From nobody Sat May 18 12:47:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1664899759; cv=none; d=zohomail.com; s=zohoarc; b=MiRe17eE7Mj3tCleOEwb6FVFGPOpyFshnM+CMQNaoafhsbxiGCF31xn3jy1wpnGL5zf5potssVmPGYgFaQf9XWXodS8UOcLSBM/Vg5TAoj1UBlYLeVg8whaX/ewFuQWgGi5Fqej/Wxdj2WH558zRu7H/rf5E7/aK9tjfZI0V3VQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664899759; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Ij/mo7XMuCDjMPFMq41GpWCnHpPKM3ZMCMvsSSF2fr4=; b=R3DRg7OrZwTw93B+LrMK7Ig4HqkSpL60hOtp+1X7x0MEkb4fbedFziuU1L5AgvevvuAAWkJeBFuSl5n6qmyoWulHzcJEIyLaaLpj1i0hlOs7ZNqcqYtpRDBq7vCarJoDrCsWV4We5XJ3305JU1S3P/zQqDKSAANlqtApWrxh2gk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1664899759640433.0611467476622; Tue, 4 Oct 2022 09:09:19 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.415697.660339 (Exim 4.92) (envelope-from ) id 1ofkTK-0006Yv-00; Tue, 04 Oct 2022 16:08:42 +0000 Received: by outflank-mailman (output) from mailman id 415697.660339; Tue, 04 Oct 2022 16:08:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ofkTJ-0006YC-P5; Tue, 04 Oct 2022 16:08:41 +0000 Received: by outflank-mailman (input) for mailman id 415697; Tue, 04 Oct 2022 16:08:41 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ofkTJ-0006Sk-1t for xen-devel@lists.xenproject.org; Tue, 04 Oct 2022 16:08:41 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id cf0838a7-43fe-11ed-9377-c1cf23e5d27e; Tue, 04 Oct 2022 18:08:39 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cf0838a7-43fe-11ed-9377-c1cf23e5d27e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1664899719; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JzNhcqciVpnoKEV6ma2MCgYp+/vDnI0tLk69rJMGEXk=; b=O++ivkWVztbeKBFM3g57wUigkZeEcKss7yF+qlpPzYw8442LQjBXzIx9 S1L80Tv1sUt4GHLeSVSBqOQSuxmDsPba8s+6iPpl0k+OJ0aFQXV7qSgb6 dAjqTnEvPT11k2T1vpDMhGq43HzCXCON+z5+FQkctjEQYpvs9m6pRe1hx g=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 2.7 X-MesageID: 84478271 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:Q+wl+qvUysOPWi3eBaCGPFMz/efnVIFeMUV32f8akzHdYApBsoF/q tZmKWnSaPiPNjf9KdBxOoXlphgBvJHcy9RhT1NkqCk9EixD+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiefHgZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIy1BjOkGlA5AZnPagX5AS2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDkl23 uBFDCorbSmnqMGd0Lfme8xMpe4aeZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI ZBDMHw2MUqGM0Yn1lQ/UfrSmM+BgHXlfiIeg1WSvactuEDYzRBr0airO93QEjCPbZUJwhnI/ D2fl4j/KgwbZdOV7jqkzimlgbLuniDqd68dKrLto5aGh3XMnzdOWXX6T2CTgfS/kF/4ZNtZJ GQd4C9opq83nGSuR8P4Vge1o1aFuAAdQNtaF+Am6ACLxbHQ6gzfDW8BJhZNZdknnM4wWz0x1 1WNks/pBDpgq7mcQzSW8bL8hSO/P20ZIHEPYQcATBAZ+J/zrYcrlBXNQ91/VqmvgbXdOxv93 jSLpygWnKgIgIgA0KDT1U/DqyKhoN7OVAFd2+nMdjv7tEUjPtfjPtH2rwiAhRpdEGqHZmGqo CUgge6d1cQhLrqdkXG8ZcUuNoj8sp5pLwbgqVJoGpAg8RGk9HiiYZ1c7VlCGat5DioXUWS3O RGO4Gu98LcWZSL3NvEvP+pdHuxwlcDd+cLZuuc4hzakSrx4b0e58S5nfiZ8NEi9wRF3wcnT1 Xp2GPtA7Er264w9lVJapM9Hi9fHIxzSIkuMLa0XNzz9jdKjiIe9EN/pymemYOEj97+jqw7I6 dtZPMbi40wBDrGuOHOMod5Ncw9iwZ0H6Xfe9KRqmhOreFI6SAnN9deIqV/eR2CVt/sMzbqZl p1MckRZ1ED+lRX6FOl+UVg6MeuHYHqKhShkVcDaFQr3hiNLjEfGxPt3SqbbipF+r707kqQkE qZtlgfpKq0ndwkrMg81NfHVxLGOvjzw7e5SF0JJuAQCQqM= IronPort-HdrOrdr: A9a23:2VHCt6uEgNy0BHGMmJ8lGVl77skDTNV00zEX/kB9WHVpmszxra GTdZMgpGfJYVcqKQgdcL+7Scq9qB/nmqKdpLNhWYtKPzOW3ldATrsSj7cKqgeIc0aVm4JgPO VbAs9D4bXLfCNHZK3BgDVQfexP/DD+ytHMudvj X-IronPort-AV: E=Sophos;i="5.95,158,1661832000"; d="scan'208";a="84478271" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Henry Wang , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Demi Marie Obenour Subject: [PATCH 1/2] x86/cpuid: Infrastructure to support pseudo feature identifiers Date: Tue, 4 Oct 2022 17:08:09 +0100 Message-ID: <20221004160810.25364-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20221004160810.25364-1-andrew.cooper3@citrix.com> References: <20221004160810.25364-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1664899760832100003 A future change will want a cpuid-like identifier which doesn't have a mapp= ing to a feature bit. * Pass the feature name into the parse callback. * Exclude a feature value of ~0u from falling into the general set/clear b= it paths. * In gen-cpuid.py, insert a placeholder to collect all the pseudo feature names. No practical change. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Henry Wang CC: Marek Marczykowski-G=C3=B3recki CC: Demi Marie Obenour --- xen/arch/x86/cpuid.c | 17 +++++++++++++---- xen/tools/gen-cpuid.py | 13 +++++++++++++ 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 822f9ace1087..112ee63a9449 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -39,7 +39,8 @@ static const struct feature_name { * function pointer call in the middle of the loop. */ static int __init always_inline parse_cpuid( - const char *s, void (*callback)(unsigned int feat, bool val)) + const char *s, void (*callback)(const char *name, + unsigned int feat, bool val)) { const char *ss; int val, rc =3D 0; @@ -81,7 +82,7 @@ static int __init always_inline parse_cpuid( =20 if ( (val =3D parse_boolean(mid->name, s, ss)) >=3D 0 ) { - callback(mid->bit, val); + callback(mid->name, mid->bit, val); mid =3D NULL; } =20 @@ -101,8 +102,12 @@ static int __init always_inline parse_cpuid( return rc; } =20 -static void __init cf_check _parse_xen_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_xen_cpuid( + const char *name, unsigned int feat, bool val) { + if ( unlikely(feat =3D=3D ~0u) ) + return; + if ( !val ) setup_clear_cpu_cap(feat); else if ( feat =3D=3D X86_FEATURE_RDRAND && @@ -120,8 +125,12 @@ static bool __initdata dom0_cpuid_cmdline; static uint32_t __initdata dom0_enable_feat[FSCAPINTS]; static uint32_t __initdata dom0_disable_feat[FSCAPINTS]; =20 -static void __init cf_check _parse_dom0_cpuid(unsigned int feat, bool val) +static void __init cf_check _parse_dom0_cpuid( + const char *name, unsigned int feat, bool val) { + if ( unlikely(feat =3D=3D ~0u) ) + return; + __set_bit (feat, val ? dom0_enable_feat : dom0_disable_feat); __clear_bit(feat, val ? dom0_disable_feat : dom0_enable_feat ); } diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 4f7c8d78cce7..f3045b3bfd36 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -297,6 +297,19 @@ def crunch_numbers(state): RTM: [TSXLDTRK], } =20 + # + # Pseudo feature names. These don't map to a feature bit, but are + # inserted into the values dictionary so they can be parsed and handled + # specially + # + pseduo_names =3D ( + ) + + for n in pseduo_names: + if n in state.values: + raise Fail("Pseduo feature name %s aliases real feature" % (n,= )) + state.values[n] =3D 0xffffffff + deep_features =3D tuple(sorted(deps.keys())) state.deep_deps =3D {} =20 --=20 2.11.0 From nobody Sat May 18 12:47:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1664899768; cv=none; d=zohomail.com; s=zohoarc; b=E9gyu8WWS4XG8aQpCTMoBUs5gcV4nnR5SmDzwfUyt9QG6Ypuv8iphFJqEop1A+hwkP2Z/Nb0GhrGgLb5AkwHUpc+oOs/kW4OOuNMx6CcP9jd0XxiUJrHIPhnw521jL/ynnh0J+BN7UVtmMmLZ0JYOrho/qByRbFv3bOsx+w2KaI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664899768; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aGJp4mFfHtEuq7veFeoQmx5o18i5kh4I0R8wjq4Qwis=; b=FH7nzAzbn8b5kRUgCsS1Egp2ybkFQh6/oZRZzd/P+XohJnpSBa0A/lonzXKvSUjbJiXppCSAROsXhQuVUBbhYRGZlYh77fq2ekVVta+khW5v/PO+679yhbZhz3SZll031ogfKYgOFQXmkPvGk0mNRbykJ5agzaMUw3Fy2lXLPIE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1664899768977721.1172949114263; Tue, 4 Oct 2022 09:09:28 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.415702.660355 (Exim 4.92) (envelope-from ) id 1ofkTU-0007EH-3S; Tue, 04 Oct 2022 16:08:52 +0000 Received: by outflank-mailman (output) from mailman id 415702.660355; Tue, 04 Oct 2022 16:08:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ofkTU-0007E6-0Z; Tue, 04 Oct 2022 16:08:52 +0000 Received: by outflank-mailman (input) for mailman id 415702; Tue, 04 Oct 2022 16:08:50 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ofkTS-00067g-8I for xen-devel@lists.xenproject.org; Tue, 04 Oct 2022 16:08:50 +0000 Received: from esa5.hc3370-68.iphmx.com (esa5.hc3370-68.iphmx.com [216.71.155.168]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d3de8937-43fe-11ed-964a-05401a9f4f97; Tue, 04 Oct 2022 18:08:48 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d3de8937-43fe-11ed-964a-05401a9f4f97 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1664899728; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JBROCaFJ+EpzPToOVVp3gIBCu4A3D791xZNcgjLwDS4=; b=IrPP8bLbJxnpqgEDOPzqh+ZTdrezlccb9QB3182MoC55RRmn0miofHNl iIsReyvSE2lY8kBgSmmRv8RfYjkP3/wClAzrMQcBYixVizVbUc0mNhScx KKtK4oVPqxE7Ehu5X1K6IucS8KwNHh5+Tyquw/mwSKECVfDiiS36Zo8+i Y=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 2.7 X-MesageID: 81081088 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:1Li0NqmOm0B0AHdQVZ2OwLLo5gxWJkRdPkR7XQ2eYbSJt1+Wr1Gzt xJKUGiAOqmDNjSke9wkOdy1p0oFup7Wn9dhSwU4pCkxHyMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6UqicUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS9XuDgNyo4GlC5wRmOagQ1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfCzBK1 PAaGS03RQnSpvOc+pWja+NLr5F2RCXrFNt3VnBIyDjYCbAtQIzZQrWM7thdtNsyrpkQR7CEP ZNfMGcxKkSbC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TaHJ0Fxx7I9 goq+UzSRTQQLdCE8QO842qBid3rwAT4RogNQejQGvlC3wTImz175ActfXu2p+OozHG3Xd13I lYRvCEpqMAa8UWxS9DnUh6QoXiavwUdUd5dD+077g6WzqPepQ2eAwAsQjNEafQnstE3Xj0g0 lKVn9LvCidrubfTQnWYnp+EoDX3NSULIGsqYS4fURBD89TluJs0jB/EUpBkCqHdpv/fFCz0w juKhDMjnLhVhskOv42k+XjXjjTqoYLGJjPZ/S2OADjjtFkgItf4Ocr4sjA38MqsMq6TH12gs Ho1hvK19bEvHLu3szSsSsIkSeTBC+m+DBXQhltmHp8E/jur+mK+cY043AySNHuFIe5fJ2a3P Ra7VRd5ocYKYSD0NfMfj5eZUZxC8ET2KTjyuhk4hPJqa4M5SgKI9ToGiaW4jzG0yxhEfU3S1 P6mnSeQ4ZQyU/0PINmeHb11PVoXKscWmgvuqWjTlUjP7FZnTCf9pU05GFWPdPsly6iPvR/Y9 d1SX+PTlUsDALekOXmHr9BMRbzvEZTcLc+eliCqXrTbfloO9J8JUpc9Po/Ni6Q6xv8Ix48kD 1m2W1NCyUqXuEAr3T6iMyk7AI4DqL4l8hrXywRwYgvzs5XiCK7zhJoim2wfJOJ2rLM5naMrJ xTHEu3Zaslypv3802x1RfHAQEZKL3xHWSrm0/KZXQUC IronPort-HdrOrdr: A9a23:vZ/Yj6Hy/eQKcB+2pLqE0seALOsnbusQ8zAXP0AYc31om6uj5r iTdZUgpGbJYVkqKRIdcLy7V5VoBEmskaKdgrNhW4tKPjOW2ldARbsKheCJrlHd8m/Fh4lgPM 9bAtND4bbLbWSS4/yV3ODBKadE/OW6 X-IronPort-AV: E=Sophos;i="5.95,158,1661832000"; d="scan'208";a="81081088" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Henry Wang , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Demi Marie Obenour Subject: [PATCH 2/2] x86: Activate Data Operand Invariant Timing Mode by default Date: Tue, 4 Oct 2022 17:08:10 +0100 Message-ID: <20221004160810.25364-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20221004160810.25364-1-andrew.cooper3@citrix.com> References: <20221004160810.25364-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1664899770842100001 Intel IceLake and later CPUs have microarchitectural behaviours which cause data-dependent timing behaviour. This is not an issue for 99% of software, but it is a problem for cryptography routines. On these CPUs, a new architectural feature, DOITM, was retrofitted in microcode. For now, Xen can't enumerate DOITM to guest kernels; getting this working is still in progress. The consequence is that guest kernels will incorrectly conclude that they are safe. To maintain the safety of current software, activate DOITM unilaterally. T= his will be relaxed in the future when we can enumerate the feature properly to guests. As an emergency stopgap, this behaviour can be disabled by specifying `cpuid=3Dno-doitm` on Xen's command line, but is not guaranteed ABI moving forward. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Henry Wang CC: Marek Marczykowski-G=C3=B3recki CC: Demi Marie Obenour --- xen/arch/x86/cpu/common.c | 29 +++++++++++++++++++++++++++++ xen/arch/x86/cpuid.c | 5 +++++ xen/arch/x86/include/asm/processor.h | 2 ++ xen/tools/gen-cpuid.py | 2 ++ 4 files changed, 38 insertions(+) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0412dbc915e5..8c46a4db430a 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -209,6 +209,34 @@ void ctxt_switch_levelling(const struct vcpu *next) alternative_vcall(ctxt_switch_masking, next); } =20 +bool __ro_after_init opt_doitm =3D true; + +static void doitm_init(void) +{ + uint64_t val; + + if ( !opt_doitm || !cpu_has_arch_caps ) + return; + + rdmsrl(MSR_ARCH_CAPABILITIES, val); + if ( !(val & ARCH_CAPS_DOITM) ) + return; + + /* + * We are currently unable to enumerate MSR_ARCH_CAPS to guest. As a + * consequence, guest kernels will believe they're safe even when they= are + * not. + * + * Until we can enumerate DOITM properly for guests, set it unilateral= ly. + * This prevents otherwise-correct crypto from becoming vulnerable to + * timing sidechannels. + */ + + rdmsrl(MSR_UARCH_MISC_CTRL, val); + val |=3D UARCH_CTRL_DOITM; + wrmsrl(MSR_UARCH_MISC_CTRL, val); +} + bool_t opt_cpu_info; boolean_param("cpuinfo", opt_cpu_info); =20 @@ -532,6 +560,7 @@ void identify_cpu(struct cpuinfo_x86 *c) /* Now the feature flags better reflect actual CPU features! */ =20 xstate_init(c); + doitm_init(); =20 #ifdef NOISY_CAPS printk(KERN_DEBUG "CPU: After all inits, caps:"); diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 112ee63a9449..09c1ee18fd95 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -106,7 +106,12 @@ static void __init cf_check _parse_xen_cpuid( const char *name, unsigned int feat, bool val) { if ( unlikely(feat =3D=3D ~0u) ) + { + if ( strcmp(name, "doitm") =3D=3D 0 ) + opt_doitm =3D val; + return; + } =20 if ( !val ) setup_clear_cpu_cap(feat); diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/as= m/processor.h index 8e2816fae9b9..2978416e6c5b 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -637,6 +637,8 @@ enum ap_boot_method { }; extern enum ap_boot_method ap_boot_method; =20 +extern bool opt_doitm; + #endif /* !__ASSEMBLY__ */ =20 #endif /* __ASM_X86_PROCESSOR_H */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index f3045b3bfd36..78a3a5c1941f 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -303,6 +303,8 @@ def crunch_numbers(state): # specially # pseduo_names =3D ( + # Data Operand Invariant Timing Mode. Lives in MSR_ARCH_CAPS + "doitm", ) =20 for n in pseduo_names: --=20 2.11.0