From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue, 17 Apr 2018 13:15:04 +0000 (+0100)
Subject: x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~103
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22?a=commitdiff_plain;h=66dfae0f32bfbc899c2f3446d5ee57068cb7f957;p=xen.git

x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a variable

At the moment, we have two different encodings of Xen's MSR_SPEC_CTRL value,
which is a side effect of how the Spectre series developed.  One encoding is
via an alias with the bottom bit of bti_ist_info, and can encode IBRS or not,
but not other configurations such as STIBP.

Break Xen's value out into a separate variable (in the top of stack block for
XPTI reasons) and use this instead of bti_ist_info in the IST path.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 4ab0f50106..6633c64d8a 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -38,6 +38,7 @@ static int8_t __initdata opt_ibrs = -1;
 static bool __initdata opt_rsb_native = true;
 static bool __initdata opt_rsb_vmexit = true;
 bool __read_mostly opt_ibpb = true;
+uint8_t __read_mostly default_xen_spec_ctrl;
 uint8_t __read_mostly default_bti_ist_info;
 
 static int __init parse_bti(const char *s)
@@ -366,11 +367,14 @@ void __init init_speculation_mitigations(void)
          * guests.
          */
         if ( ibrs )
+        {
+            default_xen_spec_ctrl |= SPEC_CTRL_IBRS;
             setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_SET);
+        }
         else
             setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_CLEAR);
 
-        default_bti_ist_info |= BTI_IST_WRMSR | ibrs;
+        default_bti_ist_info |= BTI_IST_WRMSR;
     }
 
     /*
@@ -417,8 +421,6 @@ void __init init_speculation_mitigations(void)
 
 static void __init __maybe_unused build_assertions(void)
 {
-    /* The optimised assembly relies on this alias. */
-    BUILD_BUG_ON(BTI_IST_IBRS != SPEC_CTRL_IBRS);
 }
 
 /*
diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c
index 06028febc1..f80d3b7cc0 100644
--- a/xen/arch/x86/x86_64/asm-offsets.c
+++ b/xen/arch/x86/x86_64/asm-offsets.c
@@ -134,6 +134,7 @@ void __dummy__(void)
     OFFSET(CPUINFO_xen_cr3, struct cpu_info, xen_cr3);
     OFFSET(CPUINFO_pv_cr3, struct cpu_info, pv_cr3);
     OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl);
+    OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl);
     OFFSET(CPUINFO_use_shadow_spec_ctrl, struct cpu_info, use_shadow_spec_ctrl);
     OFFSET(CPUINFO_bti_ist_info, struct cpu_info, bti_ist_info);
     OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed);
diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h
index 43bdec1f49..200e935e10 100644
--- a/xen/include/asm-x86/current.h
+++ b/xen/include/asm-x86/current.h
@@ -54,6 +54,7 @@ struct cpu_info {
 
     /* See asm-x86/spec_ctrl_asm.h for usage. */
     unsigned int shadow_spec_ctrl;
+    uint8_t      xen_spec_ctrl;
     bool         use_shadow_spec_ctrl;
     uint8_t      bti_ist_info;
 
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index b4fa43269e..0c7663a19f 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -27,6 +27,7 @@
 void init_speculation_mitigations(void);
 
 extern bool opt_ibpb;
+extern uint8_t default_xen_spec_ctrl;
 extern uint8_t default_bti_ist_info;
 
 extern uint8_t opt_xpti;
@@ -38,6 +39,7 @@ static inline void init_shadow_spec_ctrl_state(void)
     struct cpu_info *info = get_cpu_info();
 
     info->shadow_spec_ctrl = info->use_shadow_spec_ctrl = 0;
+    info->xen_spec_ctrl = default_xen_spec_ctrl;
     info->bti_ist_info = default_bti_ist_info;
 }
 
diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h
index 1623fc04da..e8e8f9a9b1 100644
--- a/xen/include/asm-x86/spec_ctrl_asm.h
+++ b/xen/include/asm-x86/spec_ctrl_asm.h
@@ -21,7 +21,6 @@
 #define __X86_SPEC_CTRL_ASM_H__
 
 /* Encoding of the bottom bits in cpuinfo.bti_ist_info */
-#define BTI_IST_IBRS  (1 << 0)
 #define BTI_IST_WRMSR (1 << 1)
 #define BTI_IST_RSB   (1 << 2)
 
@@ -283,12 +282,9 @@
     setz %dl
     and %dl, STACK_CPUINFO_FIELD(use_shadow_spec_ctrl)(%r14)
 
-    /*
-     * Load Xen's intended value.  SPEC_CTRL_IBRS vs 0 is encoded in the
-     * bottom bit of bti_ist_info, via a deliberate alias with BTI_IST_IBRS.
-     */
+    /* Load Xen's intended value. */
     mov $MSR_SPEC_CTRL, %ecx
-    and $BTI_IST_IBRS, %eax
+    movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax
     xor %edx, %edx
     wrmsr