for Hypervisor Facility Unavailable Exception, David Gibson, 2020/01/31
- [PULL 13/34] tpm: Move tpm_tis_show_buffer to tpm_util.c, David Gibson, 2020/01/31
- [PULL 15/34] tpm_spapr: Support TPM for ppc64 using CRQ based interface, David Gibson, 2020/01/31
- [PULL 07/34] target/ppc: Add privileged message send facilities, David Gibson, 2020/01/31
- [PULL 22/34] spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine,
David Gibson <=
- [PULL 24/34] Wrapper function to wait on condition for the main loop mutex, David Gibson, 2020/01/31
- [PULL 21/34] ppc/pnv: change the PowerNV machine devices to be non user creatable, David Gibson, 2020/01/31
- [PULL 25/34] ppc: spapr: Introduce FWNMI capability, David Gibson, 2020/01/31
- [PULL 27/34] target/ppc: Build rtas error log upon an MCE, David Gibson, 2020/01/31
- [PULL 04/34] hw/ppc/prep: Remove the deprecated "prep" machine and the OpenHackware BIOS, David Gibson, 2020/01/31
- [PULL 17/34] hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config, David Gibson, 2020/01/31
- [PULL 14/34] spapr: Implement get_dt_compatible() callback, David Gibson, 2020/01/31
- [PULL 29/34] migration: Include migration support for machine check handling, David Gibson, 2020/01/31
- [PULL 23/34] target/ppc/cpu.h: Put macro parameter in parentheses, David Gibson, 2020/01/31
- [PULL 31/34] target/ppc: Use probe_access for LSW, STSW, David Gibson, 2020/01/31