|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.14] x86/amd: Enumeration for speculative features/hints
commit 15734a72d7d38e9f8fd6a1a0bbb2a493a53d8dce
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Oct 15 11:14:46 2021 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Oct 15 11:14:46 2021 +0200
x86/amd: Enumeration for speculative features/hints
There is a step change in speculation protections between the Zen1 and Zen2
microarchitectures.
Zen1 and older have no special support. Control bits in non-architectural
MSRs are used to make lfence be dispatch-serialising (Spectre v1), and to
disable Memory Disambiguation (Speculative Store Bypass). IBPB was
retrofitted in a microcode update, and software methods are required for
Spectre v2 protections.
Because the bit controlling Memory Disambiguation is model specific,
hypervisors are expected to expose a MSR_VIRT_SPEC_CTRL interface which
abstracts the model specific details.
Zen2 and later implement the MSR_SPEC_CTRL interface in hardware, and
virtualise the interface for HVM guests to use. A number of hint bits are
specified too to help guide OS software to the most efficient mitigation
strategy.
Zen3 introduced a new feature, Predictive Store Forwarding, along with a
control to disable it in sensitive code.
Add CPUID and VMCB details for all the new functionality.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
master commit: 747424c664bb164a04e7a9f2ffbf02d4a1630d7d
master date: 2021-09-08 14:16:19 +0100
---
tools/libxl/libxl_cpuid.c | 10 ++++++++++
tools/misc/xen-cpuid.c | 8 +++++++-
xen/arch/x86/hvm/svm/svm.c | 1 +
xen/arch/x86/hvm/svm/vmcb.c | 1 +
xen/include/asm-x86/cpufeature.h | 5 +++++
xen/include/asm-x86/hvm/svm/svm.h | 2 ++
xen/include/asm-x86/hvm/svm/vmcb.h | 4 +++-
xen/include/asm-x86/msr-index.h | 3 +++
xen/include/public/arch-x86/cpufeatureset.h | 10 ++++++++++
9 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c
index db2f12d115..fd63f606c8 100644
--- a/tools/libxl/libxl_cpuid.c
+++ b/tools/libxl/libxl_cpuid.c
@@ -267,7 +267,17 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list
*cpuid, const char* str)
{"rstr-fp-err-ptrs", 0x80000008, NA, CPUID_REG_EBX, 2, 1},
{"wbnoinvd", 0x80000008, NA, CPUID_REG_EBX, 9, 1},
{"ibpb", 0x80000008, NA, CPUID_REG_EBX, 12, 1},
+ {"ibrs", 0x80000008, NA, CPUID_REG_EBX, 14, 1},
+ {"amd-stibp", 0x80000008, NA, CPUID_REG_EBX, 15, 1},
+ {"ibrs-always", 0x80000008, NA, CPUID_REG_EBX, 16, 1},
+ {"stibp-always", 0x80000008, NA, CPUID_REG_EBX, 17, 1},
+ {"ibrs-fast", 0x80000008, NA, CPUID_REG_EBX, 18, 1},
+ {"ibrs-same-mode", 0x80000008, NA, CPUID_REG_EBX, 19, 1},
{"ppin", 0x80000008, NA, CPUID_REG_EBX, 23, 1},
+ {"amd-ssbd", 0x80000008, NA, CPUID_REG_EBX, 24, 1},
+ {"virt-ssbd", 0x80000008, NA, CPUID_REG_EBX, 25, 1},
+ {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1},
+ {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1},
{"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8},
{"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4},
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index a231d96e13..a1d675da0f 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -148,11 +148,17 @@ static const char *const str_e8b[32] =
[ 0] = "clzero",
[ 2] = "rstr-fp-err-ptrs",
- /* [ 8] */ [ 9] = "wbnoinvd",
+ /* [ 8] */ [ 9] = "wbnoinvd",
[12] = "ibpb",
+ [14] = "ibrs", [15] = "amd-stibp",
+ [16] = "ibrs-always", [17] = "stibp-always",
+ [18] = "ibrs-fast", [19] = "ibrs-same-mode",
/* [22] */ [23] = "ppin",
+ [24] = "amd-ssbd", [25] = "virt-ssbd",
+ [26] = "ssb-no",
+ [28] = "psfd",
};
static const char *const str_7d0[32] =
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 90cdab3734..bb4a9da27e 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1653,6 +1653,7 @@ const struct hvm_function_table * __init start_svm(void)
P(cpu_has_pause_filter, "Pause-Intercept Filter");
P(cpu_has_pause_thresh, "Pause-Intercept Filter Threshold");
P(cpu_has_tsc_ratio, "TSC Rate MSR");
+ P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation");
#undef P
if ( !printed )
diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index 373d5d4af4..55da9302e5 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -271,6 +271,7 @@ static void __init __maybe_unused build_assertions(void)
BUILD_BUG_ON(offsetof(typeof(vmcb), rsp) != 0x5d8);
BUILD_BUG_ON(offsetof(typeof(vmcb), rax) != 0x5f8);
BUILD_BUG_ON(offsetof(typeof(vmcb), _g_pat) != 0x668);
+ BUILD_BUG_ON(offsetof(typeof(vmcb), spec_ctrl) != 0x6e0);
/* Check struct segment_register against the VMCB segment layout. */
BUILD_BUG_ON(sizeof(vmcb.es) != 16);
diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h
index 80eff688d4..a4900ef0c3 100644
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -125,6 +125,11 @@
/* CPUID level 0x80000007.edx */
#define cpu_has_itsc boot_cpu_has(X86_FEATURE_ITSC)
+/* CPUID level 0x80000008.ebx */
+#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD)
+#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD)
+#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO)
+
/* CPUID level 0x00000007:0.edx */
#define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW)
#define cpu_has_avx512_4fmaps boot_cpu_has(X86_FEATURE_AVX512_4FMAPS)
diff --git a/xen/include/asm-x86/hvm/svm/svm.h
b/xen/include/asm-x86/hvm/svm/svm.h
index 2310878e41..055bd4184a 100644
--- a/xen/include/asm-x86/hvm/svm/svm.h
+++ b/xen/include/asm-x86/hvm/svm/svm.h
@@ -74,6 +74,7 @@ extern u32 svm_feature_flags;
#define SVM_FEATURE_PAUSETHRESH 12 /* Pause intercept filter support */
#define SVM_FEATURE_VLOADSAVE 15 /* virtual vmload/vmsave */
#define SVM_FEATURE_VGIF 16 /* Virtual GIF */
+#define SVM_FEATURE_SPEC_CTRL 20 /* MSR_SPEC_CTRL virtualisation */
#define cpu_has_svm_feature(f) (svm_feature_flags & (1u << (f)))
#define cpu_has_svm_npt cpu_has_svm_feature(SVM_FEATURE_NPT)
@@ -88,6 +89,7 @@ extern u32 svm_feature_flags;
#define cpu_has_pause_thresh cpu_has_svm_feature(SVM_FEATURE_PAUSETHRESH)
#define cpu_has_tsc_ratio cpu_has_svm_feature(SVM_FEATURE_TSCRATEMSR)
#define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE)
+#define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL)
#define SVM_PAUSEFILTER_INIT 4000
#define SVM_PAUSETHRESH_INIT 1000
diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h
b/xen/include/asm-x86/hvm/svm/vmcb.h
index c4fda389b3..6dd5397862 100644
--- a/xen/include/asm-x86/hvm/svm/vmcb.h
+++ b/xen/include/asm-x86/hvm/svm/vmcb.h
@@ -515,7 +515,9 @@ struct vmcb_struct {
u64 _lastbranchtoip; /* cleanbit 10 */
u64 _lastintfromip; /* cleanbit 10 */
u64 _lastinttoip; /* cleanbit 10 */
- u64 res17[301];
+ u64 res17[9];
+ u64 spec_ctrl;
+ u64 res18[291];
};
struct svm_domain {
diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
index 80764266bf..9366386ef4 100644
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -33,6 +33,7 @@
#define SPEC_CTRL_IBRS (_AC(1, ULL) << 0)
#define SPEC_CTRL_STIBP (_AC(1, ULL) << 1)
#define SPEC_CTRL_SSBD (_AC(1, ULL) << 2)
+#define SPEC_CTRL_PSFD (_AC(1, ULL) << 7)
#define MSR_PRED_CMD 0x00000049
#define PRED_CMD_IBPB (_AC(1, ULL) << 0)
@@ -129,6 +130,8 @@
#define MSR_F15H_CU_POWER 0xc001007a
#define MSR_F15H_CU_MAX_POWER 0xc001007b
+#define MSR_VIRT_SPEC_CTRL 0xc001011f /* Layout matches
MSR_SPEC_CTRL */
+
#define MSR_AMD_RAPL_POWER_UNIT 0xc0010299
#define MSR_AMD_CORE_ENERGY_STATUS 0xc001029a
#define MSR_AMD_PKG_ENERGY_STATUS 0xc001029b
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index d2422386c0..25a3fa03a4 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -254,7 +254,17 @@ XEN_CPUFEATURE(CLZERO, 8*32+ 0) /*A CLZERO
instruction */
XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A (F)X{SAVE,RSTOR} always
saves/restores FPU Error pointers */
XEN_CPUFEATURE(WBNOINVD, 8*32+ 9) /* WBNOINVD instruction */
XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used
by AMD) */
+XEN_CPUFEATURE(IBRS, 8*32+14) /* MSR_SPEC_CTRL.IBRS */
+XEN_CPUFEATURE(AMD_STIBP, 8*32+15) /* MSR_SPEC_CTRL.STIBP */
+XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /* IBRS preferred always on */
+XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /* STIBP preferred always on */
+XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /* IBRS preferred over software
options */
+XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /* IBRS provides same-mode
protection */
XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory
Number */
+XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /* MSR_SPEC_CTRL.SSBD available */
+XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */
+XEN_CPUFEATURE(SSB_NO, 8*32+26) /* Hardware not vulnerable to SSB */
+XEN_CPUFEATURE(PSFD, 8*32+28) /* MSR_SPEC_CTRL.PSFD */
/* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */
XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions
*/
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.14
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |