|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Spectre Mitigations in Xen 4.6
>>> On 20.03.18 at 13:58, <jandryuk@xxxxxxxxx> wrote:
> With that in place, I'm seeing Dom0 receive a general protection fault on
> boot
>
> [ 25.460035] general protection fault: 0000 [#1] SMP
> [ 25.460292] EIP: switch_mm_irqs_off+0xbe/0x600
>
> switch_mm_irqs_off+0xbe is the inlined
> indirect_branch_prediction_barrier(void)
> {
> alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
> X86_FEATURE_USE_IBPB);
> }
>
> The system boots when dom0 disables IBPB manipulation with
> nospectre_v2 on the kernel
> command line.
>
> I think Xen ends up here in xen/arch/x86/traps.c:emulate_privileged_op(),
> case MSR_PRED_CMD:
> domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
> domain_cpuid(currd, 0x80000008, 0, &dummy, &ebx, &dummy, &dummy);
> if ( !(edx & cpufeat_mask(X86_FEATURE_IBRSB)) &&
> !(ebx & cpufeat_mask(X86_FEATURE_IBPB)) )
> goto fail; /* MSR available? */
>
> /*
> * The only defined behaviour is when writing PRED_CMD_IBPB. In
> * practice, real hardware accepts any value without faulting.
> */
> if ( eax & PRED_CMD_IBPB )
> wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
> break;
>
> ...but Dom0 doesn't have a cpuid policy configured, so the IBRSB/IBPB
> check fails and we GP.
> Did I read that correctly? If that is the case, how should Dom0 be handled?
Would you give the patch below a try? Its description doesn't
fully fit 4.6, but newer versions (where I've done this first) can
make more use of the new wrapper.
Jan
x86/PV: also cover Dom0 in SPEC_CTRL / PRED_CMD emulation
Introduce a helper wrapping the pv_cpuid()-style domain_cpuid() /
cpuid_count() (or alike) invocations, and use it instead of plain
domain_cpuid() in MSR access emulation.
Reported-by: Jason Andryuk <jandryuk@xxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -823,6 +823,17 @@ int cpuid_hypervisor_leaves( uint32_t id
return 1;
}
+static void _domain_cpuid(struct domain *currd,
+ unsigned int leaf, unsigned int subleaf,
+ unsigned int *eax, unsigned int *ebx,
+ unsigned int *ecx, unsigned int *edx)
+{
+ if ( !is_control_domain(currd) && !is_hardware_domain(currd) )
+ domain_cpuid(currd, leaf, subleaf, eax, ebx, ecx, edx);
+ else
+ cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
void pv_cpuid(struct cpu_user_regs *regs)
{
uint32_t a, b, c, d;
@@ -2720,7 +2731,7 @@ static int emulate_privileged_op(struct
goto fail;
case MSR_SPEC_CTRL:
- domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
+ _domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
if ( !(edx & cpufeat_mask(X86_FEATURE_IBRSB)) )
goto fail; /* MSR available? */
@@ -2736,8 +2747,8 @@ static int emulate_privileged_op(struct
break;
case MSR_PRED_CMD:
- domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
- domain_cpuid(currd, 0x80000008, 0, &dummy, &ebx, &dummy, &dummy);
+ _domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
+ _domain_cpuid(currd, 0x80000008, 0, &dummy, &ebx, &dummy, &dummy);
if ( !(edx & cpufeat_mask(X86_FEATURE_IBRSB)) &&
!(ebx & cpufeat_mask(X86_FEATURE_IBPB)) )
goto fail; /* MSR available? */
@@ -2885,7 +2896,7 @@ static int emulate_privileged_op(struct
goto fail;
case MSR_SPEC_CTRL:
- domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
+ _domain_cpuid(currd, 7, 0, &dummy, &dummy, &dummy, &edx);
if ( !(edx & cpufeat_mask(X86_FEATURE_IBRSB)) )
goto fail;
regs->eax = v->arch.spec_ctrl;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |