[PATCH 0/2] target/i386: add support for cpu FLUSH_L1D feature and FB_CLEAR capability

[PATCH 0/2] target/i386: add support for cpu FLUSH_L1D feature and FB_CLEAR capability

[Emanuele Giuseppe Esposito]

QEMU should be able to show the guest the above feature/capability,
otherwise we risk to have false vulnerability reports in the guest like in
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
because the mitigation is present only if the guest supports
(FLUSH_L1D and MD_CLEAR) or FB_CLEAR.

Emanuele

Emanuele Giuseppe Esposito (2):
  target/i386: add support for FLUSH_L1D feature
  target/i386: add support for FB_CLEAR feature

 target/i386/cpu.h | 3 +++
 target/i386/cpu.c | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

-- 
2.39.1

[PATCH 1/2] target/i386: add support for FLUSH_L1D feature

[Emanuele Giuseppe Esposito]

As reported by Intel's doc:
"L1D_FLUSH: Writeback and invalidate the L1 data cache"

If this cpu feature is present in host, allow QEMU to choose whether to
show it to the guest too.
One disadvantage of not exposing it is that the guest will report
a non existing vulnerability in
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
because the mitigation is present only when the cpu has
	(FLUSH_L1D and MD_CLEAR) or FB_CLEAR
features enabled.

Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
 target/i386/cpu.h | 2 ++
 target/i386/cpu.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index d4bc19577a..4948130900 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -889,6 +889,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
 #define CPUID_7_0_EDX_SPEC_CTRL         (1U << 26)
 /* Single Thread Indirect Branch Predictors */
 #define CPUID_7_0_EDX_STIBP             (1U << 27)
+/* Flush L1D cache */
+#define CPUID_7_0_EDX_FLUSH_L1D         (1U << 28)
 /* Arch Capabilities */
 #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)
 /* Core Capability */
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 4d2b8d0444..390120cad8 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -858,7 +858,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "tsx-ldtrk", NULL, NULL /* pconfig */, "arch-lbr",
             NULL, NULL, "amx-bf16", "avx512-fp16",
             "amx-tile", "amx-int8", "spec-ctrl", "stibp",
-            NULL, "arch-capabilities", "core-capability", "ssbd",
+            "flush-l1d", "arch-capabilities", "core-capability", "ssbd",
         },
         .cpuid = {
             .eax = 7,
-- 
2.39.1

[PATCH 2/2] target/i386: add support for FB_CLEAR feature

[Emanuele Giuseppe Esposito]

As reported by the Intel's doc:
"FB_CLEAR: The processor will overwrite fill buffer values as part of
MD_CLEAR operations with the VERW instruction.
On these processors, L1D_FLUSH does not overwrite fill buffer values."

If this cpu feature is present in host, allow QEMU to choose whether to
show it to the guest too.
One disadvantage of not exposing it is that the guest will report
a non existing vulnerability in
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
because the mitigation is present only when the cpu has
        (FLUSH_L1D and MD_CLEAR) or FB_CLEAR
features enabled.

Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
 target/i386/cpu.h | 1 +
 target/i386/cpu.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 4948130900..68a6ded0d7 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -975,6 +975,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
 #define MSR_ARCH_CAP_PSCHANGE_MC_NO     (1U << 6)
 #define MSR_ARCH_CAP_TSX_CTRL_MSR       (1U << 7)
 #define MSR_ARCH_CAP_TAA_NO             (1U << 8)
+#define MSR_ARCH_CAP_FB_CLEAR           (1U << 17)
 
 #define MSR_CORE_CAP_SPLIT_LOCK_DETECT  (1U << 5)
 
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 390120cad8..1405eb42d6 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1010,7 +1010,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "ssb-no", "mds-no", "pschange-mc-no", "tsx-ctrl",
             "taa-no", NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, "fb-clear", NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
-- 
2.39.1

Re: [PATCH 0/2] target/i386: add support for cpu FLUSH_L1D feature and FB_CLEAR capability

[Emanuele Giuseppe Esposito]

Ping?

Am 01/02/2023 um 14:57 schrieb Emanuele Giuseppe Esposito:
> QEMU should be able to show the guest the above feature/capability,
> otherwise we risk to have false vulnerability reports in the guest like in
> /sys/devices/system/cpu/vulnerabilities/mmio_stale_data
> because the mitigation is present only if the guest supports
> (FLUSH_L1D and MD_CLEAR) or FB_CLEAR.
> 
> Emanuele
> 
> Emanuele Giuseppe Esposito (2):
>   target/i386: add support for FLUSH_L1D feature
>   target/i386: add support for FB_CLEAR feature
> 
>  target/i386/cpu.h | 3 +++
>  target/i386/cpu.c | 4 ++--
>  2 files changed, 5 insertions(+), 2 deletions(-)
> 

Re: [PATCH 0/2] target/i386: add support for cpu FLUSH_L1D feature and FB_CLEAR capability

[Paolo Bonzini]

Queued, thanks.

Paolo