From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>
Subject: [Qemu-devel] [PATCH 43/99] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)
Date: Mon, 23 Jul 2018 15:16:52 -0500 [thread overview]
Message-ID: <20180723201748.25573-44-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180723201748.25573-1-mdroth@linux.vnet.ibm.com>
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
"Some AMD processors only support a non-architectural means of enabling
speculative store bypass disable (SSBD). To allow a simplified view of
this to a guest, an architectural definition has been created through a new
CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
hypervisor can virtualize the existence of this definition and provide an
architectural method for using SSBD to a guest.
Add the new CPUID feature, the new MSR and update the existing SSBD
support to use this MSR when present." (from x86/speculation: Add virtualized
speculative store bypass disable support in Linux).
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180521215424.13520-4-berrange@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
(cherry picked from commit cfeea0c021db6234c154dbc723730e81553924ff)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
target/i386/cpu.h | 2 ++
target/i386/kvm.c | 16 ++++++++++++++--
target/i386/machine.c | 20 ++++++++++++++++++++
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 970ab96e54..75e821cefe 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -351,6 +351,7 @@ typedef enum X86Seg {
#define MSR_IA32_FEATURE_CONTROL 0x0000003a
#define MSR_TSC_ADJUST 0x0000003b
#define MSR_IA32_SPEC_CTRL 0x48
+#define MSR_VIRT_SSBD 0xc001011f
#define MSR_IA32_TSCDEADLINE 0x6e0
#define FEATURE_CONTROL_LOCKED (1<<0)
@@ -1150,6 +1151,7 @@ typedef struct CPUX86State {
uint32_t pkru;
uint64_t spec_ctrl;
+ uint64_t virt_ssbd;
/* End of state preserved by INIT (dummy marker). */
struct {} end_init_save;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6c49954e68..19e6aa320d 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -92,6 +92,7 @@ static bool has_msr_hv_stimer;
static bool has_msr_hv_frequencies;
static bool has_msr_xss;
static bool has_msr_spec_ctrl;
+static bool has_msr_virt_ssbd;
static bool has_msr_smi_count;
static uint32_t has_architectural_pmu_version;
@@ -1218,6 +1219,9 @@ static int kvm_get_supported_msrs(KVMState *s)
case MSR_IA32_SPEC_CTRL:
has_msr_spec_ctrl = true;
break;
+ case MSR_VIRT_SSBD:
+ has_msr_virt_ssbd = true;
+ break;
}
}
}
@@ -1706,6 +1710,10 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
if (has_msr_spec_ctrl) {
kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
}
+ if (has_msr_virt_ssbd) {
+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, env->virt_ssbd);
+ }
+
#ifdef TARGET_X86_64
if (lm_capable_kernel) {
kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
@@ -2077,8 +2085,9 @@ static int kvm_get_msrs(X86CPU *cpu)
if (has_msr_spec_ctrl) {
kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
}
-
-
+ if (has_msr_virt_ssbd) {
+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, 0);
+ }
if (!env->tsc_valid) {
kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0);
env->tsc_valid = !runstate_is_running();
@@ -2444,6 +2453,9 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_SPEC_CTRL:
env->spec_ctrl = msrs[i].data;
break;
+ case MSR_VIRT_SSBD:
+ env->virt_ssbd = msrs[i].data;
+ break;
case MSR_IA32_RTIT_CTL:
env->msr_rtit_ctrl = msrs[i].data;
break;
diff --git a/target/i386/machine.c b/target/i386/machine.c
index bd2d82e91b..f0a835c292 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -893,6 +893,25 @@ static const VMStateDescription vmstate_msr_intel_pt = {
}
};
+static bool virt_ssbd_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return env->virt_ssbd != 0;
+}
+
+static const VMStateDescription vmstate_msr_virt_ssbd = {
+ .name = "cpu/virt_ssbd",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = virt_ssbd_needed,
+ .fields = (VMStateField[]){
+ VMSTATE_UINT64(env.virt_ssbd, X86CPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1015,6 +1034,7 @@ VMStateDescription vmstate_x86_cpu = {
&vmstate_spec_ctrl,
&vmstate_mcg_ext_ctl,
&vmstate_msr_intel_pt,
+ &vmstate_msr_virt_ssbd,
NULL
}
};
--
2.17.1
next prev parent reply other threads:[~2018-07-23 20:20 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-23 20:16 [Qemu-devel] [PATCH 00/99] Patch Round-up for stable 2.12.1, freeze on 2018-07-30 Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 01/99] tests: fix tpm-crb tpm-tis tests race Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 02/99] device_tree: Increase FDT_MAX_SIZE to 1 MiB Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 03/99] ccid: Fix dwProtocols advertisement of T=0 Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 04/99] nbd/client: Fix error messages during NBD_INFO_BLOCK_SIZE Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 05/99] s390-ccw: force diag 308 subcode to unsigned long Michael Roth
2018-07-23 22:14 ` Michael Roth
2018-07-24 9:40 ` Cornelia Huck
2018-07-24 11:07 ` Cornelia Huck
2018-07-24 19:16 ` Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 06/99] tcg/arm: Fix memory barrier encoding Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 07/99] target/arm: Implement v8M VLLDM and VLSTM Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 08/99] target/ppc: always set PPC_MEM_TLBIE in pre 2.8 migration hack Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 09/99] spapr: don't advertise radix GTSE if max-compat-cpu < power9 Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 10/99] qxl: fix local renderer crash Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 11/99] configure: recognize more rpmbuild macros Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 12/99] qemu-img: Resolve relative backing paths in rebase Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 13/99] iotests: Add test for rebasing with relative paths Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 14/99] qemu-io: Use purely string blockdev options Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 15/99] qemu-img: Use only string options in img_open_opts Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 16/99] iotests: Add test for -U/force-share conflicts Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 17/99] lm32: take BQL before writing IP/IM register Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 18/99] raw: Check byte range uniformly Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 19/99] s390x/css: disabled subchannels cannot be status pending Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 20/99] pc-bios/s390-ccw: struct tpi_info must be declared as aligned(4) Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 21/99] virtio-ccw: common reset handler Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 22/99] s390x/ccw: make sure all ccw devices are properly reset Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 23/99] console: Avoid segfault in screendump Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 24/99] hw/intc/arm_gicv3: Fix APxR<n> register dispatching Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 25/99] intel-iommu: send PSI always even if across PDEs Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 26/99] intel-iommu: remove IntelIOMMUNotifierNode Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 27/99] intel-iommu: add iommu lock Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 28/99] intel-iommu: only do page walk for MAP notifiers Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 29/99] intel-iommu: introduce vtd_page_walk_info Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 30/99] intel-iommu: pass in address space when page walk Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 31/99] intel-iommu: trace domain id during " Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 32/99] util: implement simple iova tree Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 33/99] intel-iommu: rework the page walk logic Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 34/99] arm_gicv3_kvm: increase clroffset accordingly Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 35/99] Fix libusb-1.0.22 deprecated libusb_set_debug with libusb_set_option Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 36/99] ahci: fix PxCI register race Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 37/99] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 38/99] block: Make bdrv_is_writable() public Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 39/99] qcow2: Do not mark inactive images corrupt Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 40/99] iotests: Add case for a corrupted inactive image Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 41/99] throttle: Fix crash on reopen Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 42/99] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) Michael Roth
2018-07-23 20:16 ` Michael Roth [this message]
2018-07-23 20:16 ` [Qemu-devel] [PATCH 44/99] i386: define the AMD 'virt-ssbd' " Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 45/99] tap: set vhostfd passed from qemu cli to non-blocking Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 46/99] vhost-user: delete net client if necessary Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 47/99] qemu-img: Fix assert when mapping unaligned raw file Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 48/99] iotests: Add test 221 to catch qemu-img map regression Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 49/99] arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR Michael Roth
2018-07-23 20:16 ` [Qemu-devel] [PATCH 50/99] usb: correctly handle Zero Length Packets Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 51/99] usb/dev-mtp: Fix use of uninitialized values Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 52/99] vnc: fix use-after-free Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 53/99] block/mirror: honor ratelimit again Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 54/99] cpus: tcg: fix never exiting loop on unplug Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 55/99] nbd/client: fix nbd_negotiate_simple_meta_context Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 56/99] migration/block-dirty-bitmap: fix memory leak in dirty_bitmap_load_bits Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 57/99] qapi: fill in CpuInfoFast.arch in query-cpus-fast Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 58/99] block/mirror: Make cancel always cancel pre-READY Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 59/99] iotests: Add test for cancelling a mirror job Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 60/99] riscv: spike: allow base == 0 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 61/99] riscv: htif: increase the priority of the htif subregion Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 62/99] riscv: requires libfdt Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 63/99] nbd/client: Relax handling of large NBD_CMD_BLOCK_STATUS reply Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 64/99] tcg/i386: Fix dup_vec in non-AVX2 codepath Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 65/99] softfloat: Handle default NaN mode after pickNaNMulAdd, not before Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 66/99] tcg: Limit the number of ops in a TB Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 67/99] RISC-V: Minimal QEMU 2.12 fix for sifive_u machine Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 68/99] blockjob: expose error string via query Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 69/99] target/arm: Fix fp_status_f16 tininess before rounding Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 70/99] fpu/softfloat: Don't set Invalid for float-to-int(MAXINT) Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 71/99] target/arm: Implement vector shifted SCVF/UCVF for fp16 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 72/99] target/arm: Implement vector shifted FCVT " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 73/99] target/arm: Fix float16 to/from int16 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 74/99] target/arm: Clear SVE high bits for FMOV Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 75/99] fpu/softfloat: Fix conversion from uint64 to float128 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 76/99] target/arm: Implement FMOV (general) for fp16 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 77/99] target/arm: Implement FCVT (scalar, integer) " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 78/99] target/arm: Implement FCVT (scalar, fixed-point) " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 79/99] target/arm: Introduce and use read_fp_hreg Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 80/99] target/arm: Implement FP data-processing (2 source) for fp16 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 81/99] target/arm: Implement FP data-processing (3 " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 82/99] target/arm: Implement FCMP " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 83/99] target/arm: Implement FCSEL " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 84/99] target/arm: Implement FMOV (immediate) " Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 85/99] target/arm: Fix sqrt_f16 exception raising Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 86/99] hw/isa/superio: Fix inconsistent use of Chardev->be Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 87/99] mux: fix ctrl-a b again Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 88/99] nfs: Remove processed options from QDict Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 89/99] replace functions which are only available in glib-2.24 Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 90/99] vfio/pci: Default display option to "off" Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 91/99] migration/block-dirty-bitmap: fix dirty_bitmap_load Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 92/99] tcg: Reduce max TB opcode count Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 93/99] nbd/server: Reject 0-length block status request Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 94/99] iscsi: Avoid potential for get_status overflow Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 95/99] virtio-rng: process pending requests on DRIVER_OK Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 96/99] target/ppc: set is_jmp on ppc_tr_breakpoint_check Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 97/99] tap: fix memory leak on success to create a tap device Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 98/99] qemu-img: avoid overflow of min_sparse parameter Michael Roth
2018-07-23 20:17 ` [Qemu-devel] [PATCH 99/99] tcg/i386: Mark xmm registers call-clobbered Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180723201748.25573-44-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=berrange@redhat.com \
--cc=ehabkost@redhat.com \
--cc=konrad.wilk@oracle.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.