[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen staging] x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass

commit 8c0e338086f060eba31d37b83fbdb883928aa085
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Apr 26 10:56:28 2018 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Mon May 21 14:20:06 2018 +0100

    x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass
    
    AMD processors will execute loads and stores with the same base register in
    program order, which is typically how a compiler emits code.
    
    Therefore, by default no mitigating actions are taken, despite there being
    corner cases which are vulnerable to the issue.
    
    For performance testing, or for users with particularly sensitive workloads,
    the `spec-ctrl=ssbd` command line option is available to force Xen to 
disable
    Memory Disambiguation on applicable hardware.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 docs/misc/xen-command-line.markdown |  7 ++++++-
 xen/arch/x86/cpu/amd.c              | 20 ++++++++++++++++++++
 xen/arch/x86/spec_ctrl.c            |  3 +++
 xen/include/asm-x86/spec_ctrl.h     |  1 +
 4 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index b6b1530a25..da570b4ab1 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1757,7 +1757,7 @@ false disable the quirk workaround, which is also the 
default.
 
 ### spec-ctrl (x86)
 > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb}=<bool>,
->              bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb}=<bool> ]`
+>              bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd}=<bool> ]`
 
 Controls for speculative execution sidechannel mitigations.  By default, Xen
 will pick the most appropriate mitigations based on compiled in support,
@@ -1801,6 +1801,11 @@ On hardware supporting IBPB (Indirect Branch Prediction 
Barrier), the `ibpb=`
 option can be used to force (the default) or prevent Xen from issuing branch
 prediction barriers on vcpu context switches.
 
+On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=`
+option can be used to force or prevent Xen using the feature itself.  On AMD
+hardware, this is a global option applied at boot, and not virtualised for
+guest use.
+
 ### sync\_console
 > `= <boolean>`
 
diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index fc9677f020..458a3fe60c 100644
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -9,6 +9,7 @@
 #include <asm/amd.h>
 #include <asm/hvm/support.h>
 #include <asm/setup.h> /* amd_init_cpu */
+#include <asm/spec_ctrl.h>
 #include <asm/acpi.h>
 #include <asm/apic.h>
 
@@ -594,6 +595,25 @@ static void init_amd(struct cpuinfo_x86 *c)
                                  c->x86_capability);
        }
 
+       /*
+        * If the user has explicitly chosen to disable Memory Disambiguation
+        * to mitigiate Speculative Store Bypass, poke the appropriate MSR.
+        */
+       if (opt_ssbd) {
+               int bit = -1;
+
+               switch (c->x86) {
+               case 0x15: bit = 54; break;
+               case 0x16: bit = 33; break;
+               case 0x17: bit = 10; break;
+               }
+
+               if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) {
+                       value |= 1ull << bit;
+                       wrmsr_safe(MSR_AMD64_LS_CFG, value);
+               }
+       }
+
        /* MFENCE stops RDTSC speculation */
        if (!cpu_has_lfence_dispatch)
                __set_bit(X86_FEATURE_MFENCE_RDTSC, c->x86_capability);
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 33733697ee..20b215e31c 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -43,6 +43,7 @@ static enum ind_thunk {
 } opt_thunk __initdata = THUNK_DEFAULT;
 static int8_t __initdata opt_ibrs = -1;
 bool __read_mostly opt_ibpb = true;
+bool __read_mostly opt_ssbd = false;
 
 bool __initdata bsp_delay_spec_ctrl;
 uint8_t __read_mostly default_xen_spec_ctrl;
@@ -180,6 +181,8 @@ static int __init parse_spec_ctrl(const char *s)
             opt_ibrs = val;
         else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 )
             opt_ibpb = val;
+        else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 )
+            opt_ssbd = val;
         else
             rc = -EINVAL;
 
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index 993b958cdf..91bed1b476 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -27,6 +27,7 @@
 void init_speculation_mitigations(void);
 
 extern bool opt_ibpb;
+extern bool opt_ssbd;
 
 extern bool bsp_delay_spec_ctrl;
 extern uint8_t default_xen_spec_ctrl;
--
generated by git-patchbot for /home/xen/git/xen.git#staging

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.