From nobody Thu May 2 19:43:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1685630957; cv=none; d=zohomail.com; s=zohoarc; b=Fo1wB3rHEy5y/f/gDUgHKglX1MFW+OyrKB3uG/GQsSe4IwiDebm0fuELijDlK7y6nb67eiOCJC7tfit12TnDA7iWsSbtwW4HuVuDl4bihrRRZv1bu1RMv6jYJUXtTv8kmu8C9paqAF3gbC6GyS2/cHcbOgkXz0jmRnqvJZepPWs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685630957; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=BWsfj7hCq+A7+uI6XLAmujxt3sBxBJyTjkVLl4JTEe8=; b=E5GUxdIa7asqOIQCOVprlW8rrb9Eu10KMKLEV1GSK7rLnWjHQzygjGm2u+AvNZVtO7quPLH4MT4A4c9U3uv/HkPTIEmbllCl8WCfRRSlIY2NMKrFqOyEIb9VRtHABb/k3Eb/pUa++ugAdqLYyXg48jA7wBubH5zuZrXdeQyL6XE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685630957091805.4177719196368; Thu, 1 Jun 2023 07:49:17 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.542597.846623 (Exim 4.92) (envelope-from ) id 1q4jbl-0005tM-Ds; Thu, 01 Jun 2023 14:48:57 +0000 Received: by outflank-mailman (output) from mailman id 542597.846623; Thu, 01 Jun 2023 14:48:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbl-0005tF-AR; Thu, 01 Jun 2023 14:48:57 +0000 Received: by outflank-mailman (input) for mailman id 542597; Thu, 01 Jun 2023 14:48:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbj-0005t4-G4 for xen-devel@lists.xenproject.org; Thu, 01 Jun 2023 14:48:55 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6c356c00-008b-11ee-8611-37d641c3527e; Thu, 01 Jun 2023 16:48:52 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6c356c00-008b-11ee-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1685630932; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IcofpnS6XGYluTyt2W7nbS+cq7NfLxqLKtySG8hnQ+Y=; b=Vfj86GDiCMxVhqzvivBvpHPZvXDxLqK1x7wTNvjrYVDf7SFSipech996 acS3+SmmGAL3BY5KqUnMXIv4db4/uN5Z8J+VItoKd0vbb9T3gFGA+5uzL CD0toHi3VtP6SWOc84uTqtFaSB862fivCvoK8IsyODlEHk+yHfRPsO+xz 8=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 111123534 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:rgLZB6JfgrxzOSzEFE+RzZUlxSXFcZb7ZxGr2PjKsXjdYENS0WQEy mYXCGyPOfrZYjP2KIskPIW/pk8PvpXQzoBlQVRlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrbwP9TlK6q4mhA4ARnPasjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5QGnkW3 /YXBQsASVeBnt+ZwLfnZNlV05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGQpNU6bC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TTHJwMxB3F/ T6uE2LRUzYhH9Hclya8rVWBpt73wiXkA7sNG+jtnhJtqALKnTFCYPEMbnOrrP/8hkOgVtZ3L 00P5jFovaU07FasTNT2Q1u/unHsljw2VsdUEuY6wBqQ0aeS6AGcbkAbShZRZdpgs9U5LQHGz XfQwYmvX2Y29uTIFzTErOz8QS6O1TY9CnQaPQUOQiY+7v6kopgOoRLKEvhTKfvg5jHqIg3Yz zePpSk4orwci88Xyqm2lWz6byKQSovhFVBsuFiONo6xxkYgPdP+OdT0gbTOxawYRLt1WGVtq 5TtdyK2yOkVRa+AmyWWKAnmNOH4vq3VWNEwbLMGInXAy9hP0yfyFWyzyGskTKuMDirjUWGBX aMrkVkNjKK/xVPzBUONX6q/Ct4x0Y/rHsn/W/bfY7JmO8YhKVLao3EzPRbNjwgBdXTAd4llY /93lu71XB4n5VlPlmLqF4/xL5d2rszB+Y8jbc+ilEn2uVZvTHWUVa0EIDOzghMRtcu5TPHu2 48HbaOikkwPONASlwGLqeb/23hWdylkbX03wuQLHtO+zv1OQzp5Va+BkO54J+SIXc19z4/1w 510YWcAoHKXuJENAV7ihqxLAF83YatCkA== IronPort-HdrOrdr: A9a23:i/bT46xvZcdN2Lvrb5FrKrPw3L1zdoMgy1knxilNoHxuH/Bw9v re+8jzsCWftN9/Yh4dcLy7VpVoBEmslqKdgrNhWYtKPjOHhILAFugLgbcKgQeQeREWntQ36U 4KSdkaNDSfNzlHZcaR2njFLz4jquP3j5xBU43lvglQpQIBUdAQ0+9gYDzrdHGf3GN9dOAE/J z33Ls/mxOQPU45Q+6cHXc/U+3Kt7Tw5e/biU5vPW9e1OGW5wnYk4LHLw== X-Talos-CUID: =?us-ascii?q?9a23=3AnrwEImnAi6tmRg+LuSy9AAVXZNDXOVrG1C/6KUC?= =?us-ascii?q?VMmtOD7+MdHCQ/f9Ko/M7zg=3D=3D?= X-Talos-MUID: 9a23:JXvoWAsmyXPyJfR/x82n1RZZH8orvbiXV2cgsaQ+5M+bbhVvNGLI X-IronPort-AV: E=Sophos;i="6.00,210,1681185600"; d="scan'208";a="111123534" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 1/3] x86/spec-ctrl: Rename retpoline_safe() to retpoline_calculations() Date: Thu, 1 Jun 2023 15:48:43 +0100 Message-ID: <20230601144845.1554589-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230601144845.1554589-1-andrew.cooper3@citrix.com> References: <20230601144845.1554589-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1685630959170100003 This is prep work, split out to simply the diff on the following change. * Rename to retpoline_calculations(), and call unconditionally. It is shortly going to synthesise missing enumerations required for guest safe= ty. * For the model check switch statement, store the result in a variable and break rather than returning directly. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Extend the 'safe' variable to the entire switch statement. --- xen/arch/x86/spec_ctrl.c | 41 +++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cd5ea6aa52d9..daee61900afa 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -580,9 +580,10 @@ static bool __init check_smt_enabled(void) } =20 /* Calculate whether Retpoline is known-safe on this CPU. */ -static bool __init retpoline_safe(void) +static bool __init retpoline_calculations(void) { unsigned int ucode_rev =3D this_cpu(cpu_sig).rev; + bool safe =3D false; =20 if ( boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON) ) return true; @@ -620,29 +621,31 @@ static bool __init retpoline_safe(void) case 0x3f: /* Haswell EX/EP */ case 0x45: /* Haswell D */ case 0x46: /* Haswell H */ - return true; + safe =3D true; + break; =20 /* * Broadwell processors are retpoline-safe after specific microcode * versions. */ case 0x3d: /* Broadwell */ - return ucode_rev >=3D 0x2a; + safe =3D ucode_rev >=3D 0x2a; break; case 0x47: /* Broadwell H */ - return ucode_rev >=3D 0x1d; + safe =3D ucode_rev >=3D 0x1d; break; case 0x4f: /* Broadwell EP/EX */ - return ucode_rev >=3D 0xb000021; + safe =3D ucode_rev >=3D 0xb000021; break; case 0x56: /* Broadwell D */ switch ( boot_cpu_data.x86_mask ) { - case 2: return ucode_rev >=3D 0x15; - case 3: return ucode_rev >=3D 0x7000012; - case 4: return ucode_rev >=3D 0xf000011; - case 5: return ucode_rev >=3D 0xe000009; + case 2: safe =3D ucode_rev >=3D 0x15; break; + case 3: safe =3D ucode_rev >=3D 0x7000012; break; + case 4: safe =3D ucode_rev >=3D 0xf000011; break; + case 5: safe =3D ucode_rev >=3D 0xe000009; break; default: printk("Unrecognised CPU stepping %#x - assuming not reptpolin= e safe\n", boot_cpu_data.x86_mask); - return false; + safe =3D false; + break; } break; =20 @@ -656,7 +659,8 @@ static bool __init retpoline_safe(void) case 0x67: /* Cannonlake? */ case 0x8e: /* Kabylake M */ case 0x9e: /* Kabylake D */ - return false; + safe =3D false; + break; =20 /* * Atom processors before Goldmont Plus/Gemini Lake are retpoline-= safe. @@ -675,13 +679,17 @@ static bool __init retpoline_safe(void) case 0x5c: /* Goldmont */ case 0x5f: /* Denverton */ case 0x85: /* Knights Mill */ - return true; + safe =3D true; + break; =20 default: printk("Unrecognised CPU model %#x - assuming not reptpoline safe\= n", boot_cpu_data.x86_model); - return false; + safe =3D false; + break; } + + return safe; } =20 /* @@ -1114,7 +1122,7 @@ void __init init_speculation_mitigations(void) { enum ind_thunk thunk =3D THUNK_DEFAULT; bool has_spec_ctrl, ibrs =3D false, hw_smt_enabled; - bool cpu_has_bug_taa; + bool cpu_has_bug_taa, retpoline_safe; =20 hw_smt_enabled =3D check_smt_enabled(); =20 @@ -1140,6 +1148,9 @@ void __init init_speculation_mitigations(void) thunk =3D THUNK_JMP; } =20 + /* Determine if retpoline is safe on this CPU. */ + retpoline_safe =3D retpoline_calculations(); + /* * Has the user specified any custom BTI mitigations? If so, follow t= heir * instructions exactly and disable all heuristics. @@ -1161,7 +1172,7 @@ void __init init_speculation_mitigations(void) * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - if ( retpoline_safe() ) + if ( retpoline_safe ) thunk =3D THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs =3D true; --=20 2.30.2 From nobody Thu May 2 19:43:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1685630959; cv=none; d=zohomail.com; s=zohoarc; b=BVh+sAIiaQQavx266ILLYpVcpXf8doGru0l5V+uK8YDJXtr2CLshlItUkG3o37KbdFC5YQ+oWz8DVexXB2Lt8yepobeFnE20e8bLZAlYUnUBdpAtd1jZp9yNr0j6BAJIo/fWiMGNgGO/mv5+ApPy9yFdASlDXezVK+qf/ENbFMs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685630959; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qOz3Nl7HcHK5nUZ2BYtXDeW8KFnLKUYB6pqvZYomiwM=; b=QW5zUceNox3rHCFQM2lm4/zdvg1GCcqABfZRh7QijLEEhDjju7Jazgsmg+b5ZyKwQc8BRaCKBdUX4uxuPFjXvg8F8FF0DGb6Led7cLRHyj62nGqXOw9LTZoZeZ3DuQZMvYR9AYsGwidrZMOKDgulPR2kQpYltAF8N6YyqYYnidU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685630959290655.466268203493; Thu, 1 Jun 2023 07:49:19 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.542599.846643 (Exim 4.92) (envelope-from ) id 1q4jbn-0006NK-21; Thu, 01 Jun 2023 14:48:59 +0000 Received: by outflank-mailman (output) from mailman id 542599.846643; Thu, 01 Jun 2023 14:48:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbm-0006NC-VQ; Thu, 01 Jun 2023 14:48:58 +0000 Received: by outflank-mailman (input) for mailman id 542599; Thu, 01 Jun 2023 14:48:57 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbl-0005t4-F7 for xen-devel@lists.xenproject.org; Thu, 01 Jun 2023 14:48:57 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6e93d0fc-008b-11ee-8611-37d641c3527e; Thu, 01 Jun 2023 16:48:55 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6e93d0fc-008b-11ee-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1685630935; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4fvPFTN01BOhGOiMjRrOl+jDQlX0oz34/lNnkFP6f1o=; b=AapmWM7nj3czncNMLMTeBt/y/3VVaC5Fk24jJRX8OZMW9JMQWdwaeWTD 5ixtnGu6brNGK7lEPUtkQkI/qUso61m/8cDjP2jw26qxxHUmEviNmVN4R gpcCp4wbmtRTNO7YdVVxe++RvyeETcII1cso8BEaIP+JnBLwdsdgWKdKH I=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 111123535 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:Y+K1nKITCehldSijFE+RzZUlxSXFcZb7ZxGr2PjKsXjdYENShWAOz GMaDz+FP/iDYmukLdB2aIWzoBhVvMPVy9RiQARlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrbwP9TlK6q4mhA4ARnPasjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5QGnkW3 /YXBQsASVeBnt+ZwLfnZNlV05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGQpNU6bC/FMEg5/5JYWteGknHTgNRZfr0qYv/Ef6GnP1g1hlrPqNbI5f/TTHJwMxB3F/ T+uE2LRGEkQO9K+8ii+4HOGiu3vg3rwH6EJPejtnhJtqALKnTFCYPEMbnOrrP/8hkOgVtZ3L 00P5jFovaU07FasTNT2Q1u/unHsljw2VsdUEuY6wBqQ0aeS6AGcbkAbShZRZdpgs9U5LQHGz XfQwYmvX2Y29uTIFzTErOz8QS6O1TY9CnQaPQUOQiY+7v6kopgOoRLKEvhTKfvg5jHqIg3Yz zePpSk4orwci88Xyqm2lWz6byKQSovhFVBsuFiONo6xxkYgPdP+OdT0gbTOxawYRLt1WGVtq 5TtdyK2yOkVRa+AmyWWKAnmNOH4vq3VWNEwbLMGInXAy9hP0yfyFWyzyGskTKuMDirjUWGBX aMrkVkNjKK/xVPzBUONX6q/Ct4x0Y/rHsn/W/bfY7JmO8YhKVLao3EzPRbNjwgBdXTAd4llY /93lu71XB4n5VlPlmLqF4/xL5d2rszB+Y8jbc+ilEn2uVZvTHWUVa0EIDOzghMRtcu5TPHu2 48HbaOikkwPONASlwGLqeb/23hWdylkbX03wuQLHtO+zv1OQzp5Va+BkO54J+SIXc19z4/1w 510YWcAoHKXuJENAV7ihqxLAF83YatCkA== IronPort-HdrOrdr: A9a23:iueOjaMUt1U+o8BcTjGjsMiBIKoaSvp037BK7S1MoH1uA6ulfq WV9sjzuiWatN98Yh8dcJW7Scq9qBDnhPpICOsqXYtKNTOO0AeVxcNZnOnfKlXbcBEWndQtsJ uIHZIeNDXxZ2IK8foT4mODYqkdKA/sytHXuQ/cpU0dPD2Dc8tbnmFE4p7wKDwNeOFBb6BJba a01458iBeLX28YVci/DmltZZm/mzWa/KiWGSLvHnQcmXKzsQ8= X-Talos-CUID: 9a23:MEpBj2zb1RQjoUzPsYl6BgUzAdh9WHfS4UzdBAi6EFtGSLjJZ2+prfY= X-Talos-MUID: =?us-ascii?q?9a23=3AnIQMxwx87zXHzQbFYOzgqDDv48CaqL72Ak8DsK4?= =?us-ascii?q?UgNuFHyByGynEh3OUWaZyfw=3D=3D?= X-IronPort-AV: E=Sophos;i="6.00,210,1681185600"; d="scan'208";a="111123535" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 2/3] x86/spec-ctrl: Fix up the RSBA/RRSBA bits as appropriate Date: Thu, 1 Jun 2023 15:48:44 +0100 Message-ID: <20230601144845.1554589-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230601144845.1554589-1-andrew.cooper3@citrix.com> References: <20230601144845.1554589-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1685630960191100005 In order to level a VM safely for migration, the toolstack needs to know the RSBA/RRSBA properties of the CPU, whether or not they happen to be enumerat= ed. See the code comment for details. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Rewrite almost from scratch. --- xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/spec_ctrl.c | 92 +++++++++++++++++++++++++-- 2 files changed, 88 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index ace31e3b1f1a..e2cb8f3cc728 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -193,6 +193,7 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_tsx_ctrl boot_cpu_has(X86_FEATURE_TSX_CTRL) #define cpu_has_taa_no boot_cpu_has(X86_FEATURE_TAA_NO) #define cpu_has_fb_clear boot_cpu_has(X86_FEATURE_FB_CLEAR) +#define cpu_has_rrsba boot_cpu_has(X86_FEATURE_RRSBA) =20 /* Synthesized. */ #define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index daee61900afa..29ed410da47a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -579,7 +579,10 @@ static bool __init check_smt_enabled(void) return false; } =20 -/* Calculate whether Retpoline is known-safe on this CPU. */ +/* + * Calculate whether Retpoline is known-safe on this CPU. Fix up the + * RSBA/RRSBA bits as necessary. + */ static bool __init retpoline_calculations(void) { unsigned int ucode_rev =3D this_cpu(cpu_sig).rev; @@ -593,15 +596,85 @@ static bool __init retpoline_calculations(void) return false; =20 /* - * RSBA may be set by a hypervisor to indicate that we may move to a - * processor which isn't retpoline-safe. + * The meaning of the RSBA and RRSBA bits have evolved over time. The + * agreed upon meaning at the time of writing (May 2023) is thus: + * + * - RSBA (RSB Alternative) means that an RSB may fall back to an + * alternative predictor on underflow. Skylake uarch and later all = have + * this property. Broadwell too, when running microcode versions pr= ior + * to Jan 2018. + * + * - All eIBRS-capable processors suffer RSBA, but eIBRS also introduc= es + * tagging of predictions with the mode in which they were learned. = So + * when eIBRS is active, RSBA becomes RRSBA (Restricted RSBA). + * + * - CPUs are not expected to enumerate both RSBA and RRSBA. + * + * Some parts (Broadwell) are not expected to ever enumerate this + * behaviour directly. Other parts have differing enumeration with + * microcode version. Fix up Xen's idea, so we can advertise them saf= ely + * to guests, and so toolstacks can level a VM safety for migration. + * + * The following states exist: + * + * | | RSBA | EIBRS | RRSBA | Notes | Action | + * |---+------+-------+-------+--------------------+---------------| + * | 1 | 0 | 0 | 0 | OK (older parts) | Maybe +RSBA | + * | 2 | 0 | 0 | 1 | Broken | +RSBA, -RRSBA | + * | 3 | 0 | 1 | 0 | OK (pre-Aug ucode) | +RRSBA | + * | 4 | 0 | 1 | 1 | OK | | + * | 5 | 1 | 0 | 0 | OK | | + * | 6 | 1 | 0 | 1 | Broken | -RRSBA | + * | 7 | 1 | 1 | 0 | Broken | -RSBA, +RRSBA | + * | 8 | 1 | 1 | 1 | Broken | -RSBA | * + * However, we doesn't need perfect adherence to the spec. Identify t= he + * broken cases (so we stand a chance of spotting violated assumptions= ), + * and fix up Rows 1 and 3 so Xen can use RSBA || RRSBA to identify + * "alternative predictors potentially in use". + */ + if ( cpu_has_eibrs ? cpu_has_rsba /* Rows 7, 8 */ + : cpu_has_rrsba /* Rows 2, 6 */ ) + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RSBA %u, E= IBRS %u, RRSBA %u\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, ucode_rev, + cpu_has_rsba, cpu_has_eibrs, cpu_has_rrsba); + + /* * Processors offering Enhanced IBRS are not guarenteed to be * repoline-safe. */ - if ( cpu_has_rsba || cpu_has_eibrs ) + if ( cpu_has_eibrs ) + { + /* + * Prior to the August 2023 microcode, many eIBRS-capable parts did + * not enumerate RRSBA. + */ + if ( !cpu_has_rrsba ) + setup_force_cpu_cap(X86_FEATURE_RRSBA); + + return false; + } + + /* + * RSBA is explicitly enumerated in some cases, but may also be set by= a + * hypervisor to indicate that we may move to a processor which isn't + * retpoline-safe. + */ + if ( cpu_has_rsba ) return false; =20 + /* + * At this point, we've filtered all the legal RSBA || RRSBA cases (or= the + * known non-ideal cases). If ARCH_CAPS is visible, trust the absence= of + * RSBA || RRSBA. There's no known microcode which advertises ARCH_CA= PS + * without RSBA or EIBRS, and if we're virtualised we can't rely the m= odel + * check anyway. + */ + if ( cpu_has_arch_caps ) + return true; + switch ( boot_cpu_data.x86_model ) { case 0x17: /* Penryn */ @@ -689,6 +762,15 @@ static bool __init retpoline_calculations(void) break; } =20 + if ( !safe ) + { + /* + * Note: the eIBRS-capable parts are filtered out earlier, so the + * remainder here are the ones which suffer only RSBA behaviour. + */ + setup_force_cpu_cap(X86_FEATURE_RSBA); + } + return safe; } =20 @@ -1148,7 +1230,7 @@ void __init init_speculation_mitigations(void) thunk =3D THUNK_JMP; } =20 - /* Determine if retpoline is safe on this CPU. */ + /* Determine if retpoline is safe on this CPU. Fix up RSBA/RRSBA enum= erations. */ retpoline_safe =3D retpoline_calculations(); =20 /* --=20 2.30.2 From nobody Thu May 2 19:43:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1685630957; cv=none; d=zohomail.com; s=zohoarc; b=iHuWORRHl2YlljjLU4Su78/lXDOJfr+FB/+yEYG9RzlH44ho4TA6mAEAZpZfMI/X9Xsb3ni5TDkagUZ6wiFbTlBVuY3NbZIEMqBAQCgCmSDI0mi7Y3l+XYhSzbBT+XweRVPXm6oJE7WY0i+UeEPn46laiIQRNVMkJgXUNlZIa7A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685630957; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=yj/Vdhoz0wHWfjoPnh+6gAc7xAgNUsPRjyy6jrHy/K8=; b=LnrNL32I4hrAwKVvNElFZNy70frFhscfSF5I49OrE3+lWTigT3p7Cj3zlm5FkQDb72TmSdqZZetDk4lpWhwroYM6wbOdK8Vv1Du9HV5JBS2JO3EZi3LTa5topSSlt2z+Eb+gdD/eDZFszocj5Yw0l4XZjBctTeNcnJ47maiI97I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1685630957048339.19977836705164; Thu, 1 Jun 2023 07:49:17 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.542600.846653 (Exim 4.92) (envelope-from ) id 1q4jbo-0006cl-9G; Thu, 01 Jun 2023 14:49:00 +0000 Received: by outflank-mailman (output) from mailman id 542600.846653; Thu, 01 Jun 2023 14:49:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbo-0006ce-6Q; Thu, 01 Jun 2023 14:49:00 +0000 Received: by outflank-mailman (input) for mailman id 542600; Thu, 01 Jun 2023 14:48:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q4jbm-0005t4-Py for xen-devel@lists.xenproject.org; Thu, 01 Jun 2023 14:48:58 +0000 Received: from esa4.hc3370-68.iphmx.com (esa4.hc3370-68.iphmx.com [216.71.155.144]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6f7be821-008b-11ee-8611-37d641c3527e; Thu, 01 Jun 2023 16:48:56 +0200 (CEST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6f7be821-008b-11ee-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1685630936; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0Huqnszf3sCeFY36VmVwYFe6YJQ79qu8pbuCZc31GcY=; b=ThLVIgkcCQgUucE+PbmfD90P8Pr4ewj31zBlJeKT5iIda3FzY1XJxN6Y UP7KwmYV7SqjxBzwMeB4+1jdW3lAQLjRXwPExG9vJpGnA0SbVT31K/7BE yYMNBYX7KhPFv5++vy875Ya29oVcWlM0CnsJ/cB6+QxkLVSA03e4VyC0F 8=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 113728657 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:6Z+78q5pkiOxUOH8adAHDQxRtCTHchMFZxGqfqrLsTDasY5as4F+v jFOXm+AbvaLYjT1fYhyO42w9E8CvpPRyoAyGgU6pCwyHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9lU35JwehBtC5gZlPa4T5QeF/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m7 P8HBypKSzW/tcmTnLulYPQ22+0sM5y+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJUQVYT/7C7pn9AusrlD5fydVtxS+oq0v7nKI5AdwzKLsIJzefdniqcB9xx/D+ TiWoTmmav0cHOzD+xmJ6lOuurXKkX/4doM1KJOezsc/1TV/wURMUUZLBDNXu8KRmkO4Ht5SN UEQ0i4vtrQpslymSMHnWB+1q2LCuQQTM/JyOeAn7ACGyoLP/h2UQGMDS1Zpd9gOpMIwAzsw2 Te0c8jBXGI19ufPEDTEq+nS9GnpUcQIEYMcTTYHUiQfpPzGnLMYq07GUPx+SvOcgcKgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gJsVmSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZrHwzOBHAgji1zRhEfUQD1 XGzK5zE4ZEyUPUP8dZLb71Fje9DKt4WmAs/uqwXPzz4iOHDNRZ5uJ8OMUeUb/BR0U93iFy9z jqrDOPTk083eLSnMkHqHXs7cQhiwY4TWcqn9KS6t4erfmJbJY3WI6SKme1xK904xvg9eyWh1 ijVZ3K0AWHX3RXvQThmoFg/AF8zdf6TdU4GABE= IronPort-HdrOrdr: A9a23:srP37aldqolmakWOKiRMBtaA14vpDfOnimdD5ihNYBxZY6Wkfp +V8cjzhCWftN9OYhodcIi7SdC9qXO1z+8X3WBjB8bbYOCGghrhEGgG1+ffKlLbakrDH4JmtJ uIEJIOQ+EYb2IK6/oSiTPQe7lP/DDtytHLuQ6q9QYIcegcUdAE0+4WMGamO3wzYDMDKYsyFZ Ka6MYCjSGnY24rYsOyAWRAd/TfpvXQ/aiWLCIuNloC0k2jnDmo4Ln1H1yzxREFSQ5Cxr8k7C zsjxH53KO+qPu2oyWsm1M7rq4m1+cJ+OEzRfBkufJlagkETTzYJ7iJbofy8gzdZtvfqmrC3u O85ivIdP4DkE85NlvF2ycFnTOQmgrGokWStWNxjRbY0LHEbSN/BMxbiY1DdBzFr0ImodFnya pOm3mUrpxNEHr77VPADnfzJmFXf2eP0A8feNQo/ghieJpbbKUUoZ0U/UtTHptFFCXm6Jo/GO 0rCM3H/v5ZfV6Tcnic5wBUsZWRd2V2Gg3DTlkJu8ST3TQTlHdlz1EAzMhamnsb7poyR5RN+u yBOKV1k7NFSNMQcMtGdZE8aNryDnaITQPHMWqUL1iiHKYbO2jVo5qy+7kx7PHCQu178HLzou WzbLp1jx9CR6u1M7zw4HRiyGGyfFmA X-Talos-CUID: 9a23:1kdhTmF3Hcaf1Q6lqmJ+91E7AIcAV0Hv51KMKlGSFDw0YbKKHAo= X-Talos-MUID: =?us-ascii?q?9a23=3AkuKL2Q7X4UQgx3yuUPcor6FqxoxYv5aNBFgsk6l?= =?us-ascii?q?cvsXYNgJxHAuzqgyOF9o=3D?= X-IronPort-AV: E=Sophos;i="6.00,210,1681185600"; d="scan'208";a="113728657" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu Subject: [PATCH v2 3/3] x86/cpu-policy: Derive RSBA/RRSBA for guest policies Date: Thu, 1 Jun 2023 15:48:45 +0100 Message-ID: <20230601144845.1554589-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230601144845.1554589-1-andrew.cooper3@citrix.com> References: <20230601144845.1554589-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1685630958326100001 The RSBA bit, "RSB Alternative", means that the RSB may use alternative predictors when empty. From a practical point of view, this mean "Retpoline not safe". Enhanced IBRS (officially IBRS_ALL in Intel's docs, previously IBRS_ATT) is= a statement that IBRS is implemented in hardware (as opposed to the form retrofitted to existing CPUs in microcode). The RRSBA bit, "Restricted-RSBA", is a combination of RSBA, and the eIBRS property that predictions are tagged with the mode in which they were learn= t. Therefore, it means "when eIBRS is active, the RSB may fall back to alternative predictors but restricted to the current prediction mode". As such, it's stronger statement than RSBA, but still means "Retpoline not saf= e". CPUs are not expected to enumerate both RSBA and RRSBA. Add feature dependencies for EIBRS and RRSBA. While technically they're not linked, absolutely nothing good can of letting the guest see RRSBA without EIBRS. Nor can anything good come of a guest seeing EIBRS without IBRSB. Furthermore, we use this dependency to simplify the max derivation logic. The max policies gets RSBA and RRSBA unconditionally set (with the EIBRS dependency maybe hiding RRSBA). We can run any VM, even if it has been told "somewhere you might run, Retpoline isn't safe". The default policies are more complicated. A guest shouldn't see both bits, but it needs to see one if the current host suffers from any form of RSBA, = and which bit it needs to see depends on whether eIBRS is visible or not. Therefore, the calculation must be performed after sanitise_featureset(). Finally, apply the same logic in recalculate_cpuid_policy(), as we do for other safety settings while we're still overhauling the toolstack logic in this area. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu v2: * Expand/adjust the comment for the max features. * Rewrite the default feature derivation in light of new information. * Fix up in recalculate_cpuid_policy() too. --- xen/arch/x86/cpu-policy.c | 53 +++++++++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 4 +- xen/tools/gen-cpuid.py | 5 +- 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index ee256ff5a137..f3bcb1ea4101 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -423,8 +423,17 @@ static void __init guest_common_max_feature_adjustment= s(uint32_t *fs) * Retpoline not safe)", so these need to be visible to a guest in= all * cases, even when it's only some other server in the pool which * suffers the identified behaviour. + * + * We can always run any VM which has previously (or will + * subsequently) run on hardware where Retpoline is not safe. + * Note: + * - The dependency logic may hide RRSBA for other reasons. + * - The max policy does not contitute a sensible configuration to + * run a guest in. */ __set_bit(X86_FEATURE_ARCH_CAPS, fs); + __set_bit(X86_FEATURE_RSBA, fs); + __set_bit(X86_FEATURE_RRSBA, fs); } } =20 @@ -532,6 +541,21 @@ static void __init calculate_pv_def_policy(void) guest_common_default_feature_adjustments(fs); =20 sanitise_featureset(fs); + + /* + * If the host suffers from RSBA of any form, and the guest can see + * MSR_ARCH_CAPS, reflect the appropriate RSBA/RRSBA property to the g= uest + * depending on the visibility of eIBRS. + */ + if ( test_bit(X86_FEATURE_ARCH_CAPS, fs) && + (cpu_has_rsba || cpu_has_rrsba) ) + { + bool eibrs =3D test_bit(X86_FEATURE_EIBRS, fs); + + __set_bit(eibrs ? X86_FEATURE_RRSBA + : X86_FEATURE_RSBA, fs); + } + x86_cpu_featureset_to_policy(fs, p); recalculate_xstate(p); } @@ -664,6 +688,21 @@ static void __init calculate_hvm_def_policy(void) __set_bit(X86_FEATURE_VIRT_SSBD, fs); =20 sanitise_featureset(fs); + + /* + * If the host suffers from RSBA of any form, and the guest can see + * MSR_ARCH_CAPS, reflect the appropriate RSBA/RRSBA property to the g= uest + * depending on the visibility of eIBRS. + */ + if ( test_bit(X86_FEATURE_ARCH_CAPS, fs) && + (cpu_has_rsba || cpu_has_rrsba) ) + { + bool eibrs =3D test_bit(X86_FEATURE_EIBRS, fs); + + __set_bit(eibrs ? X86_FEATURE_RRSBA + : X86_FEATURE_RSBA, fs); + } + x86_cpu_featureset_to_policy(fs, p); recalculate_xstate(p); } @@ -786,6 +825,20 @@ void recalculate_cpuid_policy(struct domain *d) =20 sanitise_featureset(fs); =20 + /* + * If the host suffers from RSBA of any form, and the guest can see + * MSR_ARCH_CAPS, reflect the appropriate RSBA/RRSBA property to the g= uest + * depending on the visibility of eIBRS. + */ + if ( test_bit(X86_FEATURE_ARCH_CAPS, fs) && + (cpu_has_rsba || cpu_has_rrsba) ) + { + bool eibrs =3D test_bit(X86_FEATURE_EIBRS, fs); + + __set_bit(eibrs ? X86_FEATURE_RRSBA + : X86_FEATURE_RSBA, fs); + } + /* Fold host's FDP_EXCP_ONLY and NO_FPU_SEL into guest's view. */ fs[FEATURESET_7b0] &=3D ~(cpufeat_mask(X86_FEATURE_FDP_EXCP_ONLY) | cpufeat_mask(X86_FEATURE_NO_FPU_SEL)); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 4edf9aba7ff6..a0e46138d763 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -311,7 +311,7 @@ XEN_CPUFEATURE(CET_SSS, 15*32+18) /* CET S= upervisor Shadow Stacks s /* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.eax, word 16 */ XEN_CPUFEATURE(RDCL_NO, 16*32+ 0) /*A No Rogue Data Cache Load= (Meltdown) */ XEN_CPUFEATURE(EIBRS, 16*32+ 1) /*A Enhanced IBRS */ -XEN_CPUFEATURE(RSBA, 16*32+ 2) /*!A RSB Alternative (Retpoli= ne not safe) */ +XEN_CPUFEATURE(RSBA, 16*32+ 2) /*! RSB Alternative (Retpoli= ne not safe) */ XEN_CPUFEATURE(SKIP_L1DFL, 16*32+ 3) /* Don't need to flush L1D = on VMEntry */ XEN_CPUFEATURE(INTEL_SSB_NO, 16*32+ 4) /*A No Speculative Store Byp= ass */ XEN_CPUFEATURE(MDS_NO, 16*32+ 5) /*A No Microarchitectural Da= ta Sampling */ @@ -327,7 +327,7 @@ XEN_CPUFEATURE(FBSDP_NO, 16*32+14) /*A No Fi= ll Buffer Stale Data Prop XEN_CPUFEATURE(PSDP_NO, 16*32+15) /*A No Primary Stale Data Pr= opagation */ XEN_CPUFEATURE(FB_CLEAR, 16*32+17) /*A Fill Buffers cleared by = VERW */ XEN_CPUFEATURE(FB_CLEAR_CTRL, 16*32+18) /* MSR_OPT_CPU_CTRL.FB_CLEA= R_DIS */ -XEN_CPUFEATURE(RRSBA, 16*32+19) /*!A Restricted RSB Alternati= ve */ +XEN_CPUFEATURE(RRSBA, 16*32+19) /*! Restricted RSB Alternati= ve */ XEN_CPUFEATURE(BHI_NO, 16*32+20) /*A No Branch History Inject= ion */ XEN_CPUFEATURE(XAPIC_STATUS, 16*32+21) /* MSR_XAPIC_DISABLE_STATUS= */ XEN_CPUFEATURE(OVRCLK_STATUS, 16*32+23) /* MSR_OVERCLOCKING_STATUS = */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 973fcc1c64e8..72cf11654ba9 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,7 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating t= hem # as dependent features simplifies Xen's logic, and prevents the g= uest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], AMD_STIBP: [STIBP_ALWAYS], @@ -328,6 +328,9 @@ def crunch_numbers(state): =20 # The ARCH_CAPS CPUID bit enumerates the availability of the whole= register. ARCH_CAPS: list(range(RDCL_NO, RDCL_NO + 64)), + + # The behaviour described by RRSBA depend on eIBRS being active. + EIBRS: [RRSBA], } =20 deep_features =3D tuple(sorted(deps.keys())) --=20 2.30.2