* [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest
@ 2024-08-05 20:20 Fabiano Rosas
2024-09-04 12:47 ` Fabiano Rosas
2024-09-04 12:53 ` Paolo Bonzini
0 siblings, 2 replies; 3+ messages in thread
From: Fabiano Rosas @ 2024-08-05 20:20 UTC (permalink / raw)
To: qemu-devel
Cc: Paolo Bonzini, jpoimboe, Babu Moger, Dario Faggioli, Fabian Vogt,
Nikolay Borisov
According to AMD's Speculative Return Stack Overflow whitepaper (link
below), the hypervisor should synthesize the value of IBPB_BRTYPE and
SBPB CPUID bits to the guest.
Support for this is already present in the kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").
Add support in QEMU to expose the bits to the guest OS.
host:
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
before (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode
after (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
Reported-by: Fabian Vogt <fvogt@suse.de>
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Signed-off-by: Fabiano Rosas <farosas@suse.de>
---
More info on this thread:
https://lore.kernel.org/r/68f8b8b1ca1bf58b059f52afbd1c9c51108a074a.camel@suse.com
---
target/i386/cpu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 85ef7452c0..d33401c922 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1221,8 +1221,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, "sbpb",
+ "ibpb-brtype", NULL, NULL, NULL,
},
.cpuid = { .eax = 0x80000021, .reg = R_EAX, },
.tcg_features = 0,
--
2.35.3
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest
2024-08-05 20:20 [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest Fabiano Rosas
@ 2024-09-04 12:47 ` Fabiano Rosas
2024-09-04 12:53 ` Paolo Bonzini
1 sibling, 0 replies; 3+ messages in thread
From: Fabiano Rosas @ 2024-09-04 12:47 UTC (permalink / raw)
To: qemu-devel
Cc: Paolo Bonzini, jpoimboe, Babu Moger, Dario Faggioli, Fabian Vogt,
Nikolay Borisov
Fabiano Rosas <farosas@suse.de> writes:
> According to AMD's Speculative Return Stack Overflow whitepaper (link
> below), the hypervisor should synthesize the value of IBPB_BRTYPE and
> SBPB CPUID bits to the guest.
>
> Support for this is already present in the kernel with commit
> e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
> ("KVM: x86: Add IBPB_BRTYPE support").
>
> Add support in QEMU to expose the bits to the guest OS.
>
> host:
> # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
> Mitigation: Safe RET
>
> before (guest):
> $ cpuid -l 0x80000021 -1 -r
> 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
> ^
> $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
> Vulnerable: Safe RET, no microcode
>
> after (guest):
> $ cpuid -l 0x80000021 -1 -r
> 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
> ^
> $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
> Mitigation: Safe RET
>
> Reported-by: Fabian Vogt <fvogt@suse.de>
> Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
> Signed-off-by: Fabiano Rosas <farosas@suse.de>
> ---
> More info on this thread:
> https://lore.kernel.org/r/68f8b8b1ca1bf58b059f52afbd1c9c51108a074a.camel@suse.com
> ---
> target/i386/cpu.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 85ef7452c0..d33401c922 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1221,8 +1221,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
> NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL,
> - NULL, NULL, NULL, NULL,
> - NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, "sbpb",
> + "ibpb-brtype", NULL, NULL, NULL,
> },
> .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
> .tcg_features = 0,
Ping, any thoughts on this one?
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest
2024-08-05 20:20 [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest Fabiano Rosas
2024-09-04 12:47 ` Fabiano Rosas
@ 2024-09-04 12:53 ` Paolo Bonzini
1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2024-09-04 12:53 UTC (permalink / raw)
To: Fabiano Rosas
Cc: qemu-devel, jpoimboe, Babu Moger, Dario Faggioli, Fabian Vogt,
Nikolay Borisov
Queued, thanks.
Paolo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-09-04 12:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-05 20:20 [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest Fabiano Rosas
2024-09-04 12:47 ` Fabiano Rosas
2024-09-04 12:53 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).