[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.7] x86/amd: Try to set lfence as being Dispatch Serialising

commit f291c01cd6d405927ceb022bdef6479de8b9fb9a
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Feb 14 11:30:08 2018 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Feb 14 11:30:08 2018 +0100

    x86/amd: Try to set lfence as being Dispatch Serialising
    
    This property is required for the AMD's recommended mitigation for Branch
    Target Injection, but Xen needs to cope with being unable to detect or 
modify
    the MSR.
    
    This is part of XSA-254.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: fe3ee5530a8d0d0b6a478167125d00c40f294a86
    master date: 2018-01-16 17:45:50 +0000
---
 xen/arch/x86/cpu/amd.c           | 32 ++++++++++++++++++++++++++++++++
 xen/include/asm-x86/cpufeature.h |  2 ++
 xen/include/asm-x86/msr-index.h  |  1 +
 3 files changed, 35 insertions(+)

diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index d65ac71..4a1310d 100644
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -559,6 +559,38 @@ static void init_amd(struct cpuinfo_x86 *c)
                        wrmsr_amd_safe(0xc001100d, l, h & ~1);
        }
 
+       /*
+        * Attempt to set lfence to be Dispatch Serialising.  This MSR almost
+        * certainly isn't virtualised (and Xen at least will leak the real
+        * value in but silently discard writes), as well as being per-core
+        * rather than per-thread, so do a full safe read/write/readback cycle
+        * in the worst case.
+        */
+       if (c->x86 == 0x0f || c->x86 == 0x11)
+               /* Always dispatch serialising on this hardare. */
+               __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability);
+       else /* Implicily "== 0x10 || >= 0x12" by being 64bit. */ {
+               if (rdmsr_safe(MSR_AMD64_DE_CFG, value))
+                       /* Unable to read.  Assume the safer default. */
+                       __clear_bit(X86_FEATURE_LFENCE_DISPATCH,
+                                   c->x86_capability);
+               else if (value & AMD64_DE_CFG_LFENCE_SERIALISE)
+                       /* Already dispatch serialising. */
+                       __set_bit(X86_FEATURE_LFENCE_DISPATCH,
+                                 c->x86_capability);
+               else if (wrmsr_safe(MSR_AMD64_DE_CFG,
+                                   value | AMD64_DE_CFG_LFENCE_SERIALISE) ||
+                        rdmsr_safe(MSR_AMD64_DE_CFG, value) ||
+                        !(value & AMD64_DE_CFG_LFENCE_SERIALISE))
+                       /* Attempt to set failed.  Assume the safer default. */
+                       __clear_bit(X86_FEATURE_LFENCE_DISPATCH,
+                                   c->x86_capability);
+               else
+                       /* Successfully enabled! */
+                       __set_bit(X86_FEATURE_LFENCE_DISPATCH,
+                                 c->x86_capability);
+       }
+
        switch(c->x86)
        {
        case 0xf ... 0x17:
diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
index 1a11ebe..ce3f678 100644
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -26,6 +26,7 @@
 #define X86_FEATURE_CLFLUSH_MONITOR    ((FSCAPINTS+0)*32+ 7) /* clflush reqd 
with monitor */
 #define X86_FEATURE_APERFMPERF         ((FSCAPINTS+0)*32+ 8) /* APERFMPERF */
 #define X86_FEATURE_MSR_PLATFORM_INFO  ((FSCAPINTS+0)*32+ 9) /* PLATFORM_INFO 
MSR present */
+#define X86_FEATURE_LFENCE_DISPATCH    ((FSCAPINTS+0)*32+ 10) /* lfence set as 
Dispatch Serialising */
 
 #define cpufeat_word(idx)      ((idx) / 32)
 #define cpufeat_bit(idx)       ((idx) % 32)
@@ -89,6 +90,7 @@
 #define cpu_has_eist           boot_cpu_has(X86_FEATURE_EIST)
 #define cpu_has_hypervisor     boot_cpu_has(X86_FEATURE_HYPERVISOR)
 #define cpu_has_cmp_legacy     boot_cpu_has(X86_FEATURE_CMP_LEGACY)
+#define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH)
 
 enum _cache_type {
     CACHE_TYPE_NULL = 0,
diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
index 04b6722..21cd662 100644
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -210,6 +210,7 @@
 #define MSR_AMD64_IC_CFG               0xc0011021
 #define MSR_AMD64_DC_CFG               0xc0011022
 #define MSR_AMD64_DE_CFG               0xc0011029
+#define AMD64_DE_CFG_LFENCE_SERIALISE  (_AC(1, ULL) << 1)
 
 #define MSR_AMD64_DR0_ADDRESS_MASK     0xc0011027
 #define MSR_AMD64_DR1_ADDRESS_MASK     0xc0011019
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.7

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.