[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_*



commit ec8f105f9c7744408ddea6b320d55703f9e0f522
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Mar 25 11:09:35 2024 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Apr 9 17:10:28 2024 +0100

    x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_*
    
    The complexity is getting out of hand.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
    (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f)
---
 xen/arch/x86/hvm/svm/entry.S        | 14 +++++++++
 xen/arch/x86/hvm/vmx/entry.S        | 14 +++++++++
 xen/include/asm-x86/spec_ctrl_asm.h | 59 +++++++++++++++++++++++++++++++++++++
 3 files changed, 87 insertions(+)

diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S
index 73c35bc27d..19a148ee32 100644
--- a/xen/arch/x86/hvm/svm/entry.S
+++ b/xen/arch/x86/hvm/svm/entry.S
@@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap)
 
         /* SPEC_CTRL_ENTRY_FROM_SVM    Req: %rsp=regs/cpuinfo, %rdx=0 Clob: 
acd */
 
+        /*
+         * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular
+         * making type-confused RETs safe to use.  This is not needed on Zen5
+         * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use.
+         */
         .macro svm_vmexit_cond_ibpb
             testb  $SCF_entry_ibpb, CPUINFO_scf(%rsp)
             jz     .L_skip_ibpb
@@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap)
        .endm
         ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM
 
+        /*
+         * RSB (RAS/RAP) stuffing is to prevents RET predictions following 
guest
+         * entries.  This is not needed on Zen4 and later, when AutoIBRS is in
+         * use.
+         */
         ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM
 
+        /*
+         * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs
+         * safe to use.  The guest's setting resides in the VMCB.
+         */
         .macro svm_vmexit_spec_ctrl
             movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
             movzbl CPUINFO_last_spec_ctrl(%rsp), %edx
diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
index 8d5b683879..008d76a6e1 100644
--- a/xen/arch/x86/hvm/vmx/entry.S
+++ b/xen/arch/x86/hvm/vmx/entry.S
@@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler)
         mov  %rax,VCPU_hvm_guest_cr2(%rbx)
 
         /* SPEC_CTRL_ENTRY_FROM_VMX    Req: b=curr %rsp=regs/cpuinfo, Clob: 
acd */
+        /*
+         * RSB stuffing is to prevents RET predictions following guest
+         * entries.  This is *not* sufficient to flush all RSB entries on
+         * parts enumerating eIBRS, although the following restore_spec_ctrl
+         * does covers us.
+         */
         ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM
 
+        /*
+         * Restore Xen's MSR_SPEC_CTRL setting.  The guest's value resides in
+         * the MSR load/save list.  For Legacy IBRS, this flushes/inhibits
+         * indirect predictions and does not flush the RSB.  For eIBRS, this
+         * prevents CALLs/JMPs using predictions learnt at a lower predictor
+         * mode, and it flushes the RSB.  On eIBRS parts that also suffer from
+         * PBRSB, the prior RSB stuffing suffices to make the RSB safe.
+         */
         .macro restore_spec_ctrl
             mov    $MSR_SPEC_CTRL, %ecx
             movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
diff --git a/xen/include/asm-x86/spec_ctrl_asm.h 
b/xen/include/asm-x86/spec_ctrl_asm.h
index 89edcf62fd..1cc20e37c2 100644
--- a/xen/include/asm-x86/spec_ctrl_asm.h
+++ b/xen/include/asm-x86/spec_ctrl_asm.h
@@ -261,10 +261,32 @@
  */
     movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
+    /*
+     * For all safety notes, 32bit PV guest kernels run in Ring 1 and are
+     * therefore supervisor (== Xen) in the architecture.  As a result, most
+     * hardware isolation techniques do not work.
+     */
+
+    /*
+     * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making
+     * type-confused RETs safe to use.  This is not needed on Zen5 and later
+     * parts when SRSO_U/S_NO is enumerated.
+     */
     ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV
 
+    /*
+     * RSB stuffing is to prevent RET predictions following guest entries.
+     * This is not needed if SMEP is active and the RSB is full-width.
+     */
     ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV
 
+    /*
+     * Only used on Intel parts.  Restore Xen's MSR_SPEC_CTRL setting.  The
+     * guest can't change it's value behind Xen's back.  For Legacy IBRS, this
+     * flushes/inhibits indirect predictions and does not flush the RSB.  For
+     * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower
+     * predictor mode, and it flushes the RSB.
+     */
     ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0),         \
         X86_FEATURE_SC_MSR_PV
 
@@ -287,6 +309,14 @@
  */
     movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
+    /*
+     * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is
+     * a conditional jump skipping some actions when interrupting Xen.
+     *
+     * On Intel parts, the IRET #GP path ends up here with the guest's choice
+     * of MSR_SPEC_CTRL.
+     */
+
     testb $3, UREGS_cs(%rsp)
     jz .L\@_skip
 
@@ -337,6 +367,19 @@
  */
     movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
+    /*
+     * For all safety notes, 32bit PV guest kernels run in Ring 1 and are
+     * therefore supervisor (== Xen) in the architecture.  As a result, most
+     * hardware isolation techniques do not work.
+     */
+
+    /*
+     * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making
+     * type-confused RETs safe to use.  This is not needed on Zen5 and later
+     * parts when SRSO_U/S_NO is enumerated.  The SVM path takes care of
+     * Host/Guest interactions prior to clearing GIF, and it's not used on the
+     * VMX path.
+     */
     test    $SCF_ist_ibpb, %bl
     jz      .L\@_skip_ibpb
 
@@ -346,6 +389,12 @@
 
 .L\@_skip_ibpb:
 
+    /*
+     * RSB stuffing is to prevent RET predictions following guest entries.
+     * SCF_ist_rsb is active if either PV or HVM protections are needed.  The
+     * VMX path cannot guarantee to make the RSB safe ahead of taking an IST
+     * vector.
+     */
     test $SCF_ist_rsb, %bl
     jz .L\@_skip_rsb
 
@@ -353,6 +402,16 @@
 
 .L\@_skip_rsb:
 
+    /*
+     * Only used on Intel parts.  Restore Xen's MSR_SPEC_CTRL setting.  PV
+     * guests can't change their value behind Xen's back.  HVM guests have
+     * their value stored in the MSR load/save list.  For Legacy IBRS, this
+     * flushes/inhibits indirect predictions and does not flush the RSB.  For
+     * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower
+     * predictor mode, and it flushes the RSB.  On eIBRS parts that also
+     * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB
+     * safe.
+     */
     test $SCF_ist_sc_msr, %bl
     jz .L\@_skip_msr_spec_ctrl
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.