| Message ID | 20230530135854.1517-2-alejandro.vallejo@cloud.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add Automatic IBRS support | expand |
On 30/05/2023 2:58 pm, Alejandro Vallejo wrote: > This is an AMD feature to reduce the IBRS handling overhead. Once enabled, > processes running at CPL=0 are automatically IBRS-protected even if > SPEC_CTRL.IBRS is not set. Furthermore, the RAS/RSB is cleared on VMEXIT. > > The feature is exposed in CPUID and toggled in EFER. > > Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>, but... > diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h > index 777041425e..3ac144100e 100644 > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -287,6 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA Instructions */ > /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ > XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ > XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ > +XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /* HW can handle IBRS on its own */ ... I've changed this on commit to just "Automatic IBRS". The behaviour is more far complicated than this, and anyone who wants to know needs to read the manual extra carefully. For one, there's a behaviour which depends on whether SEV-SNP was enabled in firmware... ~Andrew
On Tue, May 30, 2023 at 06:29:14PM +0100, Andrew Cooper wrote: > ... I've changed this on commit to just "Automatic IBRS". The behaviour > is more far complicated than this, and anyone who wants to know needs to > read the manual extra carefully. > > For one, there's a behaviour which depends on whether SEV-SNP was > enabled in firmware... > > ~Andrew Ack. Alejandro
diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c index cca0f19d93..f5ce9f9795 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c @@ -317,6 +317,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"lfence+", 0x80000021, NA, CPUID_REG_EAX, 2, 1}, {"nscb", 0x80000021, NA, CPUID_REG_EAX, 6, 1}, + {"auto-ibrs", 0x80000021, NA, CPUID_REG_EAX, 8, 1}, {"cpuid-user-dis", 0x80000021, NA, CPUID_REG_EAX, 17, 1}, {"maxhvleaf", 0x40000000, NA, CPUID_REG_EAX, 0, 8}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 5d0c64a45f..c65d9e01bf 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -199,6 +199,7 @@ static const char *const str_e21a[32] = { [ 2] = "lfence+", [ 6] = "nscb", + [ 8] = "auto-ibrs", /* 16 */ [17] = "cpuid-user-dis", }; diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 50235f098d..ace31e3b1f 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -161,6 +161,7 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD) #define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD) #define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO) +#define cpu_has_auto_ibrs boot_cpu_has(X86_FEATURE_AUTO_IBRS) /* CPUID level 0x00000007:0.edx */ #define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 082fb2e0d9..73d0af2615 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -175,6 +175,7 @@ #define EFER_NXE (_AC(1, ULL) << 11) /* No Execute Enable */ #define EFER_SVME (_AC(1, ULL) << 12) /* Secure Virtual Machine Enable */ #define EFER_FFXSE (_AC(1, ULL) << 14) /* Fast FXSAVE/FXRSTOR */ +#define EFER_AIBRSE (_AC(1, ULL) << 21) /* Automatic IBRS Enable */ #define EFER_KNOWN_MASK \ (EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 777041425e..3ac144100e 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -287,6 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ +XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /* HW can handle IBRS on its own */ XEN_CPUFEATURE(CPUID_USER_DIS, 11*32+17) /* CPUID disable for CPL > 0 software */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ebx, word 12 */
This is an AMD feature to reduce the IBRS handling overhead. Once enabled, processes running at CPL=0 are automatically IBRS-protected even if SPEC_CTRL.IBRS is not set. Furthermore, the RAS/RSB is cleared on VMEXIT. The feature is exposed in CPUID and toggled in EFER. Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com> --- v2: * Renamed AUTOMATIC -> AUTO * Newline removal in xen-cpuid.c --- tools/libs/light/libxl_cpuid.c | 1 + tools/misc/xen-cpuid.c | 1 + xen/arch/x86/include/asm/cpufeature.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + 5 files changed, 5 insertions(+)