From patchwork Fri Jan 28 13:29:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728560 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9DC42C4332F for ; Fri, 28 Jan 2022 13:30:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.262000.454013 (Exim 4.92) (envelope-from ) id 1nDRKD-0004lv-ON; Fri, 28 Jan 2022 13:30:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 262000.454013; Fri, 28 Jan 2022 13:30:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKD-0004lQ-I5; Fri, 28 Jan 2022 13:30:01 +0000 Received: by outflank-mailman (input) for mailman id 262000; Fri, 28 Jan 2022 13:30:00 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKC-0003aP-1E for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:30:00 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 626e1aed-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:29:58 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 626e1aed-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376598; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5YvOYeOH1AT6H56DS+3LvoaEf/dTfXY53J18WV3bFhA=; b=U/qXnclNj9bFxe3lWtbU/vwMfKCfypzWh5eTLWZ9IEEZlCuplqgLlzfa ww3EIAlFSAW7HBWHkpCTuQPTh4AssRnmw7fs5Xwv0zSO4fZ3wDNXEvHLu sMoMMcghxFx9y0grSCP84JkiEPSC8Q3MATZRlKJq6cIo9c7PIYFdgpNLQ c=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: OE0NEHdV6XFmtCNIyXSLHgb0VDfVWzkQ0F/hoL6RGToglNaPHPU2CoWp1cyaard6Y7tgLbNkml O+IHN1ep9IWg3e0QCEvMSLjeSVXBCRLvpcUYivSMYssdoXMGrTM5y9Ff89N6xeU7rS50lUdpri q6RhedqeSDjRc/K1Fn59nPEPV1X1Cg2SUo4ADkOcsbOxSzEp5WaSNddWl5x06onWSc9zPRXObI W39RKjsr9ybUN0UTVeBDyyCl1kMMZ+Thvp50bFIzgb4UcRNCbN1d5T71KfNyBJfnnHF3N1VTaN FLJpH7NLZC03T6gM8gGf9djU X-SBRS: 5.2 X-MesageID: 62981610 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:gEd7UKAn7Sd/jBVW//3kw5YqxClBgxIJ4kV8jS/XYbTApDMkhmRRm zEaD2+EOvqPZTH8e98lPYrip0sPuZLWnNVnQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WL6s1hxZH1c+En9400I7x4bVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/uza5xNVMi 9537JG5bVknGoPFqMA8akwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTY+9gnMk8auLsO5sSoCpIxjDFF/c2B5vERs0m4PcGhmZg354XRZ4yY eI5MTR+SwrvZiFlZHoyErgVkPmp3GbWJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tmSyq 3/C/m/5KgoHL9HZwj2Amlq8i+mKkS7lVYY6ELyj6uUskFCV3nYUChAdSR28u/bRt6Klc4sBc QpOoHNo9PVsshzwJjXgY/GmiE6HjkUZZplbKbQ34SXTxI766ja9J1FRG1atd+canMMxQDUr0 HqAkNXoGSFjvdWpdJ6NyluHhWjsYHZIdAfucQdBFFJYuIe7/OnfmzqSFo4LLUKjsjHi9dgcK RiupTN2ubgchNVjO06TrQGe2GLESnQko2cICuTrsoCNs1sRiG2NPdXABb3nARBodtvxor6p5 yBspiRmxLpSZaxhbQTUKAn3IJmn5uyeLBrXikN1Ep8q+lyFoiD/JtoLuGogeR80Y67onAMFh meJ52u9A7cIZBOXgVJfOdrtW6zGM4C+fTgaahwkRoUXOcUgHON21CpveVSRzwjQfLsEyskC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eJ1mkgWmD2CLbimn0XP+efPPxa9FOZaWGZim8hktstoVi2Pr YYGXyZLoj0CONDDjt7/qN5KcgtSfCFlXPgbaaV/L4a+H+avI0l5Y9e5/F/rU9UNc319mria8 3ejdFVfzVaj13TLJR/TMiJoaa/1XIY5pnU+ZHR+MVGt0nklQICu8KZAKMdnIeh5rLRunaxuU v0IW8ScGfATGD7JzCsQMMvmp4t4eRX12Q/XZ3i5YCIydoJLThDS/oO2ZRPm8SQDV3LltcY3r 7C6+BncRJ4PG1ZrAMrMMar9xFKtp3kN3ul1WhKQcNVUfUzt9qlsKjDw0aBrc51dd02by2LDh QiMABoeqe3cmKMP8YHE1fKesoOkM+piBU4GTWPV2qm7aHvB9W25zI4eDOvRJWLBVHn58bmJb PlOy62uK+UOmVtHvtYuE7tvyq5itdLjq6UDk1ZhFXTPKV+qFqlhMj+N2swW7v9BwbpQuA2XX EOT+4YFZeXVaZ29SFNBdhA4aumj1O0PnmiA5Ps4F0z2+Str8efVSk5VJRSN1HRQIbYd3FnJG gv9VBr6MzCCtyc= IronPort-HdrOrdr: A9a23:ln8le6O7WMNRScBcT4z255DYdb4zR+YMi2TDiHofdfUFSKClfp 6V8cjzjSWE8gr5K0tQ5OxoWZPwC080kKQa3WB/B8bFYOCLghrKEGgm1/qY/9SCIVyyygc+79 YYT0EWMrSZZjIa7foSojPIa+rIq+P3lZxA8N2uqEuFOjsaD52IgT0JaDqzIwlTfk1rFJA5HJ 2T6o5svDy7Y0kaacy9Gz0sQ/XDj8ejruOoXTc2QzocrCWehzKh77D3VzKC2A0Fbj9JybA+tU DYjg3C4Lm5uf3T8G6T64aT1eUWpDLS8KoBOCW+sLlWFtwqsHfsWG1VYczDgNnympDq1L9lqq iKn/5qBbUO15qYRBDLnfKq4Xit7B8er0b4z1mWmH3iptG8ag4bJqN69MRkWyqc0lEnut5k1q JNwia+jLp4ST39vAmV3amQa/lN/nDE+kbKVdRj10B3QM8QbqRcopcY+14QGJAcHDji4IRiC+ V2CtrAjcwmOG9yQkqpyVWH+ubcKEjb3y32MXQqq4iQyXxbjXp5x0wXyIgWmWoB7os0T91B6/ 7fOqplmblSRotOBJgNT9spUI+yECjAUBjMOGWdLRDuE7wGIWvEr9ry7K8u7O+ndZQUxN85mY jHUllfqWkuEnieQfGmzdlO6FTAUW+9VTPixoVX4IV4oKT1QP7xPSiKWDkV4r+dSjUkc7jmst qISeNr6s7YXBnT8NxyrnPDsrFpWAkjbPE= X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="62981610" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 1/9] x86/cpuid: Advertise SSB_NO to guests by default Date: Fri, 28 Jan 2022 13:29:19 +0000 Message-ID: <20220128132927.14997-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 This is a statement of hardware behaviour, and not related to controls for the guest kernel to use. Pass it straight through from hardware. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu Not currently enumerated by any CPU I'm aware of. v2: * New --- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6e44148a0901..fd8ab2572304 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -266,7 +266,7 @@ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ -XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */ +XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ From patchwork Fri Jan 28 13:29:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728563 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 34B11C433FE for ; Fri, 28 Jan 2022 13:30:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.262002.454026 (Exim 4.92) (envelope-from ) id 1nDRKE-0004yZ-U6; Fri, 28 Jan 2022 13:30:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 262002.454026; Fri, 28 Jan 2022 13:30:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKE-0004w9-CI; Fri, 28 Jan 2022 13:30:02 +0000 Received: by outflank-mailman (input) for mailman id 262002; Fri, 28 Jan 2022 13:30:01 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKD-0003aP-3m for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:30:01 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 64259e89-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:30:00 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 64259e89-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376600; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gHfpIZlajUaP6cGdkiuSguv/j1zSvd9zDfBvEzVBPh8=; b=VcTK6SFso4R6xTRh8ky2XPYt5O6mVf6Pqj/+J6U24yUPvtzgLdPDEHHZ ud70B4xxvXk6VEyKY+rqi1w9BJ/pl7lOdMTPp3pfQ+plFt85N9Psqy9KL JRTIQqAyJfQunMzj4dxFLFqXu8HRTWN/B5/xPNQQbSwGv+CXGJJ7iJHVn w=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: xFsr5l5z5y/D9EoB3ZQVgrJPfyV9kXFMZpXxUAhrWB7N5x7vh8FwwNpBa1LR4L88Nva269NoTD gRadX/pU4CRSM1iTbxfzQP2LE9mcAvdHsKT+pGGC5hRdzuncfdDJ9f9uXnS1BbHHMKA0hcvGEi r7T8RHAw3C6thv/y2wEhbtwKB4lPeaelCcN+pvqfR5XFtnpTJhkAPaX7AnLTdecl1Q5eGTNSjG crgeRLOqsBGzKFnwjv7QxzUh3pi7Idc4EvTQrYc24Jt87DJ/bI+roNhhknP9fhWJO3Lgt68TtK lvkODKRs07CBOEJgOS6aVOrt X-SBRS: 5.2 X-MesageID: 62981611 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:Y0ZiWanVl3PN+mBmO7h1XTPo5gxVIURdPkR7XQ2eYbSJt1+Wr1Gzt xIZXWzTb/fcNDb1ftwna9/npElTvZOBy4cwQQNspX0xFSMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BClVlxJVF/fngqoDUUYYoAQgsA180IMsdoUg7wbRh29Q42YTR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 NdRm5qBVjszBbHzx98CCgUFThFHOaITrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBODtMJkSpTdLyjbBAOx9aZvCX7/L9ZlT2zJYasVmQ6yPN 5NHMGMHgBLoXhpGKgpMDK8EwdiovSnDcQREi1KFnP9ii4TU5FMoi+W8WDbPQfSVQe1Fk0Deo XjJl0zbKBwHMN2UyRKe72mhwOTImEvTSI8UUbG16PNuqFmS3XAITg0bU0Ohpvu0gVL4XMhQQ 3H44QJ38/J0rhbyCICgAVvo+xZooyLwRfJSD8M82R6x0JHI3FmiGTEYE2NxUdgp4ZpeqSMR6 neFmNbgBDpKubKTSG6A+rr8kQ5eKRT5PkdZO3ZaEFJtD83L5dhq00mRFooL/Lud04WtcQwc1 Qxmu8TXa187qccQn5u28lnc695HjsiYF1Vljuk7s4/M0++YWGJHT9HwgbQ4xawZRGp8crVnl CJZ8yR5xLtWZaxhbATXHI0w8EiBvp5pygH0j191BIUG/D+w4XOldo04yGggeBwzaZ5fJ2KxP R67VeZtCHl7ZiXCgUhfONrZNijX5fK4SYSNug78MLKinaSdhCfYpXozNCZ8LkjmkVQ2kLFXB HtoWZ3EMJruMow+lGDeb75EidcDn3lirUuOG8yT50n5gNK2OS7EIZ9YYQDmRr1os8u5TPD9r ow32z2ikUsPCYUTo0D/rOYuELz9BSFrXM+t850OKLfrz8gPMDhJNsI9CIgJI+RN95m5XM+Rl p1kckMHmlf5m1PdLgCGNiJqZL/1BM4tpnMnJy08e12v3iF7M4qo6a4ecboxfKUmq7M/naIlE aFddpXSGOlLRxTG5y8ZMcv3ort9eUn5ngmJJSekPmQyJsYyWwzT99b4VQLz7y1SXDGvvM4zr uT4hAPWSJYOXSp4C8PSZK79xl+9pyFFyulzQ1HJMp9Yf0C1qNpmLCn4j/kWJcAQKEqcmmvGh ljOWRpB/LvDuY449tXNlJuolYbxHrssBFdeEkna8a2yaXvQ8F28zNISS+2PZz3cCj/5of3we eVPwvjgG/Qbh1IW4ZFkGrNmwK9itdvio7hWklZtEHnRNgn5D7phJj+N3NVVt70Lzbhc4FPkV kWK89hcGLOIJMK6TwJBeFt7NryOhaMOhz3fzfUpO0GrtiZ48Y2OXVhWIxTR2jdWK6F4Md99z Oos0CLMB9dTVvb+3g66sx1p IronPort-HdrOrdr: A9a23:sd3wVq77AfoDKrWokQPXwYWCI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhIk3I6urwRZVoIEmsv6KdhLN+AV7MZniBhILFFvAA0WKm+UyaJ8SczJ8R6U 4DSdkGNDSYNzET5qyagDVQUexQuOVvm5rY4Ns2uk0dKj2CHJsQizuRZDzrcHFedU1jP94UBZ Cc7s1Iq36LYnIMdPm2AXEDQqzqu8DLvIiOW29IOzcXrC21yR+44r/zFBaVmj0EVSlU/Lsk+W /Z1yTk+6SYte2hwBO07R6c030Woqqh9jJwPr3OtiEnEESvtu9uXvUlZ1S2hkF0nAho0idvrD CDmWZmAy050QKsQoj8m2qT5+Cn6kdj11bSjWaCh33tuMr4Qy9/JfZgqOtiA13kwntlhcp71q 1T2WKfqt5wNjPv2ArAx/WgbWAyqqKTyUBSytL7S0YvCbc2eftfq5cS81hSF4pFFCXm6Jo/GO 0rF83E4u1KGGnqJkwxk1Mft+BEZE5DaCtug3JyyfC9wnxThjR03kEYzMsQkjMJ8488UYBN46 DBPr5znL9DQ8cKZeYlbd1xCvefGyjIW1bBIWiSKVPoGOUOPG/MsYf+5PEw6PuxcJIFwZMukN DKUU9et2Q1Z0XyYPf+lKFj41TIWiGwTD7twsZR69xwvaD9XqPiNWmZRFUng6Kb0oEi6w3gKo OO0b5tco7exFrVaPR0NlfFKudvwFElIb0ohuo= X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="62981611" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 2/9] x86/spec-ctrl: Drop use_spec_ctrl boolean Date: Fri, 28 Jan 2022 13:29:20 +0000 Message-ID: <20220128132927.14997-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Several bugfixes have reduced the utility of this variable from it's original purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. Simplify the logic by drop the variable, and doubling up the setting of SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is still necessary for the VMExit case. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/spec_ctrl.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c18cc8aa493a..8a550d0a0902 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; + bool ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - use_spec_ctrl = true; + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } if ( opt_msr_sc_hvm ) { - use_spec_ctrl = true; + /* + * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, + * Xen's value is not restored atomically. An early NMI hitting + * the VMExit path needs to restore Xen's value for safety. + */ + default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - if ( use_spec_ctrl ) - default_spec_ctrl_flags |= SCF_ist_wrmsr; - if ( ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } From patchwork Fri Jan 28 13:29:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728562 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E762C4321E for ; Fri, 28 Jan 2022 13:30:15 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.262005.454054 (Exim 4.92) (envelope-from ) id 1nDRKI-0005qX-In; Fri, 28 Jan 2022 13:30:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 262005.454054; Fri, 28 Jan 2022 13:30:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKH-0005n4-Uo; Fri, 28 Jan 2022 13:30:05 +0000 Received: by outflank-mailman (input) for mailman id 262005; Fri, 28 Jan 2022 13:30:03 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKF-0003aQ-CC for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:30:03 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 643f205f-803e-11ec-8eb8-a37418f5ba1a; Fri, 28 Jan 2022 14:30:02 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 643f205f-803e-11ec-8eb8-a37418f5ba1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376602; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=t6iCnuYTls+XD79sW/8eHyY+U8ganRSf8XKq7YRN4Wo=; b=FqsGyB9YP+WYwF2z8majI4Xpg+t2hXyTp2syWNeXy4WE7aUhutheXYHh iO9a3ZWA+6t8QBcnlKNqRMON47EMKSRVU1bSvLGGtC7vYFJh2TocSntsX Kqi/J0xxKg7PnYB/OWrejtpPP4PJVf0CC0Kz44vXOYNmRIicaoCH1/EIQ s=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: eq9F1gEdjVwvXnb+IkQkrTTt4fihRtJPQJyTvKaw2O0zXGKkdoliOf6Dg60C3IyOs1oFHaXCTV wHxIJ6aH7RGdjpCMA1E02wm0lYqysFzgpgIzvGNQAHJ0tEa6o0EW+Y6tWmHN6GemLLdtHp4wuj QUf4suFzp+ezY4w9ZueSoAdleylcSh0k9OC2B3gUSHRyry5oVLi0Ljp33vZOdnxBXV5NUzBY6v 0s92tMjpjDvYTjxEZmYkMylnNlvkMnwuqCr60xoh419jCDt24LEHs5fTClSMfJcNERT1f9Z1QG soqNN4sEa0Mwn3gwNIxwEQnZ X-SBRS: 5.2 X-MesageID: 62981614 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:NMqtr6BFMVRdwxVW//3kw5YqxClBgxIJ4kV8jS/XYbTApG8jhDQFz GoYCD/TPf6CYjP3fIgjbt7i8RtVvJfdztIxQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WL6s1hxZH1c+En9400I7x4bVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/iSmnmeFu9 M92qaPvchhwIvCRqN0ZXEwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTY+9gnMk8auLsO5sSoCpIxjDFF/c2B5vERs0m4PcGhmZg354XQZ4yY eIyVwZNcD7KbiFiI1UyNJkDmcTzo0XWJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tmSyq 3/C/m/5KgoHL9HZwj2Amlq8i+mKkS7lVYY6ELyj6uUskFCV3nYUChAdSR28u/bRt6Klc4sBc QpOoHNo9PVsshzwJjXgY/GmiHyYkBgtROZKKPEFtzqSk7aJvjagAmdRG1atd+canMMxQDUr0 HqAkNXoGSFjvdWpdJ6NyluHhWjsYHZIdAfucQdBFFJYuIe7/OnfmzqSFo4LLUKjsjHi9dgcK RiupTN2ubgchNVjO06TrQGe2GLESnQko2cICuTrsoCNs1sRiG2NPdXABb3nARBodtvxor6p5 yBspiRmxLpSZaxhbQTUKAn3IJmn5uyeLBrXikN1Ep8q+lyFoiD/JtoLuGogeR80Y67onAMFh meJ52u9A7cIZBOXgVJfOdrtW6zGM4C+fTgaahwkRoUXOcUgHON21CpveVSRzwjQfLsEyskC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eJ1mkgWmD2CLbimn0XP+efPPxa9FOZaWGZim8hktstoVi2Pr YYGXyZLoj0CONDDjt7/qN5KcgtSfCFlXPgbaaV/L4a+H+avI0l5Y9e5/F/rU9UNc319mria8 3ejdFVfzVaj13TLJR/TMiJoaa/1XIY5pnU+ZHR+MVGt0nklQICu8KZAKMdnIeh5rLRunaxuU v0IW8ScGfATGD7JzCsQMMvmp4t4eRX12Q/XZ3i5YCIydoJLThDS/oO2ZRPm8SQDV3LltcY3r 7C6+BncRJ4PG1ZrAMrMMar9xFKtp3kN3ul1WhKQcNVUfUzt9qlsKjDw0aBrc51dd02by2LDh QiMABoeqe3cmKMP8YHE1fKesoOkM+piBU4GTWPV2qm7aHvB9W25zI4eDOvRJWLBVHn58bmJb PlOy62uK+UOmVtHvtYuE7tvyq5itdLjq6UDk1ZhFXTPKV+qFqlhMj+N2swW7v9BwbpQuA2XX EOT+4YFZeXVaZ29SFNBdhA4aumj1O0PnmiA5Ps4F0z2+Str8efVSk5VJRSN1HRQIbYd3FnJG gv9VBr6MzCCtyc= IronPort-HdrOrdr: A9a23:KkiAhqiprt2+NGHydZt9iSxpNHBQX5d23DAbv31ZSRFFG/FwyP rAoB1L73PJYWgqNU3IwerwQpVoMkmsiKKdgLNhd4tKOTOJhILGFvAF0WKP+UyCJ8S6zJ8n6U 4CSdkyNDSTNykCsS+S2mDReLxAoOVvsprY/ds2pE0dKD2CHpsQiDuRfTzrdnGeKjM2Z6YRJd 653I5qtjCgcXMYYoCQHX8eRdXOoNXNidbPfQMGLwRP0njAsRqYrJrBVzSI1BYXVD1ChZ0493 LergD/7qK/99mm1x7n0XPJ5Zg+oqqu9jIDPr3MtiEmEESutu+aXvUiZ1REhkFxnAib0idrrD ALmWZlAy080QKXQoj/m2qQ5+Cp6kdQ15al8y7VvVLT5fXjQjQ0EsxAgp8cXCf4xiMbzZdB+Z MO5nmesZVPCxPGgWDa3PjnEz9Xtmfcmwt6rQY050YvCrf2rIUh9bA37QdbFowNEzn9751iGO 5yDNvE7PITal+CaWvF11MfieBEc05DaStueHJyzPB9EgIm70xR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY/vY1a9Ci7kISaXOxDqBasHM3XCp9r+56g0/vijfNgNwIEpkJ rMXVtEvSo5el7oC8eJwJpXmyq9CFmVTHDo0IVT9pJ5srrzSP7iNjCCUkknl4+6r/AWEqTgKo KO0VJtcorexEfVaPd0NjzFKutvwCMlIbMoU/4AKiKznv4= X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="62981614" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 3/9] x86/spec-ctrl: Introduce new has_spec_ctrl boolean Date: Fri, 28 Jan 2022 13:29:21 +0000 Message-ID: <20220128132927.14997-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. Reword the comment above the Intel specific alternatives block to highlight that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS out because it will want to be common. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8a550d0a0902..2072daf66245 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) void __init init_speculation_mitigations(void) { enum ind_thunk thunk = THUNK_DEFAULT; - bool ibrs = false, hw_smt_enabled; + bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; uint64_t caps = 0; @@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); + has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. @@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) */ else if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } /* Without compiler thunk support, use IBRS if available. */ - else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + else if ( has_spec_ctrl ) ibrs = true; } @@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) else if ( thunk == THUNK_JMP ) setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); - /* - * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up - * the alternatives blocks so we can virtualise support for guests. - */ + /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) { if ( opt_msr_sc_pv ) @@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) default_spec_ctrl_flags |= SCF_ist_wrmsr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } - - if ( ibrs ) - default_xen_spec_ctrl |= SPEC_CTRL_IBRS; } + /* If we have IBRS available, see whether we should use it. */ + if ( has_spec_ctrl && ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + /* If we have SSBD available, see whether we should use it. */ if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; @@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) * boot won't have any other code running in a position to mount an * attack. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( has_spec_ctrl ) { bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; From patchwork Fri Jan 28 13:29:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728558 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D0CD6C433EF for ; Fri, 28 Jan 2022 13:30:13 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.262003.454036 (Exim 4.92) (envelope-from ) id 1nDRKG-0005Pi-AH; Fri, 28 Jan 2022 13:30:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 262003.454036; Fri, 28 Jan 2022 13:30:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKF-0005ON-Vf; Fri, 28 Jan 2022 13:30:03 +0000 Received: by outflank-mailman (input) for mailman id 262003; Fri, 28 Jan 2022 13:30:02 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKE-0003aP-1Z for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:30:02 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 64628690-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:30:00 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 64628690-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376600; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=553IIZvT2PCyQvNhYbatU6CdNT8wA+Ucg/LmMu9hXmw=; b=I7ALQtFHwQ+VNcQ3IP1mAOs7isbeKqk1v7f5N0/I5X5NTJJDzkTkFuug Hm62Ghhu+hFTHo8bZ8oKSMOipWAWhxTaw5W7ZzGD691z/UHplrG7pXslL y1eeMGKwNSLThztMWnp7OBHBmHSYA6r5Klgq5RE+3wgQhVguOAVAW7POI 4=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: nZ2cejdBDX8oMSUGjR2N26zF1FbjTVo929lAUx01Xqwm40ANi85U1Sd2OlG6+iBkFwctGmOwIX 4eFkYH9kRi3ubfR1/L20YXM5ak6/TL4AsGLfxWHGQb+RZNaQUfgjCa0HduBirFHMaWEla9c/sX 7FecPSCerunJ5OtARsar6l/acMC4x9UZDtjPzSX9G/7zGWKazlX/Hu7k2nQ1pgNLjazthIvvKv RynbwNibEZba6bMNg/01U5SoLYMWKL+Oo7ta/qMVcFE/62kd51a5xZ/2AT07ani7m3yp2G8roU 5NRcXPAX9kczz0JZSiLjSYkI X-SBRS: 5.2 X-MesageID: 65159876 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:YLCM+qKiRBYYAj4uFE+RBZIlxSXFcZb7ZxGr2PjKsXjdYENS1jIOm GtMCzrSMvveazanL40kady3oU9UuMODyIM2SQBlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUakideSc+EH170Us5y7Zl6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB21xYxhl NcdjqadTA4ZboDIlP0ncBxxRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsFFgMg5IdatF4QYonx6lhnSDOo8QICFSKLPjTNd9Glt350fTamAD yYfQRFkShHxWkF/A2wON81jjr/v33zAKDIN/Tp5ooJoujOOnWSdyoPFL979atGMA8JPkS6wh EjL4mD4CREyL8GExHyO9XfErv/Cm2b3VZwfEJW89+V2mxuDy2oLEhoUWFCn5/6jhSaDt8l3c hJOvHB09O5rqRLtHoKVswCETGCsgkRAS4ZSQ9YAxQSE+vr55wqAPEsBZ2sUADA5j/MeSTsv3 16PutrmAz1zrbGYIU6gGqeoQSCaYnZMczJbDcMQZU5cuoS4/tlv5v7aZos7SMaIYsvJ9SYcK txghAw3nP0tgMECzM1XFniX0mv39vAlouPYjzg7v15JDCskPOZJhKTysDA3CMqsyq7DEzFtW 1Bfw6CjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I9wLumomfxk0aptVEdMMX KM1kVkPjHO0FCDyBZKbnqrrU5h6pUQePYqNug/ogipmPcEqKV7vENBGbk+MxWH9+HXAYolkU ap3hf2EVC5AYYw+lWLeb75EjdcDm35irUuOG8GT50n3gNK2OS/OIZ9YYQTmUwzMxP7eyOkj2 4wBZ5LiJtQ2eLCWXxQ7BqZKfQlVdiBqXM6vwyGVH8baSjdb9KgaI6e56dscl0ZNxsy5T8/Eo SOwXFF20l36iSGVIAmGcCk7OrjuQYx+vTQwOil1ZQSk3H0qYICO6qYDdsRoIel7pbI7lfMkH eMYf8igA+hUTmiV8ToqcpSg/pdpcw6mhFzSMnP9MiQ/ZZNpWyfA5sTgIln07CALAyfu7Zk+r rSs2xn1W50GQwg+Xs/aZOj2lwG6vGQHmfI0VEzNe4EBdELp+YlsCirwkv5ofJ1cdUSdnmOXj l/EDw0ZqO/Bp54O3OPI3a3U/Z20F+ZeH1ZBGzWJ57iBKiSHrHGoxpVNUbjUcGmFBn/04qire c5c0+r4bK8chF9PvodxT+RrwKY564e9rrNW1F05TnDCblDtAbJ8OHiWm8JIs/QVlLNevAK3X GOJ+8VbZurVaJ+0TgZJKVp3dPmH2NEVhiLWvKY8L0jN7SNq+KaKDBdJNB6WhS0BdLZ4PevJG wv6VBL6P+BnticXDw== IronPort-HdrOrdr: A9a23:M1DKyq7R8dQWyi6gyQPXwPLXdLJyesId70hD6qhwISY1TiX+rb HXoB17726MtN9/YgBCpTntAsa9qDbnhPpICOoqTNGftWvdyQmVxehZhOOIqVCNJ8S9zJ876U 4JSdkENDSaNzhHZKjBjjVQa+xQpeW6zA== X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="65159876" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 4/9] x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 Date: Fri, 28 Jan 2022 13:29:22 +0000 Message-ID: <20220128132927.14997-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 'idle' here refers to hlt/mwait. The S3 path isn't an idle path - it is a platform reset. Conditionally clearing IBRS and flushing the store buffers on the way down is a waste of time. Furthermore, we want to load default_xen_mcu_opt_ctrl unilaterally on the way back up. Currently it happens as a side effect of X86_FEATURE_SC_MSR_IDLE or the next return-to-guest, but that's fragile behaviour. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * New --- xen/arch/x86/acpi/power.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 31a56f02d083..ea2bd8bbfe93 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -248,7 +248,6 @@ static int enter_state(u32 state) error = 0; ci = get_cpu_info(); - spec_ctrl_enter_idle(ci); /* Avoid NMI/#MC using MSR_SPEC_CTRL until we've reloaded microcode. */ ci->spec_ctrl_flags &= ~SCF_ist_wrmsr; @@ -295,7 +294,9 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - spec_ctrl_exit_idle(ci); + + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_mcu_opt_ctrl); if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); From patchwork Fri Jan 28 13:29:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728564 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6184FC43219 for ; Fri, 28 Jan 2022 13:30:15 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.262001.454018 (Exim 4.92) (envelope-from ) id 1nDRKE-0004pH-3b; Fri, 28 Jan 2022 13:30:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 262001.454018; Fri, 28 Jan 2022 13:30:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKD-0004nH-Ra; Fri, 28 Jan 2022 13:30:01 +0000 Received: by outflank-mailman (input) for mailman id 262001; Fri, 28 Jan 2022 13:30:00 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKC-0003aP-Ie for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:30:00 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6283387f-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:29:59 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6283387f-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376599; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=V5QZW2Bs84NfBUe+2j/Budm0/aQ7grq2jkQ+o08Coys=; b=J3QdAb26kqT0SMn/G+8k7DuPS+hotXUiBm8HvJIXjyusUG+n91+lM3sY qMaBrl4ODLsgqbkLcIuFS1Zkkr4yeiJR5w4Dr2rfeV5cpm2JEd9MYu5pZ pXozMuPelGx3V36qXhUnUqVSS1JLGmftG6MMep5ubpSl7Snr0GrwokjL+ s=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: HgZBql8NadecAkZRh9kU3dOiFqljkeok9L6c0uF+PbwOJ902ssS3Moyl2CwDT8rgTQbVgE57ex twrqFha3FQ0kWvbYb0l2OICDxk0vr9p+ESA09HX6CHh/lCcMa0GljxSR/kBo/PZMtRwwbx1ykc /NvcloUOugS15XvwrB2eSESa9j4b7UrdxV5M3Zab+00HM3Ow5MO4ICwwxroMlvI2m4vLc7aYEv kKHiq+c09csIC2uf07UTcyDXQ4l9+95a1u8tm4OSZlrqu+XZLZ+7uB9joaJJii03qG5WpB3Juz VbARZSYpu18XTrL7Bwn86aZl X-SBRS: 5.2 X-MesageID: 65159875 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:oBcQtquucxObIzWasP7sRiDEz+fnVIJZMUV32f8akzHdYApBsoF/q tZmKTqBaKqCNzShKdl/ao23/RgEvZPXyIUwSANoqnwyQX4b+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZQP0VOZigHtIQMsadUsxKbVIiGHdJZS5LwbZj2NYx24jhX2thh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ NplicbsWVsrbpb2teEUY0l1Fy1nB45D0eqSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DFYUToHx/ixreCu4rW8vrSKTW/95Imjw3g6iiGN6AO pNEOGowMXwsZTVEIHMJM8olmd7wmyn9dS9X9HCzvLEOtj27IAtZj+G2bYu9lsaxbdpRtlaVo CTB5WuRKjMwOcGbyDGF2mmxneKJliT+MKoCGbv9+vN0jVm7wm0IFAZQRVa9ueO+iEO1R5RYM UN8x8Y1hfFsrgrxFIC7BkDm5i7f1vIBZzZOO9FgtBHRyPrv2SucD1hUYzpNceYFseZjEFTGy WS1t9/uADVutpicRnSc6qqYoFuOBMQFEYMRTXRaFFVYurEPtKl210uSFYg7TMZZm/WoQWmY/ tyckMQpa1z/Z+Yv3r7zw13IiinESnPhHl9svVW/so5IA2pEiG+Zi26AtACzARVodt/xory9U J4swZX2AAcmVsnlqcB1aL9RdIxFHt7cWNEmvXZhHoM66xOm8GO5cIZb7VlWfRk1aZxfIWS3P ReO6Gu9AaO/2lPwM8ebhKrqU6wXIVXIT4y5Bpg4kPIQCnSOSON31H43PhPBt4wcuEMtjbs+K f+mnTWEVh4n5VBc5GPuHY81iOZzrghnnD+7bc2lk3yPjOTPDFbIGeZtGAbfNYgRsfLbyDg5B v4CbaNmPT0FDr2nCsQWmKZORW03wY8TXMCv9JcPJ7fde2KL2ggJUpfs/F/oQKQ994w9qwsC1 ijVtpZwxAWtiHvZBx+Nb3w/OrrjUYwm9SAwPDA2PEbu0H8mON794KAafpoxXL8m6O08kqIkE 6hbI52NUqZVVzDK2zUBdp2h/oZsQwum2FCVNC2/bTlhI5M5H17V+sXpdxfE/TUVCnblrtM3p rCtj1uJQZcKSwl4ItzRbfajkwG4sXQHwbogVErUONhDPk7r9dEyeSD2i/Y2JeAKKAnCmWTGh 1rHX09AqLCU8YEv8dTPiaSVlKuTErNzThhAAm3WzbeqLi2GrGCt9pBNDbSTdjfHWWKqpKj7P bdJz+vxOeEslUpRt9YuCK5iyK8z6oe9p7JeyQg4TnzHY07yV+FlK3iCm8JOqrdM1vlSvg7vA hCD/dxTOLOoPsL5EQFOeFp5P7rbjfxEyCPP6fkVIVnh4H4l9bWKZkxeIh2QhXEPN7ByKo4kn b8stcN+B9ZTUfb23gJqVhxpylk= IronPort-HdrOrdr: A9a23:Rni1867f/WSA/Pdi0gPXwPDXdLJyesId70hD6qhwISY6TiX+rb HWoB17726TtN9/YhEdcLy7VJVoBEmskKKdgrNhWotKPjOW21dARbsKheCJrgEIWReOktK1vZ 0QC5SWY+eQMbEVt6nHCXGDYrQd/OU= X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="65159875" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 5/9] x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL Date: Fri, 28 Jan 2022 13:29:23 +0000 Message-ID: <20220128132927.14997-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 In some cases, writes to MSR_SPEC_CTRL do not have interesting side effects, and we should implement lazy context switching like we do with other MSRs. In the short term, this will be used by the SVM infrastructure, but I expect to extend it to other contexts in due course. Introduce cpu_info.last_spec_ctrl for the purpose, and cache writes made from the boot/resume paths. The value can't live in regular per-cpu data when it is eventually used for PV guests when XPTI might be active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * New --- xen/arch/x86/acpi/power.c | 3 +++ xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 4 ++++ xen/arch/x86/setup.c | 5 ++++- xen/arch/x86/smpboot.c | 5 +++++ xen/arch/x86/spec_ctrl.c | 10 +++++++--- 6 files changed, 24 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index ea2bd8bbfe93..5f2ec74f744a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -296,7 +296,10 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_mcu_opt_ctrl); + ci->last_spec_ctrl = default_xen_mcu_opt_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index cfbedc31983f..dc0edd9ed07d 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -56,6 +56,7 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; + uint8_t last_spec_ctrl; uint8_t spec_ctrl_flags; /* @@ -73,7 +74,6 @@ struct cpu_info { */ bool use_pv_cr3; - unsigned long __pad; /* get_stack_bottom() must be 16-byte aligned */ }; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index bf82528a12ae..9c0c7622c41f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -67,6 +67,10 @@ * steps 2 and 6 will restore the shadow value rather than leaving Xen's value * loaded and corrupting the value used in guest context. * + * Additionally, in some cases it is safe to skip writes to MSR_SPEC_CTRL when + * we don't require any of the side effects of an identical write. Maintain a + * per-cpu last_spec_ctrl value for this purpose. + * * The following ASM fragments implement this algorithm. See their local * comments for further details. * - SPEC_CTRL_ENTRY_FROM_PV diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index e716005145d3..115f8f651734 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1930,9 +1930,12 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow; + struct cpu_info *info = get_cpu_info(); + + info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; } /* Jump to the 1:1 virtual mappings of cpu0_stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 08c0f2d9df04..1cfdf96207d4 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -323,6 +323,8 @@ static void set_cpu_sibling_map(unsigned int cpu) void start_secondary(void *unused) { + struct cpu_info *info = get_cpu_info(); + /* * Dont put anything before smp_callin(), SMP booting is so fragile that we * want to limit the things done here to the most necessary things. @@ -379,7 +381,10 @@ void start_secondary(void *unused) * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + info->last_spec_ctrl = default_xen_spec_ctrl; + } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2072daf66245..b2fd86ebe587 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -1270,6 +1270,9 @@ void __init init_speculation_mitigations(void) */ if ( has_spec_ctrl ) { + struct cpu_info *info = get_cpu_info(); + unsigned int val; + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; /* @@ -1278,15 +1281,16 @@ void __init init_speculation_mitigations(void) */ if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->shadow_spec_ctrl = 0; barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); } - wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + val = bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; + + wrmsrl(MSR_SPEC_CTRL, val); + info->last_spec_ctrl = val; } if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) From patchwork Fri Jan 28 13:29:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6C9C5C4167E for ; Fri, 28 Jan 2022 13:30:16 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.261999.454002 (Exim 4.92) (envelope-from ) id 1nDRKB-0004NW-7A; Fri, 28 Jan 2022 13:29:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 261999.454002; Fri, 28 Jan 2022 13:29:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRKB-0004NO-3H; Fri, 28 Jan 2022 13:29:59 +0000 Received: by outflank-mailman (input) for mailman id 261999; Fri, 28 Jan 2022 13:29:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK9-0003aP-Vq for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:29:58 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6219c91d-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:29:56 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6219c91d-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376596; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hm+gxomiwqPtSbO++1a7+fTXxiF/vy04zpwJNsO/xyU=; b=iiHMWh8x+fZ++mhQgNKWIN1JvF1UFQgOhfO9ccZKnhZ6LLwVJqFGhX3A qZz1b+tuRBcJFWDP6Csob4LhGQb6uUCfOedzWcDZ1OTTvoNCYcBh6zhP1 NDcDa5pJDXzIyxWn/gA9TxVrgw7k+Tbl2uuigLYD90esCo2NX2w2SiQs8 Y=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: jPGUa2TrV17ggrERpM+dg0CCxN0dhruUtmk/lgIakaUxAW4C1PEEEzVOPTbIbomG3sbreaCWPy tQ6rkwBpNPicB1F0eBRR/jIg5MWjvXIP3zdUzwYiCILjmSpj+CjkvVkWfaz+Vuw4Mqykq5Sb21 PWPlWR+RIQ6ErPg6xsTICgMh8rm17tW/oW8PDVNw+KnwlUx/TlG6To6Of4BcYE9tCeeftVSGyk 6EGgTdZYNU+C14vBjkmIDOLANlM7gIY9tv1DF1MUQ3N7wsP+WbJEBiuDxnq0aQnx+2bfbgsykd +9NPqUkAIkFgCRHu663NFSHw X-SBRS: 5.2 X-MesageID: 63388633 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:h7wr9KBO96052hVW//3kw5YqxClBgxIJ4kV8jS/XYbTApD0k0DwHy jQZDzjUbviNa2H2LdF/YIzl80pS7ZODnN5rQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMo/u1Si6FatANl1ElvU2zbue6WL6s1hxZH1c+En9400I7x4bVv6Yz6TSHK1LV0 T/Ni5W31G+Ng1aY5UpNtspvADs21BjDkGtwUm4WPJinj3eH/5UhN7oNJLnZEpfNatI88thW5 Qr05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkQLb9crSiEai84G2PQghUh/jhGYmIBDz tt09rvqUjcPI6PsmuNBTEwNe81+FfUuFL7vJHG+tYqYzlHccmuqyPJrZK00FdRGoKAtWzgIr KFGbmBWBvyAr7veLLaTY+9gnMk8auLsO5sSoCpIxjDFF/c2B5vERs0m4PcGh2xg1p4VRp4yY eJHMR5vMyrwPSdBO3EHOoxgrfu3uHjgJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tmSyq 3/C/m/5KgoHL9HZwj2Amlq8i+mKkS7lVYY6ELyj6uUskFCV3nYUChAdSR28u/bRt6Klc4sBc QpOoHNo9PVsshzwJjXgY/GmiHugrxlMadxeKq4dshq97LfawwSeWndRG1atd+canMMxQDUr0 HqAkNXoGSFjvdWpdJ6NyluHhWjsYHZIdAfucQdBFFJYuIe7/OnfmzqSFo4LLUKjsjHi9dgcK RiupTN2ubgchNVjO06TrQGe2GLESnQko2cICuTrsoCNs1sRiG2NPdXABb3nARBodtvxor6p5 yBspiRmxLpSZaxhbQTUKAn3IJmn5uyeLBrXikN1Ep8q+lyFoiD/JtoLuGogeR80Y67onAMFh meJ52u9A7cIZBOXgVJfOdrtW6zGM4C+fTgaahwkRoUXOcUgHON21CpveVSRzwjQfLsEyskC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eJ1mkgWmD2CLbimn0XP+efPPxa9FOZaWGZim8hktstoVi2Pr YYGXyZLoj0CONDDjt7/qN5KcgtSfCFlXPgbaaV/L4a+H+avI0l5Y9e5/F/rU9UNc319mria8 3ejdFVfzVaj13TLJR/TMiJoaa/1XIY5pnU+ZHR+MVGt0nklQICu8KZAKMdnIeh5rLRunaxuU v0IW8ScGfATGD7JzCsQMMvmp4t4eRX12Q/XZ3i5YCIydoJLThDS/oO2ZRPm8SQDV3LltcY3r 7C6+BncRJ4PG1ZrAMrMMar9xFKtp3kN3ul1WhKQcNVUfUzt9qlsKjDw0aBrc51dd02by2LDh QiMABoeqe3cmKMP8YHE1fKesoOkM+piBU4GTWPV2qm7aHvB9W25zI4eDOvRJWLBVHn58bmJb PlOy62uK+UOmVtHvtYuE7tvyq5itdLjq6UDk1ZhFXTPKV+qFqlhMj+N2swW7v9BwbpQuA2XX EOT+4YFZeXVaZ29SFNBdhA4aumj1O0PnmiA5Ps4F0z2+Str8efVSk5VJRSN1HRQIbYd3FnJG gv9VBr6MzCCtyc= IronPort-HdrOrdr: A9a23:lZsfS6sogAMf7DAH0JSoAQYi7skCO4Aji2hC6mlwRA09TyXGra +TdaUguSMc1gx9ZJh5o6H7BEDyewKgyXcV2/haAV7GZmfbUQSTXedfBOfZsl7d8mjFh5VgPM RbAuVD4b/LfCFHZK/BiWHSebdB/DDEytHRuQ609QYJcegeUdAG0+4PMHf+LqQZfnglObMJUL 6nouZXrTupfnoaKu6hAGMeYuTFr9rX0Lr7fB8vHXccmUazpALtzIS/PwmT3x8YXT8K66wl63 L5nwvw4bjmm+2nyyXby3TY4/1t6ZXcI5p4dY2xY/ouW3bRYzWTFcZcsnq5zXUISdSUmRYXeR /30lMd1opImjTslyqO0GfQMkHboUkTAjnZuBOlqEqmmNf+Qj0iDcpHmMZ2Tjv1gnBQ+u1U4e ZzxGSeuINQDRTc2ALHx/aNeS1LuyOP0CMfech6tQ0FbWLbUs4IkaUPuExSC5sOByT89cQuF/ RvFtjV4LJMfUqddG2xhBgn/DWAZAVFIv69eDl1hiVV6UkkoFlpi08DgMAPlHYJ85wwD5FC+u TfK6xt0LVDVNUfY65xDPoIBZLfMB2HfTvcdGaJZVj3HqAOPHzA75bx/bUu/emvPJgF1oE7lp jNWE5R8WQyZ0XtA8uT24AjyGGEfEytGTD2js1O7ZlwvbPxALLtLC2YUVgr19Ctpv0Oa/erL8 pb+KgmdsMLAVGeaLqh7jeOKaW6c0NuLvH9kuxLK26zng== X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="63388633" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 6/9] x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD Date: Fri, 28 Jan 2022 13:29:24 +0000 Message-ID: <20220128132927.14997-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Currently, amd_init_ssbd() works by being the only write to MSR_SPEC_CTRL in the system. This ceases to be true when using the common logic. Include AMD MSR_SPEC_CTRL in has_spec_ctrl to activate the common paths, and introduce an AMD specific block to control alternatives. Also update the boot/resume paths to configure default_xen_spec_ctrl. svm.h needs an adjustment to remove a dependency on include order. For now, only active alternatives for HVM - PV will require more work. No functional change, as no alternatives are defined yet for HVM yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * Fix build in some PV Shim configurations * Adjust boot/resume paths too * Adjust commit message after rearranging in the series * Fix typo in comment --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/include/asm/hvm/svm/svm.h | 3 +++ xen/arch/x86/smpboot.c | 2 +- xen/arch/x86/spec_ctrl.c | 26 ++++++++++++++++++++++++-- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 5f2ec74f744a..0eae29b5687a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,7 +295,7 @@ static int enter_state(u32 state) /* Re-enabled default NMI/#MC use of MSR_SPEC_CTRL. */ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_mcu_opt_ctrl); ci->last_spec_ctrl = default_xen_mcu_opt_ctrl; diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index f87484b7ce61..a8e37dbb1f5c 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -693,7 +693,7 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) return; if (cpu_has_amd_ssbd) { - wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + /* Handled by common MSR_SPEC_CTRL logic */ return; } diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h b/xen/arch/x86/include/asm/hvm/svm/svm.h index 05e968502694..09c32044ec8a 100644 --- a/xen/arch/x86/include/asm/hvm/svm/svm.h +++ b/xen/arch/x86/include/asm/hvm/svm/svm.h @@ -45,6 +45,9 @@ static inline void svm_invlpga(unsigned long linear, uint32_t asid) "a" (linear), "c" (asid)); } +struct cpu_user_regs; +struct vcpu; + unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr); void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len); void svm_update_guest_cr(struct vcpu *, unsigned int cr, unsigned int flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 1cfdf96207d4..22ae4c1b2de9 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -380,7 +380,7 @@ void start_secondary(void *unused) * settings. Note: These MSRs may only become available after loading * microcode. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b2fd86ebe587..c210bb662f84 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -936,7 +937,8 @@ void __init init_speculation_mitigations(void) hw_smt_enabled = check_smt_enabled(); - has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); + has_spec_ctrl = (boot_cpu_has(X86_FEATURE_IBRSB) || + boot_cpu_has(X86_FEATURE_IBRS)); /* * First, disable the use of retpolines if Xen is using shadow stacks, as @@ -1031,12 +1033,32 @@ void __init init_speculation_mitigations(void) } } + /* AMD hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRS) ) + { + /* + * Virtualising MSR_SPEC_CTRL for guests depends on SVM support, which + * on real hardware matches the availability of MSR_SPEC_CTRL in the + * first place. + * + * No need for SCF_ist_wrmsr because Xen's value is restored + * atomically WRT NMIs in the VMExit path. + * + * TODO Adjust cpu_has_svm_spec_ctrl to be configured earlier on boot. + */ + if ( opt_msr_sc_hvm && + (boot_cpu_data.extended_cpuid_level >= 0x8000000a) && + (cpuid_edx(0x8000000a) & (1u << SVM_FEATURE_SPEC_CTRL)) ) + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; /* If we have SSBD available, see whether we should use it. */ - if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + if ( opt_ssbd && (boot_cpu_has(X86_FEATURE_SSBD) || + boot_cpu_has(X86_FEATURE_AMD_SSBD)) ) default_xen_spec_ctrl |= SPEC_CTRL_SSBD; /* From patchwork Fri Jan 28 13:29:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728565 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ED6DBC4167B for ; Fri, 28 Jan 2022 13:30:15 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.261996.453969 (Exim 4.92) (envelope-from ) id 1nDRK7-0003an-4W; Fri, 28 Jan 2022 13:29:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 261996.453969; Fri, 28 Jan 2022 13:29:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK7-0003ag-1U; Fri, 28 Jan 2022 13:29:55 +0000 Received: by outflank-mailman (input) for mailman id 261996; Fri, 28 Jan 2022 13:29:53 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK5-0003aP-69 for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:29:53 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5d225354-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:29:49 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5d225354-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376589; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1M4Vs3hW9Vi1gMrvvAtCAVzuVssJwllF6xsNbufR8lA=; b=a2ueQnQGDAenJHwjZfr2P/PeKoztuCYStPTMkY3SBboZkGinKTnv89Ef jlmz99dvTY2S5pYJa7p3JW/an5qy3c31Gm7Fnx0rinNwB/o1A1bJbqhRo KAZp2a7VzPQN+JTQSkcHyAL+GZ0jtAnbJqPlFCB+uyEhC/T+of8cj4Hz1 8=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: SPPmJcLovjZDcJyCVO+NcGfbD4l7jXxKk+deKFReQce1ZqEVGZMihLxhmskFZHOsq/ZL8q5Ull CqRFt7uCFikgYnCBEfNNH3v3kghY664GY3Oa30vRgZDCSGW+eNiztFoRk+he7IAttkRUsc/vHK ljENliwGyYNqUVHvSGYrWz9B+mpVQ8XlYta+p/GsG8ebuWC9o60xvY0zx980QlICmV521fxVC4 ls/lnkrDlls3TIMuktKcO9tpmIZQ/WZ452bwRpv4KF7UDCMPuQ5Ulhz06B1jzt0OqtvOfQfiyg muS1jhjx45fJG7FVciFDrxA/ X-SBRS: 5.2 X-MesageID: 62450234 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:2pdZ/K3CtyCFIp8LaPbD5Qd2kn2cJEfYwER7XKvMYLTBsI5bpzVUm mYbDGDXPvjcamKkLt12bYqzph9TucTRxoRhHFBtpC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCanAZqTNMEn9700o6wb5h3uaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhhPcy1 IUK6qyJT1kXboHwo6MfUTJZHHQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1Er8IvNsT0eqgYvWlt12rxBvc6W5HTBa7N4Le02R9u3JwTRayFO 6L1bxJhQCT6WxlVCGw2BZcBkbeO3lzRaSJH/Qf9Sa0fvDGIkV0ZPKLWGMXRUsyHQ4NShEnwj kDs8nn9AxoaHMeC0jfD+XWp7sffkCW+VI8MGbmQ8v9xnEbV1mEVEAcRV1awvb++kEHWZj5EA xVKoGx09/F0rRH1CImmN/GlnJKalgU7GMYAVLIK0QfT9Pr43z3eBGovTzEUPbTKq/QKbTAt0 1aImfbgCjpurKCZRBqhy1uEkd+hEXNLdDFfPEfoWSNAuoC++99r0nojW/4+SPbdszHjJd3nL 9lmRgAajq5bs8ME3r7TEbvv02P1/cihouLYC2zqsoOZAuFROdbNi2+AswGzARN8wGCxFATpU J8swJD20Qz2JcvR/BFhuc1UdF1T296LMSfHnXlkFIQ7+jKm9haLJN4Mu2slfBw3b55ZKFcFh XM/XysLuve/21PxNcdKj3+ZUZx2ncAM6/y7PhwrUja+SscoL1LWlM2fTUWRw3rsgCARfVIXY v+mnTKXJS9CU8xPlWPuL89EiOND7n1gmQv7GM6qpzz6gev2TCPEEt8tbQrRBt3VGYvZ+m05B f4FaZvTo/ieOcWjChTqHXk7dABTciNjVMmo8qS6tIere2JbJY3oMNeJqZtJRmCvt/49ej7g8 i7vV0lG5kD4gHGbewyGZmo6MOHkXIplrGJ9NispZA76138maIepzaEea5poIuV3qL09laZ5H 6sfZsGNIvVTUTCbqT4TWobw8d55fxOxiAPQYyf8OGojf4RtThDi88P/ele97zEHCye67JNso 7Cp2g7Bb4AEQgBuUJTfZP61lgvjtnkBguNiGUDPJ4ALKknr9YFrLQ33j+M2fJ5QeUmSmGPC2 l/PUxkCpOTLr4sky/XzhPiJ/9WzDu9zPktGBG2Hv7y4AjbXozi4yohaXefWIT2EDDHo+L+vb Pl+xu3nNKFVh05DtodxHuo5za864Nez9bZWwh49QSfOZlWvTLhhPmOHzY9EsagUnu1Vvg6/W 0Su/NhGOOrWZJO5QQBJfAd1PP6e0fw0myXJ6aVnKUr30yZ74b6bXBgAJBKLkiFccON4PY5NL T3NYyLKB9hTUiYXD+s= IronPort-HdrOrdr: A9a23:w/Nat6+LrB+eLhKykcZuk+GVdr1zdoMgy1knxilNoENuHfBwxv rDoB1E73LJYW4qKQsdcKO7SdS9qBLnhNRICOwqU4tKMzOW3ldAQLsSjrcKhgeQYBEWldQtmJ uIEZIOceEYZGIS5a2RgWmF+pQbsaG6GcuT9ILjJgJWPGZXgtZbnmNE42igYy9LbTgDIaB8OI uX58JBqTblU28QdN6HCn4MWPWGj8HXlbr9CCR2SCIP2U2rt3eF+bT6Gx+X0lM1SDVU24ov9m DDjkjQ+rijifem0RXRvlWjoai+2eGRi+erNvb8yfT9GQ+cyDpAo74RHoFqiQpF4N1HLmxa1O Uk7S1QePiboEmhAl1d6SGdpDUIlgxep0PK+Bugmn3krtX+RDUmT+R8pa8xSGqe12MQ+Ohm1q RFxmSYsIcSKyjhsmDS2/jkPisaz3ZdhxIZ4LUuZrhkINMjQa4UoooF8ExPFpAcWCr89YA8Ce FrSNrR/fBMbDqhHjnkV0RUsauRt04Ib2G7q4k5y7+o+ikTmGo8w1oTxcQZkHtF/JUhS4Nc7+ CBNqhzjrlBQsIfcKo4XY46MICKI32IRQiJPHOZIFzhGq1CM3XRq4Tv6LFw4O2xYpQHwJY7hZ yEWlJFsmw5fV7oFKS1rdV22wGIRH/4USXmy8lY6ZQ8srrgRKDzOSnGU1wqm9vImYRqPiQaYY fHBHt7OY6TEYLeI/c64+SlYegtFZA3arxkhuoG X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="62450234" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 7/9] x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL Date: Fri, 28 Jan 2022 13:29:25 +0000 Message-ID: <20220128132927.14997-8-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Hardware maintains both host and guest versions of MSR_SPEC_CTRL, but guests run with the logical OR of both values. Therefore, in principle we want to clear Xen's value before entering the guest. However, for migration compatibility, and for performance reasons with SEV-SNP guests, we want the ability to use a nonzero value behind the guest's back. Use vcpu_msrs to hold this value, with the guest value in the VMCB. On the VMEntry path, adjusting MSR_SPEC_CTRL must be done after CLGI so as to be atomic with respect to NMIs/etc. The loading of spec_ctrl_raw into %eax was also stale from the unused old code, so can be dropped too. Implement both pieces of logic as small pieces of C, and alternative the call to get there based on X86_FEATURE_SC_MSR_HVM. The use of double alternative blocks is due to a quirk of the current infrastructure, where call displacements only get fixed up for the first replacement instruction. While adjusting the clobber lists, drop the stale requirements on the VMExit side. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu The RAS[:32] flushing side effect is under reconsideration. It is actually a very awkward side effect in practice, and not applicable to any implementations (that I'm aware of), but for now, it's the documented safe action to take. Furthermore, it avoids complicating the logic with an lfence in the else case for Spectre v1 safety. v2: * Split last_spec_ctrl introduction into earlier patch. * Use STR() rather than __stringify() for brevity. * Use double alt blocks in order to pass function parameters. --- xen/arch/x86/hvm/svm/entry.S | 12 +++++++----- xen/arch/x86/hvm/svm/svm.c | 27 +++++++++++++++++++++++++++ xen/arch/x86/include/asm/msr.h | 9 +++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 3 +++ 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 276215d36aff..190f7095c65c 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -55,11 +55,12 @@ __UNLIKELY_END(nsvm_hap) mov %rsp, %rdi call svm_vmenter_helper - mov VCPU_arch_msrs(%rbx), %rax - mov VCPUMSR_spec_ctrl_raw(%rax), %eax + clgi /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ - /* SPEC_CTRL_EXIT_TO_SVM (nothing currently) */ + /* SPEC_CTRL_EXIT_TO_SVM Req: Clob: C */ + ALTERNATIVE "", STR(mov %rbx, %rdi; mov %rsp, %rsi), X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "", STR(call vmentry_spec_ctrl), X86_FEATURE_SC_MSR_HVM pop %r15 pop %r14 @@ -78,7 +79,6 @@ __UNLIKELY_END(nsvm_hap) pop %rsi pop %rdi - clgi sti vmrun @@ -86,8 +86,10 @@ __UNLIKELY_END(nsvm_hap) GET_CURRENT(bx) - /* SPEC_CTRL_ENTRY_FROM_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: ac */ + /* SPEC_CTRL_ENTRY_FROM_SVM Req: Clob: C */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + ALTERNATIVE "", STR(mov %rsp, %rdi), X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "", STR(call vmexit_spec_ctrl), X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ stgi diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index bb6b8e560a9f..f753bf48c252 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -3086,6 +3086,33 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) vmcb_set_vintr(vmcb, intr); } +/* Called with GIF=0. */ +void vmexit_spec_ctrl(struct cpu_info *info) +{ + unsigned int val = info->xen_spec_ctrl; + + /* + * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] flushing side + * effect. + */ + wrmsr(MSR_SPEC_CTRL, val, 0); + info->last_spec_ctrl = val; +} + +/* Called with GIF=0. */ +void vmentry_spec_ctrl(const struct vcpu *curr, struct cpu_info *info) +{ + unsigned int val = curr->arch.msrs->spec_ctrl.raw; + + if ( val != info->last_spec_ctrl ) + { + wrmsr(MSR_SPEC_CTRL, val, 0); + info->last_spec_ctrl = val; + } + + /* No Spectre v1 concerns. Execution is going to hit VMRUN imminently. */ +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 657a3295613d..ce4fe51afe54 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -297,6 +297,15 @@ struct vcpu_msrs * * For VT-x guests, the guest value is held in the MSR guest load/save * list. + * + * For SVM, the guest value lives in the VMCB, and hardware saves/restores + * the host value automatically. However, guests run with the OR of the + * host and guest value, which allows Xen to set protections behind the + * guest's back. + * + * We must clear/restore Xen's value before/after VMRUN to avoid unduly + * influencing the guest. In order to support "behind the guest's back" + * protections, we load this value (commonly 0) before VMRUN. */ struct { uint32_t raw; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9c0c7622c41f..02b3b18ce69f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -46,6 +46,9 @@ * - On VMX by using MSR load/save lists to have vmentry/exit atomically * load/save the guest value. Xen's value is loaded in regular code, and * there is no need to use the shadow logic (below). + * - On SVM by altering MSR_SPEC_CTRL inside the CLGI/STGI region. This + * makes the changes atomic with respect to NMIs/etc, so no need for + * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow * boolean in the per cpu spec_ctrl_flags. The synchronous use is: From patchwork Fri Jan 28 13:29:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4642CC43217 for ; Fri, 28 Jan 2022 13:30:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.261997.453975 (Exim 4.92) (envelope-from ) id 1nDRK7-0003eK-F4; Fri, 28 Jan 2022 13:29:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 261997.453975; Fri, 28 Jan 2022 13:29:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK7-0003dl-9P; Fri, 28 Jan 2022 13:29:55 +0000 Received: by outflank-mailman (input) for mailman id 261997; Fri, 28 Jan 2022 13:29:53 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK5-0003aQ-Aw for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:29:53 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5e237702-803e-11ec-8eb8-a37418f5ba1a; Fri, 28 Jan 2022 14:29:51 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5e237702-803e-11ec-8eb8-a37418f5ba1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376591; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jvgLjL7MB3hMPmdvyPDZopgLkGOarBr/NDTac4D+Vws=; b=S2a9CPN7YCHDq/cdSrNfnISxpMV9c3O23U9XanyXEt5QN0RpMYawbEL6 T3Ou6f9gFW4Y9YBxBtaherj1KnUpY0TKq6b75WQMHZf80r01So++QkqGi FtVwGE5t61SjU8zsFaF1LnnwFEtupDu2GrBudasTEIW0/qHTP2wdQamOG A=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: zZKYe867PDRHXbBEASc76BVoz+oD81DNfiBdC0vrFS7/UUfvIced70R+ocLjFm6q4F9YYMsaEj 4OuwfDArb41IilUFQWp22xIZKywMIuCsCK0Crm05sIpKHCbvddui2GVuKPr7E+qviCqsn9zfIh MZChXMhiuXO4lhRraS8puz4NAtjly7fopkzJqnHHBxoZRLSUbbVuOpnuE9w/C/pZm/HPPenfI0 G7qLuV7PZeHVz82Q7DoZlY0xGh6xsBVE/ITxveDHrjNisLPRdJ442la1p9ikG7FsS6otTvSyp+ B8isG/qL4CY5sAwKO7sXyCBm X-SBRS: 5.2 X-MesageID: 62900203 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:3c2Tda3Lt0tDiDZeDfbD5Qd2kn2cJEfYwER7XKvMYLTBsI5bpzxSz WsdXjuFaKyKY2ujKo9zbIu+/UgPv5HdztY3HgQ/pC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkS5PE3oHJ9RGQ74nRLlbHILOCanAZqTNMEn9700o6wb5h3uaEvPDia++zk YKqyyHgEAfNNw5cagr4PIra9XuDFNyr0N8plgRWicJj5TcypFFMZH4rHomjLmOQf2VhNrXSq 9Avbl2O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/TrS+NbPqsTbZIhhUlrZzqhw4xNz fRV8q6MbQYwOLWLtNxBUTsEOnQrVUFG0OevzXmXtMWSywvNcmf2wuUoB0YzVWEa0r8pWycUr 6VecW1TKEDY7w616OvTpu1Er8IvNsT0eqgYvWlt12rxBvc6W5HTBa7N4Le02R9u3JEWRayGP KL1bxJtVAaZaR8fGmwbJ7g9hfqC1iLFVSVH/Qf9Sa0fvDGIkV0ZPKLWGMXRUsyHQ4NShEnwj kDs8nn9AxoaHMeC0jfD+XWp7sffkCW+VI8MGbmQ8v9xnEbV1mEVEAcRV1awvb++kEHWZj5EA xVKoGx09/F0rRH1CImmN/GlnJKalkJAZ99xC6oI1CWM06zMpCqhWmomEhcUPbTKq/QKbTAt0 1aImfbgCjpurKCZRBqhy1uEkd+hEXNLdDFfPEfoWSNAuoC++99r0nojW/4+SPbdszHjJd3nL 9lmRgAajq5bs8ME3r7TEbvv02P1/cihouLYC2zqsoOZAuFROdbNi2+AswGzARN8wGCxFATpU J8swJD20Qz2JcvR/BFhuc1UdF1T296LMSfHnXlkFIQ7+jKm9haLJN4Mu2slfBw3b55ZKFcFh XM/XysLuve/21PxNcdKj3+ZUZx2ncAM6/y7PhwrUja+SscoL1LWlM2fTUWRw3rsgCARfVIXY v+mnTKXJS9CU8xPlWPuL89EiOND7n1gmQv7GM6qpzz6gev2TCPEEt8tbQrRBt3VGYvZ+m05B f4FaZvTo/ieOcWjChTqHXk7dABTciNjVMmo8qS6tIere2JbJY3oMNeJqZtJRmCvt/49ej7g8 i7vV0lG5kD4gHGbewyGZmo6MOHkXIplrGJ9NispZA76138maIepzaEea5poIuV3qL09laZ5H 6sfZsGNIvVTUTCbqT4TWobw8d55fxOxiAPQYyf8OGojf4RtThDi88P/ele97zEHCye67JNso 7Cp2g7Bb4AEQgBuUJTfZP61lgvjtnkBguNiGUDPJ4ALKknr9YFrLQ33j+M2fJ5QeUmSmGPC2 l/PUxkCpOTLr4sky/XzhPiJ/9WzDu9zPktGBG2Hv7y4AjbXozi4yohaXefWIT2EDDHo+L+vb Pl+xu3nNKFVh05DtodxHuo5za864Nez9bZWwh49QSfOZlWvTLhhPmOHzY9EsagUnu1Vvg6/W 0Su/NhGOOrWZJO5QQBJfAd1PP6e0fw0myXJ6aVnKUr30yZ74b6bXBgAJBKLkiFccON4PY5NL T3NYyLKB9hTUiYXD+s= IronPort-HdrOrdr: A9a23:cOqUyKm0Lne2yvdOkW3dj4M9TPbpDfIW3DAbv31ZSRFFG/Fxl6 iV/cjzsiWE8Ar5OUtQ4OxoV5PwIk80maQb3WBVB8bHYOCEghrPEGgB1/qB/9SIIUSXnYQxuZ uIMZIOb+EYZWIK9voSizPZLz9P+re6GdiT9ILj80s= X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="62900203" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 8/9] x86/msr: AMD MSR_SPEC_CTRL infrastructure Date: Fri, 28 Jan 2022 13:29:26 +0000 Message-ID: <20220128132927.14997-9-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Fill in VMCB accessors for spec_ctrl in svm_{get,set}_reg(), and CPUID checks for all supported bits in guest_{rd,wr}msr(). Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hvm/svm/svm.c | 9 +++++++++ xen/arch/x86/msr.c | 8 +++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index f753bf48c252..aa82fe29befb 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2471,10 +2471,14 @@ static bool svm_get_pending_event(struct vcpu *v, struct x86_event *info) static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) { + const struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + return vmcb->spec_ctrl; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); @@ -2485,10 +2489,15 @@ static uint64_t svm_get_reg(struct vcpu *v, unsigned int reg) static void svm_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) { + struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb; struct domain *d = v->domain; switch ( reg ) { + case MSR_SPEC_CTRL: + vmcb->spec_ctrl = val; + break; + default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 5e80c8b47c21..4ac5b5a048eb 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -265,7 +265,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb ) + if ( !cp->feat.ibrsb && !cp->extd.ibrs ) goto gp_fault; goto get_reg; @@ -442,7 +442,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) */ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) { - bool ssbd = cp->feat.ssbd; + bool ssbd = cp->feat.ssbd || cp->extd.amd_ssbd; + bool psfd = cp->extd.psfd; /* * Note: SPEC_CTRL_STIBP is specified as safe to use (i.e. ignored) @@ -450,6 +451,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpuid_policy *cp) */ return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | + (psfd ? SPEC_CTRL_PSFD : 0) | 0); } @@ -526,7 +528,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) break; case MSR_SPEC_CTRL: - if ( !cp->feat.ibrsb || + if ( (!cp->feat.ibrsb && !cp->extd.ibrs) || (val & ~msr_spec_ctrl_valid_bits(cp)) ) goto gp_fault; goto set_reg; From patchwork Fri Jan 28 13:29:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12728559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1B05EC433F5 for ; Fri, 28 Jan 2022 13:30:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.261998.453978 (Exim 4.92) (envelope-from ) id 1nDRK7-0003i4-Ln; Fri, 28 Jan 2022 13:29:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 261998.453978; Fri, 28 Jan 2022 13:29:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK7-0003fK-HY; Fri, 28 Jan 2022 13:29:55 +0000 Received: by outflank-mailman (input) for mailman id 261998; Fri, 28 Jan 2022 13:29:53 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nDRK5-0003aP-OY for xen-devel@lists.xenproject.org; Fri, 28 Jan 2022 13:29:53 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5dc8ad07-803e-11ec-8f75-fffcc8bd4f1a; Fri, 28 Jan 2022 14:29:50 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5dc8ad07-803e-11ec-8f75-fffcc8bd4f1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1643376590; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=V6G8Qskfbksu1pgqDoVMntLfKzcuPRpqZI8kWWn5Gi8=; b=gH5cF4t/s6bxCybfQHZrjBL8mmEJ/J0VF1fRodWNibKoaPiYkQZOj9RU PA18zf7QCl7xlhVA9r8Bv2Out41h3cnS4hG22BxpSPyaPrY1EvvCJdA+M ZxzX5HaKZekkoO1HzV6HbN9nQR5bjq672+rzehwZmc8m76H4JZiASyrZA A=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: d1vRukRYYbMvGIDA2fMWC9/OlESx44bAjWolJZRrgA+NZpyErfz3LaO1tStT+CwFztxsVruWot lHqgE8Ye5ZwQCzPlabFNaRhK6z5iwlP3Vh8eDEvqS/+6pXu2DsCZzTTO7+l6s77wTMfmSYsrYI Wl4l8YrgP6s4gabOklu0Iytm3+x4GHeTD2lyRF4LhPt6caFd3RxMwu8jP12SbfSpG9dw07irB5 lhCzaKDMefOvXoM1+X54B42/HF6DVVZ2QWWTTbwvz4A5ckmX8C5o6PRo/NMgxaszNC6wlrl/E+ lU4dkpWaO5UUkfWN/ZBTtLGR X-SBRS: 5.2 X-MesageID: 63388626 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:E3rVN64UvcrxnMtU2+7+fwxRtOzAchMFZxGqfqrLsTDasY5as4F+v mAbCGqCO66La2r2fdwgbd7l9UlQsZ6Ez9Y2HAQ+ry02Hi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FV8MpBsJ00o5wbZg2N4w3bBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z9 vBRpJbzQxUSN/fhkfUTUT53Hw1BIvgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQRq2ON 5RDN1KDajzkXT1+YUxQOqgjhd+jm2LtKx9U9V2K8P9fD2/7k1UqjemF3MDuUsOObdVYmACfv G2u10bTDwweNdef4SGY6X/qjejK9QvrVYRXGLCm+/pChFyI2ndVGBAQTUG8o/Sylgi5Qd03F qAP0nNw9+5orhXtF4SjGU3jyJKZgvICc+R1D/wwqwuf8aOOzg+ICGojYTJtV8Nz4afaWgcW/ lOOmtroAxlmv7uUVW+R+9+okN+iBcQGBTRcPHFZFGPp9/Gm+dhu1UyXEr6PBYbo1oWdJN3m/ 9ydQMHSbZ03hNVD6ai09Euvb9mE9smQFV5dCuk6swuYAuJFiGyNOtTABbvzt68owGOlor+p5 iVsdy+2t7hmMH11vHbRKNjh5Znwjxp/DBXSgER0A74q/Cm39niocOh4uW8ifx0yap1aJGe0M Sc/XD+9ArcJYhNGiocsO+qM5zkCl/C8RbwJqNiKBjaxXnSBXFDep3w/DaJh92vsjFItgckC1 WSzKq6R4YIhIf0/llKeHr5FuZdyn3xW7T6NGfjTkkr2uZLDNC/9YepUazOmM7FmhJ5oVS2Iq b6zwePQlUUGOAA/CwGKmbMuwacidChiWsuu+pUJL4Zu4GNOQQkcNhMY+pt5E6QNokifvr6gE qiVVhAKxVzhq2fALAnWOHlvZKm2BcR0rG4hPDxqNlGtgiBxbYGq5aYZVp02Ybh4q7Azka8qF 6EIK5eaH/BCajXb4DBBP5Pzm5NvKUawjgWUMiv7PDVmJ8x8RxbE88PPdxf08HVcFTK+sMYz+ uXy1g7STZcZaR5lCcLaNKCmw1+r5CBPk+NuRUrYZNJUfRy0ooRtLiXwiN4xIt0NdkqflmfLi V7ODE5B9+fXooIz/N3Yvoy+rt+kQ7lkA05XP2jH9rLqZyPUyXWunN1bW+GScDGDCG6toPe+Z f9Yxu3XOeEcmAoYqJJ1FrtmwP5s59broLMGnA1oEG+SMgauA7JkZHKHwdNOputGwboA4Vm6X UeG+997P7SVOZy6TA5NdVR9NunTh+sJnjTy7OguJBSo7SB6y7OLTEFOMkTekydaNrZ0bNsoz OpJVBT6MOBjZs7G6uq7sx0= IronPort-HdrOrdr: A9a23:MuS/AamBkLchP1SKM2V7t1He+ibpDfIU3DAbv31ZSRFFG/Fxl6 iV8sjzsiWE8Qr5OUtQ/+xoV5PhfZqxz/JICMwqTNKftWrdyQyVxeNZnOjfKlTbckWUnINgPO VbAsxD4bXLfCBHZK3BgTVQfexO/DD+ytHLudvj X-IronPort-AV: E=Sophos;i="5.88,324,1635220800"; d="scan'208";a="63388626" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 9/9] x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default Date: Fri, 28 Jan 2022 13:29:27 +0000 Message-ID: <20220128132927.14997-10-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220128132927.14997-1-andrew.cooper3@citrix.com> References: <20220128132927.14997-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 With all other pieces in place, MSR_SPEC_CTRL is fully working for HVM guests. Update the CPUID derivation logic (both PV and HVM to avoid losing subtle changes), drop the MSR intercept, and explicitly enable the CPUID bits for HVM guests. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu v2: * Drop the MSR intercept too * Rework the comment block in gen-cpuid.py * Fix typo in comment --- xen/arch/x86/cpuid.c | 16 ++++++++++++---- xen/arch/x86/hvm/svm/svm.c | 4 ++++ xen/include/public/arch-x86/cpufeatureset.h | 16 ++++++++-------- xen/tools/gen-cpuid.py | 14 +++++++++----- 4 files changed, 33 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index b5af48324aef..e24dd283e761 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -433,6 +433,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs) */ if ( test_bit(X86_FEATURE_IBRSB, fs) ) __set_bit(X86_FEATURE_STIBP, fs); + if ( test_bit(X86_FEATURE_IBRS, fs) ) + __set_bit(X86_FEATURE_AMD_STIBP, fs); /* * On hardware which supports IBRS/IBPB, we can offer IBPB independently @@ -456,11 +458,14 @@ static void __init calculate_pv_max_policy(void) pv_featureset[i] &= pv_max_featuremask[i]; /* - * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + { __clear_bit(X86_FEATURE_IBRSB, pv_featureset); + __clear_bit(X86_FEATURE_IBRS, pv_featureset); + } guest_common_feature_adjustments(pv_featureset); @@ -530,11 +535,14 @@ static void __init calculate_hvm_max_policy(void) __set_bit(X86_FEATURE_SEP, hvm_featureset); /* - * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of - * administrator choice, hide the feature. + * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional + * availability, or admin choice), hide the feature. */ if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + { __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); + __clear_bit(X86_FEATURE_IBRS, hvm_featureset); + } /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index aa82fe29befb..01ce6c71b5f8 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v) vmcb_set_exception_intercepts(vmcb, bitmap); + /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */ + svm_intercept_msr(v, MSR_SPEC_CTRL, + cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index fd8ab2572304..957df23b65f2 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -256,18 +256,18 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO instruction */ XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */ XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by AMD) */ -XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */ -XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */ -XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */ -XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */ -XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software options */ -XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode protection */ +XEN_CPUFEATURE(IBRS, 8*32+14) /*S MSR_SPEC_CTRL.IBRS */ +XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /*S MSR_SPEC_CTRL.STIBP */ +XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ +XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ +XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ +XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ -XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */ +XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ -XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 470cd76d1c52..39c8b0c77465 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -277,16 +277,20 @@ def crunch_numbers(state): # The features: # * Single Thread Indirect Branch Predictors # * Speculative Store Bypass Disable + # * Predictive Store Forward Disable # - # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect - # Branch Restricted Speculation/Indirect Branch Prediction Barrier. + # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate + # MSR_SPEC_CTRL itself. AMD further enumerates hints to guide OS + # behaviour. # - # In practice, these features also enumerate the presense of - # MSR_SPEC_CTRL. However, no real hardware will exist with SSBD but - # not IBRSB, and we pass this MSR directly to guests. Treating them + # However, no real hardware will exist with e.g. SSBD but not + # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD], + IBRS: [AMD_STIBP, AMD_SSBD, PSFD, + IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], + AMD_STIBP: [STIBP_ALWAYS], # In principle the TSXLDTRK insns could also be considered independent. RTM: [TSXLDTRK],