target/i386: introduce ITS_NO to several models

[PATCH 3/5] target/i386: introduce GraniteRapids-v4 to expose ITS_NO

Posted by Jon Kohler 1 week ago

Expose ITS_NO by default, as users using Granite Rapids and higher
CPU models would not be able to live migrate to lower CPU hosts due to
missing features. In that case, they would not be vulnerable to ITS.

its-no was originally added on [1], but needs to be exposed on the
individual CPU models for the guests to see by default.

[1] 74978391b2da ("target/i386: Make ITS_NO available to guests")

Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
---
 target/i386/cpu.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e579b790e0..afbfe11733 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5282,6 +5282,15 @@ static const X86CPUDefinition builtin_x86_defs[] = {
                     { /* end of list */ },
                 }
             },
+            {
+                .version = 4,
+                .note = "with ITS_NO",
+                .cache_info = &xeon_gnr_cache_info,
+                .props = (PropValue[]) {
+                    { "its-no", "on" },
+                    { /* end of list */ },
+                }
+            },
             { /* end of list */ },
         },
     },
-- 
2.43.0

[PATCH 1/5] target/i386: Add MSR_IA32_ARCH_CAPABILITIES ITS_NO
[PATCH 2/5] target/i386: introduce SapphireRapids-v5 to expose ITS_NO
[PATCH 3/5] target/i386: introduce GraniteRapids-v4 to expose ITS_NO
[PATCH 4/5] target/i386: introduce SierraForest-v4 to expose ITS_NO
[PATCH 5/5] target/i386: introduce ClearwaterForest-v2 to expose ITS_NO