|
|
22c213 |
From eb121ffa97c1c25d7853d51b4c8209c0bb521deb Mon Sep 17 00:00:00 2001
|
|
|
22c213 |
From: David Gibson <dgibson@redhat.com>
|
|
|
22c213 |
Date: Fri, 7 Feb 2020 00:57:04 +0000
|
|
|
22c213 |
Subject: [PATCH 1/7] spapr: Enable DD2.3 accelerated count cache flush in
|
|
|
22c213 |
pseries-5.0 machine
|
|
|
22c213 |
|
|
|
22c213 |
RH-Author: David Gibson <dgibson@redhat.com>
|
|
|
22c213 |
Message-id: <20200207005704.194428-1-dgibson@redhat.com>
|
|
|
22c213 |
Patchwork-id: 93737
|
|
|
22c213 |
O-Subject: [RHEL-AV-8.2 qemu-kvm PATCHv2] spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine
|
|
|
22c213 |
Bugzilla: 1796240
|
|
|
22c213 |
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
|
|
22c213 |
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
|
|
22c213 |
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
|
22c213 |
|
|
|
22c213 |
From: David Gibson <david@gibson.dropbear.id.au>
|
|
|
22c213 |
|
|
|
22c213 |
For POWER9 DD2.2 cpus, the best current Spectre v2 indirect branch
|
|
|
22c213 |
mitigation is "count cache disabled", which is configured with:
|
|
|
22c213 |
-machine cap-ibs=fixed-ccd
|
|
|
22c213 |
However, this option isn't available on DD2.3 CPUs with KVM, because they
|
|
|
22c213 |
don't have the count cache disabled.
|
|
|
22c213 |
|
|
|
22c213 |
For POWER9 DD2.3 cpus, it is "count cache flush with assist", configured
|
|
|
22c213 |
with:
|
|
|
22c213 |
-machine cap-ibs=workaround,cap-ccf-assist=on
|
|
|
22c213 |
However this option isn't available on DD2.2 CPUs with KVM, because they
|
|
|
22c213 |
don't have the special CCF assist instruction this relies on.
|
|
|
22c213 |
|
|
|
22c213 |
On current machine types, we default to "count cache flush w/o assist",
|
|
|
22c213 |
that is:
|
|
|
22c213 |
-machine cap-ibs=workaround,cap-ccf-assist=off
|
|
|
22c213 |
This runs, with mitigation on both DD2.2 and DD2.3 host cpus, but has a
|
|
|
22c213 |
fairly significant performance impact.
|
|
|
22c213 |
|
|
|
22c213 |
It turns out we can do better. The special instruction that CCF assist
|
|
|
22c213 |
uses to trigger a count cache flush is a no-op on earlier CPUs, rather than
|
|
|
22c213 |
trapping or causing other badness. It doesn't, of itself, implement the
|
|
|
22c213 |
mitigation, but *if* we have count-cache-disabled, then the count cache
|
|
|
22c213 |
flush is unnecessary, and so using the count cache flush mitigation is
|
|
|
22c213 |
harmless.
|
|
|
22c213 |
|
|
|
22c213 |
Therefore for the new pseries-5.0 machine type, enable cap-ccf-assist by
|
|
|
22c213 |
default. Along with that, suppress throwing an error if cap-ccf-assist
|
|
|
22c213 |
is selected but KVM doesn't support it, as long as KVM *is* giving us
|
|
|
22c213 |
count-cache-disabled. To allow TCG to work out of the box, even though it
|
|
|
22c213 |
doesn't implement the ccf flush assist, downgrade the error in that case to
|
|
|
22c213 |
a warning. This matches several Spectre mitigations where we allow TCG
|
|
|
22c213 |
to operate for debugging, since we don't really make guarantees about TCG
|
|
|
22c213 |
security properties anyway.
|
|
|
22c213 |
|
|
|
22c213 |
While we're there, make the TCG warning for this case match that for other
|
|
|
22c213 |
mitigations.
|
|
|
22c213 |
|
|
|
22c213 |
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
|
|
22c213 |
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
|
|
|
22c213 |
(cherry picked from commit 37965dfe4dffa3ac49438337417608e7f346b58a)
|
|
|
22c213 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
22c213 |
|
|
|
22c213 |
Conflicts:
|
|
|
22c213 |
hw/ppc/spapr.c
|
|
|
22c213 |
|
|
|
22c213 |
Adjusted machine version compatibility code to the RHEL machine types
|
|
|
22c213 |
rather than the upstream machine types.
|
|
|
22c213 |
|
|
|
22c213 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1796240
|
|
|
22c213 |
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=26285002
|
|
|
22c213 |
Branch: rhel-av-8.2.0
|
|
|
22c213 |
Upstream: Merged for qemu-5.0
|
|
|
22c213 |
|
|
|
22c213 |
Signed-off-by: David Gibson <dgibson@redhat.com>
|
|
|
22c213 |
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
|
|
22c213 |
---
|
|
|
22c213 |
hw/ppc/spapr.c | 4 +++-
|
|
|
22c213 |
hw/ppc/spapr_caps.c | 21 +++++++++++++++++----
|
|
|
22c213 |
2 files changed, 20 insertions(+), 5 deletions(-)
|
|
|
22c213 |
|
|
|
22c213 |
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
|
|
|
22c213 |
index c12862d..a330f03 100644
|
|
|
22c213 |
--- a/hw/ppc/spapr.c
|
|
|
22c213 |
+++ b/hw/ppc/spapr.c
|
|
|
22c213 |
@@ -4440,7 +4440,7 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
|
|
|
22c213 |
smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
|
|
|
22c213 |
smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
|
|
|
22c213 |
smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
|
|
|
22c213 |
- smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
|
|
|
22c213 |
+ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
|
|
|
22c213 |
spapr_caps_add_properties(smc, &error_abort);
|
|
|
22c213 |
smc->irq = &spapr_irq_dual;
|
|
|
22c213 |
smc->dr_phb_enabled = true;
|
|
|
22c213 |
@@ -4904,6 +4904,8 @@ static void spapr_machine_rhel810_class_options(MachineClass *mc)
|
|
|
22c213 |
hw_compat_rhel_8_1_len);
|
|
|
22c213 |
compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
|
|
|
22c213 |
|
|
|
22c213 |
+ /* from pseries-4.2 */
|
|
|
22c213 |
+ smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
|
|
|
22c213 |
}
|
|
|
22c213 |
|
|
|
22c213 |
DEFINE_SPAPR_MACHINE(rhel810, "rhel8.1.0", false);
|
|
|
22c213 |
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
|
|
|
22c213 |
index 805f385..6e6fb28 100644
|
|
|
22c213 |
--- a/hw/ppc/spapr_caps.c
|
|
|
22c213 |
+++ b/hw/ppc/spapr_caps.c
|
|
|
22c213 |
@@ -492,11 +492,24 @@ static void cap_ccf_assist_apply(SpaprMachineState *spapr, uint8_t val,
|
|
|
22c213 |
uint8_t kvm_val = kvmppc_get_cap_count_cache_flush_assist();
|
|
|
22c213 |
|
|
|
22c213 |
if (tcg_enabled() && val) {
|
|
|
22c213 |
- /* TODO - for now only allow broken for TCG */
|
|
|
22c213 |
- error_setg(errp,
|
|
|
22c213 |
-"Requested count cache flush assist capability level not supported by tcg,"
|
|
|
22c213 |
- " try appending -machine cap-ccf-assist=off");
|
|
|
22c213 |
+ /* TCG doesn't implement anything here, but allow with a warning */
|
|
|
22c213 |
+ warn_report("TCG doesn't support requested feature, cap-ccf-assist=on");
|
|
|
22c213 |
} else if (kvm_enabled() && (val > kvm_val)) {
|
|
|
22c213 |
+ uint8_t kvm_ibs = kvmppc_get_cap_safe_indirect_branch();
|
|
|
22c213 |
+
|
|
|
22c213 |
+ if (kvm_ibs == SPAPR_CAP_FIXED_CCD) {
|
|
|
22c213 |
+ /*
|
|
|
22c213 |
+ * If we don't have CCF assist on the host, the assist
|
|
|
22c213 |
+ * instruction is a harmless no-op. It won't correctly
|
|
|
22c213 |
+ * implement the cache count flush *but* if we have
|
|
|
22c213 |
+ * count-cache-disabled in the host, that flush is
|
|
|
22c213 |
+ * unnnecessary. So, specifically allow this case. This
|
|
|
22c213 |
+ * allows us to have better performance on POWER9 DD2.3,
|
|
|
22c213 |
+ * while still working on POWER9 DD2.2 and POWER8 host
|
|
|
22c213 |
+ * cpus.
|
|
|
22c213 |
+ */
|
|
|
22c213 |
+ return;
|
|
|
22c213 |
+ }
|
|
|
22c213 |
error_setg(errp,
|
|
|
22c213 |
"Requested count cache flush assist capability level not supported by kvm,"
|
|
|
22c213 |
" try appending -machine cap-ccf-assist=off");
|
|
|
22c213 |
--
|
|
|
22c213 |
1.8.3.1
|
|
|
22c213 |
|