|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.15] x86/spec-ctrl: Enumerations for Speculative Return Stack Overflow
commit 30de2397d2d93e0c01137e9a72a7a1f291004565
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Jun 14 09:13:28 2023 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Aug 3 19:13:40 2023 +0100
x86/spec-ctrl: Enumerations for Speculative Return Stack Overflow
AMD have specified new CPUID bits relating to SRSO.
* SRSO_NO indicates that hardware is no longer vulnerable to SRSO.
* IBPB_BRTYPE indicates that IBPB flushes branch type information too.
* SBPB indicates support for a relaxed form of IBPB that does not flush
branch type information.
Current CPUs (Zen4 and older) are not expected to enumerate these bits.
Native software is expected to synthesise them for guests using model and
microcode revision checks.
Two are just status bits, and SBPB is trivial to support for guests by
tweaking the reserved bit calculation in guest_wrmsr() and feature
dependencies. Expose all by default to guests, so they start showing up
when
Xen synthesises them.
While adding feature dependenies for IBPB, fix up an overlooked issue from
XSA-422. It's inappropriate to advertise that IBPB flushes RET predictions
if
IBPB is unavailable itself.
This is part of XSA-434 / CVE-2023-20569
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
(cherry picked from commit 2280b0ee2aed6e0fd4af3fa31bf99bc04d038bfe)
---
tools/misc/xen-cpuid.c | 3 +++
xen/arch/x86/msr.c | 5 ++++-
xen/arch/x86/spec_ctrl.c | 15 ++++++++++-----
xen/include/asm-x86/msr-index.h | 1 +
xen/include/public/arch-x86/cpufeatureset.h | 3 +++
xen/tools/gen-cpuid.py | 1 +
6 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
index 0ef41e9be6..b8c1a514a1 100644
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -187,6 +187,9 @@ static const char *const str_7a1[32] =
static const char *const str_e21a[32] =
{
[ 2] = "lfence+",
+
+ /* 26 */ [27] = "sbpb",
+ [28] = "ibpb-brtype", [29] = "srso-no",
};
static const char *const str_7b1[32] =
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 9091ba4570..22f86f2785 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -405,7 +405,10 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
if ( !cp->feat.ibrsb && !cp->extd.ibpb )
goto gp_fault; /* MSR available? */
- if ( val & ~PRED_CMD_IBPB )
+ rsvd = ~(PRED_CMD_IBPB |
+ (cp->extd.sbpb ? PRED_CMD_SBPB : 0));
+
+ if ( val & rsvd )
goto gp_fault; /* Rsvd bit set? */
if ( v == curr )
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 2e1a26e343..b5b06a0556 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -401,7 +401,7 @@ custom_param("pv-l1tf", parse_pv_l1tf);
static void __init print_details(enum ind_thunk thunk)
{
- unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp;
+ unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, e21a = 0, max = 0, tmp;
uint64_t caps = 0;
/* Collect diagnostics about available mitigations. */
@@ -411,6 +411,8 @@ static void __init print_details(enum ind_thunk thunk)
cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2);
if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 )
cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp);
+ if ( boot_cpu_data.extended_cpuid_level >= 0x80000021 )
+ cpuid(0x80000021, &e21a, &tmp, &tmp, &tmp);
if ( cpu_has_arch_caps )
rdmsrl(MSR_ARCH_CAPABILITIES, caps);
@@ -420,7 +422,7 @@ static void __init print_details(enum ind_thunk thunk)
* Hardware read-only information, stating immunity to certain issues, or
* suggestions of which mitigation to use.
*/
- printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
+ printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
(caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO"
: "",
(caps & ARCH_CAPS_EIBRS) ? " EIBRS"
: "",
(caps & ARCH_CAPS_RSBA) ? " RSBA"
: "",
@@ -440,10 +442,12 @@ static void __init print_details(enum ind_thunk thunk)
(e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST"
: "",
(e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? "
IBRS_SAME_MODE" : "",
(e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO"
: "",
- (e8b & cpufeat_mask(X86_FEATURE_IBPB_RET)) ? " IBPB_RET"
: "");
+ (e8b & cpufeat_mask(X86_FEATURE_IBPB_RET)) ? " IBPB_RET"
: "",
+ (e21a & cpufeat_mask(X86_FEATURE_IBPB_BRTYPE)) ? " IBPB_BRTYPE"
: "",
+ (e21a & cpufeat_mask(X86_FEATURE_SRSO_NO)) ? " SRSO_NO"
: "");
/* Hardware features which need driving to mitigate issues. */
- printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n",
+ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n",
(e8b & cpufeat_mask(X86_FEATURE_IBPB)) ||
(_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBPB"
: "",
(e8b & cpufeat_mask(X86_FEATURE_IBRS)) ||
@@ -459,7 +463,8 @@ static void __init print_details(enum ind_thunk thunk)
(_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL"
: "",
(e8b & cpufeat_mask(X86_FEATURE_VIRT_SSBD)) ? " VIRT_SSBD"
: "",
(caps & ARCH_CAPS_TSX_CTRL) ? " TSX_CTRL"
: "",
- (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? "
FB_CLEAR_CTRL" : "");
+ (caps & ARCH_CAPS_FB_CLEAR_CTRL) ? "
FB_CLEAR_CTRL" : "",
+ (e21a & cpufeat_mask(X86_FEATURE_SBPB)) ? " SBPB"
: "");
/* Compiled-in support which pertains to mitigations. */
if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) || IS_ENABLED(CONFIG_SHADOW_PAGING)
)
diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
index 1cb472ab3d..2de819efc9 100644
--- a/xen/include/asm-x86/msr-index.h
+++ b/xen/include/asm-x86/msr-index.h
@@ -40,6 +40,7 @@
#define MSR_PRED_CMD 0x00000049
#define PRED_CMD_IBPB (_AC(1, ULL) << 0)
+#define PRED_CMD_SBPB (_AC(1, ULL) << 7)
#define MSR_PPIN_CTL 0x0000004e
#define PPIN_LOCKOUT (_AC(1, ULL) << 0)
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index c99861a506..492ce3aa11 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -292,6 +292,9 @@ XEN_CPUFEATURE(AVX512_BF16, 10*32+ 5) /*A AVX512 BFloat16
Instructions */
/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */
XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */
+XEN_CPUFEATURE(SBPB, 11*32+27) /*A Selective Branch Predictor
Barrier */
+XEN_CPUFEATURE(IBPB_BRTYPE, 11*32+28) /*A IBPB flushes Branch Type
predictions too */
+XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to
Speculative Return Stack Overflow */
/* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
index 766703932c..c255bf4305 100755
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -318,6 +318,7 @@ def crunch_numbers(state):
IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS],
IBRS: [AMD_STIBP, AMD_SSBD, PSFD,
IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE],
+ IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE],
AMD_STIBP: [STIBP_ALWAYS],
# In principle the TSXLDTRK insns could also be considered independent.
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.15
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |