From 73d4d1e5399fee57c4c903bc3068729c5d12f935 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Tue, 1 May 2018 11:59:03 +0100 Subject: [PATCH] x86/cpuid: Improvements to guest policies for speculative sidechannel features If Xen isn't virtualising MSR_SPEC_CTRL for guests, IBRSB shouldn't be advertised. It is not currently possible to express this via the existing command line options, but such an ability will be introduced. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Jan Beulich Release-acked-by: Juergen Gross (cherry picked from commit cb06b308ec71b23f37a44f5e2351fe2cae0306e9) --- xen/arch/x86/hvm/hvm.c | 3 +++ xen/arch/x86/traps.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 78f44c5..67f75b9 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4624,6 +4624,9 @@ void hvm_cpuid(unsigned int input, unsigned int *eax, unsigned int *ebx, if ( count == 0 ) { + if ( !boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ) + *edx &= ~cpufeat_mask(X86_FEATURE_IBRSB); + /* * Override STIBP to match IBRS. Guests can safely use STIBP * functionality on non-HT hardware, but can't necesserily protect diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index c23f4c0..75d41b1 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -879,6 +879,9 @@ void pv_cpuid(struct cpu_user_regs *regs) case 0x00000007: if ( regs->_ecx == 0 ) { + if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + d &= ~cpufeat_mask(X86_FEATURE_IBRSB); + /* * Override STIBP to match IBRS. Guests can safely use STIBP * functionality on non-HT hardware, but can't necesserily protect @@ -966,7 +969,8 @@ void pv_cpuid(struct cpu_user_regs *regs) cpufeat_mask(X86_FEATURE_ADX) | cpufeat_mask(X86_FEATURE_FSGSBASE)); - d &= cpufeat_mask(X86_FEATURE_IBRSB); + if ( !boot_cpu_has(X86_FEATURE_SC_MSR_PV) ) + d &= ~cpufeat_mask(X86_FEATURE_IBRSB); /* Override STIBP to match IBRS (see above). */ if ( d & cpufeat_mask(X86_FEATURE_IBRSB) ) -- 2.1.4