diff options
author | Nicholas Piggin <npiggin@gmail.com> | 2021-05-28 11:07:42 +0200 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2021-06-10 14:12:14 +0200 |
commit | aaae8c79005846eeafc7a0e5d3eda4e34ea8ca2e (patch) | |
tree | a77fd62fe22993e7031cfcade4b16d3bc2fe413a /arch/powerpc/kvm/book3s_64_entry.S | |
parent | KVM: PPC: Book3S HV: Implement radix prefetch workaround by disabling MMU (diff) | |
download | linux-aaae8c79005846eeafc7a0e5d3eda4e34ea8ca2e.tar.xz linux-aaae8c79005846eeafc7a0e5d3eda4e34ea8ca2e.zip |
KVM: PPC: Book3S HV: Remove support for dependent threads mode on P9
Dependent-threads mode is the normal KVM mode for pre-POWER9 SMT
processors, where all threads in a core (or subcore) would run the same
partition at the same time, or they would run the host.
This design was mandated by MMU state that is shared between threads in
a processor, so the synchronisation point is in hypervisor real-mode
that has essentially no shared state, so it's safe for multiple threads
to gather and switch to the correct mode.
It is implemented by having the host unplug all secondary threads and
always run in SMT1 mode, and host QEMU threads essentially represent
virtual cores that wake these secondary threads out of unplug when the
ioctl is called to run the guest. This happens via a side-path that is
mostly invisible to the rest of the Linux host and the secondary threads
still appear to be unplugged.
POWER9 / ISA v3.0 has a more flexible MMU design that is independent
per-thread and allows a much simpler KVM implementation. Before the new
"P9 fast path" was added that began to take advantage of this, POWER9
support was implemented in the existing path which has support to run
in the dependent threads mode. So it was not much work to add support to
run POWER9 in this dependent threads mode.
The mode is not required by the POWER9 MMU (although "mixed-mode" hash /
radix MMU limitations of early processors were worked around using this
mode). But it is one way to run SMT guests without running different
guests or guest and host on different threads of the same core, so it
could avoid or reduce some SMT attack surfaces without turning off SMT
entirely.
This security feature has some real, if indeterminate, value. However
the old path is lagging in features (nested HV), and with this series
the new P9 path adds remaining missing features (radix prefetch bug
and hash support, in later patches), so POWER9 dependent threads mode
support would be the only remaining reason to keep that code in and keep
supporting POWER9/POWER10 in the old path. So here we make the call to
drop this feature.
Remove dependent threads mode support for POWER9 and above processors.
Systems can still achieve this security by disabling SMT entirely, but
that would generally come at a larger performance cost for guests.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210528090752.3542186-23-npiggin@gmail.com
Diffstat (limited to 'arch/powerpc/kvm/book3s_64_entry.S')
-rw-r--r-- | arch/powerpc/kvm/book3s_64_entry.S | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/arch/powerpc/kvm/book3s_64_entry.S b/arch/powerpc/kvm/book3s_64_entry.S index 177e8fad5c8d..bac664c1a9f7 100644 --- a/arch/powerpc/kvm/book3s_64_entry.S +++ b/arch/powerpc/kvm/book3s_64_entry.S @@ -184,8 +184,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) * void kvmppc_p9_enter_guest(struct vcpu *vcpu); * * Enter the guest on a ISAv3.0 or later system where we have exactly - * one vcpu per vcore, and both the host and guest are radix, and threads - * are set to "indepdent mode". + * one vcpu per vcore, and both the host and guest are radix. */ .balign IFETCH_ALIGN_BYTES _GLOBAL(kvmppc_p9_enter_guest) |