The CET spec has been published and guest kernels are starting to get support.
Introduce the CPUID and MSRs, and fully block the MSRs from guest use.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Wei Liu <wl@xen.org>
{"pku", 0x00000007, 0, CPUID_REG_ECX, 3, 1},
{"ospke", 0x00000007, 0, CPUID_REG_ECX, 4, 1},
{"avx512-vbmi2", 0x00000007, 0, CPUID_REG_ECX, 6, 1},
+ {"cet-ss", 0x00000007, 0, CPUID_REG_ECX, 7, 1},
{"gfni", 0x00000007, 0, CPUID_REG_ECX, 8, 1},
{"vaes", 0x00000007, 0, CPUID_REG_ECX, 9, 1},
{"vpclmulqdq", 0x00000007, 0, CPUID_REG_ECX, 10, 1},
{"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1},
{"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1},
{"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1},
+ {"cet-ibt", 0x00000007, 0, CPUID_REG_EDX, 20, 1},
{"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1},
{"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1},
{"l1d-flush", 0x00000007, 0, CPUID_REG_EDX, 28, 1},
[ 0] = "prefetchwt1", [ 1] = "avx512_vbmi",
[ 2] = "umip", [ 3] = "pku",
[ 4] = "ospke", [ 5] = "waitpkg",
- [ 6] = "avx512_vbmi2",
+ [ 6] = "avx512_vbmi2", [ 7] = "cet-ss",
[ 8] = "gfni", [ 9] = "vaes",
[10] = "vpclmulqdq", [11] = "avx512_vnni",
[12] = "avx512_bitalg",
/* 12 */ [13] = "tsx-force-abort",
[18] = "pconfig",
+ [20] = "cet-ibt",
[26] = "ibrsb", [27] = "stibp",
[28] = "l1d_flush", [29] = "arch_caps",
case MSR_CORE_CAPABILITIES:
case MSR_TSX_FORCE_ABORT:
case MSR_TSX_CTRL:
+ case MSR_U_CET:
+ case MSR_S_CET:
+ case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE:
case MSR_AMD64_LWP_CFG:
case MSR_AMD64_LWP_CBADDR:
case MSR_PPIN_CTL:
case MSR_TEST_CTRL:
case MSR_TSX_FORCE_ABORT:
case MSR_TSX_CTRL:
+ case MSR_U_CET:
+ case MSR_S_CET:
+ case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE:
case MSR_AMD64_LWP_CFG:
case MSR_AMD64_LWP_CBADDR:
case MSR_PPIN_CTL:
#define TSX_CTRL_RTM_DISABLE (_AC(1, ULL) << 0)
#define TSX_CTRL_CPUID_CLEAR (_AC(1, ULL) << 1)
+#define MSR_U_CET 0x000006a0
+#define MSR_S_CET 0x000006a2
+#define MSR_PL0_SSP 0x000006a4
+#define MSR_PL1_SSP 0x000006a5
+#define MSR_PL2_SSP 0x000006a6
+#define MSR_PL3_SSP 0x000006a7
+#define MSR_INTERRUPT_SSP_TABLE 0x000006a8
+
/*
* Legacy MSR constants in need of cleanup. No new MSRs below this comment.
*/
XEN_CPUFEATURE(PKU, 6*32+ 3) /*H Protection Keys for Userspace */
XEN_CPUFEATURE(OSPKE, 6*32+ 4) /*! OS Protection Keys Enable */
XEN_CPUFEATURE(AVX512_VBMI2, 6*32+ 6) /*A Additional AVX-512 Vector Byte Manipulation Instrs */
+XEN_CPUFEATURE(CET_SS, 6*32+ 7) /* CET - Shadow Stacks */
XEN_CPUFEATURE(GFNI, 6*32+ 8) /*A Galois Field Instrs */
XEN_CPUFEATURE(VAES, 6*32+ 9) /*A Vector AES Instrs */
XEN_CPUFEATURE(VPCLMULQDQ, 6*32+10) /*A Vector Carry-less Multiplication Instrs */
XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */
XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */
XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */
+XEN_CPUFEATURE(CET_IBT, 9*32+20) /* CET - Indirect Branch Tracking */
XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */
XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */
XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */
projects / xen.git / commitdiff