From nobody Sat Apr 27 21:16:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1672830751; cv=none; d=zohomail.com; s=zohoarc; b=B46tTvLlUryTH6Ql5GUNGpbBBiU9gdO74kIQ/XFb8sI+ZPOKmUQVOVDXMOf6fbCh65t5a9y9A8OorMv3pYmPAKUKOJStVlHGS6FqENwov3Pyh1yhcTnCfgeQSktnhrsZMwo1qPy+5Xgf07VeZsU4r1BaM7QzvBBaXZiuELHVqj8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1672830751; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=JrAR/AwpPljf70ZiyDRors1B8aXtgrhe915DO+zeq0U=; b=O7BgiFWKtefy29rdAUlZ/wjrGS84oopyap/+WtqHTA29q0+4aDFsqyapwXhcJZcT6XgepdA7ovdEF/Ig/UCbjuGuizmDHCLUw4ydvP6BP2/iq6asRoYgqNDMWlrCNcGxfNoW5gT9hf/XMFy8a6mNXvaiq7RuJEf2WTKX3r8CFb8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1672830751015807.6618826377284; Wed, 4 Jan 2023 03:12:31 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.471110.730841 (Exim 4.92) (envelope-from ) id 1pD1gm-0006I7-2i; Wed, 04 Jan 2023 11:12:08 +0000 Received: by outflank-mailman (output) from mailman id 471110.730841; Wed, 04 Jan 2023 11:12:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pD1gl-0006I0-Vz; Wed, 04 Jan 2023 11:12:07 +0000 Received: by outflank-mailman (input) for mailman id 471110; Wed, 04 Jan 2023 11:12:06 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pD1gk-0005kw-GW for xen-devel@lists.xenproject.org; Wed, 04 Jan 2023 11:12:06 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9ee64cf1-8c20-11ed-91b6-6bf2151ebd3b; Wed, 04 Jan 2023 12:12:05 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9ee64cf1-8c20-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1672830725; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=UAKOXtp3MBtKPheGYD3/xlv27YzzrN4rSPgxLhvD/Gw=; b=gsmztJ5C15L7xl8g1EBQWbQHx3f7E+sRte6/Ie2UVzZ0mnXeGwEqIBZ2 8Q8R4Aoy8MRxnI/ptxIzVfMfyimU1plmfMeJl4VqzGCC9oe2PhayoXbzz p68ax8G9BKYci/UN8HEeq18cwqqoSOm8OjM4QZa8JoHgp2nttozNI0KpD 4=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 93590518 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:/saynqt14HnKlcVzlDMXqR6G8OfnVFheMUV32f8akzHdYApBsoF/q tZmKWDVbqyOZWHzKYt/bN/npxgH756AxoNqHgZr+3g9EypH+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg0HVU/IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj5lv0gnRkPaoQ5AaGyyFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwBjQVTS+7luWM8pmHDehGh5oGLMTlI9ZK0p1g5Wmx4fcORJnCR+PB5MNC3Sd2jcdLdRrcT 5NHM3w1Nk2GOkARfAdMYH49tL7Aan3XWjtUsl+K44Ew5HDe1ldZ27nxKtvFPNeNQK25m27J/ T+XpzmgUnn2MvS8zRuZ23apm9bPvnLyfJwvGuW3ytV11Qj7Kms7V0RNCArTTeOColG6c8JSL QoT4CVGhYoY+VGvT9L9dwalu3PCtRkZM/JAHut/5AyTx6785weCGnNCXjNHcMYhtsI9WXotz FDhoj/yLWUx6vvPEyvbr+rK62PpUcQIEYMcTQEAVSg628jkmrMYslXOZNc9Na64gMKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKu1mSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZo3sxOhbAjzi0zBhEfUQD1 XCzKJ/EMJrnIf4/kGreqxk1i9fHORzSNUuMHMumnnxLIJKVZWKPSKdtDWZimtsRtfveyC2Mq oY3Cid/40kHOAEISnWNoNF7wJFjBSRTOK0aXOQOLLbSelA/RzhxYxITqJt4E7FYc21uvr+g1 hmAtoVwkTITWVWvxd22V01e IronPort-HdrOrdr: A9a23:Enyza6labInGAmMNtvOt8hz+WEXpDfIi3DAbv31ZSRFFG/Fw9v rDoB1/73TJYVkqN03I9ervBEDjexPhHO9OgLX5VI3KNGOKhILCFvAA0WKN+UyEJwTOssJbyK d8Y+xfJbTLfDxHZB/BkWuFL+o= X-IronPort-AV: E=Sophos;i="5.96,299,1665460800"; d="scan'208";a="93590518" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 1/2] x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} Date: Wed, 4 Jan 2023 11:11:45 +0000 Message-ID: <20230104111146.2094-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230104111146.2094-1-andrew.cooper3@citrix.com> References: <20230104111146.2094-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1672830751854100002 We don't actually need ecx yet, but adding it in now will reduce the amount= to which leaf 7 is out of order in a featureset. cpufeatureset.h remains in leaf architectrual order for the sanity of anyone trying to locate where to insert new rows. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Fix decodes[] short string --- tools/misc/xen-cpuid.c | 10 ++++++++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 3 +++ xen/include/xen/lib/x86/cpuid.h | 15 ++++++++++++++- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index d5833e9ce879..addb3a39a11a 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -202,6 +202,14 @@ static const char *const str_7b1[32] =3D [ 0] =3D "ppin", }; =20 +static const char *const str_7c1[32] =3D +{ +}; + +static const char *const str_7d1[32] =3D +{ +}; + static const char *const str_7d2[32] =3D { [ 0] =3D "intel-psfd", @@ -229,6 +237,8 @@ static const struct { { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, { "0x00000007:2.edx", "7d2", str_7d2 }, + { "0x00000007:1.ecx", "7c1", str_7c1 }, + { "0x00000007:1.edx", "7d1", str_7d1 }, }; =20 #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0412dbc915e5..b3fcf4680f3a 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -450,7 +450,8 @@ static void generic_identify(struct cpuinfo_x86 *c) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], - &tmp, &tmp); + &c->x86_capability[FEATURESET_7c1], + &c->x86_capability[FEATURESET_7d1]); if (max_subleaf >=3D 2) cpuid_count(7, 2, &tmp, &tmp, &tmp, diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 7915f5826f57..7a896f0e2d92 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -288,6 +288,9 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null = Selector Clears Base (and /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inve= ntory Number */ =20 +/* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */ + /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /* MSR_SPEC_CTRL.IPRED_DIS_= * */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpui= d.h index 73a5c330365e..fa98b371eef4 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -18,6 +18,8 @@ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ #define FEATURESET_7d2 13 /* 0x00000007:2.edx */ +#define FEATURESET_7c1 14 /* 0x00000007:1.ecx */ +#define FEATURESET_7d1 15 /* 0x00000007:1.edx */ =20 struct cpuid_leaf { @@ -194,7 +196,14 @@ struct cpuid_policy uint32_t _7b1; struct { DECL_BITFIELD(7b1); }; }; - uint32_t /* c */:32, /* d */:32; + union { + uint32_t _7c1; + struct { DECL_BITFIELD(7c1); }; + }; + union { + uint32_t _7d1; + struct { DECL_BITFIELD(7d1); }; + }; =20 /* Subleaf 2. */ uint32_t /* a */:32, /* b */:32, /* c */:32; @@ -343,6 +352,8 @@ static inline void cpuid_policy_to_featureset( fs[FEATURESET_e21a] =3D p->extd.e21a; fs[FEATURESET_7b1] =3D p->feat._7b1; fs[FEATURESET_7d2] =3D p->feat._7d2; + fs[FEATURESET_7c1] =3D p->feat._7c1; + fs[FEATURESET_7d1] =3D p->feat._7d1; } =20 /* Fill in a CPUID policy from a featureset bitmap. */ @@ -363,6 +374,8 @@ static inline void cpuid_featureset_to_policy( p->extd.e21a =3D fs[FEATURESET_e21a]; p->feat._7b1 =3D fs[FEATURESET_7b1]; p->feat._7d2 =3D fs[FEATURESET_7d2]; + p->feat._7c1 =3D fs[FEATURESET_7c1]; + p->feat._7d1 =3D fs[FEATURESET_7d1]; } =20 static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p) --=20 2.11.0 From nobody Sat Apr 27 21:16:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1672830750; cv=none; d=zohomail.com; s=zohoarc; b=l9q9+BSypXs0iPlhZB+DlOcNenlrtYYxCjU3rpF4N3oRc8uQqVYutnATkOjRLYmcTiQj6nADrsqtlQeEBr7/90mLzgarBkfras1M4fFakOtCHclw5ZwBogUr/oUmncy+DLd7xxg+bO8cxwj20JwX0x3xy4nanIG8mE9pPhKJryM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1672830750; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=FkXN7IXjxXdGkPJuDXO/5ISqv+oIkRrkYXwvvFCAPqM=; b=JAS7zQ/ExYkFnGJgrkZKk5ABBa64JBsUglf/NVfK8hJjp027SylRq/mJ9QFp0FLyhvgizrEHIWzA0UedEHNyR7cG+ZwrS9Y8FhQAVcq3aFg/CmXska+WHqbgRtHQs5mmiGTJDYlVdNzxhfHwPRLB4hCCO3y54Xe4ToGfkiwmIzs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1672830750262999.3801193386222; Wed, 4 Jan 2023 03:12:30 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.471108.730818 (Exim 4.92) (envelope-from ) id 1pD1ge-0005l9-DR; Wed, 04 Jan 2023 11:12:00 +0000 Received: by outflank-mailman (output) from mailman id 471108.730818; Wed, 04 Jan 2023 11:12:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pD1ge-0005l2-Ak; Wed, 04 Jan 2023 11:12:00 +0000 Received: by outflank-mailman (input) for mailman id 471108; Wed, 04 Jan 2023 11:11:59 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pD1gd-0005kw-LH for xen-devel@lists.xenproject.org; Wed, 04 Jan 2023 11:11:59 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9962cbb2-8c20-11ed-91b6-6bf2151ebd3b; Wed, 04 Jan 2023 12:11:57 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9962cbb2-8c20-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1672830717; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Y4umxcgEQ+iPNN3hZApARntuGd8s3vbDQqyRC58FQsU=; b=ebw2b1zj1z+Z+ql8j5S1rVSnFQrceoiWqkfMPBtvJ/lmDyeHFxqiExx7 LuGlmw7jIBxVQAIPpvo2x3NBeSA4Gc5oKDS9tsoY3rPnhUlFts8ApF7yp 2CwW/ayEb3yTTsY461VRBxceKo1v3LpRYQUE1OseAkGbKFw5ujf7LsPfF 4=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 91153120 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:QUVk6agYuSaEWSW8w4oQtFgNX161bhAKZh0ujC45NGQN5FlHY01je htvUWyBaKuNYWb0fY1xO9y3/RlQvcXdztdkGlFprnhhQnwb9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmUpH1QMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsy+qWs0N8klgZmP6sT5QeCzyB94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQ4OhIHNQyKo9iO2az4G7g8rO0cF+j0adZ3VnFIlVk1DN4jSJHHBa7L+cVZzHE7gcUm8fT2P pRDL2A1NVKZPkMJagx/5JEWxY9EglHWdTFCpU3Tjq0w+2XJlyR60aT3McqTcduPLSlQthfB/ z+dpj6hav0cHNrBywTaySuHvcuVmBLXG5xIF+H7x9c/1TV/wURMUUZLBDNXu8KRlUqWS99Zb UsO9UIGvaU0sUCmUNT5dxm5u2Kf+A4RXcJKFO834x3LzbDbiy67LGUZSj9KaPQ9qdQ7Azct0 ze0c8jBXGI19ufPEDTEq+nS/Wja1TUpwXEqRT0mR1AZ6v3ZmJgtzUOeHvxKL5WUkYigcd3v+ AyioC87jrQVqMcE0aSn4FzK6w6RSoj1oh0dvVuOAD/8hu9tTMv8PtHztwCHhRpVBNzBJmRtq kTojCR3AAomKZiW3BKAT+wWdF1Cz6bUaWaM6bKD8nRIythMx5JBVdoLiN2dDB0zWirhRdMOS BG7hO+pzMUPVEZGlIcuC25LN+wkzLL7CfPuXe3OY9xFb/BZLVHYpn4xPR7AhzmxwCDAdJ3T3 r/CKK6R4YsyU/w7nFJauc9HuVPU+szO7TyKHs2qp/hW+bGfeGSUWd84Dbd6VchgtPnsiFyMo 75i2z6il003vBvWPnOGrub+7DkicRAGOHwBg5UNLr/beFM5QTFJ5j246epJRrGJVp99zo/gl kxRkGcBoLYjrRUr8Tm3V00= IronPort-HdrOrdr: A9a23:DCTKYqhnDQlvEpstI9xAbQV4aXBQXjwji2hC6mlwRA09TyVXrb HKoB0+7268tN9xYgBXpTnkAtjJfZqyz/5ICOMqTMKftWXdyQiVxcRZnPPfKxOJIVyOygd279 YST0CVYOeAc2SS9PyKnzVQcOxQueVuIcqT9JXjJhVWPGZXgvpbnntE42+geyVLrUt9dPwE/f ynl756ThWbCAQqh6+Adx04tob41r/2fVHdEGk777NN0mWzZbTC0s+GL/BNtS1uKQ+nCI1Imw Wr/W3EDsnPiYDB9iPh X-IronPort-AV: E=Sophos;i="5.96,299,1665460800"; d="scan'208";a="91153120" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/2] x86/shskt: Disable CET-SS on parts susceptible to fractured updates Date: Wed, 4 Jan 2023 11:11:46 +0000 Message-ID: <20230104111146.2094-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230104111146.2094-1-andrew.cooper3@citrix.com> References: <20230104111146.2094-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1672830751886100005 Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack Token". Architecturally, an event delivery which starts in CPL<3 and switches shadow stack will first validate the Supervisor Shadow Stack Token (setting the bu= sy bit), then pushes CS/LIP/SSP. One example of this is an NMI interrupting X= en. Some CPUs suffer from an issue called fracturing, whereby a fault/vmexit/etc between setting the busy bit and completing the event injection renders the action non-restartable, because when it comes time to restart, the busy bit= is found to be already set. This is far more easily encountered under virt, yet it is not the fault of = the hypervisor, nor the fault of the guest kernel. The fault lies somewhere between the architectural specification, and the uarch behaviour. Intel have allocated CPUID.7[1].ecx[18] CET_SSS to enumerate that supervisor shadow stacks are safe to use. Because of how Xen lays out its shadow stac= ks, fracturing is not expected to be a problem on native. Detect this case on boot and default to not using shstk if virtualised. Specifying `cet=3Dshstk` on the command line will override this heuristic a= nd enable shadow stacks irrespective. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Confirmation from AMD that their parts are not impacted. * Fix pv-shim build. The "define false" trick doesn't work with tristates. * Tweak wording in several places. * Fix tabs vs spaces. This ideally wants backporting to Xen 4.14. I have no idea how likely it is to need to backport the prerequisite patch for new feature words, but we've already had to do that once for security patches. OTOH, I have no idea how easy it is to trigger in non-synthetic cases. --- docs/misc/xen-command-line.pandoc | 7 ++++- tools/libs/light/libxl_cpuid.c | 2 ++ tools/misc/xen-cpuid.c | 1 + xen/arch/x86/cpu/common.c | 11 +++++-- xen/arch/x86/setup.c | 46 ++++++++++++++++++++++++-= ---- xen/include/public/arch-x86/cpufeatureset.h | 1 + 6 files changed, 57 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line= .pandoc index 923910f553c5..19d4d815bdee 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -287,10 +287,15 @@ can be maintained with the pv-shim mechanism. protection. =20 The option is available when `CONFIG_XEN_SHSTK` is compiled in, and - defaults to `true` on hardware supporting CET-SS. Specifying + generally defaults to `true` on hardware supporting CET-SS. Specifying `cet=3Dno-shstk` will cause Xen not to use Shadow Stacks even when sup= port is available in hardware. =20 + Some hardware suffers from an issue known as Supervisor Shadow Stack + Fracturing. On such hardware, Xen will default to not using Shadow St= acks + when virtualised. Specifying `cet=3Dshstk` will override this heurist= ic and + enable Shadow Stacks unilaterally. + * The `ibt=3D` boolean controls whether Xen uses Indirect Branch Trackin= g for its own protection. =20 diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index 2aa23225f42c..d97a2f3338bc 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -235,6 +235,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *c= puid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, =20 + {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, =20 diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index addb3a39a11a..0248eaef44c1 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -208,6 +208,7 @@ static const char *const str_7c1[32] =3D =20 static const char *const str_7d1[32] =3D { + [18] =3D "cet-sss", }; =20 static const char *const str_7d2[32] =3D diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index b3fcf4680f3a..27f73d3bbe31 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -346,11 +346,18 @@ void __init early_cpu_init(void) x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86, c->x86_model, c->x86_model, c->x86_mask, eax); =20 - if (c->cpuid_level >=3D 7) - cpuid_count(7, 0, &eax, &ebx, + if (c->cpuid_level >=3D 7) { + uint32_t max_subleaf; + + cpuid_count(7, 0, &max_subleaf, &ebx, &c->x86_capability[FEATURESET_7c0], &c->x86_capability[FEATURESET_7d0]); =20 + if (max_subleaf >=3D 1) + cpuid_count(7, 1, &eax, &ebx, &ecx, + &c->x86_capability[FEATURESET_7d1]); + } + eax =3D cpuid_eax(0x80000000); if ((eax >> 16) =3D=3D 0x8000 && eax >=3D 0x80000008) { ebx =3D eax >=3D 0x8000001f ? cpuid_ebx(0x8000001f) : 0; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 566422600d94..1b8b74599f4a 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -95,11 +95,7 @@ unsigned long __initdata highmem_start; size_param("highmem-start", highmem_start); #endif =20 -#ifdef CONFIG_XEN_SHSTK -static bool __initdata opt_xen_shstk =3D true; -#else -#define opt_xen_shstk false -#endif +static int8_t __initdata opt_xen_shstk =3D -IS_ENABLED(CONFIG_XEN_SHSTK); =20 #ifdef CONFIG_XEN_IBT static bool __initdata opt_xen_ibt =3D true; @@ -1099,11 +1095,45 @@ void __init noreturn __start_xen(unsigned long mbi_= p) early_cpu_init(); =20 /* Choose shadow stack early, to set infrastructure up appropriately. = */ - if ( opt_xen_shstk && boot_cpu_has(X86_FEATURE_CET_SS) ) + if ( !boot_cpu_has(X86_FEATURE_CET_SS) ) + opt_xen_shstk =3D 0; + + if ( opt_xen_shstk ) { - printk("Enabling Supervisor Shadow Stacks\n"); + /* + * Some CPUs suffer from Shadow Stack Fracturing, an issue whereby= a + * fault/VMExit/etc between setting a Supervisor Busy bit and the + * event delivery completing renders the operation non-restartable. + * On restart, event delivery will find the Busy bit already set. + * + * This is a problem on bare metal, but outside of synthetic cases= or + * a very badly timed #MC, it's not believed to problem. It is a = much + * bigger problem under virt, because we can VMExit for a number of + * legitimate reasons and tickle this bug. + * + * CPUs with this addressed enumerate CET-SSS to indicate that + * supervisor shadow stacks are now safe to use. + */ + bool cpu_has_bug_shstk_fracture =3D + boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL && + !boot_cpu_has(X86_FEATURE_CET_SSS); =20 - setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + /* + * On bare metal, assume that Xen won't be impacted by shstk + * fracturing problems. Under virt, be more conservative and disa= ble + * shstk by default. + */ + if ( opt_xen_shstk =3D=3D -1 ) + opt_xen_shstk =3D + cpu_has_hypervisor ? !cpu_has_bug_shstk_fracture + : true; + + if ( opt_xen_shstk ) + { + printk("Enabling Supervisor Shadow Stacks\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } } =20 if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 7a896f0e2d92..f6a46f62a549 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -290,6 +290,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Prote= cted Processor Inventory =20 /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ /* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */ +XEN_CPUFEATURE(CET_SSS, 15*32+18) /* CET Supervisor Shadow St= acks safe to use */ =20 /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ --=20 2.11.0