Xen project Mailing List

[PATCH 4/4] x86/spec-ctrl: Remove opencoded MSR_ARCH_CAPS check

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 16 May 2023 15:53:34 +0100

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 16 May 2023 14:53:55 +0000

Ironport-data: A9a23:Gf2vtK5WG0SBXkUkBV+1PQxRtDHHchMFZxGqfqrLsTDasY5as4F+v mBJCGzXaaqOMTCnL4siYdjlpkoHup/cmNVnQARlqSk9Hi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7ZwehBtC5gZlPa0S4geE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m/ /VEMj8jTxm/g92v6qLhY8Nuj/4eFZy+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJUQVYT/7C7pn9AusrlD5fydVtxS+oq0v7nKI5AdwzKLsIJzefdniqcB9xx/B+ DKXpz6kav0cHI2VkCrCwnDxv8/CoifYAaIZE7rn6fE/1TV/wURMUUZLBDNXu8KRlUqWS99Zb UsO9UIGvaU0sUCmUNT5dxm5u2Kf+A4RXcJKFO834x3LzbDbiy67LGUZSj9KaPQ9qdQ7Azct0 ze0c8jBXGI19ufPEDTEq+nS9GnpUcQIEYMcTSUNEREKzfjqnIUMlzjfFP9JEqePs+SgTFkc3 Au2hCQ5grwSi+sC2KO64U3LjlqQm3TZcuImzl6JBzz4t2uVcKbgPtX1sgaDsZ6sOa7DFjG8U G44d99yBQzkJbWEj2SzTeoEB9lFDN7VYWSH0TaD83TMnglBGkJPn6gKuFmSx28zaK7onAMFh 2eN0T69HLcJYBOXgVZfOupd8fgCw6n6DsjCXfvJdNdIaZUZXFbZrH03OhPOjjmxzxJEfUQD1 XCzIK6R4YsyU/w7nFJauc9HuVPU+szO7TyKHs2qp/hW+bGfeGSUWd84Dbd6VchgtPnsiFyMo 75i2z6il003vBvWPnOGrub+7DkicRAGOHwBg5IHKbPTflU/QwnMyZb5mNscRmCspIwN/s+gw 513chUwJIbX7ZEfFTi3Vw==

Ironport-hdrordr: A9a23:0aSzw6CKhgtfj0blHeiksseALOsnbusQ8zAXPh9KJCC9I/bzqy nxpp8mPEfP+VAssQIb6Km90ci7MDrhHPtOjbX5Uo3SODUO1FHIEGgA1/qr/9SDIVyYygc178 4JHMZD4bbLfDtHZLPBkWyF+qEbsbu6Gc6T5dv2/jNId0VHeqtg5wB2BkKyFVB3fhBPAd4UBY eR/c1OohunYDAyYt6gDncIcuDfr5mT/aiWKyIuNloC0k2jnDmo4Ln1H1yx2QofaSpGxfMP4H XIiAvw44SkqrWexgXH32HewpxKkJ/Ky8dFBuaLls8JQw+cwTqAVcBEYfmvrTo1qOag5BIBi9 /XuSotOMx19jf4Yny1iQGF4Xit7B8er1vZjXOIi3rqpsL0ABggDdBauI5fehzFr2I9odBH1r 5R1W7xjesZMfqAplWy2zH7bWArqqOGmwtgrQfVtQ0cbWIqUs4RkWXYxjIRLH5PJlO/1GltKp gXMCiV3ocsTbrdVQGVgoAn+q3QYpw+cy32OHQqq4ib1SNbk2t+yFZdzMsDnm0Y/JZ4UJVc4f /YW54Y4I2mY/VmH56VPt1xNPefGyjIW1bBIWiSKVPoGOUOPG/MsYf+5PEw6PuxcJIFwZMukN CZOWkow1IaagbrE4mDzZdL+hfCTCG0Wins0NhX49x8tqfnTLTmPCWfQBQlktemof8YHsrHMs zDT65+ErvmNy/jCIxJ1wrxV91bLmQfStQcvpIhV1eHsqvwW/7XXyzgAYbuzZbWYEgZsznEcw c+tRDIVbp9x1HuXGPkix7MXH6oclDj/PtLYdnnw9Q=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

MSR_ARCH_CAPS data is now included in featureset information. Replace opencoded checks with regular feature ones. No functional change. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Wei Liu <wl@xxxxxxx> --- xen/arch/x86/include/asm/cpufeature.h | 7 ++++ xen/arch/x86/spec_ctrl.c | 56 +++++++++++++-------------- 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index deca5bfc2629..00a43123ac82 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -184,8 +184,15 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_avx_ne_convert boot_cpu_has(X86_FEATURE_AVX_NE_CONVERT) /* MSR_ARCH_CAPS 10A */ +#define cpu_has_rdcl_no boot_cpu_has(X86_FEATURE_RDCL_NO) +#define cpu_has_eibrs boot_cpu_has(X86_FEATURE_EIBRS) +#define cpu_has_rsba boot_cpu_has(X86_FEATURE_RSBA) +#define cpu_has_skip_l1dfl boot_cpu_has(X86_FEATURE_SKIP_L1DFL) +#define cpu_has_mds_no boot_cpu_has(X86_FEATURE_MDS_NO) #define cpu_has_if_pschange_mc_no boot_cpu_has(X86_FEATURE_IF_PSCHANGE_MC_NO) #define cpu_has_tsx_ctrl boot_cpu_has(X86_FEATURE_TSX_CTRL) +#define cpu_has_taa_no boot_cpu_has(X86_FEATURE_TAA_NO) +#define cpu_has_fb_clear boot_cpu_has(X86_FEATURE_FB_CLEAR) /* Synthesized. */ #define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f81db2143328..50d467f74cf8 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -282,12 +282,10 @@ custom_param("spec-ctrl", parse_spec_ctrl); int8_t __read_mostly opt_xpti_hwdom = -1; int8_t __read_mostly opt_xpti_domu = -1; -static __init void xpti_init_default(uint64_t caps) +static __init void xpti_init_default(void) { - if ( boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON) ) - caps = ARCH_CAPS_RDCL_NO; - - if ( caps & ARCH_CAPS_RDCL_NO ) + if ( (boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) || + cpu_has_rdcl_no ) { if ( opt_xpti_hwdom < 0 ) opt_xpti_hwdom = 0; @@ -390,9 +388,10 @@ static int __init cf_check parse_pv_l1tf(const char *s) } custom_param("pv-l1tf", parse_pv_l1tf); -static void __init print_details(enum ind_thunk thunk, uint64_t caps) +static void __init print_details(enum ind_thunk thunk) { unsigned int _7d0 = 0, _7d2 = 0, e8b = 0, max = 0, tmp; + uint64_t caps = 0; /* Collect diagnostics about available mitigations. */ if ( boot_cpu_data.cpuid_level >= 7 ) @@ -401,6 +400,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) cpuid_count(7, 2, &tmp, &tmp, &tmp, &_7d2); if ( boot_cpu_data.extended_cpuid_level >= 0x80000008 ) cpuid(0x80000008, &tmp, &e8b, &tmp, &tmp); + if ( cpu_has_arch_caps ) + rdmsrl(MSR_ARCH_CAPABILITIES, caps); printk("Speculative mitigation facilities:\n"); @@ -578,7 +579,7 @@ static bool __init check_smt_enabled(void) } /* Calculate whether Retpoline is known-safe on this CPU. */ -static bool __init retpoline_safe(uint64_t caps) +static bool __init retpoline_safe(void) { unsigned int ucode_rev = this_cpu(cpu_sig).rev; @@ -596,7 +597,7 @@ static bool __init retpoline_safe(uint64_t caps) * Processors offering Enhanced IBRS are not guarenteed to be * repoline-safe. */ - if ( caps & (ARCH_CAPS_RSBA | ARCH_CAPS_IBRS_ALL) ) + if ( cpu_has_rsba || cpu_has_eibrs ) return false; switch ( boot_cpu_data.x86_model ) @@ -845,7 +846,7 @@ static void __init ibpb_calculations(void) } /* Calculate whether this CPU is vulnerable to L1TF. */ -static __init void l1tf_calculations(uint64_t caps) +static __init void l1tf_calculations(void) { bool hit_default = false; @@ -933,7 +934,7 @@ static __init void l1tf_calculations(uint64_t caps) } /* Any processor advertising RDCL_NO should be not vulnerable to L1TF. */ - if ( caps & ARCH_CAPS_RDCL_NO ) + if ( cpu_has_rdcl_no ) cpu_has_bug_l1tf = false; if ( cpu_has_bug_l1tf && hit_default ) @@ -992,7 +993,7 @@ static __init void l1tf_calculations(uint64_t caps) } /* Calculate whether this CPU is vulnerable to MDS. */ -static __init void mds_calculations(uint64_t caps) +static __init void mds_calculations(void) { /* MDS is only known to affect Intel Family 6 processors at this time. */ if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || @@ -1000,7 +1001,7 @@ static __init void mds_calculations(uint64_t caps) return; /* Any processor advertising MDS_NO should be not vulnerable to MDS. */ - if ( caps & ARCH_CAPS_MDS_NO ) + if ( cpu_has_mds_no ) return; switch ( boot_cpu_data.x86_model ) @@ -1113,10 +1114,6 @@ void __init init_speculation_mitigations(void) enum ind_thunk thunk = THUNK_DEFAULT; bool has_spec_ctrl, ibrs = false, hw_smt_enabled; bool cpu_has_bug_taa; - uint64_t caps = 0; - - if ( cpu_has_arch_caps ) - rdmsrl(MSR_ARCH_CAPABILITIES, caps); hw_smt_enabled = check_smt_enabled(); @@ -1163,7 +1160,7 @@ void __init init_speculation_mitigations(void) * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - if ( retpoline_safe(caps) ) + if ( retpoline_safe() ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; @@ -1392,13 +1389,13 @@ void __init init_speculation_mitigations(void) * threads. Activate this if SMT is enabled, and Xen is using a non-zero * MSR_SPEC_CTRL setting. */ - if ( boot_cpu_has(X86_FEATURE_IBRSB) && !(caps & ARCH_CAPS_IBRS_ALL) && + if ( boot_cpu_has(X86_FEATURE_IBRSB) && !cpu_has_eibrs && hw_smt_enabled && default_xen_spec_ctrl ) setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE); - xpti_init_default(caps); + xpti_init_default(); - l1tf_calculations(caps); + l1tf_calculations(); /* * By default, enable PV domU L1TF mitigations on all L1TF-vulnerable @@ -1419,7 +1416,7 @@ void __init init_speculation_mitigations(void) if ( !boot_cpu_has(X86_FEATURE_L1D_FLUSH) ) opt_l1d_flush = 0; else if ( opt_l1d_flush == -1 ) - opt_l1d_flush = cpu_has_bug_l1tf && !(caps & ARCH_CAPS_SKIP_L1DFL); + opt_l1d_flush = cpu_has_bug_l1tf && !cpu_has_skip_l1dfl; /* We compile lfence's in by default, and nop them out if requested. */ if ( !opt_branch_harden ) @@ -1442,7 +1439,7 @@ void __init init_speculation_mitigations(void) "enabled. Please assess your configuration and choose an\n" "explicit 'smt=<bool>' setting. See XSA-273.\n"); - mds_calculations(caps); + mds_calculations(); /* * Parts which enumerate FB_CLEAR are those which are post-MDS_NO and have @@ -1454,7 +1451,7 @@ void __init init_speculation_mitigations(void) * the return-to-guest path. */ if ( opt_unpriv_mmio ) - opt_fb_clear_mmio = caps & ARCH_CAPS_FB_CLEAR; + opt_fb_clear_mmio = cpu_has_fb_clear; /* * By default, enable PV and HVM mitigations on MDS-vulnerable hardware. @@ -1484,7 +1481,7 @@ void __init init_speculation_mitigations(void) */ if ( opt_md_clear_pv || opt_md_clear_hvm || opt_fb_clear_mmio ) setup_force_cpu_cap(X86_FEATURE_SC_VERW_IDLE); - opt_md_clear_hvm &= !(caps & ARCH_CAPS_SKIP_L1DFL) && !opt_l1d_flush; + opt_md_clear_hvm &= !cpu_has_skip_l1dfl && !opt_l1d_flush; /* * Warn the user if they are on MLPDS/MFBDS-vulnerable hardware with HT @@ -1515,8 +1512,7 @@ void __init init_speculation_mitigations(void) * we check both to spot TSX in a microcode/cmdline independent way. */ cpu_has_bug_taa = - (cpu_has_rtm || (caps & ARCH_CAPS_TSX_CTRL)) && - (caps & (ARCH_CAPS_MDS_NO | ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO; + (cpu_has_rtm || cpu_has_tsx_ctrl) && cpu_has_mds_no && !cpu_has_taa_no; /* * On TAA-affected hardware, disabling TSX is the preferred mitigation, vs @@ -1535,7 +1531,7 @@ void __init init_speculation_mitigations(void) * plausibly value TSX higher than Hyperthreading...), disable TSX to * mitigate TAA. */ - if ( opt_tsx == -1 && cpu_has_bug_taa && (caps & ARCH_CAPS_TSX_CTRL) && + if ( opt_tsx == -1 && cpu_has_bug_taa && cpu_has_tsx_ctrl && ((hw_smt_enabled && opt_smt) || !boot_cpu_has(X86_FEATURE_SC_VERW_IDLE)) ) { @@ -1560,15 +1556,15 @@ void __init init_speculation_mitigations(void) if ( cpu_has_srbds_ctrl ) { if ( opt_srb_lock == -1 && !opt_unpriv_mmio && - (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && - (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && rtm_disabled)) ) + cpu_has_mds_no && !cpu_has_taa_no && + (!cpu_has_hle || (cpu_has_tsx_ctrl && rtm_disabled)) ) opt_srb_lock = 0; set_in_mcu_opt_ctrl(MCU_OPT_CTRL_RNGDS_MITG_DIS, opt_srb_lock ? 0 : MCU_OPT_CTRL_RNGDS_MITG_DIS); } - print_details(thunk, caps); + print_details(thunk); /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard -- 2.30.2

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.