x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default

author Andrew Cooper <andrew.cooper3@citrix.com>

Mon, 17 Jan 2022 20:29:09 +0000 (20:29 +0000)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Fri, 4 Feb 2022 15:45:25 +0000 (15:45 +0000)
author Andrew Cooper <andrew.cooper3@citrix.com>
Mon, 17 Jan 2022 20:29:09 +0000 (20:29 +0000)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Fri, 4 Feb 2022 15:45:25 +0000 (15:45 +0000)
diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c

index 151944f6570299a523a665e99848595aa2b61443..c7f07ef7a6c6be70eac3494d44638ad8810eb3bc 100644 (file)
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -396,6 +396,8 @@ static void __init guest_common_feature_adjustments(uint32_t *fs)
       */
      if ( test_bit(X86_FEATURE_IBRSB, fs) )
          __set_bit(X86_FEATURE_STIBP, fs);
+    if ( test_bit(X86_FEATURE_IBRS, fs) )
+        __set_bit(X86_FEATURE_AMD_STIBP, fs);
  
      /*
       * On hardware which supports IBRS/IBPB, we can offer IBPB independently
@@ -419,11 +421,14 @@ static void __init calculate_pv_max_policy(void)
          pv_featureset[i] &= pv_max_featuremask[i];
  
      /*
-     * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests because of
-     * administrator choice, hide the feature.
+     * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional
+     * availability, or admin choice), hide the feature.
       */
      if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) )
+    {
          __clear_bit(X86_FEATURE_IBRSB, pv_featureset);
+        __clear_bit(X86_FEATURE_IBRS, pv_featureset);
+    }
  
      guest_common_feature_adjustments(pv_featureset);
  
@@ -493,11 +498,14 @@ static void __init calculate_hvm_max_policy(void)
          __set_bit(X86_FEATURE_SEP, hvm_featureset);
  
      /*
-     * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests because of
-     * administrator choice, hide the feature.
+     * If Xen isn't virtualising MSR_SPEC_CTRL for HVM guests (functional
+     * availability, or admin choice), hide the feature.
       */
      if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) )
+    {
          __clear_bit(X86_FEATURE_IBRSB, hvm_featureset);
+        __clear_bit(X86_FEATURE_IBRS, hvm_featureset);
+    }
  
      /*
       * With VT-x, some features are only supported by Xen if dedicated
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c

index 9c99f8a032d9521056583325da7695d5724a766b..332de61993179e0385b2afae32af367f9faa25b3 100644 (file)
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -606,6 +606,10 @@ static void svm_cpuid_policy_changed(struct vcpu *v)
  
      vmcb_set_exception_intercepts(vmcb, bitmap);
  
+    /* Give access to MSR_SPEC_CTRL if the guest has been told about it. */
+    svm_intercept_msr(v, MSR_SPEC_CTRL,
+                      cp->extd.ibrs ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW);
+
      /* Give access to MSR_PRED_CMD if the guest has been told about it. */
      svm_intercept_msr(v, MSR_PRED_CMD,
                        cp->extd.ibpb ? MSR_INTERCEPT_NONE : MSR_INTERCEPT_RW);
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h

index 3d45b05af2a56d735afdc588119b38bbb8a70b5a..228a5dc29ea9e5163fd89b623532c36fc8ffa832 100644 (file)
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -254,18 +254,18 @@ XEN_CPUFEATURE(CLZERO,        8*32+ 0) /*A  CLZERO instruction */
  XEN_CPUFEATURE(RSTR_FP_ERR_PTRS, 8*32+ 2) /*A  (F)X{SAVE,RSTOR} always saves/restores FPU Error pointers */
  XEN_CPUFEATURE(WBNOINVD,      8*32+ 9) /*   WBNOINVD instruction */
  XEN_CPUFEATURE(IBPB,          8*32+12) /*A  IBPB support only (no IBRS, used by AMD) */
-XEN_CPUFEATURE(IBRS,          8*32+14) /*   MSR_SPEC_CTRL.IBRS */
-XEN_CPUFEATURE(AMD_STIBP,     8*32+15) /*   MSR_SPEC_CTRL.STIBP */
-XEN_CPUFEATURE(IBRS_ALWAYS,   8*32+16) /*   IBRS preferred always on */
-XEN_CPUFEATURE(STIBP_ALWAYS,  8*32+17) /*   STIBP preferred always on */
-XEN_CPUFEATURE(IBRS_FAST,     8*32+18) /*   IBRS preferred over software options */
-XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*   IBRS provides same-mode protection */
+XEN_CPUFEATURE(IBRS,          8*32+14) /*S  MSR_SPEC_CTRL.IBRS */
+XEN_CPUFEATURE(AMD_STIBP,     8*32+15) /*S  MSR_SPEC_CTRL.STIBP */
+XEN_CPUFEATURE(IBRS_ALWAYS,   8*32+16) /*S  IBRS preferred always on */
+XEN_CPUFEATURE(STIBP_ALWAYS,  8*32+17) /*S  STIBP preferred always on */
+XEN_CPUFEATURE(IBRS_FAST,     8*32+18) /*S  IBRS preferred over software options */
+XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S  IBRS provides same-mode protection */
  XEN_CPUFEATURE(NO_LMSL,       8*32+20) /*S  EFER.LMSLE no longer supported. */
  XEN_CPUFEATURE(AMD_PPIN,      8*32+23) /*   Protected Processor Inventory Number */
-XEN_CPUFEATURE(AMD_SSBD,      8*32+24) /*   MSR_SPEC_CTRL.SSBD available */
+XEN_CPUFEATURE(AMD_SSBD,      8*32+24) /*S  MSR_SPEC_CTRL.SSBD available */
  XEN_CPUFEATURE(VIRT_SSBD,     8*32+25) /*   MSR_VIRT_SPEC_CTRL.SSBD */
  XEN_CPUFEATURE(SSB_NO,        8*32+26) /*A  Hardware not vulnerable to SSB */
-XEN_CPUFEATURE(PSFD,          8*32+28) /*   MSR_SPEC_CTRL.PSFD */
+XEN_CPUFEATURE(PSFD,          8*32+28) /*S  MSR_SPEC_CTRL.PSFD */
  
  /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */
  XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A  AVX512 Neural Network Instructions */
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py

index b953648b6572c313f25c4e3a2543e565c26a9aa7..517d632b50265d4782a46bf0bb4c08284560de19 100755 (executable)
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -277,16 +277,20 @@ def crunch_numbers(state):
          # The features:
          #   * Single Thread Indirect Branch Predictors
          #   * Speculative Store Bypass Disable
+        #   * Predictive Store Forward Disable
          #
-        # enumerate new bits in MSR_SPEC_CTRL, which is enumerated by Indirect
-        # Branch Restricted Speculation/Indirect Branch Prediction Barrier.
+        # enumerate new bits in MSR_SPEC_CTRL, and technically enumerate
+        # MSR_SPEC_CTRL itself.  AMD further enumerates hints to guide OS
+        # behaviour.
          #
-        # In practice, these features also enumerate the presense of
-        # MSR_SPEC_CTRL.  However, no real hardware will exist with SSBD but
-        # not IBRSB, and we pass this MSR directly to guests.  Treating them
+        # However, no real hardware will exist with e.g. SSBD but not
+        # IBRSB/IBRS, and we pass this MSR directly to guests.  Treating them
          # as dependent features simplifies Xen's logic, and prevents the guest
          # from seeing implausible configurations.
          IBRSB: [STIBP, SSBD],
+        IBRS: [AMD_STIBP, AMD_SSBD, PSFD,
+               IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE],
+        AMD_STIBP: [STIBP_ALWAYS],
  
          # In principle the TSXLDTRK insns could also be considered independent.
          RTM: [TSXLDTRK],
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 17 Jan 2022 20:29:09 +0000 (20:29 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 4 Feb 2022 15:45:25 +0000 (15:45 +0000)
xen/arch/x86/cpuid.c		patch \| blob \| history
xen/arch/x86/hvm/svm/svm.c		patch \| blob \| history
xen/include/public/arch-x86/cpufeatureset.h		patch \| blob \| history
xen/tools/gen-cpuid.py		patch \| blob \| history