[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.17] x86/spec-ctrl: Rework ibpb_calculations()



commit c35a2dcd3892526f73afd58f36290fce4764c363
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Jul 27 20:03:28 2023 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Aug 8 16:02:17 2023 +0100

    x86/spec-ctrl: Rework ibpb_calculations()
    
    ... in order to make the SRSO mitigations easier to integrate.
    
     * Check for AMD/Hygon CPUs directly, rather than assuming based on IBPB.
       In particular, Xen supports synthesising the IBPB bit to guests on Intel 
to
       allow IBPB while dissuading the use of (legacy) IBRS.
     * Collect def_ibpb_entry rather than opencoding the BTC_NO calculation for
       both opt_ibpb_entry_{pv,hvm}.
    
    No functional change.
    
    This is part of XSA-434 / CVE-2023-20569
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    (cherry picked from commit 292f68fb77196a35ac92b296792770d0f3190d75)
---
 xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 8f9500bc64..c2be2e3202 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -901,6 +901,8 @@ static bool __init should_use_eager_fpu(void)
 
 static void __init ibpb_calculations(void)
 {
+    bool def_ibpb_entry = false;
+
     /* Check we have hardware IBPB support before using it... */
     if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) )
     {
@@ -909,28 +911,28 @@ static void __init ibpb_calculations(void)
         return;
     }
 
-    /*
-     * AMD/Hygon CPUs to date (June 2022) don't flush the the RAS.  Future
-     * CPUs are expected to enumerate IBPB_RET when this has been fixed.
-     * Until then, cover the difference with the software sequence.
-     */
-    if ( boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_IBPB_RET) 
)
-        setup_force_cpu_cap(X86_BUG_IBPB_NO_RET);
+    if ( boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON) )
+    {
+        /*
+         * AMD/Hygon CPUs to date (June 2022) don't flush the RAS.  Future
+         * CPUs are expected to enumerate IBPB_RET when this has been fixed.
+         * Until then, cover the difference with the software sequence.
+         */
+        if ( !boot_cpu_has(X86_FEATURE_IBPB_RET) )
+            setup_force_cpu_cap(X86_BUG_IBPB_NO_RET);
+
+        /*
+         * AMD/Hygon CPUs up to and including Zen2 suffer from Branch Type
+         * Confusion.  Mitigate with IBPB-on-entry.
+         */
+        if ( !boot_cpu_has(X86_FEATURE_BTC_NO) )
+            def_ibpb_entry = true;
+    }
 
-    /*
-     * IBPB-on-entry mitigations for Branch Type Confusion.
-     *
-     * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe,
-     * that we can provide some form of mitigation on.
-     */
     if ( opt_ibpb_entry_pv == -1 )
-        opt_ibpb_entry_pv = (IS_ENABLED(CONFIG_PV) &&
-                             boot_cpu_has(X86_FEATURE_IBPB) &&
-                             !boot_cpu_has(X86_FEATURE_BTC_NO));
+        opt_ibpb_entry_pv = IS_ENABLED(CONFIG_PV) && def_ibpb_entry;
     if ( opt_ibpb_entry_hvm == -1 )
-        opt_ibpb_entry_hvm = (IS_ENABLED(CONFIG_HVM) &&
-                              boot_cpu_has(X86_FEATURE_IBPB) &&
-                              !boot_cpu_has(X86_FEATURE_BTC_NO));
+        opt_ibpb_entry_hvm = IS_ENABLED(CONFIG_HVM) && def_ibpb_entry;
 
     if ( opt_ibpb_entry_pv )
     {
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.17



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.