[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v7 15/17] x86/ctxt: Issue a speculation barrier between vcpu contexts
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> --- v7: * Use the opt_ibpb boolean rather than using a cpufeature flag. --- docs/misc/xen-command-line.markdown | 5 ++++- xen/arch/x86/domain.c | 3 +++ xen/arch/x86/spec_ctrl.c | 10 +++++++++- xen/include/asm-x86/spec_ctrl.h | 2 ++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 8510e47..a24d585 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -246,7 +246,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### bti (x86) -> `= List of [ thunk=retpoline|lfence|jmp, ibrs=<bool>, rsb_{vmexit,native}=<bool> ]` +> `= List of [ thunk=retpoline|lfence|jmp, ibrs=<bool>, ibpb=<bool>, rsb_{vmexit,native}=<bool> ]` Branch Target Injection controls. By default, Xen will pick the most appropriate BTI mitigations based on compiled in support, loaded microcode, @@ -265,6 +265,9 @@ On hardware supporting IBRS, the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be virtualised for guests. +On hardware supporting IBPB, the `ibpb=` option can be used to prevent Xen +from issuing Branch Prediction Barriers on vcpu context switches. + The `rsb_vmexit=` and `rsb_native=` options can be used to fine tune when the RSB gets overwritten. There are individual controls for an entry from HVM context, and an entry from a native (PV or Xen) context. diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 8849e3f..ba10ed9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1736,6 +1736,9 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } ctxt_switch_levelling(next); + + if ( opt_ibpb ) + wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); } context_saved(prev); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 680fabe..ae3e7d7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,6 +33,7 @@ static enum ind_thunk { THUNK_JMP, } opt_thunk __initdata = THUNK_DEFAULT; static int opt_ibrs __initdata = -1; +bool __read_mostly opt_ibpb = true; static bool opt_rsb_native __initdata = true, opt_rsb_vmexit __initdata = true; static int __init parse_bti(const char *s) @@ -60,6 +61,8 @@ static int __init parse_bti(const char *s) } else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) opt_ibrs = val; + else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + opt_ibpb = val; else if ( (val = parse_boolean("rsb_native", s, ss)) >= 0 ) opt_rsb_native = val; else if ( (val = parse_boolean("rsb_vmexit", s, ss)) >= 0 ) @@ -100,13 +103,14 @@ static void __init print_details(enum ind_thunk thunk) printk(XENLOG_DEBUG " Compiled-in support: INDIRECT_THUNK\n"); printk(XENLOG_INFO - "BTI mitigations: Thunk %s, Others:%s%s%s\n", + "BTI mitigations: Thunk %s, Others:%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", boot_cpu_has(X86_FEATURE_XEN_IBRS_SET) ? " IBRS+" : boot_cpu_has(X86_FEATURE_XEN_IBRS_CLEAR) ? " IBRS-" : "", + opt_ibpb ? " IBPB" : "", boot_cpu_has(X86_FEATURE_RSB_NATIVE) ? " RSB_NATIVE" : "", boot_cpu_has(X86_FEATURE_RSB_VMEXIT) ? " RSB_VMEXIT" : ""); } @@ -273,6 +277,10 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_vmexit ) setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT); + /* Check we have hardware IBPB support before using it... */ + if ( !boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBPB) ) + opt_ibpb = false; + print_details(thunk); } diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 45814d0..f139581 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -26,6 +26,8 @@ void init_speculation_mitigations(void); +extern bool opt_ibpb; + /* * For guests which know about IBRS but are not told about STIBP running on * hardware supporting hyperthreading, the guest doesn't know to protect -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |