From: Zhao Liu <zhao1.liu@intel.com>
To: Babu Moger <babu.moger@amd.com>
Cc: pbonzini@redhat.com, qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: Re: [PATCH v3 5/7] target/i386: Expose bits related to SRSO vulnerability
Date: Mon, 28 Oct 2024 16:56:14 +0800 [thread overview]
Message-ID: <Zx9Rrtks38sqcn44@intel.com> (raw)
In-Reply-To: <dadbd70c38f4e165418d193918a3747bd715c5f4.1729807947.git.babu.moger@amd.com>
Hi Babu
On Thu, Oct 24, 2024 at 05:18:23PM -0500, Babu Moger wrote:
> Date: Thu, 24 Oct 2024 17:18:23 -0500
> From: Babu Moger <babu.moger@amd.com>
> Subject: [PATCH v3 5/7] target/i386: Expose bits related to SRSO
> vulnerability
> X-Mailer: git-send-email 2.34.1
>
> Add following bits related Speculative Return Stack Overflow (SRSO).
> Guests can make use of these bits if supported.
>
> These bits are reported via CPUID Fn8000_0021_EAX.
> ===================================================================
> Bit Feature Description
> ===================================================================
> 27 SBPB Indicates support for the Selective Branch Predictor Barrier.
> 28 IBPB_BRTYPE MSR_PRED_CMD[IBPB] flushes all branch type predictions.
> 29 SRSO_NO Not vulnerable to SRSO.
> 30 SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary.
> ===================================================================
>
> Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
> Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
I suggest updating the description of SRSO-related mitigations in the
"Important CPU features for AMD x86 hosts" section of docs/system/
cpu-models-x86.rst.inc.
If you could also synchronize the CPU model (you added in this series)
in the "Preferred CPU models for AMD x86 hosts" section, that would be
even better. :-)
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v3: New patch
> ---
> target/i386/cpu.c | 2 +-
> target/i386/cpu.h | 14 +++++++++++---
> 2 files changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 690efd4085..642e71b636 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1221,7 +1221,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
> NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, "sbpb",
> - "ibpb-brtype", NULL, NULL, NULL,
> + "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
> },
> .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
> .tcg_features = 0,
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index e0dea1ba54..792518b62d 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -1015,13 +1015,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
> #define CPUID_8000_0008_EBX_AMD_PSFD (1U << 28)
>
> /* Processor ignores nested data breakpoints */
> -#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP (1U << 0)
> +#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP (1U << 0)
> /* LFENCE is always serializing */
> #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING (1U << 2)
> /* Null Selector Clears Base */
> -#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6)
> +#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6)
> /* Automatic IBRS */
> -#define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8)
> +#define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8)
> +/* Selective Branch Predictor Barrier */
> +#define CPUID_8000_0021_EAX_SBPB (1U << 27)
> +/* IBPB includes branch type prediction flushing */
> +#define CPUID_8000_0021_EAX_IBPB_BRTYPE (1U << 28)
> +/* Not vulnerable to Speculative Return Stack Overflow */
> +#define CPUID_8000_0021_EAX_SRSO_NO (1U << 29)
> +/* Not vulnerable to SRSO at the user-kernel boundary */
> +#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO (1U << 30)
These feature bits defination could be added in patch 7 because only
patch 7 uses these macros.
BTW, which platform supports CPUID_8000_0021_EAX_SRSO_NO? I found that
even the Turin model added in patch 7 does not support this feature.
Thanks,
Zhao
> /* Performance Monitoring Version 2 */
> #define CPUID_8000_0022_EAX_PERFMON_V2 (1U << 0)
> --
> 2.34.1
>
>
next prev parent reply other threads:[~2024-10-28 8:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-24 22:18 [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model Babu Moger
2024-10-24 22:18 ` [PATCH v3 1/7] target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit Babu Moger
2024-10-28 3:41 ` Zhao Liu
2024-10-24 22:18 ` [PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models Babu Moger
2024-10-28 6:59 ` Zhao Liu
2024-10-30 18:53 ` John Allen
2024-10-24 22:18 ` [PATCH v3 3/7] target/i386: Add PerfMonV2 feature bit Babu Moger
2024-10-24 22:18 ` [PATCH v3 4/7] target/i386: Enable perfmon-v2 and RAS feature bits on EPYC-Genoa Babu Moger
2024-10-24 22:18 ` [PATCH v3 5/7] target/i386: Expose bits related to SRSO vulnerability Babu Moger
2024-10-28 8:56 ` Zhao Liu [this message]
2024-10-28 14:28 ` Moger, Babu
2024-10-24 22:18 ` [PATCH v3 6/7] target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX Babu Moger
2024-10-24 22:18 ` [PATCH v3 7/7] target/i386: Add support for EPYC-Turin model Babu Moger
2024-10-28 8:37 ` [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model Paolo Bonzini
2024-10-28 14:23 ` Moger, Babu
2024-10-28 14:25 ` Paolo Bonzini
2024-10-28 18:27 ` Moger, Babu
2024-10-28 18:46 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zx9Rrtks38sqcn44@intel.com \
--to=zhao1.liu@intel.com \
--cc=babu.moger@amd.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.