From df0421d0368ba545f37b07c08b13591540227dcc Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Tue, 17 Apr 2018 14:15:04 +0100 Subject: [PATCH] x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES together Currently, the SPEC_CTRL_{ENTRY,EXIT}_* macros encode Xen's choice of MSR_SPEC_CTRL as an immediate constant, and chooses between IBRS or not by doubling up the entire alternative block. There is now a variable holding Xen's choice of value, so use that and simplify the alternatives. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Jan Beulich Release-acked-by: Juergen Gross (cherry picked from commit af949407eaba7af71067f23d5866cd0bf1f1144d) --- xen/arch/x86/spec_ctrl.c | 12 +++++----- xen/include/asm-x86/cpufeatures.h | 3 +-- xen/include/asm-x86/nops.h | 3 ++- xen/include/asm-x86/spec_ctrl.h | 6 ++--- xen/include/asm-x86/spec_ctrl_asm.h | 45 +++++++++++++------------------------ 5 files changed, 26 insertions(+), 43 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2d69910..b62cfcc 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -112,8 +112,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - boot_cpu_has(X86_FEATURE_XEN_IBRS_SET) ? " IBRS+" : - boot_cpu_has(X86_FEATURE_XEN_IBRS_CLEAR) ? " IBRS-" : "", + boot_cpu_has(X86_FEATURE_SC_MSR) ? + default_xen_spec_ctrl & SPEC_CTRL_IBRS ? " IBRS+" : + " IBRS-" : "", opt_ibpb ? " IBPB" : "", boot_cpu_has(X86_FEATURE_RSB_NATIVE) ? " RSB_NATIVE" : "", boot_cpu_has(X86_FEATURE_RSB_VMEXIT) ? " RSB_VMEXIT" : ""); @@ -285,13 +286,10 @@ void __init init_speculation_mitigations(void) * need the IBRS entry/exit logic to virtualise IBRS support for * guests. */ + setup_force_cpu_cap(X86_FEATURE_SC_MSR); + if ( ibrs ) - { default_xen_spec_ctrl |= SPEC_CTRL_IBRS; - setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_SET); - } - else - setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_CLEAR); default_spec_ctrl_flags |= SCF_ist_wrmsr; } diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 84d5c5b..6119bab 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -28,8 +28,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, (FSCAPINTS+0)*32+14) /* lfence set as Dispatch S XEN_CPUFEATURE(IND_THUNK_LFENCE,(FSCAPINTS+0)*32+15) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, (FSCAPINTS+0)*32+16) /* Use IND_THUNK_JMP */ XEN_CPUFEATURE(XEN_IBPB, (FSCAPINTS+0)*32+17) /* IBRSB || IBPB */ -XEN_CPUFEATURE(XEN_IBRS_SET, (FSCAPINTS+0)*32+18) /* IBRSB && IRBS set in Xen */ -XEN_CPUFEATURE(XEN_IBRS_CLEAR, (FSCAPINTS+0)*32+19) /* IBRSB && IBRS clear in Xen */ +XEN_CPUFEATURE(SC_MSR, (FSCAPINTS+0)*32+18) /* MSR_SPEC_CTRL used by Xen */ XEN_CPUFEATURE(RSB_NATIVE, (FSCAPINTS+0)*32+20) /* RSB overwrite needed for native */ XEN_CPUFEATURE(RSB_VMEXIT, (FSCAPINTS+0)*32+21) /* RSB overwrite needed for vmexit */ XEN_CPUFEATURE(NO_XPTI, (FSCAPINTS+0)*32+22) /* XPTI mitigation not in use */ diff --git a/xen/include/asm-x86/nops.h b/xen/include/asm-x86/nops.h index b744895..913e9f0 100644 --- a/xen/include/asm-x86/nops.h +++ b/xen/include/asm-x86/nops.h @@ -62,9 +62,10 @@ #define ASM_NOP8 _ASM_MK_NOP(K8_NOP8) #define ASM_NOP17 ASM_NOP8; ASM_NOP7; ASM_NOP2 -#define ASM_NOP22 ASM_NOP8; ASM_NOP8; ASM_NOP6 #define ASM_NOP24 ASM_NOP8; ASM_NOP8; ASM_NOP8 +#define ASM_NOP25 ASM_NOP8; ASM_NOP8; ASM_NOP7; ASM_NOP2 #define ASM_NOP33 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP7; ASM_NOP2 +#define ASM_NOP36 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP4 #define ASM_NOP40 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8 #define ASM_NOP_MAX 8 diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 059e291..7d7c42e 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -52,14 +52,14 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) barrier(); info->spec_ctrl_flags |= SCF_use_shadow; barrier(); - asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_XEN_IBRS_SET) + asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_SC_MSR) :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0) : "memory" ); } /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) { - uint32_t val = SPEC_CTRL_IBRS; + uint32_t val = info->xen_spec_ctrl; /* * Disable shadowing before updating the MSR. There are no SMP issues @@ -67,7 +67,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) */ info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); - asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_XEN_IBRS_SET) + asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_SC_MSR) :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0) : "memory" ); } diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 582403a..941aeb7 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -117,7 +117,7 @@ mov %\tmp, %rsp /* Restore old %rsp */ .endm -.macro DO_SPEC_CTRL_ENTRY_FROM_VMEXIT ibrs_val:req +.macro DO_SPEC_CTRL_ENTRY_FROM_VMEXIT /* * Requires %rbx=current, %rsp=regs/cpuinfo * Clobbers %rax, %rcx, %rdx @@ -137,11 +137,11 @@ andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) /* Load Xen's intended value. */ - mov $\ibrs_val, %eax + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax wrmsr .endm -.macro DO_SPEC_CTRL_ENTRY maybexen:req ibrs_val:req +.macro DO_SPEC_CTRL_ENTRY maybexen:req /* * Requires %rsp=regs (also cpuinfo if !maybexen) * Requires %r14=stack_end (if maybexen) @@ -166,12 +166,12 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif - /* Load Xen's intended value. */ - mov $\ibrs_val, %eax wrmsr .endm @@ -219,47 +219,32 @@ #define SPEC_CTRL_ENTRY_FROM_VMEXIT \ ALTERNATIVE __stringify(ASM_NOP40), \ DO_OVERWRITE_RSB, X86_FEATURE_RSB_VMEXIT; \ - ALTERNATIVE_2 __stringify(ASM_NOP33), \ - __stringify(DO_SPEC_CTRL_ENTRY_FROM_VMEXIT \ - ibrs_val=SPEC_CTRL_IBRS), \ - X86_FEATURE_XEN_IBRS_SET, \ - __stringify(DO_SPEC_CTRL_ENTRY_FROM_VMEXIT \ - ibrs_val=0), \ - X86_FEATURE_XEN_IBRS_CLEAR + ALTERNATIVE __stringify(ASM_NOP36), \ + DO_SPEC_CTRL_ENTRY_FROM_VMEXIT, X86_FEATURE_SC_MSR /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */ #define SPEC_CTRL_ENTRY_FROM_PV \ ALTERNATIVE __stringify(ASM_NOP40), \ DO_OVERWRITE_RSB, X86_FEATURE_RSB_NATIVE; \ - ALTERNATIVE_2 __stringify(ASM_NOP22), \ - __stringify(DO_SPEC_CTRL_ENTRY maybexen=0 \ - ibrs_val=SPEC_CTRL_IBRS), \ - X86_FEATURE_XEN_IBRS_SET, \ - __stringify(DO_SPEC_CTRL_ENTRY maybexen=0 ibrs_val=0), \ - X86_FEATURE_XEN_IBRS_CLEAR + ALTERNATIVE __stringify(ASM_NOP25), \ + __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), X86_FEATURE_SC_MSR /* Use in interrupt/exception context. May interrupt Xen or PV context. */ #define SPEC_CTRL_ENTRY_FROM_INTR \ ALTERNATIVE __stringify(ASM_NOP40), \ DO_OVERWRITE_RSB, X86_FEATURE_RSB_NATIVE; \ - ALTERNATIVE_2 __stringify(ASM_NOP33), \ - __stringify(DO_SPEC_CTRL_ENTRY maybexen=1 \ - ibrs_val=SPEC_CTRL_IBRS), \ - X86_FEATURE_XEN_IBRS_SET, \ - __stringify(DO_SPEC_CTRL_ENTRY maybexen=1 ibrs_val=0), \ - X86_FEATURE_XEN_IBRS_CLEAR + ALTERNATIVE __stringify(ASM_NOP33), \ + __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), X86_FEATURE_SC_MSR /* Use when exiting to Xen context. */ #define SPEC_CTRL_EXIT_TO_XEN \ - ALTERNATIVE_2 __stringify(ASM_NOP17), \ - DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_XEN_IBRS_SET, \ - DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_XEN_IBRS_CLEAR + ALTERNATIVE __stringify(ASM_NOP17), \ + DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_SC_MSR /* Use when exiting to guest context. */ #define SPEC_CTRL_EXIT_TO_GUEST \ - ALTERNATIVE_2 __stringify(ASM_NOP24), \ - DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_XEN_IBRS_SET, \ - DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_XEN_IBRS_CLEAR + ALTERNATIVE __stringify(ASM_NOP24), \ + DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR /* TODO: Drop these when the alternatives infrastructure is NMI/#MC safe. */ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST -- 2.1.4