tools/libxl/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 3 ++- xen/arch/x86/msr.c | 6 ++++++ xen/include/asm-x86/msr-index.h | 8 ++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 ++ 5 files changed, 20 insertions(+), 1 deletion(-)
The CET spec has been published and guest kernels are starting to get support.
Introduce the CPUID and MSRs, and fully block the MSRs from guest use.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
---
tools/libxl/libxl_cpuid.c | 2 ++
tools/misc/xen-cpuid.c | 3 ++-
xen/arch/x86/msr.c | 6 ++++++
xen/include/asm-x86/msr-index.h | 8 ++++++++
xen/include/public/arch-x86/cpufeatureset.h | 2 ++
5 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c
index b4f6fd590d..00262a3f8f 100644
--- a/tools/libxl/libxl_cpuid.c
+++ b/tools/libxl/libxl_cpuid.c
@@ -201,6 +201,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
{"pku", 0x00000007, 0, CPUID_REG_ECX, 3, 1},
{"ospke", 0x00000007, 0, CPUID_REG_ECX, 4, 1},
{"avx512-vbmi2", 0x00000007, 0, CPUID_REG_ECX, 6, 1},
+ {"cet-ss", 0x00000007, 0, CPUID_REG_ECX, 7, 1},
{"gfni", 0x00000007, 0, CPUID_REG_ECX, 8, 1},
{"vaes", 0x00000007, 0, CPUID_REG_ECX, 9, 1},
{"vpclmulqdq", 0x00000007, 0, CPUID_REG_ECX, 10, 1},
@@ -213,6 +214,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
{"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1},
{"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1},
{"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1},
+ {"cet-ibt", 0x00000007, 0, CPUID_REG_EDX, 20, 1},
{"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1},
{"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1},
{"l1d-flush", 0x00000007, 0, CPUID_REG_EDX, 28, 1},
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index 585b530b21..ff36d8cee1 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -123,7 +123,7 @@ static const char *const str_7c0[32] =
[ 0] = "prefetchwt1", [ 1] = "avx512_vbmi",
[ 2] = "umip", [ 3] = "pku",
[ 4] = "ospke", [ 5] = "waitpkg",
- [ 6] = "avx512_vbmi2",
+ [ 6] = "avx512_vbmi2", [ 7] = "cet-ss",
[ 8] = "gfni", [ 9] = "vaes",
[10] = "vpclmulqdq", [11] = "avx512_vnni",
[12] = "avx512_bitalg",
@@ -163,6 +163,7 @@ static const char *const str_7d0[32] =
/* 12 */ [13] = "tsx-force-abort",
[18] = "pconfig",
+ [20] = "cet-ibt",
[26] = "ibrsb", [27] = "stibp",
[28] = "l1d_flush", [29] = "arch_caps",
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index b4a1ab0fa6..dcacae58de 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -167,6 +167,9 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val)
case MSR_CORE_CAPABILITIES:
case MSR_TSX_FORCE_ABORT:
case MSR_TSX_CTRL:
+ case MSR_U_CET:
+ case MSR_S_CET:
+ case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE:
case MSR_AMD64_LWP_CFG:
case MSR_AMD64_LWP_CBADDR:
case MSR_PPIN_CTL:
@@ -324,6 +327,9 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
case MSR_TEST_CTRL:
case MSR_TSX_FORCE_ABORT:
case MSR_TSX_CTRL:
+ case MSR_U_CET:
+ case MSR_S_CET:
+ case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE:
case MSR_AMD64_LWP_CFG:
case MSR_AMD64_LWP_CBADDR:
case MSR_PPIN_CTL:
diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
index bb4e601445..85c5f20b76 100644
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -66,6 +66,14 @@
#define TSX_CTRL_RTM_DISABLE (_AC(1, ULL) << 0)
#define TSX_CTRL_CPUID_CLEAR (_AC(1, ULL) << 1)
+#define MSR_U_CET 0x000006a0
+#define MSR_S_CET 0x000006a2
+#define MSR_PL0_SSP 0x000006a4
+#define MSR_PL1_SSP 0x000006a5
+#define MSR_PL2_SSP 0x000006a6
+#define MSR_PL3_SSP 0x000006a7
+#define MSR_INTERRUPT_SSP_TABLE 0x000006a8
+
/*
* Legacy MSR constants in need of cleanup. No new MSRs below this comment.
*/
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
index 295b2b7aa8..c061133282 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -229,6 +229,7 @@ XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode Instruction Prevention */
XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */
XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */
XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector Byte Manipulation Instrs */
+XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */
XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */
XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */
XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less Multiplication Instrs */
@@ -255,6 +256,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single
XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */
XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */
XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */
+XEN_CPUFEATURE(CET_IBT, 6*32+20) /* CET - Indirect Branch Tracking */
XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */
XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */
XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /* IA32_ARCH_CAPABILITIES MSR */
--
2.11.0
On Mon, Apr 20, 2020 at 08:08:29PM +0100, Andrew Cooper wrote: > The CET spec has been published and guest kernels are starting to get support. > Introduce the CPUID and MSRs, and fully block the MSRs from guest use. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wl@xen.org>
On 20.04.2020 21:08, Andrew Cooper wrote: > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -229,6 +229,7 @@ XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode Instruction Prevention */ > XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */ > XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */ > XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector Byte Manipulation Instrs */ > +XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */ > XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */ > XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */ > XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less Multiplication Instrs */ > @@ -255,6 +256,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single > XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ > XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ > XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ > +XEN_CPUFEATURE(CET_IBT, 6*32+20) /* CET - Indirect Branch Tracking */ s/6/9/, moved up a line, and then Reviewed-by: Jan Beulich <jbeulich@suse.com> I take it you intentionally don't mean to add #CP related bits yet, first and foremost TRAP_control_flow or some such, as well as its error code bits? Nor definitions for the bits within the MSRs you add, nor XSAVE pieces? Jan
On 21/04/2020 08:11, Jan Beulich wrote: > On 20.04.2020 21:08, Andrew Cooper wrote: >> --- a/xen/include/public/arch-x86/cpufeatureset.h >> +++ b/xen/include/public/arch-x86/cpufeatureset.h >> @@ -229,6 +229,7 @@ XEN_CPUFEATURE(UMIP, 6*32+ 2) /*S User Mode Instruction Prevention */ >> XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */ >> XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */ >> XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector Byte Manipulation Instrs */ >> +XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */ >> XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */ >> XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */ >> XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less Multiplication Instrs */ >> @@ -255,6 +256,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single >> XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ >> XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ >> XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ >> +XEN_CPUFEATURE(CET_IBT, 6*32+20) /* CET - Indirect Branch Tracking */ > s/6/9/, moved up a line, and then Oops. I only spotted during final review that CET-SS and CET-IBT are in different feature leaves, then failed at adjusting the CET-IBT adequately. > Reviewed-by: Jan Beulich <jbeulich@suse.com> Thanks, > > I take it you intentionally don't mean to add #CP related bits yet, > first and foremost TRAP_control_flow or some such, as well as its > error code bits? Nor definitions for the bits within the MSRs you > add, nor XSAVE pieces? Those pieces aren't necessary to hide the MSRs, whereas this patch wants backporting in due course. Every "make the MSRs have correct architectural properties" will until MSR handling is fixed properly (and by this, I mean no default cases which leak state/availability, or discard writes). ~Andrew
© 2016 - 2024 Red Hat, Inc.