Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp120477rwe; Thu, 13 Apr 2023 23:29:14 -0700 (PDT) X-Google-Smtp-Source: AKy350YNv8eEtwo4IkpoyU2nI6mCQaNZI2DT3MAmpRpPe3TIvGi8AgWEMlFfi9QvE8U54MzUVc26 X-Received: by 2002:a05:6a20:a793:b0:d6:b44e:f635 with SMTP id bx19-20020a056a20a79300b000d6b44ef635mr4975672pzb.51.1681453754418; Thu, 13 Apr 2023 23:29:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681453754; cv=none; d=google.com; s=arc-20160816; b=HsZi9N6CcrqJeYDcsmmB+LhRq9egfWpis5Pdk7yiRSxNW/DFxklIn8dKnwTXs2Hj4o Kx/lbhajmOKhjpTSiBwNwWfDwfckuQVbLQ3XCRoxBehnQ/hZsWFynx5MxwwKhS6Jowmd G93nXQ7Sh95pZpIXom5H33u0sdToHC0QTW9574ylElcwD6paKn5Lo1T5RUlhWsz9EKZi YMRISJ8ycc+iJ3AQt/RTPm55xZso+t7rLb9IP7EveAhMVmThYvrzlEbRN/OhzDMyHNMp j2mS0HD2zOTrGuB9ZEZ5nIr4rV5pxefzjMepdYVd7N5wyfzZjeuSHitJ1qjX+97fchbY is9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IjgSnz46aATmWT6qGWLHbd9bg0ACqYxyI0Fr+vz1P9Q=; b=k+2SMD6xehaZRraZhngeRdyhIt1DSiL2oEEuMu0JVhb3m/gH0jInsiKUTk2DzkKcr9 VNudcklfSsom3b7n6Tpg9P3N5C13vNgNo1+3XRpFhja128zRKB3SaIJ7VY3uZttzhMhc Pi/XAEW26yQtSSBqfU+PpWC4aDzNHS6LOTn+24K1OqiIFTXOw4V0R3+eV9xyQlUi4kh6 rqPOMdHfaxX6Qc+HMZflbT6/3DzAG2z2w+aYE6AK+KKSy51JWaEmLC2LltmC+PqLfZ2o XWbW7SR9y08pWSG6SseHuWYLzaHKs6QasdYU3V34jgaWKEqD7eqM5u6tAutOpF6E25xu W44A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ir+rypxL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w17-20020a634751000000b0050c0cdce84asi3867358pgk.577.2023.04.13.23.29.03; Thu, 13 Apr 2023 23:29:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Ir+rypxL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbjDNG1q (ORCPT + 99 others); Fri, 14 Apr 2023 02:27:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229625AbjDNG1p (ORCPT ); Fri, 14 Apr 2023 02:27:45 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD6F66A59; Thu, 13 Apr 2023 23:27:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681453639; x=1712989639; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8sK+0MDZYXGtoHWYbzHrAKJFEM49kp0e7HluyJtG+4w=; b=Ir+rypxLbEwRCZHLfXnC1yZzW42Z36jWtSyyUM0yKJjPRLiz0BuMjSgg lAFOkSoGF9bsoqhg304VrbUuAGb8rkQZDtp3SBXbVB6kJ7Ym15Pc0VPfT p3tvGHxORqzbKKkZX3w1JzizH6CxIjG7iLtB0QnP0dxm4G/gGANsP/98Z lA6bfjFzZw0Hj9U62cRn7JNqJ4thiadNsF7JEZrZzcRvauGgkQb7sb8x9 Pm2UF/h6zWKHp34CcKeKvZdacPak1cYITPueBU2tNKc3KPLnChoCN7oDV iJmh1RSB7n1Pfa6R8Er0p4VYAly0gey2zLcxXb2giFyU581DlcPtf/6NJ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="341892780" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="341892780" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2023 23:26:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="935885911" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="935885911" Received: from spr.sh.intel.com ([10.239.53.106]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2023 23:26:22 -0700 From: Chao Gao To: kvm@vger.kernel.org Cc: Jiaan Lu , Pawan Gupta , Zhang Chen , Chao Gao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Babu Moger , Daniel Sneddon , Sandipan Das , Nikunj A Dadhania , Josh Poimboeuf , Kim Phillips , Alexandre Chartre , linux-kernel@vger.kernel.org Subject: [RFC PATCH v2 05/11] x86/bugs: Use Virtual MSRs to request hardware mitigations Date: Fri, 14 Apr 2023 14:25:26 +0800 Message-Id: <20230414062545.270178-6-chao.gao@intel.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230414062545.270178-1-chao.gao@intel.com> References: <20230414062545.270178-1-chao.gao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pawan Gupta Guests that have different family/model than the host may not be aware of hardware mitigations(such as RRSBA_DIS_S) available on host. This is particularly true when guests migrate. To solve this problem Intel processors have added a virtual MSR interface through which guests can report their mitigation status and request VMM to deploy relevant hardware mitigations. Use this virtualized MSR interface to request relevant hardware controls for retpoline mitigation. Signed-off-by: Pawan Gupta Co-developed-by: Zhang Chen Signed-off-by: Zhang Chen Signed-off-by: Chao Gao Tested-by: Jiaan Lu --- arch/x86/include/asm/msr-index.h | 25 +++++++++++++++++++++++++ arch/x86/kernel/cpu/bugs.c | 25 +++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 60b25d87b82c..aec213f0c6fc 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -166,6 +166,7 @@ * IA32_XAPIC_DISABLE_STATUS MSR * supported */ +#define ARCH_CAP_VIRTUAL_ENUM BIT_ULL(63) /* MSR_VIRTUAL_ENUMERATION supported */ #define MSR_IA32_FLUSH_CMD 0x0000010b #define L1D_FLUSH BIT(0) /* @@ -1103,6 +1104,30 @@ #define MSR_IA32_VMX_MISC_INTEL_PT (1ULL << 14) #define MSR_IA32_VMX_MISC_VMWRITE_SHADOW_RO_FIELDS (1ULL << 29) #define MSR_IA32_VMX_MISC_PREEMPTION_TIMER_SCALE 0x1F + +/* Intel virtual MSRs */ +#define MSR_VIRTUAL_ENUMERATION 0x50000000 +#define VIRT_ENUM_MITIGATION_CTRL_SUPPORT BIT(0) /* + * Mitigation ctrl via virtual + * MSRs supported + */ + +#define MSR_VIRTUAL_MITIGATION_ENUM 0x50000001 +#define MITI_ENUM_BHB_CLEAR_SEQ_S_SUPPORT BIT(0) /* VMM supports BHI_DIS_S */ +#define MITI_ENUM_RETPOLINE_S_SUPPORT BIT(1) /* VMM supports RRSBA_DIS_S */ + +#define MSR_VIRTUAL_MITIGATION_CTRL 0x50000002 +#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT 0 /* + * Request VMM to deploy + * BHI_DIS_S mitigation + */ +#define MITI_CTRL_BHB_CLEAR_SEQ_S_USED BIT(MITI_CTRL_BHB_CLEAR_SEQ_S_USED_BIT) +#define MITI_CTRL_RETPOLINE_S_USED_BIT 1 /* + * Request VMM to deploy + * RRSBA_DIS_S mitigation + */ +#define MITI_CTRL_RETPOLINE_S_USED BIT(MITI_CTRL_RETPOLINE_S_USED_BIT) + /* AMD-V MSRs */ #define MSR_VM_CR 0xc0010114 diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index f9d060e71c3e..5326c03d9d5e 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1435,6 +1435,27 @@ static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_ dump_stack(); } +/* Speculation control using virtualized MSRs */ +static void spec_ctrl_setup_virtualized_msr(void) +{ + u64 msr_virt_enum, msr_mitigation_enum; + + /* When retpoline is being used, request relevant hardware controls */ + if (!boot_cpu_has(X86_FEATURE_RETPOLINE)) + return; + + if (!(x86_read_arch_cap_msr() & ARCH_CAP_VIRTUAL_ENUM)) + return; + + rdmsrl(MSR_VIRTUAL_ENUMERATION, msr_virt_enum); + if (!(msr_virt_enum & VIRT_ENUM_MITIGATION_CTRL_SUPPORT)) + return; + + rdmsrl(MSR_VIRTUAL_MITIGATION_ENUM, msr_mitigation_enum); + if (msr_mitigation_enum & MITI_ENUM_RETPOLINE_S_SUPPORT) + msr_set_bit(MSR_VIRTUAL_MITIGATION_CTRL, MITI_CTRL_RETPOLINE_S_USED_BIT); +} + static void __init spectre_v2_select_mitigation(void) { enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); @@ -1546,6 +1567,8 @@ static void __init spectre_v2_select_mitigation(void) mode == SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); + spec_ctrl_setup_virtualized_msr(); + spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); @@ -2115,6 +2138,8 @@ void x86_spec_ctrl_setup_ap(void) if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) x86_amd_ssb_disable(); + + spec_ctrl_setup_virtualized_msr(); } bool itlb_multihit_kvm_mitigation; -- 2.40.0