File 5afc13ae-9-x86-cpuid-improve-guest-policies-for... of Package xen.7653

Overview Repositories Revisions Requests Users Attributes Meta

File 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch of Package xen.7653

# Commit cb06b308ec71b23f37a44f5e2351fe2cae0306e9
# Date 2018-05-16 12:19:10 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/cpuid: Improvements to guest policies for speculative sidechannel features

If Xen isn't virtualising MSR_SPEC_CTRL for guests, IBRSB shouldn't be
advertised.  It is not currently possible to express this via the existing
command line options, but such an ability will be introduced.

Another useful option in some usecases is to offer IBPB without IBRS.  When a
guest kernel is known to be compatible (uses retpoline and knows about the AMD
IBPB feature bit), an administrator with pre-Skylake hardware may wish to hide
IBRS.  This allows the VM to have full protection, without Xen or the VM
needing to touch MSR_SPEC_CTRL, which can reduce the overhead of Spectre
mitigations.

Break the logic common to both PV and HVM CPUID calculations into a common
helper, to avoid duplication.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4366,6 +4366,9 @@ void hvm_cpuid(unsigned int input, unsig
 
         if ( count == 0 )
         {
+            if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) )
+                *edx &= ~cpufeat_mask(X86_FEATURE_IBRSB);
+
             /*
              * Override STIBP to match IBRS.  Guests can safely use STIBP
              * functionality on non-HT hardware, but can't necesserily protect
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -813,6 +813,9 @@ void pv_cpuid(struct cpu_user_regs *regs
         case 0x00000007:
             if ( regs->_ecx == 0 )
             {
+                if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) )
+                    d &= ~cpufeat_mask(X86_FEATURE_IBRSB);
+
                 /*
                  * Override STIBP to match IBRS.  Guests can safely use STIBP
                  * functionality on non-HT hardware, but can't necesserily protect
@@ -903,7 +906,8 @@ void pv_cpuid(struct cpu_user_regs *regs
                   cpufeat_mask(X86_FEATURE_ADX)  |
                   cpufeat_mask(X86_FEATURE_FSGSBASE));
 
-            d &= cpufeat_mask(X86_FEATURE_IBRSB);
+            if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) )
+                d &= ~cpufeat_mask(X86_FEATURE_IBRSB);
 
             /* Override STIBP to match IBRS (see above). */
             if ( d & cpufeat_mask(X86_FEATURE_IBRSB) )

Places

File 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch of Package xen.7653

Places