From patchwork Thu Mar 31 09:27:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 12796941 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 94CB2C433EF for ; Thu, 31 Mar 2022 09:29:15 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.296792.505315 (Exim 4.92) (envelope-from ) id 1nZr71-0005bH-MJ; Thu, 31 Mar 2022 09:29:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296792.505315; Thu, 31 Mar 2022 09:29:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr71-0005bA-Iq; Thu, 31 Mar 2022 09:29:03 +0000 Received: by outflank-mailman (input) for mailman id 296792; Thu, 31 Mar 2022 09:29:02 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr6z-0005JJ-U7 for xen-devel@lists.xenproject.org; Thu, 31 Mar 2022 09:29:02 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ff151923-b0d4-11ec-8fbc-03012f2f19d4; Thu, 31 Mar 2022 11:29:00 +0200 (CEST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ff151923-b0d4-11ec-8fbc-03012f2f19d4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1648718940; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=2Ob6Rz367wwRVHC+LJMyl5Oz1gR/d/o7lJUHswT1iF4=; b=ewp7ATgmremqOLBMOQ2XREv9eP4J9aPw9zjbw6xwDyILJ5tTVY1cnuA7 vxA3VPewWLiK6u7ZKxhUSzPmc8/BwsaqCUTcaAT1m3oiNha/8BWHGh7Nr ebVsvUUh4Pb9EruQktmNTIj9+5AwEMwghdifdiahxEbqBknBFpHvBUl1P I=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 67633838 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:qt7wsaLzIXEvAJ7eFE+RxpUlxSXFcZb7ZxGr2PjKsXjdYENShTMCm 2FOWm7QP/jcNzbyKNEgPt/n9RgDvZDVzd9nSAVlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh2dUx2YHR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 NNp6My1cSUWBfeWoPkGSDIHHCdOP6ITrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBNPsM44F/Glp0BnSDOo8QICFSKLPjTNd9Glv2JsVTa2OD yYfQRtxaUzMYjZIA3VUE74ahdiohFrnfwQN/Tp5ooJoujOOnWSdyoPFL979atGMA8JPkS6wp GjL4mD4CREyL8GExHyO9XfErv/Cm2b3VZwfEJW89+V2mxuDy2oLEhoUWFCn5/6jhSaDt8l3c hJOvHB09O5rqRLtHoKVswCETGCsuDpBC99oMdIBslu117HPyFmWAFgGQWsUADA5j/MeSTsv3 16PutrmAz1zrbGYIU6gGqeoQSCaYnZMczJbDcMQZU5cuoS4/tlv5v7aZow7eJNZmOEZDt0ZL 9qiiCElz4segscQv0lQ1QCW2mn8znQlo+Nc2+k2Yo5Hxl4hDGJGT9bxgbQ+0RqmBNzDJrVml CJY8/VyFMhUUfmweNWlGY3h5o2B6fefKyH7ilVyBZQn/DnF0yf9IdAOvmwheh00bZtsldrVj Kn741k5CHh7ZibCUEOKS9jpV5RCIVbIS7wJqcw4nvIRO8MsJWdrDQllZFKK3nCFraTfufpXB HtvSu71VSxyIf0+lFKeHr5BuZd2lnFW7T6CHvjTkkX4uYdykVbIEN/pxnPVNbtnhE5FyS2Im +ti2zyikEsHCrSkMniKqeb+7zkidBAGOHw/kOQOHsarKQt6AmAxTfjXxLIqYYt+mKpJ0OzP+ xmAtoVwkTITWVWvxd22V01e IronPort-HdrOrdr: A9a23:pMFkz6yRVEyAPOSPp0M2KrPwKL1zdoMgy1knxilNoHtuA6ulfq GV7ZAmPHrP4wr5N0tNpTntAsa9qBDnlaKdg7N+AV7KZmCP0gaVxepZjLfK8nnNHDD/6/4Y9Y oISdkaNDQoNykYsS8t2njbL+od X-IronPort-AV: E=Sophos;i="5.90,224,1643691600"; d="scan'208";a="67633838" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=klmzBhd9T1gU8RgFDkdRZrsVbVb2Bge91BowZBamhOkftkFm10HS1vgEXpK+jtWy6euxu3XFpdYKcDnemGMRxxzbte2YRzqR0NBptX92XW/3hObmmK/4CjEitQc93y5jPbuPZYtXRdrqt6U9G5zYxNZ8f6CwpRAqKyPBrAzpoag8Vxw0nte2B1yWqp0+vvi0+5aeUL0uQvqpon2CqAkLGTNnnrs/34jlhxhLVIY4O6cBBKHdrcBJnfWJWFdJsFz2gHYNq0TuzZNxTN67ikZrr/rZ3FHY5NHID9csoJN80Z6JYF3JayoQbDc/Zx6k6zrF84rc3RazZuolChh8LBaIvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rAw124Di0ueDnIBDAjnts+YHpoOqLIJr7FiTknmZajY=; b=B4RSzIuLkR071UPcdoMK3C2OvIncCTrcbqfkV6wDwnDtxV9Dc7iKs/ndMMSv3suWu/BLmCCNJSmcXx+cMUXd01zEksteGnZG/n4M9XKXVZDDlYb8arL5mowFMHFmQGWZ4gt/9E2NWz+S+p80FSPze6p3UpBQ8ia7d9X1gRavOdzHPnOMW3YpYPIqt3OgxchZSaI0ntz3Nfac6jK4fo7T/xYrhXL1J2CQ/CcYogzaa1CD/FAKGxEgEpTB+J+WBSAGhmpfQEDSXdjglYc5ohV6MqUttOClcBBbhTQ6/Q59bKM97jNFfTIW1CsctsD4ZdnJNSUAzFnFUpIlPnMEi/jvVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rAw124Di0ueDnIBDAjnts+YHpoOqLIJr7FiTknmZajY=; b=g66nZMAOx86LoUNa2fTd+cpe7chKwb3x8YzuRp0U85rt7zckZ/XCuwNLSNDcI0rqfeeRYZOp8prSwdlq62uzS+tvc5Ya4LbabgC0XEvb/jfAlVjydpdna/KQMHyJJmmTQJGPUXRnkL1bAWnfRNs8437WB6RPlwXC951zTqKNP9M= From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 1/3] amd/msr: implement VIRT_SPEC_CTRL for HVM guests on top of SPEC_CTRL Date: Thu, 31 Mar 2022 11:27:15 +0200 Message-ID: <20220331092717.9023-2-roger.pau@citrix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220331092717.9023-1-roger.pau@citrix.com> References: <20220331092717.9023-1-roger.pau@citrix.com> X-ClientProxiedBy: LO2P265CA0036.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:61::24) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9e04903d-2b98-4a66-fa54-08da12f8e0ca X-MS-TrafficTypeDiagnostic: CY4PR03MB3112:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: meX2XbDLk0A4P4S7LfhpSLpxaADbMNtMpEahh6tDvH+6AbFPvBsOx4e2prR8R9Fg/qGohkeVZ3oX0h6MxpTIP9pT8pSXD1aXq9iy0fXtXC6mF1rMPhTgSORQp1yG7DoMwIISywiYVeVHjPPfoiy8okG3UB5aVhjj2pB9yqb1J3orBLXqKptykxvGm8A8awbGivMmZvsIPjrMfujvuJmCEVJyYP+kjE7LQWy787M3Abnu7qvKBzGO6K+PY3dUV6Yw7uQ98cqRJE8KDb9klUeA7NZXz39MwrTFrmHZPOrNpzP1Psg26nqXM1OY8/OtKxDkdtIH4wBIuyh90EvHRDjzKONEyAn+A2PRXiA5Cc87JCWgmUg9YP0N+4ouRK5jNifFspxTsABY+4ndCl4i6Lo9WB5OBP0Xvnj9XbMZsuQJoA9mp/DnEZ7LpzVQ+3qeidyN6JXO5Vl6qyOaJ4d2DwzoKLIADkDOX4mwfxTMDd8s4g6+Y/s2h37d+4r12ujx7Lm9L8a4VaX2TUTcCLCbz+kUkPt6fUl1AdtKp2GMDieN86z2UDj/mXj9gQStJViI3TOvODAB+ssut8AfNgKEJjMfEejx4w4+L2kmI3zPj9WOCspDigERe9VrcdcLerlxs0hOWGeomQXLyVTdw2gQGIutHg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(36756003)(186003)(1076003)(26005)(83380400001)(2906002)(6506007)(2616005)(6666004)(66556008)(5660300002)(54906003)(6512007)(82960400001)(8936002)(6486002)(66476007)(38100700002)(8676002)(6916009)(4326008)(86362001)(316002)(66946007)(508600001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?i3h6XqFJ6x+AJJLwfK+hkIYsSwCe?= =?utf-8?q?XkNwFE5WXNe+xAypAe2eTNPpl0Qh+aqXyEnV43p7W42l0q1GBavrbkPEBlDtesVBO?= =?utf-8?q?jPNAuLNsicRztgBGZKiZt+36fgtOg2CbuuG6/gDHhT6ZlIs1QBKrCcry/ub8f0x1j?= =?utf-8?q?z5EyWUc2RmFDGCpSGNMiUgwQDZhEuEpiVhv4GlXIxWVb2bQJijLiqf2P+ovejDP5s?= =?utf-8?q?AoLvWfhCGsFeMIVm8/uQWvDqG5kWmTcwh0SqyCZL9R3ufoB9bWm2HNs+O4lGfxGR1?= =?utf-8?q?M+RMaRj6SUy/hGRF6fbxz8CX+4HyAUYyojRGIbgHSh/kLIdtthqeLyFfhkSX7jR88?= =?utf-8?q?7e9CKMKJVkzXRoOObviQelFnMDHaNd+s1aAPkVMGL1tFFtYSfNV4SYjnI0WFVb37i?= =?utf-8?q?e74qwhfp5YwJ33rBFe6x0LsIsetHkDS79ScAgBY2Bd069OnxrLMdo5YkOzTJ17S9w?= =?utf-8?q?HcoH1XH05RlKJrrD5zhxgCJo+ozyR6KMh7tw2vKm0J4bAaD+2167ms/qXj5BQrS8A?= =?utf-8?q?KItBOPbKp4MYMWmE0tfYnvTGiBiNXp1OfHfyoMuirCrUnWkMUUY1aMl7GCg6liG87?= =?utf-8?q?viiaIblqFsobNtWjIvP1dSjD+/bfPCARJDQRsDVvWCg0r/yy/6OUrV/HujCQHWcGH?= =?utf-8?q?AgMU4ydKURRcdk2D7v6ziKCxfa4B/pElzKYqzeG4Le6vivEqss8xWAqaSLh3V6N0g?= =?utf-8?q?Wol6l3uEd+889L2SyWt+nRLBHBdac8Ttvf/qO+I7CCCkSbPyJoGXVg/b4IuWo0XqI?= =?utf-8?q?zPOI9xNF3SU14RNES/UdChv8tGgE/OHkI17buova1OH1LO8PUz98obs0fi2jd8gwH?= =?utf-8?q?c3uXX4qxzLCNOYcqLn8VaMipT13EA042Iq5Yh7SrXyXPxy4MxQXC8bEJHGqBjcnPE?= =?utf-8?q?MjTKN7uRf7Mw9EBozs07PrL6UDwVt1bDnnUYLlv2oT4bni0Gk+ClA0iZRZIgTmGnR?= =?utf-8?q?vsHUabpL6WiNTKBcfjXtfhG/aCGDpWYlhbEpo4boJ9PSpTngaQ5QrQTLO6tNiaTUC?= =?utf-8?q?mVPJ4p5CdFUrG2uGZWNOvs5ntxOnG6mTamVIIk9tWueqbADZ/N69TcRkqfjG7KZQZ?= =?utf-8?q?ipLZxFgH+x64duYpdflm80oiOtqIHMKlTCG4NAQk/DyjDYQDPizr35kxyQ41MNBaV?= =?utf-8?q?seZUoFKituuSNfCVYeX+jh+iOFaEYdvB3Vz9YZtQGt949+gPMoMb8nuNUWgYFwPG+?= =?utf-8?q?h3jZxZ27QLjGcwdunH6J0CoVIKFHRYMqtCdDGLqfBhDNjxatzyzhkUpj9SNQ+fIkR?= =?utf-8?q?2rY+CezW6rrEEbsvwm3WNgmTGtFnmvCjhthR7cagzYCK62+mfL1tzbQ6uU3YEuT3N?= =?utf-8?q?91a1EMK3E0aO2mXFekCK5K7BA9YUTysDz9f7MVjknnJclRL5xUgbJdFHGB47T4Acg?= =?utf-8?q?xh31m8JcM1AONWe3wCmf/KyLugLqW+0XG7eRcLHiyEybzDN58ZXE9qXDu8DOPOKPw?= =?utf-8?q?tfgCgA85E6LpqtnM4RKrH+khIVrXdfTzU4ke8EZad+9v4IBjZqBltB+Uz8pKLde0B?= =?utf-8?q?wvSAwaR6J3dTvJFeDmfPWRTUPuMFoCTUaxM1es6/w2pKJhWtGHA0pGMluDp8u7G95?= =?utf-8?q?pxamdihxbBGusLRkqZnhNP3PRSK9dgWoZhv/pSoLBAZDerMQlpQj2Xn+vDvSHcyva?= =?utf-8?q?7dTdTl0ZZW+gu0Z8v/rPei8TMw86MNMJ0cxJTPs8COybistSExaDo=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 9e04903d-2b98-4a66-fa54-08da12f8e0ca X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2022 09:28:56.0197 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FrrJy8P635X6O4K59ArvK+qSizY8erekNUxDZ2glAvkIoUJptrWp86BKefLwFg+/MPTdrn1fHFgX+6NarH0qWg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB3112 X-OriginatorOrg: citrix.com Use the logic to set shadow SPEC_CTRL values in order to implement support for VIRT_SPEC_CTRL (signaled by VIRT_SSBD CPUID flag) for HVM guests. This includes using the spec_ctrl vCPU MSR variable to store the guest set value of VIRT_SPEC_CTRL.SSBD, which will be OR'ed with any SPEC_CTRL values being set by the guest. On hardware having SPEC_CTRL VIRT_SPEC_CTRL will not be offered by default to guests. VIRT_SPEC_CTRL will only be part of the max CPUID policy so it can be enabled for compatibility purposes. Some reasoning regarding why '!s' is used to annotate the feature: * '!': the feature might be exposed to guests even when not present on the host hardware. * 's': the feature won't be exposed by default. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- Changes since v2: - Reword reasoning for using '!s'. - Trim comment about only setting SSBD bit in spec_ctrl.raw. Changes since v1: - Only expose VIRT_SSBD if AMD_SSBD is available on the host. - Revert change to msr-sc= command line option documentation. - Only set or clear the SSBD bit of spec_ctrl. --- xen/arch/x86/cpuid.c | 7 +++++++ xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/include/asm/msr.h | 4 ++++ xen/arch/x86/msr.c | 18 ++++++++++++++++++ xen/arch/x86/spec_ctrl.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 6 files changed, 33 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index bb554b06a7..4ca77ea870 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -543,6 +543,13 @@ static void __init calculate_hvm_max_policy(void) __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); __clear_bit(X86_FEATURE_IBRS, hvm_featureset); } + else if ( boot_cpu_has(X86_FEATURE_AMD_SSBD) ) + /* + * If SPEC_CTRL.SSBD is available VIRT_SPEC_CTRL.SSBD can be exposed + * and implemented using the former. Expose in the max policy only as + * the preference is for guests to use SPEC_CTRL.SSBD if available. + */ + __set_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 709a4191ef..595858f2a7 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1334,6 +1334,7 @@ static const uint32_t msrs_to_send[] = { MSR_INTEL_MISC_FEATURES_ENABLES, MSR_IA32_BNDCFGS, MSR_IA32_XSS, + MSR_VIRT_SPEC_CTRL, MSR_AMD64_DR0_ADDRESS_MASK, MSR_AMD64_DR1_ADDRESS_MASK, MSR_AMD64_DR2_ADDRESS_MASK, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index ce4fe51afe..ab6fbb5051 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -291,6 +291,7 @@ struct vcpu_msrs { /* * 0x00000048 - MSR_SPEC_CTRL + * 0xc001011f - MSR_VIRT_SPEC_CTRL (if X86_FEATURE_AMD_SSBD) * * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. @@ -306,6 +307,9 @@ struct vcpu_msrs * We must clear/restore Xen's value before/after VMRUN to avoid unduly * influencing the guest. In order to support "behind the guest's back" * protections, we load this value (commonly 0) before VMRUN. + * + * Once of such "behind the guest's back" usages is setting SPEC_CTRL.SSBD + * if the guest sets VIRT_SPEC_CTRL.SSBD. */ struct { uint32_t raw; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 01a15857b7..72c175fd8b 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -381,6 +381,13 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) ? K8_HWCR_TSC_FREQ_SEL : 0; break; + case MSR_VIRT_SPEC_CTRL: + if ( !cp->extd.virt_ssbd ) + goto gp_fault; + + *val = msrs->spec_ctrl.raw & SPEC_CTRL_SSBD; + break; + case MSR_AMD64_DE_CFG: if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) goto gp_fault; @@ -666,6 +673,17 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) wrmsr_tsc_aux(val); break; + case MSR_VIRT_SPEC_CTRL: + if ( !cp->extd.virt_ssbd ) + goto gp_fault; + + /* Only supports SSBD bit, the rest are ignored. */ + if ( val & SPEC_CTRL_SSBD ) + msrs->spec_ctrl.raw |= SPEC_CTRL_SSBD; + else + msrs->spec_ctrl.raw &= ~SPEC_CTRL_SSBD; + break; + case MSR_AMD64_DE_CFG: /* * OpenBSD 6.7 will panic if writing to DE_CFG triggers a #GP: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1408e4c7ab..f338bfe292 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -402,12 +402,13 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", + boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_VIRT_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 9cee4b439e..b797c6bea1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -265,7 +265,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ -XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /*!s MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ From patchwork Thu Mar 31 09:27:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 12796942 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40CC7C433F5 for ; Thu, 31 Mar 2022 09:29:22 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.296794.505326 (Exim 4.92) (envelope-from ) id 1nZr78-0005xi-43; Thu, 31 Mar 2022 09:29:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296794.505326; Thu, 31 Mar 2022 09:29:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr78-0005xX-0H; Thu, 31 Mar 2022 09:29:10 +0000 Received: by outflank-mailman (input) for mailman id 296794; Thu, 31 Mar 2022 09:29:09 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr76-00057w-U3 for xen-devel@lists.xenproject.org; Thu, 31 Mar 2022 09:29:09 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 01d091a5-b0d5-11ec-a405-831a346695d4; Thu, 31 Mar 2022 11:29:06 +0200 (CEST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 01d091a5-b0d5-11ec-a405-831a346695d4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1648718946; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=Rs2MHh2ZJ+EDYLUADCFGhFUgZykTojljIizKD8oilmo=; b=P865HzZsFTh+D+AUwWh6OQtKzTpK+glYL10SBA/MSlP1QB2lIW0lQ7WC 0IrqmJ4nBY1icx8KAnpLoYp1rNMz2KXYtOdaS7I8b/qXDiYs54SdJEksW OIRaVmLUxRJ+yp1rxcgIM/HvIfTFhtsBvUFZawHYRf1hjs53LHwXwLPAm 4=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 67073037 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:alCV8aB88sgFXBVW/z7jw5YqxClBgxIJ4kV8jS/XYbTApGshgjUCy 2oWUDyCOqqJZWvwftkkb4+w9UIAvJ/WyIJiQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHWeIdA970Ug5w7Vi29Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPgvx PR9noy+eDsQZPfPv9kiTiJqVAVHaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcGg29v3ZgVQp4yY eJIUhw2ZiXNTyZNO04cOYk8wf2uhnXwJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tkSSq 3/C/m/5KgoHL9HZwj2Amlq8i+mKkS7lVYY6ELyj6uUskFCV3nYUChAdSR28u/bRt6Klc4sBc QpOoHNo9PVsshzwJjXgY/GmiCCIny43S9RhL9RgsgKq95XJ2DTeIlFRG1atd+canMMxQDUr0 HqAkNXoGSFjvdWpdJ6NyluHhWjsYHZIdAfucQdBFFJYuIe7/OnfmzqVFr5e/LiJYsoZ8N0a6 xSDt2AAiroalqbnPI3rrAmc01pASnUkJzPZBzk7vEr4tmuVh6b/PuREDGQ3C94adu51qXHb4 BA5dzC2trxmMH10vHXlrB8xNL+o/e2ZFzbXnERiGZIsnxz0pSLzI94Nv28keRg0WirhRdMPS BWJ0e+2zMUOVEZGkIctO97hYyjU5faI+SvZugD8MYMVP8kZmP6v9yByf0+At10BY2B3+ZzTz ayzKJ72ZV5DUPwP5GPvG481jO96rghjlDi7bc2qkHyaPU+2OSf9pUEtawDVMIjULcqs/W3oz jqoH5DUk08GCr2vP3G/HEx6BQliEEXXzKve8qR/XuWCPhBnCCcmDfrQyqkmYItrg+JekeKgw 513chMwJIbX7ZEfFTi3Vw== IronPort-HdrOrdr: A9a23:4bptDqnCVk9wUS8ENArLh70soyrpDfPOimdD5ihNYBxZY6Wkfp +V88jzhCWZtN9OYhwdcLC7WZVpQRvnhPpICO4qTMuftWjdyRaVxeRZg7cKrAeQfREWmtQtt5 uINpIOc+EYbmIK/PoSgjPIaurIqePvmMvD5Za8854ud3ARV0gJ1XYGNu/xKDwQeOApP+tdKH LKjfA32AZINE5nJviTNz0gZazuttfLnJXpbVovAAMm0hCHiXeN5KThGxaV8x8CW3cXqI1Su1 Ttokjc3OGOovu7whjT2yv66IlXosLozp9mCNaXgsYYBz3wgkKDZZhnWZeFoDcpydvfo2oCoZ 3pmVMNLs5z43TeciWcpgbs4RDp1HIU53rr2Taj8AzeiP28YAh/J9tKhIpffBecwVEnpstA3K VC2H/cn4ZLDDvb9R6NqOTgZlVPrA6ZsHAimekcgzh0So0FcoJcqoQZ4Qd8DIoAJiTn84oqed MeQP003MwmMG9yUkqp/lWGmLeXLzcO91a9MwU/U/WuonZrdCsT9Tpb+CQd9k1wgK7VBaM0ot gsCZ4Y542mfvVmHZ6VO91xM/dfcla9OS4kEFjiV2gPR5t3ck4klfbMkcAIDaeRCdg18Kc= X-IronPort-AV: E=Sophos;i="5.90,224,1643691600"; d="scan'208";a="67073037" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LRg/V0qiiZOR+tfk8fShmtC6nni3ox9nIht/nl0hk32yMQNC+EpfXBwdGXPx/15IvlQ6ILLPMSx4CU0BQpwLLZZQHAGTvqvvOkpZRtxifu3sG64KeDHN6tJUeJhHoqKWlRR7JxXhMULQEB2B+ZSirihX3065cJVAiAnAznssa+eX0I2mulu1jNQMisQE8y3iHNqPmbtGT1o3bCaEEWWVtDmicW1QMKJGYq8Toj8ojiXfxgL8tJljIUM1sOAIItzf5uYLCIfIScYGXuAgIDVpbHBer7HtMkTn73RkV/2Q6nhjpEUQ6orq9xWzdrqsKIteoPCh2VanTlgyagsPLGwWMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8zOs9KQDLyMD6IlI88q5G+0E9Ex/JRqGOGtfaTxdMpA=; b=K22cu1rXxD0HzcBrC9I6RfFizDT5ofQAw00aThVMXX7RKtE2jaFIYTZKRru7z3XH6NOpgsRUom4y8FpLk0kZ/qumd/Hz3xoM/UEGIDlbseM9rogT+B/gTSYZdPwMEgAfsYOr6xdQgjmhIskQy/kFGDGsPQA/cSYxW+pj2G2Lio82lj9joliGvsVKXJdFV0OdfVkB8iN4hkjgdWzosG4YGcPJHIJPszPzg4D7nXkRCqAybSMtaH0ixXb7RSF8A3WiIF6TGleq4QytBCwRUkPG9VxaielE637x5RneEZz24c9aAf4oiYS4R3tofuDpT5KEmO7GHhkrZMJpCyYKcWtObA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8zOs9KQDLyMD6IlI88q5G+0E9Ex/JRqGOGtfaTxdMpA=; b=u53t94ywhRXdl/bf3+JTLJ1Qc3oIzLwRXBa/QygV1dFYNq4RhhO5Cvxn8zfQjftp/nv2LKlU1sK5z3rarraKWvkxB7P0YmAfqEkCzejU8m8wHz+tvF3qX9fCNPxnQod8HeP19TYbG1FScyg2uKfhHnzoEzx+wiUZpnSsw688xz8= From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 2/3] amd/msr: allow passthrough of VIRT_SPEC_CTRL for HVM guests Date: Thu, 31 Mar 2022 11:27:16 +0200 Message-ID: <20220331092717.9023-3-roger.pau@citrix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220331092717.9023-1-roger.pau@citrix.com> References: <20220331092717.9023-1-roger.pau@citrix.com> X-ClientProxiedBy: LO2P265CA0187.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a::31) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 57b4bb55-1c43-445f-cf9f-08da12f8e391 X-MS-TrafficTypeDiagnostic: CY4PR03MB3112:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3/KoITIlkVH07clgCivq/hw/wTfzHFhM2NBa/oB8QyKBpyEelkPhKFjrnFk9ARZJcLOxWRSMAsCnCuGrY1wMdtb45RmDzYlkaKw/lmMO5r+RiUkJeyPSG9BKiziQtklkHeFNOUHO+2WPG8C9DOG9yDehP7UhEaZs0J9590mqrIVCmB29RIe2uOuKVm7JJJlBPk9mkPfhrnVw1PieFfVKANWL9l/ltbKyFK12IrNPUezG78A5MVPuK/UPDDNCgXXeaCdQYkAJqhcTx8W7u3VBf3aSQMh3OPIx1YnurCj/mQYPehPHs1tr+MkOWZ1zu0jjOhtqEV1rR1xY5t4d2TTXvNevDqy2UJiJBLLbDn0Wg350Yjatg+ruKDv4hr+qggGLW1q89U3DLShCJ4ouHWgF/neSeg8WzeqYZ+QbstrEp6v4KjycQW6wBU+psvjZR04PrNRAsZwg07XTDJLg+KWRRoGjeiBZfrFzbtf35s9g5ELxgcKlYXvsHsEySdFEuDvjAbPpFBOX2qYl5x+ApKx7QIktFqub4y2FLM6hcdw/uisvmmKRAWFClov5zRydQSjyI4BadViK1mU27SSEmenIuABQvGzWz7fK5iNSVImYZMpMiujZ7cYnxHzbXiS/dVycHns9nwkJnDH0Kbtx/u28bg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(36756003)(186003)(1076003)(26005)(83380400001)(2906002)(6506007)(2616005)(6666004)(66556008)(5660300002)(54906003)(6512007)(82960400001)(8936002)(6486002)(66476007)(38100700002)(8676002)(6916009)(4326008)(86362001)(316002)(66946007)(508600001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?+YhmJAi2IAw1Ue4fJYam/BH3Aldh?= =?utf-8?q?rsC4YuSTNoYFce4paRb1EjFUAaifKTNktUHTEcs42LK1/5XxJmFLsEqMWtBXcq+X7?= =?utf-8?q?PooEUj814/qOH5pXN+Lyd8XT+rGqJhOIXY4ESEpRtPSyyxLnfGMptywe8/P3PKPky?= =?utf-8?q?ICyvD5gZhXTY8w6GyBQMEzNL923owzR3YCD+FTnGrCNckq/07Yh8B1RaTP4jRIWO+?= =?utf-8?q?vYbeeZccpPus7UGYFbgd5Us2f30IphW9ePNEB6FqoiRWZVbwPHvyDrvkJV38G3W5O?= =?utf-8?q?6fbV/5Cs3spIAR9BsBEXA//wvny4JucXG7QlQ0Xcgtra/fADQQZ0LMVOoGTErx+ZL?= =?utf-8?q?G7NueSqrkInEtbRJJFIGjk8TyAOh5xWBaCMQI/OfFUXoab9bLS37UpkqjVDJsCt5W?= =?utf-8?q?Tl1rMDxPpOKAFt0f+cdZ0SNOoPXwMX7pNcRvk2DJj7gjbCYL3jy3JirBi7fYibHSr?= =?utf-8?q?OGtPji50mC22wmXjPsmBxMvE1f/vhK50VbLUkexdQo3OBMsX81OS8T9+rHiKVK7xH?= =?utf-8?q?S/V4WjM9w9H9KTdV3GOwgEhDcmdA23/Mq9Fo2czYup9fFqSJeyL+15s9TIkhmj91w?= =?utf-8?q?N+jjVtfy/vvrnIlkYAgP9noE20tjttJ+F2V+1+LUPy/ATLUbiquKm6t70ozbXWa9b?= =?utf-8?q?YDa1fNmaLKmxa/rk4kQ1w/IOa0oDupEUX5nX09eLPsWrxZyCGXIpgKXXJFe1mrGYU?= =?utf-8?q?Tgy6HT4reCzHN2CVsCxU9Scty/Tr9N1H7djmb5mfJmqm5yM/byHrLWcM/5OQgutFa?= =?utf-8?q?zgn9NYkVNl/9sANgdU+mywBO+8fjVsP9Y/yOX2Zo254/+T401tLVep44tGFaalqd5?= =?utf-8?q?ntfHj3KPkqeMmvC3BaWcNOQj2r55XhRlrrD//j3bLDre+dXLjkyG9ARa8Mmylyfmq?= =?utf-8?q?rVaunklEWVZdajrkNqSfUE3A+nyWqrnKIJ0qzuLpLf8Ii7wnLPsyZx7vDr/A5TYi9?= =?utf-8?q?7CUEfU//AICqlo39iFAkvAAKWMWHlFmqA3V9gMemcd/8rUAgD+0dQS9gXBO5aKz38?= =?utf-8?q?BRYnEUZhRVC2bQuXrtPtREX9lIKO+nIobQdPrO+MLxgV10oT9kFKbDOO7+qXih5R3?= =?utf-8?q?NLuMxm7yRTA+bFuLvh8zgwc4pc46qJrUAljMXgjoYLlWhonan9visVGnh+w04iQZ+?= =?utf-8?q?onHS4ne093LLAayEv0ZKVkL7zVQoBjwYLk4iZFuklByWqk/riDpNhDMgm9EYkAWYn?= =?utf-8?q?UWuLDOuyqPboRJWlOWIQC0sCwmDZXu4zknvJccE/rtBavAHP3HV/CWEAYYITInuU3?= =?utf-8?q?/QqwBAm4esAJECx2nAD7hkFPrCvoc9qDM8Z6dnYYaHmJl9VEGWMVNlKnLDmdNi88S?= =?utf-8?q?i1bRQ+UWM6hxuhZYbTWaeqeo5aHFBQLmKuHcr5xz6u6iyO5ij2pksGrrA4fOblMQi?= =?utf-8?q?f/TYbrZtVorPvx7kkU1kM7Rk4kzoZAehqfz/3Qa453YL2RxKFtRTvALF8oXPYI2N8?= =?utf-8?q?OmUEnnkPJiVV90mumSqmCFnud/IJgv39mh42Wjxcm6EkxE2HHtHbq53CSKso+4XfQ?= =?utf-8?q?2HrjYQhbFtdfjO5TxJVngwBzOXdhrWcfVv5KkG+5lX/t4HhF4u8lBEJyER6dcfDjP?= =?utf-8?q?EX0X2ZM3cCrCOOGiiBXmQ9BXAtpdhaoVeg3pRSv36a2uyGa70JkrHOFJ96io6bvBq?= =?utf-8?q?RNgDkD1xnlmZ8qgkokZc0CchglM4LlRrWmw00NVfEiQp/gJzSORdg=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 57b4bb55-1c43-445f-cf9f-08da12f8e391 X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2022 09:29:00.7550 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: CiSJ7dMPCEuxLz8UyRBj+W86aeSAXrFhrsZ9zN17P9fWlHCoQEiLr2DCIrAWZ3HT/mND/CSomaxH8LkPSUIxYw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB3112 X-OriginatorOrg: citrix.com Allow HVM guests untrapped access to MSR_VIRT_SPEC_CTRL if the hardware has support for it. This requires adding logic in the vm{entry,exit} paths for SVM in order to context switch between the hypervisor value and the guest one. The added handlers for context switch will also be used for the legacy SSBD support. Introduce a new synthetic feature leaf (X86_FEATURE_VIRT_SC_MSR_HVM) to signal whether VIRT_SPEC_CTRL needs to be handled on guest vm{entry,exit}. This patch changes the annotation 's' to 'S' because it introduces support to expose VIRT_SSBD to guests by default when the host (virtual) hardware also supports it. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- Changes since v2: - Reword part of the commit message regarding annotation change. - Fix MSR intercept. - Add handling of VIRT_SPEC_CTRL to guest_{rd,wr}msr when using VIRT_SSBD also. Changes since v1: - Introduce virt_spec_ctrl vCPU field. - Context switch VIRT_SPEC_CTRL on vmentry/vmexit separately from SPEC_CTRL. --- xen/arch/x86/cpuid.c | 11 ++++++ xen/arch/x86/hvm/svm/entry.S | 6 ++++ xen/arch/x86/hvm/svm/svm.c | 40 +++++++++++++++++++++ xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/include/asm/msr.h | 10 ++++++ xen/arch/x86/msr.c | 16 ++++++--- xen/arch/x86/spec_ctrl.c | 9 ++++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 8 files changed, 89 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 4ca77ea870..91e53284fc 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -534,6 +534,10 @@ static void __init calculate_hvm_max_policy(void) raw_cpuid_policy.basic.sep ) __set_bit(X86_FEATURE_SEP, hvm_featureset); + if ( !boot_cpu_has(X86_FEATURE_VIRT_SC_MSR_HVM) ) + /* Clear VIRT_SSBD if VIRT_SPEC_CTRL is not exposed to guests. */ + __clear_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); + /* * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional * availability, or admin choice), hide the feature. @@ -590,6 +594,13 @@ static void __init calculate_hvm_def_policy(void) guest_common_feature_adjustments(hvm_featureset); guest_common_default_feature_adjustments(hvm_featureset); + /* + * AMD_SSBD if preferred over VIRT_SSBD, so don't expose the later by + * default if the former is available. + */ + if ( boot_cpu_has(X86_FEATURE_AMD_SSBD) ) + __clear_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); + sanitise_featureset(hvm_featureset); cpuid_featureset_to_policy(hvm_featureset, p); recalculate_xstate(p); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 4ae55a2ef6..e2c104bb1e 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -57,6 +57,9 @@ __UNLIKELY_END(nsvm_hap) clgi + ALTERNATIVE "", STR(call vmentry_virt_spec_ctrl), \ + X86_FEATURE_VIRT_SC_MSR_HVM + /* WARNING! `ret`, `call *`, `jmp *` not safe beyond this point. */ /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl @@ -114,6 +117,9 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ + ALTERNATIVE "", STR(call vmexit_virt_spec_ctrl), \ + X86_FEATURE_VIRT_SC_MSR_HVM + stgi GLOBAL(svm_stgi_label) mov %rsp,%rdi diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 64a45045da..40ff28ecf1 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include @@ -610,6 +611,15 @@ static void cf_check svm_cpuid_policy_changed(struct vcpu *v) svm_intercept_msr(v, MSR_SPEC_CTRL, cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* + * Give access to MSR_VIRT_SPEC_CTRL if the guest has been told about it + * and the hardware implements it. + */ + svm_intercept_msr(v, MSR_VIRT_SPEC_CTRL, + cp->extd.virt_ssbd && cpu_has_virt_ssbd && + !cpu_has_amd_ssbd ? + MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); + /* Give access to MSR_PRED_CMD if the guest has been told about it. */ svm_intercept_msr(v, MSR_PRED_CMD, cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW); @@ -3105,6 +3115,36 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) vmcb_set_vintr(vmcb, intr); } +/* Called with GIF=0. */ +void vmexit_virt_spec_ctrl(void) +{ + unsigned int val = opt_ssbd ? SPEC_CTRL_SSBD : 0; + + if ( cpu_has_virt_ssbd ) + { + unsigned int lo, hi; + + /* + * Need to read from the hardware because VIRT_SPEC_CTRL is not context + * switched by the hardware, and we allow the guest untrapped access to + * the register. + */ + rdmsr(MSR_VIRT_SPEC_CTRL, lo, hi); + if ( val != lo ) + wrmsr(MSR_VIRT_SPEC_CTRL, val, 0); + current->arch.msrs->virt_spec_ctrl.raw = lo; + } +} + +/* Called with GIF=0. */ +void vmentry_virt_spec_ctrl(void) +{ + unsigned int val = current->arch.msrs->virt_spec_ctrl.raw; + + if ( val != (opt_ssbd ? SPEC_CTRL_SSBD : 0) ) + wrmsr(MSR_VIRT_SPEC_CTRL, val, 0); +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7413febd7a..2240547b64 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -40,6 +40,7 @@ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +XEN_CPUFEATURE(VIRT_SC_MSR_HVM, X86_SYNTH(28)) /* MSR_VIRT_SPEC_CTRL exposed to HVM */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index ab6fbb5051..460aabe84f 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -375,6 +375,16 @@ struct vcpu_msrs */ uint32_t tsc_aux; + /* + * 0xc001011f - MSR_VIRT_SPEC_CTRL (if !X86_FEATURE_AMD_SSBD) + * + * AMD only. Guest selected value, saved and restored on guest VM + * entry/exit. + */ + struct { + uint32_t raw; + } virt_spec_ctrl; + /* * 0xc00110{27,19-1b} MSR_AMD64_DR{0-3}_ADDRESS_MASK * diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 72c175fd8b..a1e268eea9 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -385,7 +385,10 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) if ( !cp->extd.virt_ssbd ) goto gp_fault; - *val = msrs->spec_ctrl.raw & SPEC_CTRL_SSBD; + if ( cpu_has_amd_ssbd ) + *val = msrs->spec_ctrl.raw & SPEC_CTRL_SSBD; + else + *val = msrs->virt_spec_ctrl.raw; break; case MSR_AMD64_DE_CFG: @@ -678,10 +681,15 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) goto gp_fault; /* Only supports SSBD bit, the rest are ignored. */ - if ( val & SPEC_CTRL_SSBD ) - msrs->spec_ctrl.raw |= SPEC_CTRL_SSBD; + if ( cpu_has_amd_ssbd ) + { + if ( val & SPEC_CTRL_SSBD ) + msrs->spec_ctrl.raw |= SPEC_CTRL_SSBD; + else + msrs->spec_ctrl.raw &= ~SPEC_CTRL_SSBD; + } else - msrs->spec_ctrl.raw &= ~SPEC_CTRL_SSBD; + msrs->virt_spec_ctrl.raw = val & SPEC_CTRL_SSBD; break; case MSR_AMD64_DE_CFG: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f338bfe292..0d5ec877d1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -406,9 +406,12 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || + boot_cpu_has(X86_FEATURE_VIRT_SC_MSR_HVM) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", - boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_VIRT_SPEC_CTRL" : "", + (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || + boot_cpu_has(X86_FEATURE_VIRT_SC_MSR_HVM)) ? " MSR_VIRT_SPEC_CTRL" + : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); @@ -1069,6 +1072,10 @@ void __init init_speculation_mitigations(void) setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } + /* Support VIRT_SPEC_CTRL.SSBD if AMD_SSBD is not available. */ + if ( opt_msr_sc_hvm && !cpu_has_amd_ssbd && cpu_has_virt_ssbd ) + setup_force_cpu_cap(X86_FEATURE_VIRT_SC_MSR_HVM); + /* If we have IBRS available, see whether we should use it. */ if ( has_spec_ctrl && ibrs ) default_xen_spec_ctrl |= SPEC_CTRL_IBRS; diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index b797c6bea1..0639b9faf2 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -265,7 +265,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ -XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /*!s MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /*!S MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ From patchwork Thu Mar 31 09:27:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 12796943 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C99E4C433F5 for ; Thu, 31 Mar 2022 09:29:30 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.296798.505337 (Exim 4.92) (envelope-from ) id 1nZr7H-0006W7-CA; Thu, 31 Mar 2022 09:29:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296798.505337; Thu, 31 Mar 2022 09:29:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr7H-0006Vx-8w; Thu, 31 Mar 2022 09:29:19 +0000 Received: by outflank-mailman (input) for mailman id 296798; Thu, 31 Mar 2022 09:29:17 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZr7F-00057w-Kg for xen-devel@lists.xenproject.org; Thu, 31 Mar 2022 09:29:17 +0000 Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com [216.71.155.175]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 078302f6-b0d5-11ec-a405-831a346695d4; Thu, 31 Mar 2022 11:29:15 +0200 (CEST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 078302f6-b0d5-11ec-a405-831a346695d4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1648718955; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=c5A7oIriEvC0cGBbEld53uU0PBaaj0rfbtF3sBKzgsc=; b=R0b4lnJSgvIRoDHzGad5BszSC2BSy7vicKHlecNvMXTYjv7IY8rOus+c zhkS1QLl1nenAnT8lOWum3FKDMYiYZB4/9OwXWqILFsrN7Cxa+AaMh1rV ADsFtbfzmje8/dBvAQD7ckpgNALlZJr53zi+z/hYpSMBw7C0I1jTye8GB c=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 67539612 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:veW5h6gM68gxNXnct1mPywiqX161dhAKZh0ujC45NGQN5FlHY01je htvUGmDb/2CMzamedp2YN7goxlUvMCAzodgHQNsrC40RX8b9cadCdqndUqhZCn6wu8v7a5EA 2fyTvGacajYm1eF/k/F3oDJ9CU6jefSLlbFILas1hpZHGeIcw98z0M78wIFqtQw24LhWFjU4 YqaT/D3YzdJ5RYlagr41IrbwP9flKyaVOQw5wFWiVhj5TcyplFNZH4tDfjZw0jQG+G4KtWSV efbpIxVy0uCl/sb5nFJpZ6gGqECaua60QFjERO6UYD66vRJjnRaPqrWqJPwwKqY4tmEt4kZ9 TlDiXC/YRwXYaOcm8A0aAJ3TBpMZKEa5pDrMXfq5KR/z2WeG5ft6/BnDUVwNowE4OdnR2pJ8 JT0KhhUMErF3bjvhuvmFK883azPL+GyVG8bkmtnwjzDS+4vXLjIQrnQ5M8e1zA17ixLNaiBO pFIN2M1BPjGSyJLCEU0JooVoNn2vUvQcBwHmVOVh7VitgA/yyQuieOwYbI5YOeiWsF9jkue4 GXc8AzRABsXKdiewjqt6W+3i6nEmiaTcJIfEvi0++BnhHWXx3cPE1sGWF2ju/67h0WiHdVFJ CQpFjEG9PZoshbxF5+kAkP+8CXsUgMgt8R4CNNl5lGO7oPv+CnGPVpdQmJfR/A2u5pjLdA17 WOhk9TsDD1plbSaT3OB67uZxQ+P1TgpwXwqPnFdE1ZcizX3iMRq10+UEI4/eEKgpoetcQwc1 Qxmu8TXa187qccQn5u28lnc695HjsiYF1Vljuk7s4/M0++YWGJHT9HwgbQ4xawZRGp8crVnl CJe8yR5xLpSZaxhbATXHI0w8EiBvp5pygH0j191BIUG/D+w4XOldo04yGggeBc3bJtbJ2W0P xK7VeZtCHl7ZiHCgUhfOd/ZNijX5fK4SYSNug78MLKinaSdhCfYpXozNCZ8LkjmkVQ2kLFXB HtoWZ3EMJruMow+lGDeb75EidcDn3lirUuOFcGT50n2itK2OS/KIYrpxXPTN4jVGovf+16Lm zueXuPXoyhivBrWOXePq9dJfQFXdRDWx/ne8qRqSwJKGSI/cEkJAP7N27IxPYtjmqVejODT+ X+hHERfzTLCabfvcFzihqxLAF83YatCkA== IronPort-HdrOrdr: A9a23:2dF9Y6trh1B0lQASU+QIUQco7skDctV00zEX/kB9WHVpm6uj5q eTdZUgpHvJYVMqM03I9urtBEDtexzhHP1OgbX5X43NYOCOggLBRuxfBODZogHIKmnT8fNcyL clU4UWMqyUMbGit7eY3OBvKadD/OW6 X-IronPort-AV: E=Sophos;i="5.90,224,1643691600"; d="scan'208";a="67539612" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HpLmc0/tjlz15C+5QsU5BPWMrreIlg87qk2h1hAwvKFMA4JSMnIiJ+bed7qbcz7O/3ibR6hod9CIpUb1++hxfFr+jdmhk/v2i7bJeAV/hgI5a+GclmOYWwh0xxR83Pq1c1s+rRkHhPzJhTi3LSAvTg8EFvcimvw4cVu2z0L2voxMBQzrg+6gsvEEAjkERwSVBSG31KrJf695EvBvSJQbAI8wJD5YFgRNhBSRPAr0gVuaDHMYs14e9Uu+RTimgvtTlUc90oh3eqsmQRp0WTP2N4JbDYV+ZA/4DdWRn8nSEVTY3CMX/Iwrx2+qJtzP5O2XzqzlLMPB52p/Thmnc691zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O5Fvyon9pP8jficILgXhOuMiNAjcLMUPifEHs+FbT5Q=; b=m00sqj2yWV4/MJH+wrIfSyPL0A3m0F/tcXHvOwnsnyJVuxUBhIm/PwkbFdItvM3R4qZSYv3Rc9U4GgZ1Zudxqi/E09PbYkFJT9ttUXlgzGfkHToEhM0GiU0H1RKi/gxqcJHMVJmUFVht6LpqcKMHUgbr1ecalahNPq1aO2yY6fNoeDcD0oHpXJZ6WqwwCwq78y2kWebFU4e4wsxd88WTLA/m3q4EkbDk/I5avgOi7OEdjp0JEZUNxvKyG7fJ9p+CDnRNSeMFLQRpDKRNYr0ldfjifUeyvDJKl1mFoy3GsefxnMk11Rz4lE51RLNyOFySDJ7iyUtimbbYq+/eLehcow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O5Fvyon9pP8jficILgXhOuMiNAjcLMUPifEHs+FbT5Q=; b=dsg/0MDuWbreaQ5P93GNc1j1Gm9WOp/mw+2G3FHE5SP+JsVg7eJBJHKI2DQS0SRdrD1rgGA0LCeJ7wuwY+w+tBm7uSwz8urziQAtEC47scdNRTuEHYwRhENCOwJ35my1AP+Z7v7zhLlqkBBLIEdiyK3wUHjodfQZKlERkglAn+E= From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 3/3] amd/msr: implement VIRT_SPEC_CTRL for HVM guests using legacy SSBD Date: Thu, 31 Mar 2022 11:27:17 +0200 Message-ID: <20220331092717.9023-4-roger.pau@citrix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220331092717.9023-1-roger.pau@citrix.com> References: <20220331092717.9023-1-roger.pau@citrix.com> X-ClientProxiedBy: LO2P265CA0225.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:b::21) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd6ae490-2884-4e34-8165-08da12f8e6ff X-MS-TrafficTypeDiagnostic: CY4PR03MB3112:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PHUojfE4w+p6R5/PzlOPH07MTcALZzXZyONewvPPLNyEFx+AgpvUG0DQ64rqf/VsfNT0DsRYgODWgKCd3GURIhvLReo1J8SL9jZijRCt2OxXRZzTaTA6VX8F+LHvrCB0YuMl0feRLWeRhEyem2Kq/9xp81qyHS+3MVWnqH0PULQMzM9X48JTEo2yFOXmADC5xfhxyaHIKAXTec4wDteBGt/FOu1mSe7wkLig/lQALAMoRT0hG+AJ3H6jheqtynLFgcSfQAm/iLYw63+Mq7NqvEUIeCdFNqelLJq/kg9rJhtkQ31+psTH6RlhK9FM/7QUDox28Gr2AU83I/oHI56g+VsMrqkc8FymcKOBBMhrk+eQJy+JtAZBTtGXKHSI+cy5SPPSVP9Zg2gDTJ/2LaHD6UcSG9/nHyux4b/LcOrc6J8g1CHO91A+3ZIw+YQxV8vMxBG7Bj4pazuGrHskCxPF0wGsQdVPqhdzNfRR6UoI+bkWbgdsPSxcDK3iV3UGKBJ9ILR3jBmCj5y1AcdXxvElAIJIbuB0een51RPRiVS4SJuo/1cAd5925lvlqc3JahAYXYSQMpXJPRnXpMwT6j6nqqYgYRoSDiE/tTa69urL2VuxTEWVaWFcIBQDe9LDmuTL4aK+z60u/7Q6NJXZFYFj5h6Aj7BppnTUCOQ6mIM2oh89/EG3RzsqE+8th/6fzY71obdXg2sVEvH8dYGSnehU071wJ6fx9fsRLJiWUI3qpcQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(36756003)(186003)(1076003)(26005)(83380400001)(2906002)(6506007)(2616005)(6666004)(66556008)(5660300002)(54906003)(6512007)(82960400001)(8936002)(6486002)(966005)(66476007)(38100700002)(8676002)(6916009)(4326008)(86362001)(316002)(66946007)(508600001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?57KixuUhs7ZLv8koTXOz58YfxefQ?= =?utf-8?q?Tj07vGM8qlzRZXOPwuYtBRa4wwDc43eWTyw/gqw+0CgH+2E4Inn+N//FtA/dLBHRc?= =?utf-8?q?ja47D8F5F1SsGgTUY4VWkfQpgOP7dx6oKHUtzjS2z5Xga1HThbe9zws7GwFtl+mNP?= =?utf-8?q?NjeX0bL/rAddIRnHmEANeCHuqOgwaP6OghmbJi2LcXDniZn7XenDoRF0EFRPB8R7B?= =?utf-8?q?31qnoqzo37JanSvkgckW3tma3UEiHTL2OSHnq0eFXWXV8gwIsx68zkXd/gOQVrLlX?= =?utf-8?q?QG3h3YPa8A8MCy3UxX9GKMLInkMgCy3QJGQGXQKqRCo0rZTRSjhjttzN0DxYcF6Sz?= =?utf-8?q?PwsCI4/W0oI/UivJiEijgA8EKDgNHJUZ3XoFIHU8G1CguoCrUPPRCXMsZVOXUUFEe?= =?utf-8?q?ucj2KNru83dZ093jSYKE28duPn7NsHIi3rrOuukwzarQX0XQbV+pFicMVKdB+vqg7?= =?utf-8?q?4cKKJR/78XfgReawnTpIi8BXmGXkKv8AxnA8txkcJbGsc9PhSpL9GhJNeb0fn4vj6?= =?utf-8?q?MMnV4UrHtqFWFlP4hJ0PdWEUoM1OrCjvUYWm8tLp+X+fxRj/cAVeItWLYRUVMynFc?= =?utf-8?q?hKX4kXtHg9R5FmgI+ltcIzTwUQ0fz4xJze6xk/P61e96QEKo0sBSo9StxzFTNfk4x?= =?utf-8?q?N6bTJ9Fal483FCfBcdXuUdf+WE450V2I7odzmIvTv8IYGykMcVzGDpM7MjtOirrjM?= =?utf-8?q?Z4i/xairhssqbGlm6rmBlkN81jeU/T7fT8kFpcyRovcr16N09T9BhsubhDQywekuP?= =?utf-8?q?uImgiB4kONVxKrslEfPjWUzlJtaJQJihodpksZGHqxz5Z6YkiPcxKB1pWR/6KJxm+?= =?utf-8?q?bKcAF96sMaL3N421OviMFJDYck+evOXwGzl4luXm/DCideLzDocERDaTWeMqcGt/Z?= =?utf-8?q?BMpx5LRNGL6eTPku/aNAtihj/sR2kFOL6ShyAGwdY29rnJyZZYfsF4uTUvkPDHzsM?= =?utf-8?q?moLKCb8oikQ/MyZZItGZAduNpnSyGYDnvcJyp2xvsoU1rRVMlkKFSlkyvQ5AYH0BS?= =?utf-8?q?maU2d3Oq7e3QVfLl3/VYoW3yX7ajTf/3PeAYAAEMniMtwz/H7Gdkl+O9vr/72m6bb?= =?utf-8?q?YMK3uh3rAGpihw4q3gkR/aQDaWTAbrETBrBE7jbXwoWRPvJ3rPS2J6YcirToLmdKQ?= =?utf-8?q?yzx2tzBqEgNCG3I517Jtbjw7+kwUAJ5W5prgsNQRaDkZRtIdPanIvEDIap0AX5DCb?= =?utf-8?q?hN0rdptwCLn4Rw0iyl0PNt8VbvCh1fhwjZ3Fg/Hc0kTRi3FRccMYkZYutFhwmBw0f?= =?utf-8?q?FnthlG8U4iYnIgs/FWYw0oZUJFz9rBP8TR30ScV4P1Uj2ZMcYiySjveWYSPzQaK9k?= =?utf-8?q?cmcPDjjOOMd5ONtBKefv+rz9sEy7qD+TcXwebUiGwPXfnh9E2IfmFIeiLlOgEOFCe?= =?utf-8?q?HACec6JiPLT7PbvK6LVabFIZoQS2dbr38IBb5fqYsOMTPd4ofkxXN4eJ62Bq7wiDn?= =?utf-8?q?hH2nme5OulyECOoS8O42RvyAo0PKQkDuxEoO/zmiXIg4agTHDcVcPVqhZfba9msZn?= =?utf-8?q?/tivGGUzUAsypMCm9Hz/p/SpkBELjFcMdd9fpv1/9diDaRjkMfHAFIgJZHsc25DlX?= =?utf-8?q?P3vffrTcg0sbjT5nY0PLgpFU8R4YWHbDXdlSB8qPQ2YmM1lfHwm++J0TWn994zQnP?= =?utf-8?q?Xm91TP+2eYCqCgxM14Yyf+MlD+1SGCEnx5dkrGF+ruYJlm5K2B1fQ=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: cd6ae490-2884-4e34-8165-08da12f8e6ff X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Mar 2022 09:29:06.4758 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eKLy/wCHLyW8HTqC4qb3GrGfBg2QQMNthzETkWl7URg1q334ui4ju5XpYHKS7RhdWge+ASShJPqYVEE1/1Gx0w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB3112 X-OriginatorOrg: citrix.com Expose VIRT_SSBD to guests if the hardware supports setting SSBD in the LS_CFG MSR (a.k.a. non-architectural way). Different AMD CPU families use different bits in LS_CFG, so exposing VIRT_SPEC_CTRL.SSBD allows for an unified way of exposing SSBD support to guests on AMD hardware that's compatible migration wise, regardless of what underlying mechanism is used to set SSBD. Note that on AMD Family 17h (Zen 1) the value of SSBD in LS_CFG is shared between threads on the same core, so there's extra logic in order to synchronize the value and have SSBD set as long as one of the threads in the core requires it to be set. Such logic also requires extra storage for each thread state, which is allocated at initialization time. Do the context switching of the SSBD selection in LS_CFG between hypervisor and guest in the same handler that's already used to switch the value of VIRT_SPEC_CTRL in the hardware when supported. Suggested-by: Andrew Cooper Signed-off-by: Roger Pau Monné --- Changes since v2: - Fix codding style issues. - Use AMD_ZEN1_MAX_SOCKETS to define the max number of possible sockets in Zen1 systems. Changes since v1: - Report legacy SSBD support using a global variable. - Use ro_after_init for ssbd_max_cores. - Handle boot_cpu_data.x86_num_siblings < 1. - Add comment regarding _irqsave usage in amd_set_legacy_ssbd. --- xen/arch/x86/cpu/amd.c | 116 ++++++++++++++++++++++++++++----- xen/arch/x86/cpuid.c | 10 +++ xen/arch/x86/hvm/svm/svm.c | 12 +++- xen/arch/x86/include/asm/amd.h | 4 ++ xen/arch/x86/spec_ctrl.c | 4 +- 5 files changed, 127 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 4999f8be2b..a256a9d882 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -48,6 +48,7 @@ boolean_param("allow_unsafe", opt_allow_unsafe); /* Signal whether the ACPI C1E quirk is required. */ bool __read_mostly amd_acpi_c1e_quirk; +bool __ro_after_init amd_legacy_ssbd; static inline int rdmsr_amd_safe(unsigned int msr, unsigned int *lo, unsigned int *hi) @@ -685,23 +686,10 @@ void amd_init_lfence(struct cpuinfo_x86 *c) * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf */ -void amd_init_ssbd(const struct cpuinfo_x86 *c) +static bool set_legacy_ssbd(const struct cpuinfo_x86 *c, bool enable) { int bit = -1; - if (cpu_has_ssb_no) - return; - - if (cpu_has_amd_ssbd) { - /* Handled by common MSR_SPEC_CTRL logic */ - return; - } - - if (cpu_has_virt_ssbd) { - wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); - return; - } - switch (c->x86) { case 0x15: bit = 54; break; case 0x16: bit = 33; break; @@ -715,20 +703,114 @@ void amd_init_ssbd(const struct cpuinfo_x86 *c) if (rdmsr_safe(MSR_AMD64_LS_CFG, val) || ({ val &= ~mask; - if (opt_ssbd) + if (enable) val |= mask; false; }) || wrmsr_safe(MSR_AMD64_LS_CFG, val) || ({ rdmsrl(MSR_AMD64_LS_CFG, val); - (val & mask) != (opt_ssbd * mask); + (val & mask) != (enable * mask); })) bit = -1; } - if (bit < 0) + return bit >= 0; +} + +void amd_init_ssbd(const struct cpuinfo_x86 *c) +{ + if (cpu_has_ssb_no) + return; + + if (cpu_has_amd_ssbd) { + /* Handled by common MSR_SPEC_CTRL logic */ + return; + } + + if (cpu_has_virt_ssbd) { + wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0); + return; + } + + if (!set_legacy_ssbd(c, opt_ssbd)) { printk_once(XENLOG_ERR "No SSBD controls available\n"); + if (amd_legacy_ssbd) + panic("CPU feature mismatch: no legacy SSBD\n"); + } else if (c == &boot_cpu_data) + amd_legacy_ssbd = true; +} + +static struct ssbd_core { + spinlock_t lock; + unsigned int count; +} *ssbd_core; +static unsigned int __ro_after_init ssbd_max_cores; +#define AMD_ZEN1_MAX_SOCKETS 2 + +bool __init amd_setup_legacy_ssbd(void) +{ + unsigned int i; + + if (boot_cpu_data.x86 != 0x17 || boot_cpu_data.x86_num_siblings <= 1) + return true; + + /* + * One could be forgiven for thinking that c->x86_max_cores is the + * correct value to use here. + * + * However, that value is derived from the current configuration, and + * c->cpu_core_id is sparse on all but the top end CPUs. Derive + * max_cpus from ApicIdCoreIdSize which will cover any sparseness. + */ + if (boot_cpu_data.extended_cpuid_level >= 0x80000008) { + ssbd_max_cores = 1u << MASK_EXTR(cpuid_ecx(0x80000008), 0xf000); + ssbd_max_cores /= boot_cpu_data.x86_num_siblings; + } + if (!ssbd_max_cores) + return false; + + /* Max is two sockets for Fam17h hardware. */ + ssbd_core = xzalloc_array(struct ssbd_core, + ssbd_max_cores * AMD_ZEN1_MAX_SOCKETS); + if (!ssbd_core) + return false; + + for (i = 0; i < ssbd_max_cores * AMD_ZEN1_MAX_SOCKETS; i++) { + spin_lock_init(&ssbd_core[i].lock); + /* Record initial state, also applies to any hotplug CPU. */ + if (opt_ssbd) + ssbd_core[i].count = boot_cpu_data.x86_num_siblings; + } + + return true; +} + +void amd_set_legacy_ssbd(bool enable) +{ + const struct cpuinfo_x86 *c = ¤t_cpu_data; + struct ssbd_core *core; + unsigned long flags; + + if (c->x86 != 0x17 || c->x86_num_siblings <= 1) { + BUG_ON(!set_legacy_ssbd(c, enable)); + return; + } + + BUG_ON(c->phys_proc_id >= AMD_ZEN1_MAX_SOCKETS); + BUG_ON(c->cpu_core_id >= ssbd_max_cores); + core = &ssbd_core[c->phys_proc_id * ssbd_max_cores + c->cpu_core_id]; + /* + * Use irqsave variant to make check_lock() happy. When called from + * vm{exit,entry}_virt_spec_ctrl GIF=0, but the state of IF could be 1, + * thus fooling the spinlock check. + */ + spin_lock_irqsave(&core->lock, flags); + core->count += enable ? 1 : -1; + ASSERT(core->count <= c->x86_num_siblings); + if (enable ? core->count == 1 : !core->count) + BUG_ON(!set_legacy_ssbd(c, enable)); + spin_unlock_irqrestore(&core->lock, flags); } void __init detect_zen2_null_seg_behaviour(void) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 91e53284fc..e278fee689 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -537,6 +537,16 @@ static void __init calculate_hvm_max_policy(void) if ( !boot_cpu_has(X86_FEATURE_VIRT_SC_MSR_HVM) ) /* Clear VIRT_SSBD if VIRT_SPEC_CTRL is not exposed to guests. */ __clear_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); + else + /* + * Expose VIRT_SSBD if VIRT_SPEC_CTRL is supported, as that implies the + * underlying hardware is capable of setting SSBD using + * non-architectural way or VIRT_SSBD is available. + * + * Note that if the hardware supports VIRT_SSBD natively this setting + * will just override an already set bit. + */ + __set_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); /* * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 40ff28ecf1..9b8f8d21bd 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -3133,7 +3133,12 @@ void vmexit_virt_spec_ctrl(void) if ( val != lo ) wrmsr(MSR_VIRT_SPEC_CTRL, val, 0); current->arch.msrs->virt_spec_ctrl.raw = lo; + + return; } + + if ( val != current->arch.msrs->virt_spec_ctrl.raw ) + amd_set_legacy_ssbd(val & SPEC_CTRL_SSBD); } /* Called with GIF=0. */ @@ -3142,7 +3147,12 @@ void vmentry_virt_spec_ctrl(void) unsigned int val = current->arch.msrs->virt_spec_ctrl.raw; if ( val != (opt_ssbd ? SPEC_CTRL_SSBD : 0) ) - wrmsr(MSR_VIRT_SPEC_CTRL, val, 0); + { + if ( cpu_has_virt_ssbd ) + wrmsr(MSR_VIRT_SPEC_CTRL, val, 0); + else + amd_set_legacy_ssbd(val & SPEC_CTRL_SSBD); + } } /* diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h index a82382e6bf..6a42f68542 100644 --- a/xen/arch/x86/include/asm/amd.h +++ b/xen/arch/x86/include/asm/amd.h @@ -151,4 +151,8 @@ void check_enable_amd_mmconf_dmi(void); extern bool amd_acpi_c1e_quirk; void amd_check_disable_c1e(unsigned int port, u8 value); +extern bool amd_legacy_ssbd; +bool amd_setup_legacy_ssbd(void); +void amd_set_legacy_ssbd(bool enable); + #endif /* __AMD_H__ */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0d5ec877d1..495e6f9405 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -1073,7 +1074,8 @@ void __init init_speculation_mitigations(void) } /* Support VIRT_SPEC_CTRL.SSBD if AMD_SSBD is not available. */ - if ( opt_msr_sc_hvm && !cpu_has_amd_ssbd && cpu_has_virt_ssbd ) + if ( opt_msr_sc_hvm && !cpu_has_amd_ssbd && + (cpu_has_virt_ssbd || (amd_legacy_ssbd && amd_setup_legacy_ssbd())) ) setup_force_cpu_cap(X86_FEATURE_VIRT_SC_MSR_HVM); /* If we have IBRS available, see whether we should use it. */