[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] x86/spec-ctrl: Rename spec_ctrl_flags to scf



commit 72103ce234f6f147c20751ae86531ac9b4af921a
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Mar 28 11:57:25 2024 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Apr 9 17:10:28 2024 +0100

    x86/spec-ctrl: Rename spec_ctrl_flags to scf
    
    XSA-455 was ultimately caused by having fields with too-similar names.
    
    Both {xen,last}_spec_ctrl are fields containing an architectural 
MSR_SPEC_CTRL
    value.  The spec_ctrl_flags field contains Xen-internal flags.
    
    To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which 
is
    also the prefix of the constants used by the fields.
    
    No functional change.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
    (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27)
---
 xen/arch/x86/acpi/power.c           |  4 ++--
 xen/arch/x86/domain.c               |  8 ++++----
 xen/arch/x86/hvm/svm/entry.S        |  2 +-
 xen/arch/x86/hvm/vmx/entry.S        |  2 +-
 xen/arch/x86/hvm/vmx/vmcs.c         |  2 +-
 xen/arch/x86/setup.c                |  2 +-
 xen/arch/x86/spec_ctrl.c            | 18 +++++++++---------
 xen/arch/x86/x86_64/asm-offsets.c   |  2 +-
 xen/arch/x86/x86_64/compat/entry.S  |  4 ++--
 xen/arch/x86/x86_64/entry.S         |  2 +-
 xen/include/asm-x86/current.h       |  2 +-
 xen/include/asm-x86/domain.h        |  2 +-
 xen/include/asm-x86/spec_ctrl.h     | 16 ++++++++--------
 xen/include/asm-x86/spec_ctrl_asm.h | 22 +++++++++++-----------
 14 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 1a7baeebe6..4d6650f407 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -246,7 +246,7 @@ static int enter_state(u32 state)
 
     ci = get_cpu_info();
     /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */
-    ci->spec_ctrl_flags &= ~SCF_IST_MASK;
+    ci->scf &= ~SCF_IST_MASK;
 
     ACPI_FLUSH_CPU_CACHE();
 
@@ -290,7 +290,7 @@ static int enter_state(u32 state)
         panic("Missing previously available feature(s)\n");
 
     /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */
-    ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK);
+    ci->scf |= (default_scf & SCF_IST_MASK);
 
     if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) )
     {
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index d5101ff1a6..440f518328 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -2092,10 +2092,10 @@ void context_switch(struct vcpu *prev, struct vcpu 
*next)
             }
         }
 
-        /* Update the top-of-stack block with the new spec_ctrl settings. */
-        info->spec_ctrl_flags =
-            (info->spec_ctrl_flags       & ~SCF_DOM_MASK) |
-            (nextd->arch.spec_ctrl_flags &  SCF_DOM_MASK);
+        /* Update the top-of-stack block with the new speculation settings. */
+        info->scf =
+            (info->scf       & ~SCF_DOM_MASK) |
+            (nextd->arch.scf &  SCF_DOM_MASK);
     }
 
     sched_context_switched(prev, next);
diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S
index 1974eaff97..73c35bc27d 100644
--- a/xen/arch/x86/hvm/svm/entry.S
+++ b/xen/arch/x86/hvm/svm/entry.S
@@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap)
         /* SPEC_CTRL_ENTRY_FROM_SVM    Req: %rsp=regs/cpuinfo, %rdx=0 Clob: 
acd */
 
         .macro svm_vmexit_cond_ibpb
-            testb  $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp)
+            testb  $SCF_entry_ibpb, CPUINFO_scf(%rsp)
             jz     .L_skip_ibpb
 
             mov    $MSR_PRED_CMD, %ecx
diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
index cdde76e138..4ee529c57a 100644
--- a/xen/arch/x86/hvm/vmx/entry.S
+++ b/xen/arch/x86/hvm/vmx/entry.S
@@ -111,7 +111,7 @@ UNLIKELY_END(realmode)
         BUILD_BUG_ON(SCF_verw & ~0xff)
         movzbl VCPU_vmx_launched(%rbx), %ecx
         shl  $31, %ecx
-        movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax
+        movzbl CPUINFO_scf(%rsp), %eax
         and  $SCF_verw, %eax
         or   %eax, %ecx
 
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 3402a65cec..c5ef01f936 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1388,7 +1388,7 @@ static int construct_vmcs(struct vcpu *v)
         rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D,
                          VMX_MSR_GUEST_LOADONLY);
 
-    if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) )
+    if ( !rc && (d->arch.scf & SCF_entry_ibpb) )
         rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB,
                          VMX_MSR_HOST);
 
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 5c72cd914a..d39056249e 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -2032,7 +2032,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
 
     if ( bsp_delay_spec_ctrl )
     {
-        info->spec_ctrl_flags &= ~SCF_use_shadow;
+        info->scf &= ~SCF_use_shadow;
         barrier();
         wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
         info->last_spec_ctrl = default_xen_spec_ctrl;
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 0a7af22a9b..68d505cab5 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -67,7 +67,7 @@ static bool __initdata opt_lock_harden;
 
 bool __initdata bsp_delay_spec_ctrl;
 uint8_t __read_mostly default_xen_spec_ctrl;
-uint8_t __read_mostly default_spec_ctrl_flags;
+uint8_t __read_mostly default_scf;
 
 paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr;
 bool __read_mostly cpu_has_bug_l1tf;
@@ -1081,7 +1081,7 @@ static void __init ibpb_calculations(void)
          * NMI/#MC, so can't interrupt Xen ahead of having already flushed the
          * BTB.
          */
-        default_spec_ctrl_flags |= SCF_ist_ibpb;
+        default_scf |= SCF_ist_ibpb;
     }
     if ( opt_ibpb_entry_hvm )
         setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM);
@@ -1582,7 +1582,7 @@ void spec_ctrl_init_domain(struct domain *d)
     bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) &&
                  (d->domain_id != 0 || opt_ibpb_entry_dom0));
 
-    d->arch.spec_ctrl_flags =
+    d->arch.scf =
         (verw   ? SCF_verw         : 0) |
         (ibpb   ? SCF_entry_ibpb   : 0) |
         0;
@@ -1687,7 +1687,7 @@ void __init init_speculation_mitigations(void)
     {
         if ( opt_msr_sc_pv )
         {
-            default_spec_ctrl_flags |= SCF_ist_sc_msr;
+            default_scf |= SCF_ist_sc_msr;
             setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV);
         }
 
@@ -1698,7 +1698,7 @@ void __init init_speculation_mitigations(void)
              * Xen's value is not restored atomically.  An early NMI hitting
              * the VMExit path needs to restore Xen's value for safety.
              */
-            default_spec_ctrl_flags |= SCF_ist_sc_msr;
+            default_scf |= SCF_ist_sc_msr;
             setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM);
         }
     }
@@ -1828,7 +1828,7 @@ void __init init_speculation_mitigations(void)
     if ( opt_rsb_pv )
     {
         setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV);
-        default_spec_ctrl_flags |= SCF_ist_rsb;
+        default_scf |= SCF_ist_rsb;
     }
 
     /*
@@ -1851,7 +1851,7 @@ void __init init_speculation_mitigations(void)
          * possible rogue RSB speculation.
          */
         if ( !cpu_has_svm )
-            default_spec_ctrl_flags |= SCF_ist_rsb;
+            default_scf |= SCF_ist_rsb;
     }
 
     srso_calculations(hw_smt_enabled);
@@ -1864,7 +1864,7 @@ void __init init_speculation_mitigations(void)
     if ( opt_eager_fpu == -1 )
         opt_eager_fpu = should_use_eager_fpu();
 
-    /* (Re)init BSP state now that default_spec_ctrl_flags has been 
calculated. */
+    /* (Re)init BSP state now that default_scf has been calculated. */
     init_shadow_spec_ctrl_state();
 
     /*
@@ -2137,7 +2137,7 @@ void __init init_speculation_mitigations(void)
         {
             info->shadow_spec_ctrl = 0;
             barrier();
-            info->spec_ctrl_flags |= SCF_use_shadow;
+            info->scf |= SCF_use_shadow;
             barrier();
         }
 
diff --git a/xen/arch/x86/x86_64/asm-offsets.c 
b/xen/arch/x86/x86_64/asm-offsets.c
index 4cd5938d7b..fba82d6436 100644
--- a/xen/arch/x86/x86_64/asm-offsets.c
+++ b/xen/arch/x86/x86_64/asm-offsets.c
@@ -154,7 +154,7 @@ void __dummy__(void)
     OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl);
     OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl);
     OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl);
-    OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags);
+    OFFSET(CPUINFO_scf, struct cpu_info, scf);
     OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed);
     OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3);
     DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info));
diff --git a/xen/arch/x86/x86_64/compat/entry.S 
b/xen/arch/x86/x86_64/compat/entry.S
index 3b2fbcd873..fab85eb733 100644
--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest)
 
         /* Account for ev/ec having already been popped off the stack. */
         SPEC_CTRL_COND_VERW \
-            scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \
-            sel=STK_REL(CPUINFO_verw_sel,        CPUINFO_rip)
+            scf=STK_REL(CPUINFO_scf,      CPUINFO_rip), \
+            sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip)
 
 .Lft0:  iretq
         _ASM_PRE_EXTABLE(.Lft0, handle_exception)
diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index 9b1fa9ed19..029b1efaac 100644
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -683,7 +683,7 @@ UNLIKELY_END(exit_cr3)
         /*
          * When the CPU pushed this exception frame, it zero-extended eflags.
          * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of
-         * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs,
+         * scf and ver_sel above eflags, as we can't use any GPRs,
          * and we're at a random place on the stack, not in a CPUFINFO block.
          *
          * Account for ev/ec having already been popped off the stack.
diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h
index 8ea4aecc5e..138ad63165 100644
--- a/xen/include/asm-x86/current.h
+++ b/xen/include/asm-x86/current.h
@@ -57,7 +57,7 @@ struct cpu_info {
     unsigned int shadow_spec_ctrl;
     uint8_t      xen_spec_ctrl;
     uint8_t      last_spec_ctrl;
-    uint8_t      spec_ctrl_flags;
+    uint8_t      scf; /* SCF_* */
 
     /*
      * The following field controls copying of the L4 page table of 64-bit
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 92937d9d73..147604fce9 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -319,7 +319,7 @@ struct arch_domain
     uint32_t pci_cf8;
     uint8_t cmos_idx;
 
-    uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */
+    uint8_t scf; /* See SCF_DOM_MASK */
 
     union {
         struct pv_domain pv;
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index a431fea587..8fc350abe2 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -21,10 +21,10 @@
 #define __X86_SPEC_CTRL_H__
 
 /*
- * Encoding of:
- *   cpuinfo.spec_ctrl_flags
- *   default_spec_ctrl_flags
- *   domain.spec_ctrl_flags
+ * Encoding of Xen's speculation control flags in:
+ *   cpuinfo.scf
+ *   default_scf
+ *   domain.scf
  *
  * Live settings are in the top-of-stack block, because they need to be
  * accessable when XPTI is active.  Some settings are fixed from boot, some
@@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush;
 
 extern bool bsp_delay_spec_ctrl;
 extern uint8_t default_xen_spec_ctrl;
-extern uint8_t default_spec_ctrl_flags;
+extern uint8_t default_scf;
 
 extern int8_t opt_xpti_hwdom, opt_xpti_domu;
 
@@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void)
 
     info->shadow_spec_ctrl = 0;
     info->xen_spec_ctrl = default_xen_spec_ctrl;
-    info->spec_ctrl_flags = default_spec_ctrl_flags;
+    info->scf = default_scf;
 
     /*
      * For least latency, the VERW selector should be a writeable data
@@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct 
cpu_info *info)
      */
     info->shadow_spec_ctrl = val;
     barrier();
-    info->spec_ctrl_flags |= SCF_use_shadow;
+    info->scf |= SCF_use_shadow;
     barrier();
     alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE,
                       "a" (val), "c" (MSR_SPEC_CTRL), "d" (0));
@@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct 
cpu_info *info)
      * Disable shadowing before updating the MSR.  There are no SMP issues
      * here; only local processor ordering concerns.
      */
-    info->spec_ctrl_flags &= ~SCF_use_shadow;
+    info->scf &= ~SCF_use_shadow;
     barrier();
     alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE,
                       "a" (val), "c" (MSR_SPEC_CTRL), "d" (0));
diff --git a/xen/include/asm-x86/spec_ctrl_asm.h 
b/xen/include/asm-x86/spec_ctrl_asm.h
index 9416483c0b..6e8b447fa5 100644
--- a/xen/include/asm-x86/spec_ctrl_asm.h
+++ b/xen/include/asm-x86/spec_ctrl_asm.h
@@ -51,7 +51,7 @@
  *     shadowing logic.
  *
  * Factor 2 is harder.  We maintain a shadow_spec_ctrl value, and a use_shadow
- * boolean in the per cpu spec_ctrl_flags.  The synchronous use is:
+ * boolean in the per cpu scf.  The synchronous use is:
  *
  *  1) Store guest value in shadow_spec_ctrl
  *  2) Set the use_shadow boolean
@@ -98,11 +98,11 @@
  * interrupting Xen.
  */
     .if \maybexen
-        testb  $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+        testb  $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14)
         jz     .L\@_skip
         testb  $3, UREGS_cs(%rsp)
     .else
-        testb  $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp)
+        testb  $SCF_entry_ibpb, CPUINFO_scf(%rsp)
     .endif
     jz     .L\@_skip
 
@@ -177,8 +177,8 @@
 #define STK_REL(field, top_of_stk) ((field) - (top_of_stk))
 
 .macro SPEC_CTRL_COND_VERW \
-    scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \
-    sel=STK_REL(CPUINFO_verw_sel,        CPUINFO_error_code)
+    scf=STK_REL(CPUINFO_scf,      CPUINFO_error_code), \
+    sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code)
 /*
  * Requires \scf and \sel as %rsp-relative expressions
  * Clobbers eflags
@@ -233,10 +233,10 @@
         testb $3, UREGS_cs(%rsp)
         setnz %al
         not %eax
-        and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+        and %al, STACK_CPUINFO_FIELD(scf)(%r14)
         movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax
     .else
-        andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
+        andb $~SCF_use_shadow, CPUINFO_scf(%rsp)
         movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
     .endif
 
@@ -255,7 +255,7 @@
     mov %eax, CPUINFO_shadow_spec_ctrl(%rsp)
 
     /* Set SPEC_CTRL shadowing *before* loading the guest value. */
-    orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
+    orb $SCF_use_shadow, CPUINFO_scf(%rsp)
 
     mov $MSR_SPEC_CTRL, %ecx
     xor %edx, %edx
@@ -333,7 +333,7 @@
  *    DO_SPEC_CTRL_ENTRY maybexen=1
  * but with conditionals rather than alternatives.
  */
-    movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx
+    movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
     test    $SCF_ist_ibpb, %bl
     jz      .L\@_skip_ibpb
@@ -358,7 +358,7 @@
     testb $3, UREGS_cs(%rsp)
     setnz %al
     not %eax
-    and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+    and %al, STACK_CPUINFO_FIELD(scf)(%r14)
 
     /* Load Xen's intended value. */
     mov $MSR_SPEC_CTRL, %ecx
@@ -392,7 +392,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise):
  * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs
  * Clobbers %rax, %rbx, %rcx, %rdx
  */
-    movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx
+    movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
     testb $SCF_ist_sc_msr, %bl
     jz .L\@_skip_sc_msr
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.