[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 1/3] amd/msr: implement VIRT_SPEC_CTRL for HVM guests on top of SPEC_CTRL
Use the logic to set shadow SPEC_CTRL values in order to implement support for VIRT_SPEC_CTRL (signaled by VIRT_SSBD CPUID flag) for HVM guests. This includes using the spec_ctrl vCPU MSR variable to store the guest set value of VIRT_SPEC_CTRL.SSBD. Note that VIRT_SSBD is only set in the HVM max CPUID policy, as the default should be to expose SPEC_CTRL only and support VIRT_SPEC_CTRL for migration compatibility. Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- docs/misc/xen-command-line.pandoc | 5 +++-- xen/arch/x86/cpuid.c | 7 +++++++ xen/arch/x86/hvm/hvm.c | 1 + xen/arch/x86/include/asm/msr.h | 6 +++++- xen/arch/x86/msr.c | 15 +++++++++++++++ xen/arch/x86/spec_ctrl.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 7 files changed, 34 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 6b3da6ddc1..081e10f80b 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2273,8 +2273,9 @@ to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. * `msr-sc=` offers control over Xen's support for manipulating `MSR_SPEC_CTRL` - on entry and exit. These blocks are necessary to virtualise support for - guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. + and/or `MSR_VIRT_SPEC_CTRL` on entry and exit. These blocks are necessary to + virtualise support for guests and if disabled, guests will be unable to use + IBRS/STIBP/SSBD/etc. * `rsb=` offers control over whether to overwrite the Return Stack Buffer / Return Address Stack on entry to Xen. * `md-clear=` offers control over whether to use VERW to flush diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index e24dd283e7..29b4cfc9e6 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -543,6 +543,13 @@ static void __init calculate_hvm_max_policy(void) __clear_bit(X86_FEATURE_IBRSB, hvm_featureset); __clear_bit(X86_FEATURE_IBRS, hvm_featureset); } + else + /* + * If SPEC_CTRL is available VIRT_SPEC_CTRL can also be implemented as + * it's a subset of the controls exposed in SPEC_CTRL (SSBD only). + * Expose in the max policy for compatibility migration. + */ + __set_bit(X86_FEATURE_VIRT_SSBD, hvm_featureset); /* * With VT-x, some features are only supported by Xen if dedicated diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index c4ddb8607d..3400c9299c 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1332,6 +1332,7 @@ static const uint32_t msrs_to_send[] = { MSR_INTEL_MISC_FEATURES_ENABLES, MSR_IA32_BNDCFGS, MSR_IA32_XSS, + MSR_VIRT_SPEC_CTRL, MSR_AMD64_DR0_ADDRESS_MASK, MSR_AMD64_DR1_ADDRESS_MASK, MSR_AMD64_DR2_ADDRESS_MASK, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index ce4fe51afe..98f6b79e09 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -291,6 +291,7 @@ struct vcpu_msrs { /* * 0x00000048 - MSR_SPEC_CTRL + * 0xc001011f - MSR_VIRT_SPEC_CTRL * * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. @@ -301,7 +302,10 @@ struct vcpu_msrs * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the * host and guest value, which allows Xen to set protections behind the - * guest's back. + * guest's back. Use such functionality in order to implement support for + * VIRT_SPEC_CTRL as a shadow value of SPEC_CTRL and thus store the value + * of VIRT_SPEC_CTRL in this field, taking advantage of both MSRs having + * compatible layouts. * * We must clear/restore Xen's value before/after VMRUN to avoid unduly * influencing the guest. In order to support "behind the guest's back" diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 4ac5b5a048..aa74cfde6c 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -381,6 +381,13 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) ? K8_HWCR_TSC_FREQ_SEL : 0; break; + case MSR_VIRT_SPEC_CTRL: + if ( !cp->extd.virt_ssbd ) + goto gp_fault; + + *val = msrs->spec_ctrl.raw & SPEC_CTRL_SSBD; + break; + case MSR_AMD64_DE_CFG: if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) goto gp_fault; @@ -666,6 +673,14 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) wrmsr_tsc_aux(val); break; + case MSR_VIRT_SPEC_CTRL: + if ( !cp->extd.virt_ssbd ) + goto gp_fault; + + /* Only supports SSBD bit, the rest are ignored. */ + msrs->spec_ctrl.raw = val & SPEC_CTRL_SSBD; + break; + case MSR_AMD64_DE_CFG: /* * OpenBSD 6.7 will panic if writing to DE_CFG triggers a #GP: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ee862089b7..64b154b2d3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -395,12 +395,13 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_MD_CLEAR) || opt_eager_fpu) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", + boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_VIRT_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", boot_cpu_has(X86_FEATURE_MD_CLEAR) ? " MD_CLEAR" : ""); diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 957df23b65..b9ab878ec1 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -265,7 +265,7 @@ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ -XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ +XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /*!s MSR_VIRT_SPEC_CTRL.SSBD */ XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ -- 2.34.1
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |