[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/3] Add Automatic IBRS support

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
Date: Fri, 26 May 2023 16:00:41 +0100
Cc: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 26 May 2023 15:01:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Adds support for AMD's Automatic IBRS. It's a set-and-forget feature that
prevents lower privileged executions from affecting speculations of higher
privileged executions, so retpolines are not required. Furthermore, it
clears the RSB upon VMEXIT, so we can avoid doing it if the feature is
present.

Patch 1 adds the relevant bit definitions for CPUID and EFER.

Patch 2 Hooks up AutoIBRS to spec_ctrl. so it's used when IBRS is picked.
        It also tweaks the heuristics so AutoIBRS is preferred over
        retpolines as BTI mitigation. This is enough to protect Xen.

Patch 3 exposes the feature to HVM guests.

Alejandro Vallejo (3):
  x86: Add bit definitions for Automatic IBRS
  x86: Add support for AMD's Automatic IBRS
  x86: Expose Automatic IBRS to guests

 tools/libs/light/libxl_cpuid.c              |  1 +
 tools/misc/xen-cpuid.c                      |  2 +
 xen/arch/x86/hvm/hvm.c                      |  3 ++
 xen/arch/x86/include/asm/cpufeature.h       |  1 +
 xen/arch/x86/include/asm/msr-index.h        |  4 +-
 xen/arch/x86/pv/emul-priv-op.c              |  4 +-
 xen/arch/x86/setup.c                        |  3 ++
 xen/arch/x86/smpboot.c                      |  3 ++
 xen/arch/x86/spec_ctrl.c                    | 52 +++++++++++++++------
 xen/include/public/arch-x86/cpufeatureset.h |  1 +
 10 files changed, 56 insertions(+), 18 deletions(-)

-- 
2.34.1

Follow-Ups:
- [PATCH 1/3] x86: Add bit definitions for Automatic IBRS
  - From: Alejandro Vallejo
- [PATCH 3/3] x86: Expose Automatic IBRS to guests
  - From: Alejandro Vallejo
- [PATCH 2/3] x86: Add support for AMD's Automatic IBRS
  - From: Alejandro Vallejo

Prev by Date: Re: [PATCH v2] xen/x86/pvh: handle ACPI RSDT table in PVH Dom0 build
Next by Date: [PATCH 2/3] x86: Add support for AMD's Automatic IBRS
Previous by thread: [PATCH v1] xentrace: adjust exit code for --help option
Next by thread: [PATCH 2/3] x86: Add support for AMD's Automatic IBRS
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.