From nobody Sat May 4 19:34:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1658261340; cv=none; d=zohomail.com; s=zohoarc; b=GG+UX6hDhh11u9YKIKR3VN81XzIo7kuDomQoxgIJBM7BY5331jRxoexxhMy4u0dRi2k6ZjewiI5pVb/L9lXk06conu29NA8aYimj/J1dXKtzL4SPu5llBligGWtzn9K7XV357P/JkEOZ7BqHuioJE9/gx/EEugla5gyoeu5rR80= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658261340; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=vk644Lja/mvPWFdI7/cp75V/rxQwtcwBZ/WnM74etDI=; b=ItXs4Bxxft6QcuntLwIqwHgsKNOSun65RwmE4idDS6TQM6dphhDJZXupZdqPN5DPtu1TLbH56Ee7xcFukpFVpWokIAwoSRSoz9pRNbVeOAF9QLMixi88gdBudLfebycLA5sLzvaFjfoLeTN0n6FzfMatp2Xolju1l7wAbxTSuZ8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1658261340007450.8461373432392; Tue, 19 Jul 2022 13:09:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.371145.602977 (Exim 4.92) (envelope-from ) id 1oDtW5-0005gI-Pu; Tue, 19 Jul 2022 20:08:25 +0000 Received: by outflank-mailman (output) from mailman id 371145.602977; Tue, 19 Jul 2022 20:08:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDtW5-0005gB-Mv; Tue, 19 Jul 2022 20:08:25 +0000 Received: by outflank-mailman (input) for mailman id 371145; Tue, 19 Jul 2022 20:08:24 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDtW4-0005g5-5M for xen-devel@lists.xenproject.org; Tue, 19 Jul 2022 20:08:24 +0000 Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [2607:f8b0:4864:20::732]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8a42efc0-079e-11ed-924f-1f966e50362f; Tue, 19 Jul 2022 22:08:23 +0200 (CEST) Received: by mail-qk1-x732.google.com with SMTP id m16so7909192qka.12 for ; Tue, 19 Jul 2022 13:08:23 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:b68c:61:1ba8:65b6]) by smtp.gmail.com with ESMTPSA id g3-20020a05620a40c300b006b5ee4de4fbsm5789509qko.37.2022.07.19.13.08.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Jul 2022 13:08:20 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8a42efc0-079e-11ed-924f-1f966e50362f DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vk644Lja/mvPWFdI7/cp75V/rxQwtcwBZ/WnM74etDI=; b=NslfdsnjmFJgi4tud+4/p+a+4qFgyVz5ao0zTmxhBEpQUI8JUesTnEn9KP/Eaiv52i anPLl99GDLAdyawp2Bz4ogBTmeazEuX45VAn7m28nWiwXPDQFMqgjjpZpO+xPfgvDCaV 58YmO7alnnJJlIeVE+0GQY9tXb41qC6XtxdfVd+X1A3GioFCT2N5V8DTmStGKKTFLeHt Y8+pNYT4ZnFaoiC3FhF9WH9jsuFl00CjMXuEZoGkHCRjbzaifjDiIbCZ0i8zdC3yRh2b Xg6S9Jmw/800mLiwnoOb9/OKC5X5ukrpp8sOgY5x3tGiMnvCRCUD1RNI1BEhEtKuJLTH Zm8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vk644Lja/mvPWFdI7/cp75V/rxQwtcwBZ/WnM74etDI=; b=e/UKfKHyC22IyRU+rzv/TrmvYypTgEquqJWbPs9vZo8m+WArekHrAFtM0sYIg1Cep+ OSr8zvlfOSrQc2HtnTJZ1rGPr1jMjSp7xE3pX+OBQxHyuQDiuEMcxVbYnGudI+NpdG6n lU7aYXhc6FE7KfZvmJlh755R8VPuv16DyUX7s1M4PEJSvoSkuGCUMqhN/c0evMxwDKCk sAzhwikgFP0HvDfJXLWJRmUXZjBj37m6/EBbxLrTy4CdkE+YstHam9lWdlyMy5gZf/Et au8zB+eEqT9BG6gIrSGNgO2UnU4t9BQ13h+3imsbCaAHFdJyih/oWuN0HRl8kZLjqVm7 6ruQ== X-Gm-Message-State: AJIora/AqrZh1qHtxRetc++YZ6JA3kinVsi2QC6/fVN+sBjTkO8wJGEq 2grjzCP4sWVidiWYL0kpu5JfXmSpvcQ= X-Google-Smtp-Source: AGRyM1turHQnSVWDYwsKayK4cI+X2TFxzbe8/wcxb/GlnmcMMdDoofJ65IDk1BAqD2sDp8Vbod3wPg== X-Received: by 2002:a37:b241:0:b0:6b5:5eb6:3f9f with SMTP id b62-20020a37b241000000b006b55eb63f9fmr21436100qkf.299.1658261301520; Tue, 19 Jul 2022 13:08:21 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH] x86: Expose more MSR_ARCH_CAPS to hwdom Date: Tue, 19 Jul 2022 16:08:15 -0400 Message-Id: <20220719200815.69884-1-jandryuk@gmail.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1658261340914100001 Content-Type: text/plain; charset="utf-8" commit e46474278a0e ("x86/intel: Expose MSR_ARCH_CAPS to dom0") started exposing MSR_ARCH_CAPS to dom0. More bits in MSR_ARCH_CAPS have since been defined, but they haven't been exposed. Update the list to allow them through. As one example, this allows a linux Dom0 to know that it has the appropriate microcode via FB_CLEAR. Notably, and with the updated microcode, this changes dom0's /sys/devices/system/cpu/vulnerabilities/mmio_stale_data changes from: "Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown" to: "Mitigation: Clear CPU buffers; SMT Host state unknown" This ecposes the MMIO Stale Data and Intel Branch History Injection (BHI) controls as well as the page size change MCE issue bit. Fixes: commit 2ebe8fe9b7e0 ("x86/spec-ctrl: Enumeration for MMIO Stale Data= controls") Fixes: commit cea9ae062295 ("x86/spec-ctrl: Enumeration for new Intel BHI c= ontrols") Fixes: commit 59e89cdabc71 ("x86/vtx: Disable executable EPT superpages to = work around CVE-2018-12207") Signed-off-by: Jason Andryuk --- This is the broader replacement for "x86: Add MMIO Stale Data arch_caps to hardware domain". It wasn't discussed previously, but ARCH_CAPS_IF_PSCHANGE_MC_NO is added as well. This patch can't be directly backported because cea9ae062295 was not backported. xen/arch/x86/msr.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 6206529162..170f041793 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -72,7 +72,9 @@ static void __init calculate_host_policy(void) mp->arch_caps.raw &=3D (ARCH_CAPS_RDCL_NO | ARCH_CAPS_IBRS_ALL | ARCH_CAPS_RSBA | ARCH_CAPS_SKIP_L1DFL | ARCH_CAPS_SSB_NO | ARCH_CAPS_MDS_NO | - ARCH_CAPS_IF_PSCHANGE_MC_NO | ARCH_CAPS_TSX_CTRL | ARCH_CAPS_TAA_= NO); + ARCH_CAPS_IF_PSCHANGE_MC_NO | ARCH_CAPS_TSX_CTRL | ARCH_CAPS_TAA_= NO | + ARCH_CAPS_SBDR_SSDP_NO | ARCH_CAPS_FBSDP_NO | ARCH_CAPS_PSDP_NO | + ARCH_CAPS_FB_CLEAR | ARCH_CAPS_RRSBA | ARCH_CAPS_BHI_NO); } =20 static void __init calculate_pv_max_policy(void) @@ -161,7 +163,10 @@ int init_domain_msr_policy(struct domain *d) =20 mp->arch_caps.raw =3D val & (ARCH_CAPS_RDCL_NO | ARCH_CAPS_IBRS_ALL | ARCH_CAPS_RSBA | - ARCH_CAPS_SSB_NO | ARCH_CAPS_MDS_NO | ARCH_CAPS_TAA_NO); + ARCH_CAPS_SSB_NO | ARCH_CAPS_MDS_NO | ARCH_CAPS_IF_PSCHANGE_M= C_NO | + ARCH_CAPS_TAA_NO | ARCH_CAPS_SBDR_SSDP_NO | ARCH_CAPS_FBSDP_N= O | + ARCH_CAPS_PSDP_NO | ARCH_CAPS_FB_CLEAR | ARCH_CAPS_RRSBA | + ARCH_CAPS_BHI_NO); } =20 d->arch.msr =3D mp; --=20 2.36.1