[PATCH 0/4] Introduce SierraForest-v2 and ClearwaterForest CPU model

[PATCH 0/4] Introduce SierraForest-v2 and ClearwaterForest CPU model

[Tao Su]

Sorry for resending this series, because it didn't seem to be received by
the mailing list before.

Update SierraForest CPU model to stepping 3 as adding LAM and missing
features.

Clearwater Forest is a new Intel Xeon processor, which will debut in the
market in 2025, add the new CPU model ClearwaterForest based on
SierraForest-v2 CPU model.

Tao Su (4):
  target/i386: Introduce SierraForest-v2 model
  target/i386: Export BHI_NO bit to guests
  target/i386: Add new CPU model ClearwaterForest
  docs: Add GNR, SRF and CWF CPU models

 docs/system/cpu-models-x86.rst.inc |  42 ++++++++
 target/i386/cpu.c                  | 156 ++++++++++++++++++++++++++++-
 target/i386/cpu.h                  |  33 ++++--
 3 files changed, 224 insertions(+), 7 deletions(-)


base-commit: 20fac491cfeebb042f59cc61ae76fed1b397d25c
-- 
2.34.1

[PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Tao Su]

Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
movdir64b)

Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
mitigated in stepping 3.

Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
 target/i386/cpu.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1b9c11022c..6db8d6c9ba 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4549,6 +4549,25 @@ static const X86CPUDefinition builtin_x86_defs[] = {
         .model_id = "Intel Xeon Processor (SierraForest)",
         .versions = (X86CPUVersionDefinition[]) {
             { .version = 1 },
+            {
+                .version = 2,
+                .props = (PropValue[]) {
+                    { "ss", "on" },
+                    { "tsc-adjust", "on" },
+                    { "cldemote", "on" },
+                    { "movdiri", "on" },
+                    { "movdir64b", "on" },
+                    { "gds-no", "on" },
+                    { "rfds-no", "on" },
+                    { "lam", "on" },
+                    { "intel-psfd", "on"},
+                    { "ipred-ctrl", "on"},
+                    { "rrsba-ctrl", "on"},
+                    { "bhi-ctrl", "on"},
+                    { "stepping", "3" },
+                    { /* end of list */ }
+                }
+            },
             { /* end of list */ },
         },
     },
-- 
2.34.1

[PATCH 2/4] target/i386: Export BHI_NO bit to guests

[Tao Su]

Branch History Injection (BHI) is a CPU side-channel vulnerability, where
an attacker may manipulate branch history before transitioning from user
to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
mitigation is required to prevent BHI.

Make BHI_NO bit available to guests.

Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 6db8d6c9ba..33fb27a611 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1364,7 +1364,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "taa-no", NULL, NULL, NULL,
             NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
             NULL, "fb-clear", NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            "bhi-no", NULL, NULL, NULL,
             "pbrsb-no", NULL, "gds-no", "rfds-no",
             "rfds-clear", NULL, NULL, NULL,
         },
-- 
2.34.1

[PATCH 3/4] target/i386: Add new CPU model ClearwaterForest

[Tao Su]

According to table 1-2 in Intel Architecture Instruction Set Extensions
and Future Features (rev 056) [1], ClearwaterForest has the following new
features which have already been virtualized:

    - AVX-VNNI-INT16 CPUID.(EAX=7,ECX=1):EDX[bit 10]
    - SHA512 CPUID.(EAX=7,ECX=1):EAX[bit 0]
    - SM3 CPUID.(EAX=7,ECX=1):EAX[bit 1]
    - SM4 CPUID.(EAX=7,ECX=1):EAX[bit 2]

Add above features to new CPU model ClearwaterForest. Comparing with
SierraForest, ClearwaterForest bare-metal contains all features of
SierraForest-v2 CPU model and adds:

    - PREFETCHI CPUID.(EAX=7,ECX=1):EDX[bit 14]
    - DDPD_U CPUID.(EAX=7,ECX=2):EDX[bit 3]
    - BHI_NO IA32_ARCH_CAPABILITIES[bit 20]

Add above and all features of SierraForest-v2 CPU model to new CPU model
ClearwaterForest.

[1] https://cdrdv2.intel.com/v1/dl/getContent/671368

Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
 target/i386/cpu.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++
 target/i386/cpu.h |  33 +++++++++---
 2 files changed, 162 insertions(+), 6 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 33fb27a611..b5dd60d281 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4571,6 +4571,141 @@ static const X86CPUDefinition builtin_x86_defs[] = {
             { /* end of list */ },
         },
     },
+    {
+        .name = "ClearwaterForest",
+        .level = 0x23,
+        .xlevel = 0x80000008,
+        .vendor = CPUID_VENDOR_INTEL,
+        .family = 6,
+        .model = 221,
+        .stepping = 0,
+        /*
+         * please keep the ascending order so that we can have a clear view of
+         * bit position of each feature.
+         */
+        .features[FEAT_1_EDX] =
+            CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
+            CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
+            CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
+            CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR |
+            CPUID_SSE | CPUID_SSE2 | CPUID_SS,
+        .features[FEAT_1_ECX] =
+            CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSSE3 |
+            CPUID_EXT_FMA | CPUID_EXT_CX16 | CPUID_EXT_PCID | CPUID_EXT_SSE41 |
+            CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
+            CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES |
+            CPUID_EXT_XSAVE | CPUID_EXT_AVX | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
+        .features[FEAT_8000_0001_EDX] =
+            CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
+            CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
+        .features[FEAT_8000_0001_ECX] =
+            CPUID_EXT3_LAHF_LM | CPUID_EXT3_ABM | CPUID_EXT3_3DNOWPREFETCH,
+        .features[FEAT_8000_0008_EBX] =
+            CPUID_8000_0008_EBX_WBNOINVD,
+        .features[FEAT_7_0_EBX] =
+            CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_TSC_ADJUST |
+            CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
+            CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
+            CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP |
+            CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB |
+            CPUID_7_0_EBX_SHA_NI,
+        .features[FEAT_7_0_ECX] =
+            CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_GFNI |
+            CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
+            CPUID_7_0_ECX_RDPID | CPUID_7_0_ECX_BUS_LOCK_DETECT |
+            CPUID_7_0_ECX_CLDEMOTE | CPUID_7_0_ECX_MOVDIRI |
+            CPUID_7_0_ECX_MOVDIR64B,
+        .features[FEAT_7_0_EDX] =
+            CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_SERIALIZE |
+            CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
+            CPUID_7_0_EDX_SPEC_CTRL_SSBD,
+        .features[FEAT_ARCH_CAPABILITIES] =
+            MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
+            MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
+            MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_SBDR_SSDP_NO |
+            MSR_ARCH_CAP_FBSDP_NO | MSR_ARCH_CAP_PSDP_NO |
+            MSR_ARCH_CAP_BHI_NO | MSR_ARCH_CAP_PBRSB_NO |
+            MSR_ARCH_CAP_GDS_NO | MSR_ARCH_CAP_RFDS_NO,
+        .features[FEAT_XSAVE] =
+            CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
+            CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
+        .features[FEAT_6_EAX] =
+            CPUID_6_EAX_ARAT,
+        .features[FEAT_7_1_EAX] =
+            CPUID_7_1_EAX_SHA512 | CPUID_7_1_EAX_SM3 | CPUID_7_1_EAX_SM4 |
+            CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_CMPCCXADD |
+            CPUID_7_1_EAX_FSRS | CPUID_7_1_EAX_AVX_IFMA |
+            CPUID_7_1_EAX_LAM,
+        .features[FEAT_7_1_EDX] =
+            CPUID_7_1_EDX_AVX_VNNI_INT8 | CPUID_7_1_EDX_AVX_NE_CONVERT |
+            CPUID_7_1_EDX_AVX_VNNI_INT16 | CPUID_7_1_EDX_PREFETCHITI,
+        .features[FEAT_7_2_EDX] =
+            CPUID_7_2_EDX_PSFD | CPUID_7_2_EDX_IPRED_CTRL |
+            CPUID_7_2_EDX_RRSBA_CTRL | CPUID_7_2_EDX_DDPD_U |
+            CPUID_7_2_EDX_BHI_CTRL | CPUID_7_2_EDX_MCDT_NO,
+        .features[FEAT_VMX_BASIC] =
+            MSR_VMX_BASIC_INS_OUTS | MSR_VMX_BASIC_TRUE_CTLS,
+        .features[FEAT_VMX_ENTRY_CTLS] =
+            VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_IA32E_MODE |
+            VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL |
+            VMX_VM_ENTRY_LOAD_IA32_PAT | VMX_VM_ENTRY_LOAD_IA32_EFER,
+        .features[FEAT_VMX_EPT_VPID_CAPS] =
+            MSR_VMX_EPT_EXECONLY | MSR_VMX_EPT_PAGE_WALK_LENGTH_4 |
+            MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB | MSR_VMX_EPT_1GB |
+            MSR_VMX_EPT_INVEPT | MSR_VMX_EPT_AD_BITS |
+            MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
+            MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
+            MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT |
+            MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
+            MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
+        .features[FEAT_VMX_EXIT_CTLS] =
+            VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
+            VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
+            VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_IA32_PAT |
+            VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
+            VMX_VM_EXIT_LOAD_IA32_EFER | VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
+        .features[FEAT_VMX_MISC] =
+            MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_ACTIVITY_HLT |
+            MSR_VMX_MISC_VMWRITE_VMEXIT,
+        .features[FEAT_VMX_PINBASED_CTLS] =
+            VMX_PIN_BASED_EXT_INTR_MASK | VMX_PIN_BASED_NMI_EXITING |
+            VMX_PIN_BASED_VIRTUAL_NMIS | VMX_PIN_BASED_VMX_PREEMPTION_TIMER |
+            VMX_PIN_BASED_POSTED_INTR,
+        .features[FEAT_VMX_PROCBASED_CTLS] =
+            VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
+            VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
+            VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
+            VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
+            VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
+            VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
+            VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_VIRTUAL_NMI_PENDING |
+            VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
+            VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_TRAP_FLAG |
+            VMX_CPU_BASED_USE_MSR_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
+            VMX_CPU_BASED_PAUSE_EXITING |
+            VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
+        .features[FEAT_VMX_SECONDARY_CTLS] =
+            VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
+            VMX_SECONDARY_EXEC_ENABLE_EPT | VMX_SECONDARY_EXEC_DESC |
+            VMX_SECONDARY_EXEC_RDTSCP |
+            VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
+            VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_WBINVD_EXITING |
+            VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
+            VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
+            VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
+            VMX_SECONDARY_EXEC_RDRAND_EXITING |
+            VMX_SECONDARY_EXEC_ENABLE_INVPCID |
+            VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
+            VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML |
+            VMX_SECONDARY_EXEC_XSAVES,
+        .features[FEAT_VMX_VMFUNC] =
+            MSR_VMX_VMFUNC_EPT_SWITCHING,
+        .model_id = "Intel Xeon Processor (ClearwaterForest)",
+        .versions = (X86CPUVersionDefinition[]) {
+            { .version = 1 },
+            { /* end of list */ },
+        },
+    },
     {
         .name = "Denverton",
         .level = 21,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index b26e25ba15..c67b42d34f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -951,6 +951,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 /* Speculative Store Bypass Disable */
 #define CPUID_7_0_EDX_SPEC_CTRL_SSBD    (1U << 31)
 
+/* SHA512 Instruction */
+#define CPUID_7_1_EAX_SHA512            (1U << 0)
+/* SM3 Instruction */
+#define CPUID_7_1_EAX_SM3               (1U << 1)
+/* SM4 Instruction */
+#define CPUID_7_1_EAX_SM4               (1U << 2)
 /* AVX VNNI Instruction */
 #define CPUID_7_1_EAX_AVX_VNNI          (1U << 4)
 /* AVX512 BFloat16 Instruction */
@@ -963,6 +969,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_7_1_EAX_FSRS              (1U << 11)
 /* Fast Short REP CMPS/SCAS */
 #define CPUID_7_1_EAX_FSRC              (1U << 12)
+/* Flexible return and event delivery (FRED) */
+#define CPUID_7_1_EAX_FRED              (1U << 17)
+/* Load into IA32_KERNEL_GS_BASE (LKGS) */
+#define CPUID_7_1_EAX_LKGS              (1U << 18)
+/* Non-Serializing Write to Model Specific Register (WRMSRNS) */
+#define CPUID_7_1_EAX_WRMSRNS           (1U << 19)
 /* Support Tile Computational Operations on FP16 Numbers */
 #define CPUID_7_1_EAX_AMX_FP16          (1U << 21)
 /* Support for VPMADD52[H,L]UQ */
@@ -976,17 +988,23 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_7_1_EDX_AVX_NE_CONVERT    (1U << 5)
 /* AMX COMPLEX Instructions */
 #define CPUID_7_1_EDX_AMX_COMPLEX       (1U << 8)
+/* AVX-VNNI-INT16 Instructions */
+#define CPUID_7_1_EDX_AVX_VNNI_INT16    (1U << 10)
 /* PREFETCHIT0/1 Instructions */
 #define CPUID_7_1_EDX_PREFETCHITI       (1U << 14)
 /* Support for Advanced Vector Extensions 10 */
 #define CPUID_7_1_EDX_AVX10             (1U << 19)
-/* Flexible return and event delivery (FRED) */
-#define CPUID_7_1_EAX_FRED              (1U << 17)
-/* Load into IA32_KERNEL_GS_BASE (LKGS) */
-#define CPUID_7_1_EAX_LKGS              (1U << 18)
-/* Non-Serializing Write to Model Specific Register (WRMSRNS) */
-#define CPUID_7_1_EAX_WRMSRNS           (1U << 19)
 
+/* Indicate bit 7 of the IA32_SPEC_CTRL MSR is supported */
+#define CPUID_7_2_EDX_PSFD              (1U << 0)
+/* Indicate bits 3 and 4 of the IA32_SPEC_CTRL MSR are supported */
+#define CPUID_7_2_EDX_IPRED_CTRL        (1U << 1)
+/* Indicate bits 5 and 6 of the IA32_SPEC_CTRL MSR are supported */
+#define CPUID_7_2_EDX_RRSBA_CTRL        (1U << 2)
+/* Indicate bit 8 of the IA32_SPEC_CTRL MSR is supported */
+#define CPUID_7_2_EDX_DDPD_U            (1U << 3)
+/* Indicate bit 10 of the IA32_SPEC_CTRL MSR is supported */
+#define CPUID_7_2_EDX_BHI_CTRL          (1U << 4)
 /* Do not exhibit MXCSR Configuration Dependent Timing (MCDT) behavior */
 #define CPUID_7_2_EDX_MCDT_NO           (1U << 5)
 
@@ -1144,7 +1162,10 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define MSR_ARCH_CAP_FBSDP_NO           (1U << 14)
 #define MSR_ARCH_CAP_PSDP_NO            (1U << 15)
 #define MSR_ARCH_CAP_FB_CLEAR           (1U << 17)
+#define MSR_ARCH_CAP_BHI_NO             (1U << 20)
 #define MSR_ARCH_CAP_PBRSB_NO           (1U << 24)
+#define MSR_ARCH_CAP_GDS_NO             (1U << 26)
+#define MSR_ARCH_CAP_RFDS_NO            (1U << 27)
 
 #define MSR_CORE_CAP_SPLIT_LOCK_DETECT  (1U << 5)
 
-- 
2.34.1

[PATCH 4/4] docs: Add GNR, SRF and CWF CPU models

[Tao Su]

Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
section "Preferred CPU models for Intel x86 hosts".

Also introduce bhi-no, gds-no and rfds-no in doc.

Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
---
 docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc
index ba27b5683f..f0b5189d91 100644
--- a/docs/system/cpu-models-x86.rst.inc
+++ b/docs/system/cpu-models-x86.rst.inc
@@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration
 compatibility is required, use the newest CPU model that is compatible
 across all desired hosts.
 
+``ClearwaterForest``
+    Intel Xeon Processor (ClearwaterForest, 2025)
+
+``SierraForest``, ``SierraForest-v2``
+    Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates
+    the GDS and RFDS vulnerabilities with stepping 3.
+
+``GraniteRapids``, ``GraniteRapids-v2``
+    Intel Xeon Processor (GraniteRapids, 2024)
+
 ``Cascadelake-Server``, ``Cascadelake-Server-noTSX``
     Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6
     or 7 only.  (The Cascade Lake Xeon processor with *stepping 5 is
@@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model".
   ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in
   the guest should report ``Mitigation: TSX disabled``.
 
+``bhi-no``
+  Recommended to inform that the guest that the host is ``not``
+  vulnerable to CVE-2022-0001, Branch History Injection (BHI).
+
+  This too is an MSR feature, so it does not show up in the Linux
+  ``/proc/cpuinfo`` in the host or guest.
+
+  It should only be enabled for VMs if the host reports
+  ``BHI: Not affected`` in the
+  ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file.
+
+``gds-no``
+  Recommended to inform that the guest that the host is ``not``
+  vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).
+
+  This too is an MSR feature, so it does not show up in the Linux
+  ``/proc/cpuinfo`` in the host or guest.
+
+  It should only be enabled for VMs if the host reports ``Not affected``
+  in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling``
+  file.
+
+``rfds-no``
+  Recommended to inform that the guest that the host is ``not``
+  vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).
+
+  This too is an MSR feature, so it does not show up in the Linux
+  ``/proc/cpuinfo`` in the host or guest.
+
+  It should only be enabled for VMs if the host reports ``Not affected``
+  in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling``
+  file.
 
 Preferred CPU models for AMD x86 hosts
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-- 
2.34.1

Re: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models

[BALATON Zoltan]

On Tue, 21 Jan 2025, Tao Su wrote:
> Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
> section "Preferred CPU models for Intel x86 hosts".
>
> Also introduce bhi-no, gds-no and rfds-no in doc.
>
> Suggested-by: Zhao Liu <zhao1.liu@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
> docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
> 1 file changed, 42 insertions(+)
>
> diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc
> index ba27b5683f..f0b5189d91 100644
> --- a/docs/system/cpu-models-x86.rst.inc
> +++ b/docs/system/cpu-models-x86.rst.inc
> @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration
> compatibility is required, use the newest CPU model that is compatible
> across all desired hosts.
>
> +``ClearwaterForest``
> +    Intel Xeon Processor (ClearwaterForest, 2025)
> +
> +``SierraForest``, ``SierraForest-v2``
> +    Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates

Typo, do you mean "mitigates"?

Regards,
BALATON Zoltan

> +    the GDS and RFDS vulnerabilities with stepping 3.
> +
> +``GraniteRapids``, ``GraniteRapids-v2``
> +    Intel Xeon Processor (GraniteRapids, 2024)
> +
> ``Cascadelake-Server``, ``Cascadelake-Server-noTSX``
>     Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6
>     or 7 only.  (The Cascade Lake Xeon processor with *stepping 5 is
> @@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model".
>   ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in
>   the guest should report ``Mitigation: TSX disabled``.
>
> +``bhi-no``
> +  Recommended to inform that the guest that the host is ``not``
> +  vulnerable to CVE-2022-0001, Branch History Injection (BHI).
> +
> +  This too is an MSR feature, so it does not show up in the Linux
> +  ``/proc/cpuinfo`` in the host or guest.
> +
> +  It should only be enabled for VMs if the host reports
> +  ``BHI: Not affected`` in the
> +  ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file.
> +
> +``gds-no``
> +  Recommended to inform that the guest that the host is ``not``
> +  vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).
> +
> +  This too is an MSR feature, so it does not show up in the Linux
> +  ``/proc/cpuinfo`` in the host or guest.
> +
> +  It should only be enabled for VMs if the host reports ``Not affected``
> +  in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling``
> +  file.
> +
> +``rfds-no``
> +  Recommended to inform that the guest that the host is ``not``
> +  vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).
> +
> +  This too is an MSR feature, so it does not show up in the Linux
> +  ``/proc/cpuinfo`` in the host or guest.
> +
> +  It should only be enabled for VMs if the host reports ``Not affected``
> +  in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling``
> +  file.
>
> Preferred CPU models for AMD x86 hosts
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

Re: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models

[Tao Su]

On Tue, Jan 21, 2025 at 04:12:48AM +0100, BALATON Zoltan wrote:
> On Tue, 21 Jan 2025, Tao Su wrote:
> > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
> > section "Preferred CPU models for Intel x86 hosts".
> > 
> > Also introduce bhi-no, gds-no and rfds-no in doc.
> > 
> > Suggested-by: Zhao Liu <zhao1.liu@intel.com>
> > Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> > ---
> > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
> > 1 file changed, 42 insertions(+)
> > 
> > diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc
> > index ba27b5683f..f0b5189d91 100644
> > --- a/docs/system/cpu-models-x86.rst.inc
> > +++ b/docs/system/cpu-models-x86.rst.inc
> > @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration
> > compatibility is required, use the newest CPU model that is compatible
> > across all desired hosts.
> > 
> > +``ClearwaterForest``
> > +    Intel Xeon Processor (ClearwaterForest, 2025)
> > +
> > +``SierraForest``, ``SierraForest-v2``
> > +    Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates
> 
> Typo, do you mean "mitigates"?

Yes, thanks for pointing out.

Re: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Zhao Liu]

On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote:
> Date: Tue, 21 Jan 2025 10:06:47 +0800
> From: Tao Su <tao1.su@linux.intel.com>
> Subject: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model
> X-Mailer: git-send-email 2.34.1
> 
> Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
> of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
> bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
> movdir64b)
> 
> Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
> mitigated in stepping 3.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
>  target/i386/cpu.c | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
>

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

Re: [PATCH 2/4] target/i386: Export BHI_NO bit to guests

[Zhao Liu]

On Tue, Jan 21, 2025 at 10:06:48AM +0800, Tao Su wrote:
> Date: Tue, 21 Jan 2025 10:06:48 +0800
> From: Tao Su <tao1.su@linux.intel.com>
> Subject: [PATCH 2/4] target/i386: Export BHI_NO bit to guests
> X-Mailer: git-send-email 2.34.1
> 
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
>  target/i386/cpu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

Re: [PATCH 3/4] target/i386: Add new CPU model ClearwaterForest

[Zhao Liu]

On Tue, Jan 21, 2025 at 10:06:49AM +0800, Tao Su wrote:
> Date: Tue, 21 Jan 2025 10:06:49 +0800
> From: Tao Su <tao1.su@linux.intel.com>
> Subject: [PATCH 3/4] target/i386: Add new CPU model ClearwaterForest
> X-Mailer: git-send-email 2.34.1
> 
> According to table 1-2 in Intel Architecture Instruction Set Extensions
> and Future Features (rev 056) [1], ClearwaterForest has the following new
> features which have already been virtualized:
> 
>     - AVX-VNNI-INT16 CPUID.(EAX=7,ECX=1):EDX[bit 10]
>     - SHA512 CPUID.(EAX=7,ECX=1):EAX[bit 0]
>     - SM3 CPUID.(EAX=7,ECX=1):EAX[bit 1]
>     - SM4 CPUID.(EAX=7,ECX=1):EAX[bit 2]
> 
> Add above features to new CPU model ClearwaterForest. Comparing with
> SierraForest, ClearwaterForest bare-metal contains all features of
> SierraForest-v2 CPU model and adds:
> 
>     - PREFETCHI CPUID.(EAX=7,ECX=1):EDX[bit 14]
>     - DDPD_U CPUID.(EAX=7,ECX=2):EDX[bit 3]
>     - BHI_NO IA32_ARCH_CAPABILITIES[bit 20]
> 
> Add above and all features of SierraForest-v2 CPU model to new CPU model
> ClearwaterForest.
> 
> [1] https://cdrdv2.intel.com/v1/dl/getContent/671368
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
>  target/i386/cpu.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++
>  target/i386/cpu.h |  33 +++++++++---
>  2 files changed, 162 insertions(+), 6 deletions(-)
> 

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

Re: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models

[Zhao Liu]

On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote:
> Date: Tue, 21 Jan 2025 10:06:50 +0800
> From: Tao Su <tao1.su@linux.intel.com>
> Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models
> X-Mailer: git-send-email 2.34.1
> 
> Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
> section "Preferred CPU models for Intel x86 hosts".
> 
> Also introduce bhi-no, gds-no and rfds-no in doc.
> 
> Suggested-by: Zhao Liu <zhao1.liu@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> ---
>  docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
>  1 file changed, 42 insertions(+)

[snip]

> +``bhi-no``
> +  Recommended to inform that the guest that the host is ``not``

s/inform that the guest/inform the guest/

> +  vulnerable to CVE-2022-0001, Branch History Injection (BHI).
> +
> +  This too is an MSR feature, so it does not show up in the Linux

s/This too is an/This is also an/

> +  ``/proc/cpuinfo`` in the host or guest.
> +
> +  It should only be enabled for VMs if the host reports
> +  ``BHI: Not affected`` in the
> +  ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file.
> +
> +``gds-no``
> +  Recommended to inform that the guest that the host is ``not``
> +  vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).

s/inform that the guest/inform the guest/

> +  This too is an MSR feature, so it does not show up in the Linux
> +  ``/proc/cpuinfo`` in the host or guest.

s/This too is an/This is also an/

> +  It should only be enabled for VMs if the host reports ``Not affected``
> +  in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling``
> +  file.
> +
> +``rfds-no``
> +  Recommended to inform that the guest that the host is ``not``
> +  vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).

ditto.

> +  This too is an MSR feature, so it does not show up in the Linux
> +  ``/proc/cpuinfo`` in the host or guest.

ditto.

> +  It should only be enabled for VMs if the host reports ``Not affected``
> +  in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling``
> +  file.
>  
>  Preferred CPU models for AMD x86 hosts
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Thanks very much! With nits fixed :-),

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

Re: [PATCH 0/4] Introduce SierraForest-v2 and ClearwaterForest CPU model

[Paolo Bonzini]

Queued with the tweaks suggested by Zoltan and Zhao; thanks!

Paolo

Re: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Pawan Gupta]

On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote:
> Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
> of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
> bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
> movdir64b)
> 
> Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
> mitigated in stepping 3.

Does this only apply to stepping 3? I don't think Sierra Forest was ever
vulnerable to GDS and RFDS [1].

There are many other vulnerabilities that Sierra Forest is not vulnerable to,
is it really necessary to add the *_NO bits to CPU definitions?

[1] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

Re: [PATCH 2/4] target/i386: Export BHI_NO bit to guests

[Pawan Gupta]

On Tue, Jan 21, 2025 at 10:06:48AM +0800, Tao Su wrote:
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

Re: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Tao Su]

On Tue, Jan 21, 2025 at 09:34:58AM -0800, Pawan Gupta wrote:
> On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote:
> > Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
> > of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
> > bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
> > movdir64b)
> > 
> > Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
> > mitigated in stepping 3.
> 
> Does this only apply to stepping 3? I don't think Sierra Forest was ever
> vulnerable to GDS and RFDS [1].
> 

On the real machine, stepping 0 does not set GDS_NO and RFDS_NO, but
stepping 3 does.

> There are many other vulnerabilities that Sierra Forest is not vulnerable to,
> is it really necessary to add the *_NO bits to CPU definitions?
> 
> [1] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

*_NO bits indicate processor is not affected by *, so adding these to the
CPU model will prevent the guest OS (using the CPU model) from trying to
use related software mitigation, which I think is reasonable.

Re: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models

[Tao Su]

On Tue, Jan 21, 2025 at 09:31:25PM +0800, Zhao Liu wrote:
> On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote:
> > Date: Tue, 21 Jan 2025 10:06:50 +0800
> > From: Tao Su <tao1.su@linux.intel.com>
> > Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models
> > X-Mailer: git-send-email 2.34.1
> > 
> > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
> > section "Preferred CPU models for Intel x86 hosts".
> > 
> > Also introduce bhi-no, gds-no and rfds-no in doc.
> > 
> > Suggested-by: Zhao Liu <zhao1.liu@intel.com>
> > Signed-off-by: Tao Su <tao1.su@linux.intel.com>
> > ---
> >  docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++
> >  1 file changed, 42 insertions(+)
> 
> [snip]
> 
> > +``bhi-no``
> > +  Recommended to inform that the guest that the host is ``not``
> 
> s/inform that the guest/inform the guest/
> 
> > +  vulnerable to CVE-2022-0001, Branch History Injection (BHI).
> > +
> > +  This too is an MSR feature, so it does not show up in the Linux
> 
> s/This too is an/This is also an/
> 
> > +  ``/proc/cpuinfo`` in the host or guest.
> > +
> > +  It should only be enabled for VMs if the host reports
> > +  ``BHI: Not affected`` in the
> > +  ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file.
> > +
> > +``gds-no``
> > +  Recommended to inform that the guest that the host is ``not``
> > +  vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).
> 
> s/inform that the guest/inform the guest/
> 
> > +  This too is an MSR feature, so it does not show up in the Linux
> > +  ``/proc/cpuinfo`` in the host or guest.
> 
> s/This too is an/This is also an/
> 
> > +  It should only be enabled for VMs if the host reports ``Not affected``
> > +  in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling``
> > +  file.
> > +
> > +``rfds-no``
> > +  Recommended to inform that the guest that the host is ``not``
> > +  vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).
> 
> ditto.
> 
> > +  This too is an MSR feature, so it does not show up in the Linux
> > +  ``/proc/cpuinfo`` in the host or guest.
> 
> ditto.
> 
> > +  It should only be enabled for VMs if the host reports ``Not affected``
> > +  in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling``
> > +  file.
> >  
> >  Preferred CPU models for AMD x86 hosts
> >  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Thanks very much! With nits fixed :-),
> 
> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> 
> 

Thanks for the suggestion, the description is better with these changes.

> 

Re: [PATCH 0/4] Introduce SierraForest-v2 and ClearwaterForest CPU model

[Tao Su]

On Tue, Jan 21, 2025 at 02:38:44PM +0100, Paolo Bonzini wrote:
> Queued with the tweaks suggested by Zoltan and Zhao; thanks!

Thank you Paolo :-)

Re: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Xiaoyao Li]

On 1/21/2025 10:06 AM, Tao Su wrote:
> Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
> of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
> bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
> movdir64b)
> 
> Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
> mitigated in stepping 3.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/cpu.c | 19 +++++++++++++++++++
>   1 file changed, 19 insertions(+)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 1b9c11022c..6db8d6c9ba 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -4549,6 +4549,25 @@ static const X86CPUDefinition builtin_x86_defs[] = {
>           .model_id = "Intel Xeon Processor (SierraForest)",
>           .versions = (X86CPUVersionDefinition[]) {
>               { .version = 1 },
> +            {
> +                .version = 2,
> +                .props = (PropValue[]) {
> +                    { "ss", "on" },
> +                    { "tsc-adjust", "on" },
> +                    { "cldemote", "on" },
> +                    { "movdiri", "on" },
> +                    { "movdir64b", "on" },
> +                    { "gds-no", "on" },
> +                    { "rfds-no", "on" },
> +                    { "lam", "on" },
> +                    { "intel-psfd", "on"},
> +                    { "ipred-ctrl", "on"},
> +                    { "rrsba-ctrl", "on"},
> +                    { "bhi-ctrl", "on"},
> +                    { "stepping", "3" },
> +                    { /* end of list */ }
> +                }
> +            },
>               { /* end of list */ },
>           },
>       },

Re: [PATCH 2/4] target/i386: Export BHI_NO bit to guests

[Xiaoyao Li]

On 1/21/2025 10:06 AM, Tao Su wrote:
> Branch History Injection (BHI) is a CPU side-channel vulnerability, where
> an attacker may manipulate branch history before transitioning from user
> to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
> BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
> mitigation is required to prevent BHI.
> 
> Make BHI_NO bit available to guests.
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/cpu.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 6db8d6c9ba..33fb27a611 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1364,7 +1364,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>               "taa-no", NULL, NULL, NULL,
>               NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
>               NULL, "fb-clear", NULL, NULL,
> -            NULL, NULL, NULL, NULL,
> +            "bhi-no", NULL, NULL, NULL,
>               "pbrsb-no", NULL, "gds-no", "rfds-no",
>               "rfds-clear", NULL, NULL, NULL,
>           },

Re: [PATCH 3/4] target/i386: Add new CPU model ClearwaterForest

[Xiaoyao Li]

On 1/21/2025 10:06 AM, Tao Su wrote:
> According to table 1-2 in Intel Architecture Instruction Set Extensions
> and Future Features (rev 056) [1], ClearwaterForest has the following new
> features which have already been virtualized:
> 
>      - AVX-VNNI-INT16 CPUID.(EAX=7,ECX=1):EDX[bit 10]
>      - SHA512 CPUID.(EAX=7,ECX=1):EAX[bit 0]
>      - SM3 CPUID.(EAX=7,ECX=1):EAX[bit 1]
>      - SM4 CPUID.(EAX=7,ECX=1):EAX[bit 2]
> 
> Add above features to new CPU model ClearwaterForest. Comparing with
> SierraForest, ClearwaterForest bare-metal contains all features of
> SierraForest-v2 CPU model and adds:
> 
>      - PREFETCHI CPUID.(EAX=7,ECX=1):EDX[bit 14]
>      - DDPD_U CPUID.(EAX=7,ECX=2):EDX[bit 3]
>      - BHI_NO IA32_ARCH_CAPABILITIES[bit 20]
> 
> Add above and all features of SierraForest-v2 CPU model to new CPU model
> ClearwaterForest.
> 
> [1] https://cdrdv2.intel.com/v1/dl/getContent/671368
> 
> Tested-by: Xuelian Guo <xuelian.guo@intel.com>
> Signed-off-by: Tao Su <tao1.su@linux.intel.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   target/i386/cpu.c | 135 ++++++++++++++++++++++++++++++++++++++++++++++
>   target/i386/cpu.h |  33 +++++++++---
>   2 files changed, 162 insertions(+), 6 deletions(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 33fb27a611..b5dd60d281 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -4571,6 +4571,141 @@ static const X86CPUDefinition builtin_x86_defs[] = {
>               { /* end of list */ },
>           },
>       },
> +    {
> +        .name = "ClearwaterForest",
> +        .level = 0x23,
> +        .xlevel = 0x80000008,
> +        .vendor = CPUID_VENDOR_INTEL,
> +        .family = 6,
> +        .model = 221,
> +        .stepping = 0,
> +        /*
> +         * please keep the ascending order so that we can have a clear view of
> +         * bit position of each feature.
> +         */
> +        .features[FEAT_1_EDX] =
> +            CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
> +            CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
> +            CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
> +            CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR |
> +            CPUID_SSE | CPUID_SSE2 | CPUID_SS,
> +        .features[FEAT_1_ECX] =
> +            CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSSE3 |
> +            CPUID_EXT_FMA | CPUID_EXT_CX16 | CPUID_EXT_PCID | CPUID_EXT_SSE41 |
> +            CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
> +            CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES |
> +            CPUID_EXT_XSAVE | CPUID_EXT_AVX | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
> +        .features[FEAT_8000_0001_EDX] =
> +            CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
> +            CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
> +        .features[FEAT_8000_0001_ECX] =
> +            CPUID_EXT3_LAHF_LM | CPUID_EXT3_ABM | CPUID_EXT3_3DNOWPREFETCH,
> +        .features[FEAT_8000_0008_EBX] =
> +            CPUID_8000_0008_EBX_WBNOINVD,
> +        .features[FEAT_7_0_EBX] =
> +            CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_TSC_ADJUST |
> +            CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
> +            CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
> +            CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP |
> +            CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB |
> +            CPUID_7_0_EBX_SHA_NI,
> +        .features[FEAT_7_0_ECX] =
> +            CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_GFNI |
> +            CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
> +            CPUID_7_0_ECX_RDPID | CPUID_7_0_ECX_BUS_LOCK_DETECT |
> +            CPUID_7_0_ECX_CLDEMOTE | CPUID_7_0_ECX_MOVDIRI |
> +            CPUID_7_0_ECX_MOVDIR64B,
> +        .features[FEAT_7_0_EDX] =
> +            CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_SERIALIZE |
> +            CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
> +            CPUID_7_0_EDX_SPEC_CTRL_SSBD,
> +        .features[FEAT_ARCH_CAPABILITIES] =
> +            MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
> +            MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
> +            MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_SBDR_SSDP_NO |
> +            MSR_ARCH_CAP_FBSDP_NO | MSR_ARCH_CAP_PSDP_NO |
> +            MSR_ARCH_CAP_BHI_NO | MSR_ARCH_CAP_PBRSB_NO |
> +            MSR_ARCH_CAP_GDS_NO | MSR_ARCH_CAP_RFDS_NO,
> +        .features[FEAT_XSAVE] =
> +            CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
> +            CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
> +        .features[FEAT_6_EAX] =
> +            CPUID_6_EAX_ARAT,
> +        .features[FEAT_7_1_EAX] =
> +            CPUID_7_1_EAX_SHA512 | CPUID_7_1_EAX_SM3 | CPUID_7_1_EAX_SM4 |
> +            CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_CMPCCXADD |
> +            CPUID_7_1_EAX_FSRS | CPUID_7_1_EAX_AVX_IFMA |
> +            CPUID_7_1_EAX_LAM,
> +        .features[FEAT_7_1_EDX] =
> +            CPUID_7_1_EDX_AVX_VNNI_INT8 | CPUID_7_1_EDX_AVX_NE_CONVERT |
> +            CPUID_7_1_EDX_AVX_VNNI_INT16 | CPUID_7_1_EDX_PREFETCHITI,
> +        .features[FEAT_7_2_EDX] =
> +            CPUID_7_2_EDX_PSFD | CPUID_7_2_EDX_IPRED_CTRL |
> +            CPUID_7_2_EDX_RRSBA_CTRL | CPUID_7_2_EDX_DDPD_U |
> +            CPUID_7_2_EDX_BHI_CTRL | CPUID_7_2_EDX_MCDT_NO,
> +        .features[FEAT_VMX_BASIC] =
> +            MSR_VMX_BASIC_INS_OUTS | MSR_VMX_BASIC_TRUE_CTLS,
> +        .features[FEAT_VMX_ENTRY_CTLS] =
> +            VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_IA32E_MODE |
> +            VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL |
> +            VMX_VM_ENTRY_LOAD_IA32_PAT | VMX_VM_ENTRY_LOAD_IA32_EFER,
> +        .features[FEAT_VMX_EPT_VPID_CAPS] =
> +            MSR_VMX_EPT_EXECONLY | MSR_VMX_EPT_PAGE_WALK_LENGTH_4 |
> +            MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB | MSR_VMX_EPT_1GB |
> +            MSR_VMX_EPT_INVEPT | MSR_VMX_EPT_AD_BITS |
> +            MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
> +            MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
> +            MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT |
> +            MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
> +            MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
> +        .features[FEAT_VMX_EXIT_CTLS] =
> +            VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
> +            VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
> +            VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_IA32_PAT |
> +            VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
> +            VMX_VM_EXIT_LOAD_IA32_EFER | VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
> +        .features[FEAT_VMX_MISC] =
> +            MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_ACTIVITY_HLT |
> +            MSR_VMX_MISC_VMWRITE_VMEXIT,
> +        .features[FEAT_VMX_PINBASED_CTLS] =
> +            VMX_PIN_BASED_EXT_INTR_MASK | VMX_PIN_BASED_NMI_EXITING |
> +            VMX_PIN_BASED_VIRTUAL_NMIS | VMX_PIN_BASED_VMX_PREEMPTION_TIMER |
> +            VMX_PIN_BASED_POSTED_INTR,
> +        .features[FEAT_VMX_PROCBASED_CTLS] =
> +            VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
> +            VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
> +            VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
> +            VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
> +            VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
> +            VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
> +            VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_VIRTUAL_NMI_PENDING |
> +            VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
> +            VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_TRAP_FLAG |
> +            VMX_CPU_BASED_USE_MSR_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
> +            VMX_CPU_BASED_PAUSE_EXITING |
> +            VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
> +        .features[FEAT_VMX_SECONDARY_CTLS] =
> +            VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
> +            VMX_SECONDARY_EXEC_ENABLE_EPT | VMX_SECONDARY_EXEC_DESC |
> +            VMX_SECONDARY_EXEC_RDTSCP |
> +            VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
> +            VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_WBINVD_EXITING |
> +            VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
> +            VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
> +            VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
> +            VMX_SECONDARY_EXEC_RDRAND_EXITING |
> +            VMX_SECONDARY_EXEC_ENABLE_INVPCID |
> +            VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
> +            VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML |
> +            VMX_SECONDARY_EXEC_XSAVES,
> +        .features[FEAT_VMX_VMFUNC] =
> +            MSR_VMX_VMFUNC_EPT_SWITCHING,
> +        .model_id = "Intel Xeon Processor (ClearwaterForest)",
> +        .versions = (X86CPUVersionDefinition[]) {
> +            { .version = 1 },
> +            { /* end of list */ },
> +        },
> +    },
>       {
>           .name = "Denverton",
>           .level = 21,
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index b26e25ba15..c67b42d34f 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -951,6 +951,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>   /* Speculative Store Bypass Disable */
>   #define CPUID_7_0_EDX_SPEC_CTRL_SSBD    (1U << 31)
>   
> +/* SHA512 Instruction */
> +#define CPUID_7_1_EAX_SHA512            (1U << 0)
> +/* SM3 Instruction */
> +#define CPUID_7_1_EAX_SM3               (1U << 1)
> +/* SM4 Instruction */
> +#define CPUID_7_1_EAX_SM4               (1U << 2)
>   /* AVX VNNI Instruction */
>   #define CPUID_7_1_EAX_AVX_VNNI          (1U << 4)
>   /* AVX512 BFloat16 Instruction */
> @@ -963,6 +969,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>   #define CPUID_7_1_EAX_FSRS              (1U << 11)
>   /* Fast Short REP CMPS/SCAS */
>   #define CPUID_7_1_EAX_FSRC              (1U << 12)
> +/* Flexible return and event delivery (FRED) */
> +#define CPUID_7_1_EAX_FRED              (1U << 17)
> +/* Load into IA32_KERNEL_GS_BASE (LKGS) */
> +#define CPUID_7_1_EAX_LKGS              (1U << 18)
> +/* Non-Serializing Write to Model Specific Register (WRMSRNS) */
> +#define CPUID_7_1_EAX_WRMSRNS           (1U << 19)
>   /* Support Tile Computational Operations on FP16 Numbers */
>   #define CPUID_7_1_EAX_AMX_FP16          (1U << 21)
>   /* Support for VPMADD52[H,L]UQ */
> @@ -976,17 +988,23 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>   #define CPUID_7_1_EDX_AVX_NE_CONVERT    (1U << 5)
>   /* AMX COMPLEX Instructions */
>   #define CPUID_7_1_EDX_AMX_COMPLEX       (1U << 8)
> +/* AVX-VNNI-INT16 Instructions */
> +#define CPUID_7_1_EDX_AVX_VNNI_INT16    (1U << 10)
>   /* PREFETCHIT0/1 Instructions */
>   #define CPUID_7_1_EDX_PREFETCHITI       (1U << 14)
>   /* Support for Advanced Vector Extensions 10 */
>   #define CPUID_7_1_EDX_AVX10             (1U << 19)
> -/* Flexible return and event delivery (FRED) */
> -#define CPUID_7_1_EAX_FRED              (1U << 17)
> -/* Load into IA32_KERNEL_GS_BASE (LKGS) */
> -#define CPUID_7_1_EAX_LKGS              (1U << 18)
> -/* Non-Serializing Write to Model Specific Register (WRMSRNS) */
> -#define CPUID_7_1_EAX_WRMSRNS           (1U << 19)
>   
> +/* Indicate bit 7 of the IA32_SPEC_CTRL MSR is supported */
> +#define CPUID_7_2_EDX_PSFD              (1U << 0)
> +/* Indicate bits 3 and 4 of the IA32_SPEC_CTRL MSR are supported */
> +#define CPUID_7_2_EDX_IPRED_CTRL        (1U << 1)
> +/* Indicate bits 5 and 6 of the IA32_SPEC_CTRL MSR are supported */
> +#define CPUID_7_2_EDX_RRSBA_CTRL        (1U << 2)
> +/* Indicate bit 8 of the IA32_SPEC_CTRL MSR is supported */
> +#define CPUID_7_2_EDX_DDPD_U            (1U << 3)
> +/* Indicate bit 10 of the IA32_SPEC_CTRL MSR is supported */
> +#define CPUID_7_2_EDX_BHI_CTRL          (1U << 4)
>   /* Do not exhibit MXCSR Configuration Dependent Timing (MCDT) behavior */
>   #define CPUID_7_2_EDX_MCDT_NO           (1U << 5)
>   
> @@ -1144,7 +1162,10 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>   #define MSR_ARCH_CAP_FBSDP_NO           (1U << 14)
>   #define MSR_ARCH_CAP_PSDP_NO            (1U << 15)
>   #define MSR_ARCH_CAP_FB_CLEAR           (1U << 17)
> +#define MSR_ARCH_CAP_BHI_NO             (1U << 20)
>   #define MSR_ARCH_CAP_PBRSB_NO           (1U << 24)
> +#define MSR_ARCH_CAP_GDS_NO             (1U << 26)
> +#define MSR_ARCH_CAP_RFDS_NO            (1U << 27)
>   
>   #define MSR_CORE_CAP_SPLIT_LOCK_DETECT  (1U << 5)
>   

Re: [PATCH 1/4] target/i386: Introduce SierraForest-v2 model

[Pawan Gupta]

On Wed, Jan 22, 2025 at 09:16:37AM +0800, Tao Su wrote:
> On Tue, Jan 21, 2025 at 09:34:58AM -0800, Pawan Gupta wrote:
> > On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote:
> > > Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
> > > of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
> > > bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
> > > movdir64b)
> > > 
> > > Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
> > > mitigated in stepping 3.
> > 
> > Does this only apply to stepping 3? I don't think Sierra Forest was ever
> > vulnerable to GDS and RFDS [1].
> > 
> 
> On the real machine, stepping 0 does not set GDS_NO and RFDS_NO, but
> stepping 3 does.

Ah, I see. Thanks for clarifying.

> 
> > There are many other vulnerabilities that Sierra Forest is not vulnerable to,
> > is it really necessary to add the *_NO bits to CPU definitions?
> > 
> > [1] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
> 
> *_NO bits indicate processor is not affected by *, so adding these to the
> CPU model will prevent the guest OS (using the CPU model) from trying to
> use related software mitigation, which I think is reasonable.

Ok, thanks. I got it mixed up with "-cpu host" option.