|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.9] x86/msr: Virtualise MSR_FLUSH_CMD for guests
commit fd86a3c856108b6401c1fc12084fc41e18268956
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Apr 13 15:34:01 2018 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Aug 14 17:20:01 2018 +0100
x86/msr: Virtualise MSR_FLUSH_CMD for guests
Guests (outside of the nested virt case, which isn't supported yet) don't
need
L1D_FLUSH for their L1TF mitigations, but offering/emulating MSR_FLUSH_CMD
is
easy and doesn't pose an issue for Xen.
The MSR is offered to HVM guests only. PV guests attempting to use it would
trap for emulation, and the L1D cache would fill long before the return to
guest context. As such, PV guests can't make any use of the L1D_FLUSH
functionality.
This is part of XSA-273 / CVE-2018-3646.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
(cherry picked from commit fd9823faf9df057a69a9a53c2e100691d3f4267c)
---
xen/arch/x86/domctl.c | 3 ++-
xen/arch/x86/hvm/hvm.c | 11 +++++++++++
xen/arch/x86/hvm/vmx/vmx.c | 6 ++++++
xen/arch/x86/traps.c | 11 +++++++++++
xen/include/public/arch-x86/cpufeatureset.h | 2 +-
5 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 61ed9540d3..e560010ec4 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -226,7 +226,8 @@ static int update_domain_cpuid_info(struct domain *d,
*/
call_policy_changed = (is_hvm_domain(d) &&
((old_7d0 ^ p->feat.raw[0].d) &
- cpufeat_mask(X86_FEATURE_IBRSB)));
+ (cpufeat_mask(X86_FEATURE_IBRSB) |
+ cpufeat_mask(X86_FEATURE_L1D_FLUSH))));
break;
case 0xa:
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 9f2ecbb9c6..a1e07c62b4 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3427,6 +3427,7 @@ int hvm_msr_read_intercept(unsigned int msr, uint64_t
*msr_content)
case MSR_AMD_PATCHLOADER:
case MSR_IA32_UCODE_WRITE:
case MSR_PRED_CMD:
+ case MSR_FLUSH_CMD:
/* Write-only */
goto gp_fault;
@@ -3638,6 +3639,16 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t
msr_content,
wrmsrl(MSR_PRED_CMD, msr_content);
break;
+ case MSR_FLUSH_CMD:
+ if ( !d->arch.cpuid->feat.l1d_flush )
+ goto gp_fault; /* MSR available? */
+
+ if ( msr_content & ~FLUSH_CMD_L1D )
+ goto gp_fault; /* Rsvd bit set? */
+
+ wrmsrl(MSR_FLUSH_CMD, msr_content);
+ break;
+
case MSR_ARCH_CAPABILITIES:
/* Read-only */
goto gp_fault;
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index be3d1a1620..7e509b0392 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -681,6 +681,12 @@ static void vmx_cpuid_policy_changed(struct vcpu *v)
vmx_disable_intercept_for_msr(v, MSR_PRED_CMD, MSR_TYPE_R |
MSR_TYPE_W);
else
vmx_enable_intercept_for_msr(v, MSR_PRED_CMD, MSR_TYPE_R | MSR_TYPE_W);
+
+ /* MSR_FLUSH_CMD is safe to pass through if the guest knows about it. */
+ if ( cp->feat.l1d_flush )
+ vmx_disable_intercept_for_msr(v, MSR_FLUSH_CMD, MSR_TYPE_R |
MSR_TYPE_W);
+ else
+ vmx_enable_intercept_for_msr(v, MSR_FLUSH_CMD, MSR_TYPE_R |
MSR_TYPE_W);
}
int vmx_guest_x86_mode(struct vcpu *v)
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 3082f8b665..fec5e5596c 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2626,6 +2626,7 @@ static int priv_op_read_msr(unsigned int reg, uint64_t
*val,
return X86EMUL_OKAY;
case MSR_PRED_CMD:
+ case MSR_FLUSH_CMD:
/* Write-only */
break;
@@ -2876,6 +2877,16 @@ static int priv_op_write_msr(unsigned int reg, uint64_t
val,
wrmsrl(MSR_PRED_CMD, val);
return X86EMUL_OKAY;
+ case MSR_FLUSH_CMD:
+ if ( !currd->arch.cpuid->feat.l1d_flush )
+ break; /* MSR available? */
+
+ if ( val & ~FLUSH_CMD_L1D )
+ break; /* Rsvd bit set? */
+
+ wrmsrl(MSR_FLUSH_CMD, val);
+ return X86EMUL_OKAY;
+
case MSR_INTEL_MISC_FEATURES_ENABLES:
if ( !boot_cpu_has(X86_FEATURE_MSR_MISC_FEATURES) ||
(val & ~MSR_MISC_FEATURES_CPUID_FAULTING) )
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index e229695ede..e1a2c4e110 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -243,7 +243,7 @@ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural
Network Instructions *
XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation
Single Precision */
XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by
Intel) */
XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */
-XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /* MSR_FLUSH_CMD and L1D flush. */
+XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */
XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /* IA32_ARCH_CAPABILITIES MSR */
XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.9
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |