From nobody Mon May 6 12:42:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=cloud.com ARC-Seal: i=1; a=rsa-sha256; t=1685113281; cv=none; d=zohomail.com; s=zohoarc; b=XCdKMyBwbT19sBsvG7Hzi2vP4nZuzgBxbBQIJvEqrcaKXAFW02OHx3LAr30XCpRC0zXdNzTSFkgV4394S+hnMkV5D+5uDUFYyRcvnH8tWwoBbcgtLd0hvqZkrupemFgFPnPGlH5jayH1/SZlwAnsjvOXQzinIltclq/wMTDgIr0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685113281; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=XDLeIg4hyXVwKDMD+oHA+cHDIiqPkUjqW0gJGqDa3iY=; b=P8mmQbRWIqq0rqKBwDu9pu7vqXvEGlOkpTZhXdPGu+EIy2LXTWyeGXk/eTeJjc8MvoaYuZGruRO/wsXAlT65xX1baHONsRFI1Asz0L9eYUWs0T+4Ebo/JS6JhNI/1V2Kf76Hw1vBs/gvfJmpbCallcIlrMIbLezMa31rWchf5hA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685113281347730.8488445238944; Fri, 26 May 2023 08:01:21 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.540131.841670 (Exim 4.92) (envelope-from ) id 1q2Yw2-0001is-Qj; Fri, 26 May 2023 15:00:54 +0000 Received: by outflank-mailman (output) from mailman id 540131.841670; Fri, 26 May 2023 15:00:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yw2-0001il-NA; Fri, 26 May 2023 15:00:54 +0000 Received: by outflank-mailman (input) for mailman id 540131; Fri, 26 May 2023 15:00:53 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yw1-00010A-4A for xen-devel@lists.xenproject.org; Fri, 26 May 2023 15:00:53 +0000 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [2a00:1450:4864:20::431]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 19a130fd-fbd6-11ed-8611-37d641c3527e; Fri, 26 May 2023 17:00:49 +0200 (CEST) Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-30adb83aa69so400204f8f.2 for ; Fri, 26 May 2023 08:00:49 -0700 (PDT) Received: from localhost.localdomain (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id y9-20020a5d4709000000b00307d58b3da9sm5360033wrq.25.2023.05.26.08.00.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 May 2023 08:00:48 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 19a130fd-fbd6-11ed-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloud.com; s=cloud; t=1685113248; x=1687705248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XDLeIg4hyXVwKDMD+oHA+cHDIiqPkUjqW0gJGqDa3iY=; b=lS0i8c6WoI9s0QqxcoAmJ5//1XJoK5J+/1TLCjhECbnjiBguOP+bm16ow1csZ8ABqo qmCgYFnUgKqrtw877Z5LpRvAGiWxJqob6DhdG7SpwWmT+cez8P7sPAWeMrPUIwsJjK+i eIxNK96f7zjvDjWieUlJcug2+2K8z+MBru3O0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685113248; x=1687705248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XDLeIg4hyXVwKDMD+oHA+cHDIiqPkUjqW0gJGqDa3iY=; b=PU1ugSmk2CeVQZUk8G8NjrFUHdS1hTlhfJo18wIo4B3vRhJ0EchyXCstaEjLEpO/ze x754UTmj4N1MxGpDlWgzkUMv/kSB3i4wTtKZBtlbwfjx9oWC+qWCEBRWhhFoqwaxRTh+ fjiw3KxDZm9rvwOiRN+NDzP8/XELdDy3cIsYg7/DjCuxBG6vFYe2rqd2JdBkSJwq9XKj 2L58mh/bE6w2xPi2g9pHs9+yonoG14SshfmA6/VsssRaU1BmyX5qSB2d4S21QX/93Zv8 BrJJCOUQ7EqzrPMWCMPvbEOUKl25rCCLbLccZWyLY+O4hX5ph0il6Yzyd3jKW8eMioU1 dT1A== X-Gm-Message-State: AC+VfDwc2zfjmb3wWEosgu+JFaDAb/pYQMX2aK76E5dbgoFtKyJxfpZn medIg+XAlwSdk0P1RnQaEMXskcDU5j29KxoC6rw= X-Google-Smtp-Source: ACHHUZ6O2SdPZO8PSTTB62xGQM2fmOLCEpBsE31ubWtroVWUNCOUztUGBnQp2k33vsG3N+pYq+inkw== X-Received: by 2002:adf:dc89:0:b0:307:bd64:f5a4 with SMTP id r9-20020adfdc89000000b00307bd64f5a4mr1613643wrj.52.1685113248440; Fri, 26 May 2023 08:00:48 -0700 (PDT) From: Alejandro Vallejo To: Xen-devel Cc: Alejandro Vallejo , Wei Liu , Anthony PERARD , Juergen Gross , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 1/3] x86: Add bit definitions for Automatic IBRS Date: Fri, 26 May 2023 16:00:42 +0100 Message-Id: <20230526150044.31553-2-alejandro.vallejo@cloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230526150044.31553-1-alejandro.vallejo@cloud.com> References: <20230526150044.31553-1-alejandro.vallejo@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @cloud.com) X-ZM-MESSAGEID: 1685113282951100001 Content-Type: text/plain; charset="utf-8" This is AMD's version of Intel's Enhanced IBRS. Exposed in CPUID and toggled in EFER. Signed-off-by: Alejandro Vallejo --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 2 ++ xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 6 insertions(+) diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index cca0f19d93..f5ce9f9795 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -317,6 +317,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *c= puid, const char* str) =20 {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, {"nscb", 0x80000021, NA, CPUID_REG_EAX, 6, 1}, + {"auto-ibrs", 0x80000021, NA, CPUID_REG_EAX, 8, 1}, {"cpuid-user-dis", 0x80000021, NA, CPUID_REG_EAX, 17, 1}, =20 {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 5d0c64a45f..e487885a5c 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -200,6 +200,8 @@ static const char *const str_e21a[32] =3D [ 2] =3D "lfence+", [ 6] =3D "nscb", =20 + [ 8] =3D "auto-ibrs", + /* 16 */ [17] =3D "cpuid-user-dis", }; =20 diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index 50235f098d..d5947a6826 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -161,6 +161,7 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) #define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) #define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) +#define cpu_has_auto_ibrs boot_cpu_has(X86_FEATURE_AUTOMATIC_IBRS) =20 /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 082fb2e0d9..73d0af2615 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -175,6 +175,7 @@ #define EFER_NXE (_AC(1, ULL) << 11) /* No Exec= ute Enable */ #define EFER_SVME (_AC(1, ULL) << 12) /* Secure = Virtual Machine Enable */ #define EFER_FFXSE (_AC(1, ULL) << 14) /* Fast FX= SAVE/FXRSTOR */ +#define EFER_AIBRSE (_AC(1, ULL) << 21) /* Automat= ic IBRS Enable */ =20 #define EFER_KNOWN_MASK \ (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 777041425e..e3952f62bc 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -287,6 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA In= structions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializin= g */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Bas= e (and limit too) */ +XEN_CPUFEATURE(AUTOMATIC_IBRS, 11*32+ 8) /* HW can handle IBRS on it= s own */ XEN_CPUFEATURE(CPUID_USER_DIS, 11*32+17) /* CPUID disable for CPL > = 0 software */ =20 /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ --=20 2.34.1 From nobody Mon May 6 12:42:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=cloud.com ARC-Seal: i=1; a=rsa-sha256; t=1685113281; cv=none; d=zohomail.com; s=zohoarc; b=mpEeQ/wrMyXXeCVaYpikXv7KG2n8WzMk4syU3uf0ODsIxi8Uhy1WL9X+/zXnvx3hvtLDLpOqg859XE2F08Ta77c6We71eU14FowvvwfuAMKAJqAeL6RHbFPJ3omEzX0IXwO02iKQ+YmGu9hwzcxowLP01iA64btweMMW7h3RlZg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685113281; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Aq+skqTQH86wc6+81w7SMNTxMqLNXZC2DHkkGE1IzhI=; b=bmcJULfg672J8jxTiyCGLtgGUQeB9GfI7PMEDFBbIx2wuzB7IjD6N+Bi/V+S1bJzRKrdZkXW14nnA9YzU0XKCq6zFw4qXTYRORywSqTttJzXZqJvTQ5FMTOr/xTvUuYRN0YmpzEi69gUsG1u1U340P6SPzA/zjRYxxkHc4iehkI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685113281276327.380607062016; Fri, 26 May 2023 08:01:21 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.540129.841646 (Exim 4.92) (envelope-from ) id 1q2Yw0-00013n-9d; Fri, 26 May 2023 15:00:52 +0000 Received: by outflank-mailman (output) from mailman id 540129.841646; Fri, 26 May 2023 15:00:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yw0-00013G-4g; Fri, 26 May 2023 15:00:52 +0000 Received: by outflank-mailman (input) for mailman id 540129; Fri, 26 May 2023 15:00:51 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yvz-0000zw-51 for xen-devel@lists.xenproject.org; Fri, 26 May 2023 15:00:51 +0000 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [2a00:1450:4864:20::432]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 19fb77f0-fbd6-11ed-b230-6b7b168915f2; Fri, 26 May 2023 17:00:49 +0200 (CEST) Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-3094910b150so767740f8f.0 for ; Fri, 26 May 2023 08:00:49 -0700 (PDT) Received: from localhost.localdomain (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id y9-20020a5d4709000000b00307d58b3da9sm5360033wrq.25.2023.05.26.08.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 May 2023 08:00:48 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 19fb77f0-fbd6-11ed-b230-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloud.com; s=cloud; t=1685113249; x=1687705249; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Aq+skqTQH86wc6+81w7SMNTxMqLNXZC2DHkkGE1IzhI=; b=T6BO4cqPCbGEhZ5PCjpe91ginA4nXrAzyQmSbfVLZOAvp4Zj7rvlROJFprRc/Vn0nf JQy0rEWso4koi/6FhMLhhDTRNPJsuaL0qguFMWUgOD+Wrx9WPODK66DK+iOUGU/MFe+o jX4+3FGfT93UqOM5G7XvXR/0SH7HaHE5Rr6Ms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685113249; x=1687705249; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Aq+skqTQH86wc6+81w7SMNTxMqLNXZC2DHkkGE1IzhI=; b=cnItFWs/GSiNG6I5uSKA0gMxRyFc/+PV1Qi9rVwJzaCojU7kXIMgTZmgPZJXsermHB 1DE5CBTa1h1iY3LEEXH7u+SmakVbKt2pFWSBAOql1ck7DdfehHpUZZ1sG/ABmK9kIJlw vOBtEX3c7fB1pUnu3cTLYpwzBs6LBcHzj2KJ8VZURSrvzsCQb3i6rgj7AzZ+bRqeQOeC cyatyW4XHDmckcp8Ppq7Rn0HzQPeUojE3jNUFKcEmSvSH6WCXI+kBNJ9DWafgD795PVu rbF58LCZ8uuch9pIa6iI0fRpEU1hz2ZhaeofhwcqI702qiNkV3V/253/8x5zQb/rNdfL nJcA== X-Gm-Message-State: AC+VfDw68pMlP3kM4G+NJT7xWNATL5wyOhkmlV8dJm0jJKCXsB4GTYmh BMDonACzCTZIBkR1HwHFbCUeg+OgJk6N8ZaJ+zY= X-Google-Smtp-Source: ACHHUZ4/xo+8Sgu4DB3lQdQ43O8WX7nB0TnQXrZXtMOVBIJsH6U4WYusZnccaPILzgVa7xZoMHTUPw== X-Received: by 2002:a5d:5750:0:b0:307:8800:bbdb with SMTP id q16-20020a5d5750000000b003078800bbdbmr1427885wrw.58.1685113249085; Fri, 26 May 2023 08:00:49 -0700 (PDT) From: Alejandro Vallejo To: Xen-devel Cc: Alejandro Vallejo , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 2/3] x86: Add support for AMD's Automatic IBRS Date: Fri, 26 May 2023 16:00:43 +0100 Message-Id: <20230526150044.31553-3-alejandro.vallejo@cloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230526150044.31553-1-alejandro.vallejo@cloud.com> References: <20230526150044.31553-1-alejandro.vallejo@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @cloud.com) X-ZM-MESSAGEID: 1685113285915100001 Content-Type: text/plain; charset="utf-8" In cases where AutoIBRS is supported by the host: * Prefer AutoIBRS to retpolines as BTI mitigation in heuristics calculations. * Always enable AutoIBRS if IBRS is chosen as a BTI mitigation. * Avoid stuffing the RAS/RSB on VMEXIT if AutoIBRS is enabled. * Delay setting AutoIBRS until after dom0 is set up, just like setting SPEC_CTRL. Signed-off-by: Alejandro Vallejo --- xen/arch/x86/setup.c | 3 +++ xen/arch/x86/smpboot.c | 3 +++ xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++------------ 3 files changed, 43 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 74e3915a4d..09cfef2676 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2036,6 +2036,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl =3D default_xen_spec_ctrl; + + if ( cpu_has_auto_ibrs && (default_xen_spec_ctrl & SPEC_CTRL_IBRS)= ) + write_efer(read_efer() | EFER_AIBRSE); } =20 /* Copy the cpu info block, and move onto the BSP stack. */ diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index cf9bb220f9..1d52c1dd0a 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -376,6 +376,9 @@ void start_secondary(void *unused) { wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl =3D default_xen_spec_ctrl; + + if ( cpu_has_auto_ibrs && (default_xen_spec_ctrl & SPEC_CTRL_IBRS)= ) + write_efer(read_efer() | EFER_AIBRSE); } update_mcu_opt_ctrl(); =20 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 50d467f74c..c887fc3df9 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -390,7 +390,7 @@ custom_param("pv-l1tf", parse_pv_l1tf); =20 static void __init print_details(enum ind_thunk thunk) { - unsigned int _7d0 =3D 0, _7d2 =3D 0, e8b =3D 0, max =3D 0, tmp; + unsigned int _7d0 =3D 0, _7d2 =3D 0, e8b =3D 0, e21a =3D 0, max =3D 0,= tmp; uint64_t caps =3D 0; =20 /* Collect diagnostics about available mitigations. */ @@ -399,7 +399,10 @@ static void __init print_details(enum ind_thunk thunk) if ( max >=3D 2 ) cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >=3D 0x80000008 ) + { cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); + cpuid(0x80000021, &e21a, &tmp, &tmp, &tmp); + } if ( cpu_has_arch_caps ) rdmsrl(MSR_ARCH_CAPABILITIES, caps); =20 @@ -430,11 +433,12 @@ static void __init print_details(enum ind_thunk thunk) (e8b & cpufeat_mask(X86_FEATURE_IBPB_RET)) ? " IBPB_RET"= : ""); =20 /* Hardware features which need driving to mitigate issues. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB" = : "", (e8b & cpufeat_mask(X86_FEATURE_IBRS)) || (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS" = : "", + (e21a & cpufeat_mask(X86_FEATURE_AUTOMATIC_IBRS)) ? " AUTO_IBRS= " : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_STIBP)) || (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" = : "", (e8b & cpufeat_mask(X86_FEATURE_AMD_SSBD)) || @@ -468,7 +472,9 @@ static void __init print_details(enum ind_thunk thunk) thunk =3D=3D THUNK_JMP ? "JMP" : "?", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : - (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", + (cpu_has_auto_ibrs && + (default_xen_spec_ctrl & SPEC_CTRL_IBRS)) ? "AUTO_IBRS+" : + (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", (!boot_cpu_has(X86_FEATURE_STIBP) && !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP= -", @@ -1150,15 +1156,20 @@ void __init init_speculation_mitigations(void) } else { - /* - * Evaluate the safest Branch Target Injection mitigations to use. - * First, begin with compiler-aided mitigations. - */ - if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) + /* Evaluate the safest BTI mitigations with lowest overhead */ + if ( cpu_has_auto_ibrs ) + { + /* + * We'd rather use Automatic IBRS if present. It helps in order + * to avoid stuffing the RSB manually on every VMEXIT. + */ + ibrs =3D true; + } + else if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * On all hardware, we'd like to use retpoline in preference to - * IBRS, but only if it is safe on this hardware. + * Otherwise, we'd like to use retpoline in preference to + * plain IBRS, but only if it is safe on this hardware. */ if ( retpoline_safe() ) thunk =3D THUNK_RETPOLINE; @@ -1357,7 +1368,9 @@ void __init init_speculation_mitigations(void) */ if ( opt_rsb_hvm ) { - setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); + /* Automatic IBRS wipes the RSB for us on VMEXIT */ + if ( !(ibrs && cpu_has_auto_ibrs) ) + setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); =20 /* * For SVM, Xen's RSB safety actions are performed before STGI, so @@ -1582,17 +1595,26 @@ void __init init_speculation_mitigations(void) =20 bsp_delay_spec_ctrl =3D !cpu_has_hypervisor && default_xen_spec_ct= rl; =20 - /* - * If delaying MSR_SPEC_CTRL setup, use the same mechanism as - * spec_ctrl_enter_idle(), by using a shadow value of zero. - */ if ( bsp_delay_spec_ctrl ) { + /* + * If delaying MSR_SPEC_CTRL setup, use the same mechanism as + * spec_ctrl_enter_idle(), by using a shadow value of zero. + */ info->shadow_spec_ctrl =3D 0; barrier(); info->spec_ctrl_flags |=3D SCF_use_shadow; barrier(); } + else if ( ibrs && cpu_has_auto_ibrs ) + { + /* + * If we're not delaying setting SPEC_CTRL there's no need to + * delay setting Automatic IBRS either. Flip the toggle if + * supported and IBRS is expected. + */ + write_efer(read_efer() | EFER_AIBRSE); + } =20 val =3D bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl; =20 --=20 2.34.1 From nobody Mon May 6 12:42:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=cloud.com ARC-Seal: i=1; a=rsa-sha256; t=1685113287; cv=none; d=zohomail.com; s=zohoarc; b=G0/0K+pzk/Ltn1xaeEN43FszNaH75KgRLAnz+gFiZMe4cU6HezSCrp1Yw66ldaU0+UtNE6wy9RnAjXWke+4Pk+No71lZPidQe6vubZSuywMIueTHp5S7oC/MPfSOJ6Udo9/1VKzDWqyBNUIOA+pYh7rfzMXSxdrQtjHvgAGxnzg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685113287; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=quS4cTSFGRVakDp9QHbKiL2cvkdUMIvwadA2xaR3dOE=; b=kw7Num+wVBP05DnMiLbYLn8oXpp/GgQw6ozX9Jp95Zgt5q67g6ogLDcNtNDjqESueeJpBZzo36HUwXl4PD1L2AV6K4jt23JgvQjFHsVyWQAFEemprKxL8/cJGWEdfryafU5eowwKqAmGF5DJQeA3sS1BuDY4OY1TT7nZNjtN9hk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685113287035859.7049409105618; Fri, 26 May 2023 08:01:27 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.540130.841660 (Exim 4.92) (envelope-from ) id 1q2Yw1-0001U1-IH; Fri, 26 May 2023 15:00:53 +0000 Received: by outflank-mailman (output) from mailman id 540130.841660; Fri, 26 May 2023 15:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yw1-0001Tu-Dy; Fri, 26 May 2023 15:00:53 +0000 Received: by outflank-mailman (input) for mailman id 540130; Fri, 26 May 2023 15:00:51 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q2Yvz-0000zw-NR for xen-devel@lists.xenproject.org; Fri, 26 May 2023 15:00:51 +0000 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [2a00:1450:4864:20::42d]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 1a4891ba-fbd6-11ed-b230-6b7b168915f2; Fri, 26 May 2023 17:00:50 +0200 (CEST) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-309550d4f73so1702708f8f.1 for ; Fri, 26 May 2023 08:00:50 -0700 (PDT) Received: from localhost.localdomain (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id y9-20020a5d4709000000b00307d58b3da9sm5360033wrq.25.2023.05.26.08.00.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 May 2023 08:00:49 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 1a4891ba-fbd6-11ed-b230-6b7b168915f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloud.com; s=cloud; t=1685113249; x=1687705249; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=quS4cTSFGRVakDp9QHbKiL2cvkdUMIvwadA2xaR3dOE=; b=Q4Q946ylMHUyvYrwPgiKBe5i3wcohM3WYhaSRXDR8DGJIBq3WGAullplwSgyZNiJEb cJRzHyCxqr0TmEQhpN9SRYNztmV2e0F9/GuRldBJB+osDeIWnUI243Y4YYBEpGxm++2B AztWewjWlY0WnWRTxTWSmAL7BPUE+BJPEbRkM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685113249; x=1687705249; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=quS4cTSFGRVakDp9QHbKiL2cvkdUMIvwadA2xaR3dOE=; b=WTGP6x9TBAOyWhgVgI2cdeH8F/aLiMNnPMiH+8WbJMYIEuAgHCvHDSl4ovelPgTg80 Qdh6qpXZXioe2kZml9B3UPQ6do6YcrS1SGZnH+C1IN60bKeZGrbPqWFW5AWyUT8cjpKd ZrAUuR/D11MT8COYo6+c8expYfyS5elUQRip5PeqqhAf9wyhm4Ge35lLG+Z7ORBjIhLD Bc9qCJXQlfzYSp/7Edch8KsfeZLNdDbGTO7OY0WrBbxzpbR1qS3//FpuuN1iwijW6PEy JPLZSGobBoJst2tjBnylQvdOQ535pQDMO3b4xT2I6gvYBhbnswrQcNdnDM8XPtqnScKg sOoQ== X-Gm-Message-State: AC+VfDznHIT2bOUuI3r8RGi9MU43vzvsqCISszQ7sTq9zSFd8U7FaM9m y4Je3r+6O0DqadsJG1+hAtk1ZfzC8v/jojaBvGk= X-Google-Smtp-Source: ACHHUZ4ReO3uxjh5k5rw9APzBLZv58Icukc7CnHI7cJZNUVC14W3TZanYNZO2aqb9V/L/dppIWKiyw== X-Received: by 2002:a5d:45cf:0:b0:306:2ff1:5227 with SMTP id b15-20020a5d45cf000000b003062ff15227mr1680848wrs.23.1685113249664; Fri, 26 May 2023 08:00:49 -0700 (PDT) From: Alejandro Vallejo To: Xen-devel Cc: Alejandro Vallejo , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH 3/3] x86: Expose Automatic IBRS to guests Date: Fri, 26 May 2023 16:00:44 +0100 Message-Id: <20230526150044.31553-4-alejandro.vallejo@cloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230526150044.31553-1-alejandro.vallejo@cloud.com> References: <20230526150044.31553-1-alejandro.vallejo@cloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @cloud.com) X-ZM-MESSAGEID: 1685113288310100005 Content-Type: text/plain; charset="utf-8" Expose AutoIBRS to HVM guests, because they can just use it. Make sure writes to EFER:AIBRSE are gated on the feature being exposed. Also hide EFER:AIBRSE from PV guests as they have no say in the matter. Signed-off-by: Alejandro Vallejo Reviewed-by: Andrew Cooper --- xen/arch/x86/hvm/hvm.c | 3 +++ xen/arch/x86/include/asm/msr-index.h | 3 ++- xen/arch/x86/pv/emul-priv-op.c | 4 ++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index d7d31b5393..07f39d5e61 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -936,6 +936,9 @@ const char *hvm_efer_valid(const struct vcpu *v, uint64= _t value, if ( (value & EFER_FFXSE) && !p->extd.ffxsr ) return "FFXSE without feature"; =20 + if ( (value & EFER_AIBRSE) && !p->extd.automatic_ibrs ) + return "AutoIBRS without feature"; + return NULL; } =20 diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 73d0af2615..49cb334c61 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -178,7 +178,8 @@ #define EFER_AIBRSE (_AC(1, ULL) << 21) /* Automat= ic IBRS Enable */ =20 #define EFER_KNOWN_MASK \ - (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) + (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE | \ + EFER_AIBRSE) =20 #define MSR_STAR 0xc0000081 /* legacy mode SYSC= ALL target */ #define MSR_LSTAR 0xc0000082 /* long mode SYSCAL= L target */ diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 8a4ef9c35e..142bc4818c 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -853,8 +853,8 @@ static uint64_t guest_efer(const struct domain *d) { uint64_t val; =20 - /* Hide unknown bits, and unconditionally hide SVME from guests. */ - val =3D read_efer() & EFER_KNOWN_MASK & ~EFER_SVME; + /* Hide unknown bits, and unconditionally hide SVME and AIBRSE from gu= ests. */ + val =3D read_efer() & EFER_KNOWN_MASK & ~(EFER_SVME | EFER_AIBRSE); /* * Hide the 64-bit features from 32-bit guests. SCE has * vendor-dependent behaviour. diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index e3952f62bc..42401e9452 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -287,7 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA In= structions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializin= g */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Bas= e (and limit too) */ -XEN_CPUFEATURE(AUTOMATIC_IBRS, 11*32+ 8) /* HW can handle IBRS on it= s own */ +XEN_CPUFEATURE(AUTOMATIC_IBRS, 11*32+ 8) /*S HW can handle IBRS on it= s own */ XEN_CPUFEATURE(CPUID_USER_DIS, 11*32+17) /* CPUID disable for CPL > = 0 software */ =20 /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */ --=20 2.34.1