Xen project Mailing List

Re: [PATCH v2 1/3] x86: Add bit definitions for Automatic IBRS

To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 30 May 2023 18:29:14 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ru31ZqSFBUGrduaSVqofp/33VcjaBYZ/bFaZiCXx+NI=; b=Mqv7wqwSqHf2PeisLVxd/67aXeWAZKZ+Xw5YxTrRlW1s+of8A1yOYQ/7BYG6+vva9sgS4GcAgNlw0fa5D9Mp7yfBLwChB2+uv9dREW1Sn0tWm0vpHxnWY+wg+ClltBSvkrAZ8T0DHZAO4GdchRgofCPy8mv/vbbf8FKv5H6iRv5FicMEsnnv1en/jwI7nk0Qba3djiKV0sT+ZuY90rwXWb70JdR8X2JLuBBdWW/QOIpnGfPOrAZ8uuMbLN2YtJceBLUO3MmMom1v6ILgRnhJX72+UItJOtnsECgQHRFGHchOUtTt24ZIWj8iwebXZtyr/xWJ8w2DvsJzVq/PGJm+Ug==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aUaUi3XnpdTmEKw5ZUWzRLrKkjQGHBMe0dXsnehs/fOi2yIp0o0c0ARGlHbIz9lnU+8qvMIA+MjBGTXhYGUwWmLQM1WEWjdcDAfmltqBN7T8+bdiyoDfwXcs2QRY1xI074KJSPnpONFZnZofbRtwkvvwoXpE8kiRe1iT6EsmeQs6JrnirYGLJYN3jmOr+36Ply4nOnnSCWBxFlkEGBlJbEG05Midwu3sKSWNTOgeEgypphirQUDTG+BJdJmRLgfEleGmiThHW26YZLKmAQf9JhPt/IA2/FjMd0+MmfRYS8ZMc4dsoLhOOew8CaZ/9dxol1BfySD8jy0jziCBXHi/zA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 30 May 2023 17:29:45 +0000

Ironport-data: A9a23:07DN16rqiW2lzocubRParvNJMFheBmLLZBIvgKrLsJaIsI4StFCzt garIBnTa/yDamOgf9x2YNy18E4Av5HWyIJrSVc6rSEzRn4W9ZuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKq04GtwUmAWP6gR5weDzCFNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXACkMMSqsn9ux/PGySbRoxegfFtjnZ7pK7xmMzRmBZRonabbqZvySoPN9gnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jeiraYKFEjCJbZw9ckKwj 2TK5WnmRDodM8SS02Gt+XOwnO7f2yj8Xer+EZXhr6Yw0QXNmTx75Bs+XBy/jKKJlkeCHO1vb GAS3Gk+gZcy3Rn+JjX6d1jiyJKehTYVX9dSGus28gbL1KPQ5wubAUAPSjlcZJots8pebSwn0 BqFks3kARRrsaaJUjSN+7GMtzSwNCMJa2gYakcsUg8t89Tl5oYpgXrnTNl5F7WupsboAjy2y DePxAA8jbgOic8A142g4EvKxTmro/D0ohUd4wzWWiep611/bYv8P4iwswGDvbBHMZqTSUSHs D4cgc+C4esSDJaL0iuQXOEKG7Lv7PGAWNHBvWNS81Aa32zF0xaekUp4ulmS+G8B3h44RALU

Ironport-hdrordr: A9a23:eVBmp68cO5MWRYxJerxuk+DiI+orL9Y04lQ7vn2ZHyYlFfBwWf rAoB17726WtN9/YhodcLy7UpVoIkm9yXcW2+cs1OyZLW3bUQKTRelfBO3ZrgEIcBeeygcy78 tdmwcVMqyXMbDX5/yKgjVRsrwbsby6zJw=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 30/05/2023 2:58 pm, Alejandro Vallejo wrote: > This is an AMD feature to reduce the IBRS handling overhead. Once enabled, > processes running at CPL=0 are automatically IBRS-protected even if > SPEC_CTRL.IBRS is not set. Furthermore, the RAS/RSB is cleared on VMEXIT. > > The feature is exposed in CPUID and toggled in EFER. > > Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, but... > diff --git a/xen/include/public/arch-x86/cpufeatureset.h > b/xen/include/public/arch-x86/cpufeatureset.h > index 777041425e..3ac144100e 100644 > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -287,6 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA > Instructions */ > /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ > XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing > */ > XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base > (and limit too) */ > +XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /* HW can handle IBRS on its > own */ ... I've changed this on commit to just "Automatic IBRS". The behaviour is more far complicated than this, and anyone who wants to know needs to read the manual extra carefully. For one, there's a behaviour which depends on whether SEV-SNP was enabled in firmware... ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.