Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4452810rwb; Sat, 10 Dec 2022 08:33:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf4IDIOCA6DUBZjK6NyOFWew3PAJ721gd+JyTkS++L81u2/NQ5lTOSL5n8rIF5uTVdNFxo39 X-Received: by 2002:a17:902:8605:b0:186:ab03:45d with SMTP id f5-20020a170902860500b00186ab03045dmr8803362plo.47.1670690007356; Sat, 10 Dec 2022 08:33:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670690007; cv=none; d=google.com; s=arc-20160816; b=azJXoSB6EXnfVjJ6ACDjKk7YDKUNPrSR9ZgffPCMLM0u+stvmw0A3XIa0+TGNE79sR yeVof5uizh+pNpW6boxkv7Sxz/NeIjPzWnsPFX00VZ/pAYf91osE5pGuhO8Zfjyi/cKC dbZ1kAVcBAPEkTtDF3YTTqdZ5ALF1ZfhojU0UquR0f/tQYfOndmQHO4gWBvMDPmPtr1S zBj2+DUQcuE3b68RKnn+2mOliuUqZvN5b8LkZ4TMFxAoakTIN6dfK46lDiAAtmvkqMtx KIOcLYahtFBTK8Ga4VXU/hSTAtYZ2KrQ3XdwbJ3igWbi9+LMXZcbU5+H5cB3bMqtQ/IX 45xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WeIAtXNjMxf65P1m22AYwod+7JRwTDh/nz6Aa9B3mOo=; b=vc0+0BLPBHyTOmN+G1mH5u1C3edLHRyNQQDfJFLfMdKG6YrV2YUYXFoDKQBpr7N2j7 ZjGir+zDhLdOK+KGP9nnSN55p/Lf4fIs3kZ8WCwk86Uz+iA4ojkMnpRSm+saJkMl+zmK YqeHocL8ZO4LBTXzgztvbQb1AZ5EfqU33P9ZzR818fTA6qktv2zQzNIZfHT5YmBEeINE LgWXkLWRSZUZsR1ToEnn6wf62Wt9DU0Rnzd41gq++6+UEq34ByisAkHYnF7Vz3WMeRkN AA67giM5vGjRBPwIQcj/2XJA8wXAGUGNrr843Q7mz8YpZivuDpDABtiVX10r040XX54o 3uhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Im0/8lsq"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q5-20020a170902bd8500b001895a1d382dsi4274686pls.451.2022.12.10.08.33.17; Sat, 10 Dec 2022 08:33:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Im0/8lsq"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230028AbiLJQTa (ORCPT + 74 others); Sat, 10 Dec 2022 11:19:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229886AbiLJQTJ (ORCPT ); Sat, 10 Dec 2022 11:19:09 -0500 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 344871A050; Sat, 10 Dec 2022 08:19:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670689145; x=1702225145; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jLpGaEw8EehKip+aIeniq8E5bkTFoFrT23Jq8paNNGU=; b=Im0/8lsqx9qlnItz+qS5iKZdgujFqRwtcssjn1Nv5Ms8/9qLoI+FRCHZ 9Ejnf6+53OT+phwkPGiiZeT75kwvds0c9DJEd+Qs2BVNYvM9hcnLlXMXo qtR529ONAYnfrL3QUQT1gm0DFpRtIX5RnXW4nwaCvlJcowodtMkCYkHgr BK5FB947LADI0pKd9n9jJYEzc/Faujl5xYkJZdcymuDkGqNhmIQHfka2Q QC+HZ9epBg+fTlNVvsQMVUGXxPvXgTzWz+CYE41uN+X0wIeSTySA4etfE T1viK5IXbcbQw5APrJ7GRqWMyY3dxL1EEehiQkk3A/kmb9pxY5W9u9WsE g==; X-IronPort-AV: E=McAfee;i="6500,9779,10557"; a="318780466" X-IronPort-AV: E=Sophos;i="5.96,234,1665471600"; d="scan'208";a="318780466" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2022 08:19:04 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10557"; a="711208667" X-IronPort-AV: E=Sophos;i="5.96,234,1665471600"; d="scan'208";a="711208667" Received: from unknown (HELO localhost.localdomain) ([10.239.161.133]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Dec 2022 08:19:01 -0800 From: Zhang Chen To: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Zhang Chen , Chao Gao , Pawan Gupta , Paolo Bonzini , Sean Christopherson , "H. Peter Anvin" , Dave Hansen , Borislav Petkov , Ingo Molnar , Thomas Gleixner Subject: [RFC PATCH 5/9] x86/bugs: Use Virtual MSRs to request hardware mitigations Date: Sun, 11 Dec 2022 00:00:42 +0800 Message-Id: <20221210160046.2608762-6-chen.zhang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221210160046.2608762-1-chen.zhang@intel.com> References: <20221210160046.2608762-1-chen.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pawan Gupta Guests that have different family/model than the host may not be aware of hardware mitigations(such as RRSBA_DIS_S) available on host. This is particularly true when guests migrate. To solve this problem Intel processors have added a virtual MSR interface through which guests can report their mitigation status and request VMM to deploy relevant hardware mitigations. Use this virtualized MSR interface to request relevant hardware controls for retpoline mitigation. Signed-off-by: Pawan Gupta --- arch/x86/include/asm/msr-index.h | 23 +++++++++++++++++++++++ arch/x86/kernel/cpu/bugs.c | 24 ++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 1143ac9400c3..1166b472377c 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -165,6 +165,7 @@ * IA32_XAPIC_DISABLE_STATUS MSR * supported */ +#define ARCH_CAP_VIRTUAL_ENUM BIT(63) /* MSR_VIRTUAL_ENUMERATION supported */ #define MSR_IA32_FLUSH_CMD 0x0000010b #define L1D_FLUSH BIT(0) /* @@ -1062,6 +1063,28 @@ #define MSR_IA32_VMX_MISC_INTEL_PT (1ULL << 14) #define MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS (1ULL << 29) #define MSR_IA32_VMX_MISC_PREEMPTION_TIMER_SCALE 0x1F + +/* Intel virtual MSRs */ +#define MSR_VIRTUAL_ENUMERATION 0x50000000 +#define VIRT_ENUM_MITIGATION_CTRL_SUPPORT BIT(0) /* + * Mitigation ctrl via virtual + * MSRs supported + */ + +#define MSR_VIRTUAL_MITIGATION_ENUM 0x50000001 +#define MITI_ENUM_BHB_CLEAR_SEQ_S_SUPPORT BIT(0) /* VMM supports BHI_DIS_S */ +#define MITI_ENUM_RETPOLINE_S_SUPPORT BIT(1) /* VMM supports RRSBA_DIS_S */ + +#define MSR_VIRTUAL_MITIGATION_CTRL 0x50000002 +#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED BIT(0) /* + * Request VMM to deploy + * BHI_DIS_S mitigation + */ +#define MITI_CTRL_RETPOLINE_S_USED BIT(1) /* + * Request VMM to deploy + * RRSBA_DIS_S mitigation + */ + /* AMD-V MSRs */ #define MSR_VM_CR 0xc0010114 diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3e3230cccaa7..a9e869f568ee 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1379,6 +1379,28 @@ static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_ dump_stack(); } +/* Speculation control using virtualized MSRs */ +static void __init spec_ctrl_setup_virtualized_msr(void) +{ + u64 msr_virt_enum, msr_mitigation_enum, msr_mitigation_ctrl; + + if (!(x86_read_arch_cap_msr() & ARCH_CAP_VIRTUAL_ENUM)) + return; + + rdmsrl(MSR_VIRTUAL_ENUMERATION, msr_virt_enum); + if (!(msr_virt_enum & VIRT_ENUM_MITIGATION_CTRL_SUPPORT)) + return; + + rdmsrl(MSR_VIRTUAL_MITIGATION_ENUM, msr_mitigation_enum); + /* When retpoline is being used, request relevant hardware controls */ + if (boot_cpu_has(X86_FEATURE_RETPOLINE) && + msr_mitigation_enum & MITI_ENUM_RETPOLINE_S_SUPPORT) { + rdmsrl(MSR_VIRTUAL_MITIGATION_CTRL, msr_mitigation_ctrl); + msr_mitigation_ctrl |= MITI_CTRL_RETPOLINE_S_USED; + wrmsrl(MSR_VIRTUAL_MITIGATION_CTRL, msr_mitigation_ctrl); + } +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); @@ -1485,6 +1507,8 @@ static void __init spectre_v2_select_mitigation(void) mode == SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); + spec_ctrl_setup_virtualized_msr(); + spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); -- 2.25.1