[PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Babu Moger]

This series adds the support for following features in qemu.
1. RAS feature bits (SUCCOR, McaOverflowRecov)
2. perfmon-v2
3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
4. Support for bits related to SRSO (sbpb, ibpb-brtype, srso-user-kernel-no)
5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
   to address CPUID enforcement requirement in Turin platforms.
6. Add support for EPYC-Turin.

Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
---
v3: Added SBPB, IBPB_BRTYPE, SRSO_USER_KERNEL_NO, ERAPS and RAPSIZE bits
    to EPYC-Turin.

v2: Fixed couple of typos.
    Added Reviewed-by tag from Zhao.
    Rebased on top of 6d00c6f98256 ("Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging")

v2: https://lore.kernel.org/kvm/cover.1723068946.git.babu.moger@amd.com/
  
v1: https://lore.kernel.org/qemu-devel/cover.1718218999.git.babu.moger@amd.com/

Babu Moger (6):
  target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit
  target/i386: Add RAS feature bits on EPYC CPU models
  target/i386: Enable perfmon-v2 and RAS feature bits on EPYC-Genoa
  target/i386: Expose bits related to SRSO vulnerability
  target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX
  target/i386: Add support for EPYC-Turin model

Sandipan Das (1):
  target/i386: Add PerfMonV2 feature bit

 target/i386/cpu.c | 222 +++++++++++++++++++++++++++++++++++++++++++++-
 target/i386/cpu.h |  27 +++++-
 2 files changed, 242 insertions(+), 7 deletions(-)

-- 
2.34.1

[PATCH v3 1/7] target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit

[Babu Moger]

Rename CPUID_8000_0021_EAX_No_NESTED_DATA_BP to
       CPUID_8000_0021_EAX_NO_NESTED_DATA_BP.

No functional change intended.

Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: New patch.
---
 target/i386/cpu.c | 2 +-
 target/i386/cpu.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1ff1af032e..94faff83cd 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5226,7 +5226,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
             CPUID_8000_0008_EBX_STIBP_ALWAYS_ON |
             CPUID_8000_0008_EBX_AMD_SSBD | CPUID_8000_0008_EBX_AMD_PSFD,
         .features[FEAT_8000_0021_EAX] =
-            CPUID_8000_0021_EAX_No_NESTED_DATA_BP |
+            CPUID_8000_0021_EAX_NO_NESTED_DATA_BP |
             CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING |
             CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE |
             CPUID_8000_0021_EAX_AUTO_IBRS,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 74886d1580..9eb45faa65 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1014,7 +1014,7 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_8000_0008_EBX_AMD_PSFD    (1U << 28)
 
 /* Processor ignores nested data breakpoints */
-#define CPUID_8000_0021_EAX_No_NESTED_DATA_BP    (1U << 0)
+#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP    (1U << 0)
 /* LFENCE is always serializing */
 #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING    (1U << 2)
 /* Null Selector Clears Base */
-- 
2.34.1

Re: [PATCH v3 1/7] target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit

[Zhao Liu]

On Thu, Oct 24, 2024 at 05:18:19PM -0500, Babu Moger wrote:
> Date: Thu, 24 Oct 2024 17:18:19 -0500
> From: Babu Moger <babu.moger@amd.com>
> Subject: [PATCH v3 1/7] target/i386: Fix minor typo in NO_NESTED_DATA_BP
>  feature bit
> X-Mailer: git-send-email 2.34.1
> 
> Rename CPUID_8000_0021_EAX_No_NESTED_DATA_BP to
>        CPUID_8000_0021_EAX_NO_NESTED_DATA_BP.
> 
> No functional change intended.
> 
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v3: New patch.
> ---
>  target/i386/cpu.c | 2 +-
>  target/i386/cpu.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

[PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models

[Babu Moger]

Add the support for following RAS features bits on AMD guests.

SUCCOR: Software uncorrectable error containment and recovery capability.
	The processor supports software containment of uncorrectable errors
	through context synchronizing data poisoning and deferred error
	interrupts.

McaOverflowRecov: MCA overflow recovery support.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: No changes

v2: Added reviewed by from Zhao.
---
 target/i386/cpu.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 94faff83cd..e88859056a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4974,6 +4974,16 @@ static const X86CPUDefinition builtin_x86_defs[] = {
                 },
                 .cache_info = &epyc_v4_cache_info
             },
+            {
+                .version = 5,
+                .props = (PropValue[]) {
+                    { "overflow-recov", "on" },
+                    { "succor", "on" },
+                    { "model-id",
+                      "AMD EPYC-v5 Processor" },
+                    { /* end of list */ }
+                },
+            },
             { /* end of list */ }
         }
     },
@@ -5112,6 +5122,16 @@ static const X86CPUDefinition builtin_x86_defs[] = {
                     { /* end of list */ }
                 },
             },
+            {
+                .version = 5,
+                .props = (PropValue[]) {
+                    { "overflow-recov", "on" },
+                    { "succor", "on" },
+                    { "model-id",
+                      "AMD EPYC-Rome-v5 Processor" },
+                    { /* end of list */ }
+                },
+            },
             { /* end of list */ }
         }
     },
@@ -5187,6 +5207,16 @@ static const X86CPUDefinition builtin_x86_defs[] = {
                 },
                 .cache_info = &epyc_milan_v2_cache_info
             },
+            {
+                .version = 3,
+                .props = (PropValue[]) {
+                    { "overflow-recov", "on" },
+                    { "succor", "on" },
+                    { "model-id",
+                      "AMD EPYC-Milan-v3 Processor" },
+                    { /* end of list */ }
+                },
+            },
             { /* end of list */ }
         }
     },
-- 
2.34.1

Re: [PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models

[Zhao Liu]

(+John)

Hi Babu,

This patch is fine for me.

However, users recently reported an issue with SUCCOR support on AMD
hosts: https://gitlab.com/qemu-project/qemu/-/issues/2571.

Could you please double check and clarify that issue on AMD host?

Thanks,
Zhao

On Thu, Oct 24, 2024 at 05:18:20PM -0500, Babu Moger wrote:
> Date: Thu, 24 Oct 2024 17:18:20 -0500
> From: Babu Moger <babu.moger@amd.com>
> Subject: [PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models
> X-Mailer: git-send-email 2.34.1
> 
> Add the support for following RAS features bits on AMD guests.
> 
> SUCCOR: Software uncorrectable error containment and recovery capability.
> 	The processor supports software containment of uncorrectable errors
> 	through context synchronizing data poisoning and deferred error
> 	interrupts.
> 
> McaOverflowRecov: MCA overflow recovery support.
> 
> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v3: No changes
> 
> v2: Added reviewed by from Zhao.
> ---
>  target/i386/cpu.c | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)

Re: [PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models

[John Allen]

On Mon, Oct 28, 2024 at 02:59:17PM +0800, Zhao Liu wrote:
> (+John)
> 
> Hi Babu,
> 
> This patch is fine for me.
> 
> However, users recently reported an issue with SUCCOR support on AMD
> hosts: https://gitlab.com/qemu-project/qemu/-/issues/2571.
> 
> Could you please double check and clarify that issue on AMD host?

Thanks for the heads up. I can reproduce this on an AMD host with
kvm.ignore_msrs=1. It seems like kvm will need to block this feature on
the guest when ignore_msrs is set, but it's not clear to me how that
should be done yet.

Paolo,

Do you have any ideas about how we should handle this situation?

Thanks,
John

> 
> Thanks,
> Zhao
> 
> On Thu, Oct 24, 2024 at 05:18:20PM -0500, Babu Moger wrote:
> > Date: Thu, 24 Oct 2024 17:18:20 -0500
> > From: Babu Moger <babu.moger@amd.com>
> > Subject: [PATCH v3 2/7] target/i386: Add RAS feature bits on EPYC CPU models
> > X-Mailer: git-send-email 2.34.1
> > 
> > Add the support for following RAS features bits on AMD guests.
> > 
> > SUCCOR: Software uncorrectable error containment and recovery capability.
> > 	The processor supports software containment of uncorrectable errors
> > 	through context synchronizing data poisoning and deferred error
> > 	interrupts.
> > 
> > McaOverflowRecov: MCA overflow recovery support.
> > 
> > Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> > Signed-off-by: Babu Moger <babu.moger@amd.com>
> > ---
> > v3: No changes
> > 
> > v2: Added reviewed by from Zhao.
> > ---
> >  target/i386/cpu.c | 30 ++++++++++++++++++++++++++++++
> >  1 file changed, 30 insertions(+)
> 

[PATCH v3 3/7] target/i386: Add PerfMonV2 feature bit

[Babu Moger]

From: Sandipan Das <sandipan.das@amd.com>

CPUID leaf 0x80000022, i.e. ExtPerfMonAndDbg, advertises new performance
monitoring features for AMD processors. Bit 0 of EAX indicates support
for Performance Monitoring Version 2 (PerfMonV2) features. If found to
be set during PMU initialization, the EBX bits can be used to determine
the number of available counters for different PMUs. It also denotes the
availability of global control and status registers.

Add the required CPUID feature word and feature bit to allow guests to
make use of the PerfMonV2 features.

Signed-off-by: Sandipan Das <sandipan.das@amd.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
---
v3: No changes

v2: Used OR instead of overwrite for eax and ebx.
    Added Zhao's Reviewed-by.
---
 target/i386/cpu.c | 26 ++++++++++++++++++++++++++
 target/i386/cpu.h |  4 ++++
 2 files changed, 30 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e88859056a..d697c8ea6e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1227,6 +1227,22 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         .tcg_features = 0,
         .unmigratable_flags = 0,
     },
+    [FEAT_8000_0022_EAX] = {
+        .type = CPUID_FEATURE_WORD,
+        .feat_names = {
+            "perfmon-v2", NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+        },
+        .cpuid = { .eax = 0x80000022, .reg = R_EAX, },
+        .tcg_features = 0,
+        .unmigratable_flags = 0,
+    },
     [FEAT_XSAVE] = {
         .type = CPUID_FEATURE_WORD,
         .feat_names = {
@@ -7040,6 +7056,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
             *edx = 0;
         }
         break;
+    case 0x80000022:
+        *eax = *ebx = *ecx = *edx = 0;
+        /* AMD Extended Performance Monitoring and Debug */
+        if (kvm_enabled() && cpu->enable_pmu &&
+            (env->features[FEAT_8000_0022_EAX] & CPUID_8000_0022_EAX_PERFMON_V2)) {
+            *eax |= CPUID_8000_0022_EAX_PERFMON_V2;
+            *ebx |= kvm_arch_get_supported_cpuid(cs->kvm_state, index, count,
+                                                 R_EBX) & 0xf;
+        }
+        break;
     case 0xC0000000:
         *eax = env->cpuid_xlevel2;
         *ebx = 0;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 9eb45faa65..e0dea1ba54 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -634,6 +634,7 @@ typedef enum FeatureWord {
     FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */
     FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */
     FEAT_8000_0021_EAX, /* CPUID[8000_0021].EAX */
+    FEAT_8000_0022_EAX, /* CPUID[8000_0022].EAX */
     FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */
     FEAT_KVM,           /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
     FEAT_KVM_HINTS,     /* CPUID[4000_0001].EDX */
@@ -1022,6 +1023,9 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 /* Automatic IBRS */
 #define CPUID_8000_0021_EAX_AUTO_IBRS   (1U << 8)
 
+/* Performance Monitoring Version 2 */
+#define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)
+
 #define CPUID_XSAVE_XSAVEOPT   (1U << 0)
 #define CPUID_XSAVE_XSAVEC     (1U << 1)
 #define CPUID_XSAVE_XGETBV1    (1U << 2)
-- 
2.34.1

[PATCH v3 4/7] target/i386: Enable perfmon-v2 and RAS feature bits on EPYC-Genoa

[Babu Moger]

Following feature bits are added on EPYC-Genoa-v2 model.

perfmon-v2: Allow guests to make use of the PerfMonV2 features.

SUCCOR    : Software uncorrectable error containment and recovery capability.
            The processor supports software containment of uncorrectable errors
            through context synchronizing data poisoning and deferred error
            interrupts.

McaOverflowRecov: MCA overflow recovery support.

The feature details are available in APM listed below [1].
[1] AMD64 Architecture Programmer's Manual Volume 2: System Programming
Publication # 24593 Revision 3.41.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: No changes

v2: Minor typo.
    Added Reviewed-by from Zhao.
---
 target/i386/cpu.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d697c8ea6e..690efd4085 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5307,6 +5307,21 @@ static const X86CPUDefinition builtin_x86_defs[] = {
         .xlevel = 0x80000022,
         .model_id = "AMD EPYC-Genoa Processor",
         .cache_info = &epyc_genoa_cache_info,
+        .versions = (X86CPUVersionDefinition[]) {
+            { .version = 1 },
+            {
+                .version = 2,
+                .props = (PropValue[]) {
+                    { "overflow-recov", "on" },
+                    { "succor", "on" },
+                    { "perfmon-v2", "on" },
+                    { "model-id",
+                      "AMD EPYC-Genoa-v2 Processor" },
+                    { /* end of list */ }
+                },
+            },
+            { /* end of list */ }
+        }
     },
 };
 
-- 
2.34.1

[PATCH v3 5/7] target/i386: Expose bits related to SRSO vulnerability

[Babu Moger]

Add following bits related Speculative Return Stack Overflow (SRSO).
Guests can make use of these bits if supported.

These bits are reported via CPUID Fn8000_0021_EAX.
===================================================================
Bit Feature Description
===================================================================
27  SBPB                Indicates support for the Selective Branch Predictor Barrier.
28  IBPB_BRTYPE         MSR_PRED_CMD[IBPB] flushes all branch type predictions.
29  SRSO_NO             Not vulnerable to SRSO.
30  SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary.
===================================================================

Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: New patch
---
 target/i386/cpu.c |  2 +-
 target/i386/cpu.h | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 690efd4085..642e71b636 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1221,7 +1221,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, "sbpb",
-            "ibpb-brtype", NULL, NULL, NULL,
+            "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
         },
         .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
         .tcg_features = 0,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e0dea1ba54..792518b62d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1015,13 +1015,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_8000_0008_EBX_AMD_PSFD    (1U << 28)
 
 /* Processor ignores nested data breakpoints */
-#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP    (1U << 0)
+#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP            (1U << 0)
 /* LFENCE is always serializing */
 #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING    (1U << 2)
 /* Null Selector Clears Base */
-#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE    (1U << 6)
+#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE            (1U << 6)
 /* Automatic IBRS */
-#define CPUID_8000_0021_EAX_AUTO_IBRS   (1U << 8)
+#define CPUID_8000_0021_EAX_AUTO_IBRS                    (1U << 8)
+/* Selective Branch Predictor Barrier */
+#define CPUID_8000_0021_EAX_SBPB                         (1U << 27)
+/* IBPB includes branch type prediction flushing */
+#define CPUID_8000_0021_EAX_IBPB_BRTYPE                  (1U << 28)
+/* Not vulnerable to Speculative Return Stack Overflow */
+#define CPUID_8000_0021_EAX_SRSO_NO                      (1U << 29)
+/* Not vulnerable to SRSO at the user-kernel boundary */
+#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO          (1U << 30)
 
 /* Performance Monitoring Version 2 */
 #define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)
-- 
2.34.1

Re: [PATCH v3 5/7] target/i386: Expose bits related to SRSO vulnerability

[Zhao Liu]

Hi Babu

On Thu, Oct 24, 2024 at 05:18:23PM -0500, Babu Moger wrote:
> Date: Thu, 24 Oct 2024 17:18:23 -0500
> From: Babu Moger <babu.moger@amd.com>
> Subject: [PATCH v3 5/7] target/i386: Expose bits related to SRSO
>  vulnerability
> X-Mailer: git-send-email 2.34.1
> 
> Add following bits related Speculative Return Stack Overflow (SRSO).
> Guests can make use of these bits if supported.
> 
> These bits are reported via CPUID Fn8000_0021_EAX.
> ===================================================================
> Bit Feature Description
> ===================================================================
> 27  SBPB                Indicates support for the Selective Branch Predictor Barrier.
> 28  IBPB_BRTYPE         MSR_PRED_CMD[IBPB] flushes all branch type predictions.
> 29  SRSO_NO             Not vulnerable to SRSO.
> 30  SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary.
> ===================================================================
> 
> Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
> Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip

I suggest updating the description of SRSO-related mitigations in the
"Important CPU features for AMD x86 hosts" section of docs/system/
cpu-models-x86.rst.inc.

If you could also synchronize the CPU model (you added in this series)
in the "Preferred CPU models for AMD x86 hosts" section, that would be
even better. :-)

> Signed-off-by: Babu Moger <babu.moger@amd.com>
> ---
> v3: New patch
> ---
>  target/i386/cpu.c |  2 +-
>  target/i386/cpu.h | 14 +++++++++++---
>  2 files changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 690efd4085..642e71b636 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1221,7 +1221,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>              NULL, NULL, NULL, NULL,
>              NULL, NULL, NULL, NULL,
>              NULL, NULL, NULL, "sbpb",
> -            "ibpb-brtype", NULL, NULL, NULL,
> +            "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
>          },
>          .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
>          .tcg_features = 0,
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index e0dea1ba54..792518b62d 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -1015,13 +1015,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>  #define CPUID_8000_0008_EBX_AMD_PSFD    (1U << 28)
>  
>  /* Processor ignores nested data breakpoints */
> -#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP    (1U << 0)
> +#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP            (1U << 0)
>  /* LFENCE is always serializing */
>  #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING    (1U << 2)
>  /* Null Selector Clears Base */
> -#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE    (1U << 6)
> +#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE            (1U << 6)
>  /* Automatic IBRS */
> -#define CPUID_8000_0021_EAX_AUTO_IBRS   (1U << 8)
> +#define CPUID_8000_0021_EAX_AUTO_IBRS                    (1U << 8)
> +/* Selective Branch Predictor Barrier */
> +#define CPUID_8000_0021_EAX_SBPB                         (1U << 27)
> +/* IBPB includes branch type prediction flushing */
> +#define CPUID_8000_0021_EAX_IBPB_BRTYPE                  (1U << 28)
> +/* Not vulnerable to Speculative Return Stack Overflow */
> +#define CPUID_8000_0021_EAX_SRSO_NO                      (1U << 29)
> +/* Not vulnerable to SRSO at the user-kernel boundary */
> +#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO          (1U << 30)

These feature bits defination could be added in patch 7 because only
patch 7 uses these macros.

BTW, which platform supports CPUID_8000_0021_EAX_SRSO_NO? I found that
even the Turin model added in patch 7 does not support this feature.

Thanks,
Zhao

>  /* Performance Monitoring Version 2 */
>  #define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)
> -- 
> 2.34.1
> 
> 

Re: [PATCH v3 5/7] target/i386: Expose bits related to SRSO vulnerability

[Moger, Babu]

Hi Zhao,

Thanks for the review.

On 10/28/24 03:56, Zhao Liu wrote:
> Hi Babu
> 
> On Thu, Oct 24, 2024 at 05:18:23PM -0500, Babu Moger wrote:
>> Date: Thu, 24 Oct 2024 17:18:23 -0500
>> From: Babu Moger <babu.moger@amd.com>
>> Subject: [PATCH v3 5/7] target/i386: Expose bits related to SRSO
>>  vulnerability
>> X-Mailer: git-send-email 2.34.1
>>
>> Add following bits related Speculative Return Stack Overflow (SRSO).
>> Guests can make use of these bits if supported.
>>
>> These bits are reported via CPUID Fn8000_0021_EAX.
>> ===================================================================
>> Bit Feature Description
>> ===================================================================
>> 27  SBPB                Indicates support for the Selective Branch Predictor Barrier.
>> 28  IBPB_BRTYPE         MSR_PRED_CMD[IBPB] flushes all branch type predictions.
>> 29  SRSO_NO             Not vulnerable to SRSO.
>> 30  SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary.
>> ===================================================================
>>
>> Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
>> Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
> 
> I suggest updating the description of SRSO-related mitigations in the
> "Important CPU features for AMD x86 hosts" section of docs/system/
> cpu-models-x86.rst.inc.
> 
> If you could also synchronize the CPU model (you added in this series)
> in the "Preferred CPU models for AMD x86 hosts" section, that would be
> even better. :-)

Sure. Will look into both of these.

> 
>> Signed-off-by: Babu Moger <babu.moger@amd.com>
>> ---
>> v3: New patch
>> ---
>>  target/i386/cpu.c |  2 +-
>>  target/i386/cpu.h | 14 +++++++++++---
>>  2 files changed, 12 insertions(+), 4 deletions(-)
>>
>> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
>> index 690efd4085..642e71b636 100644
>> --- a/target/i386/cpu.c
>> +++ b/target/i386/cpu.c
>> @@ -1221,7 +1221,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
>>              NULL, NULL, NULL, NULL,
>>              NULL, NULL, NULL, NULL,
>>              NULL, NULL, NULL, "sbpb",
>> -            "ibpb-brtype", NULL, NULL, NULL,
>> +            "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
>>          },
>>          .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
>>          .tcg_features = 0,
>> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
>> index e0dea1ba54..792518b62d 100644
>> --- a/target/i386/cpu.h
>> +++ b/target/i386/cpu.h
>> @@ -1015,13 +1015,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
>>  #define CPUID_8000_0008_EBX_AMD_PSFD    (1U << 28)
>>  
>>  /* Processor ignores nested data breakpoints */
>> -#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP    (1U << 0)
>> +#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP            (1U << 0)
>>  /* LFENCE is always serializing */
>>  #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING    (1U << 2)
>>  /* Null Selector Clears Base */
>> -#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE    (1U << 6)
>> +#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE            (1U << 6)
>>  /* Automatic IBRS */
>> -#define CPUID_8000_0021_EAX_AUTO_IBRS   (1U << 8)
>> +#define CPUID_8000_0021_EAX_AUTO_IBRS                    (1U << 8)
>> +/* Selective Branch Predictor Barrier */
>> +#define CPUID_8000_0021_EAX_SBPB                         (1U << 27)
>> +/* IBPB includes branch type prediction flushing */
>> +#define CPUID_8000_0021_EAX_IBPB_BRTYPE                  (1U << 28)
>> +/* Not vulnerable to Speculative Return Stack Overflow */
>> +#define CPUID_8000_0021_EAX_SRSO_NO                      (1U << 29)
>> +/* Not vulnerable to SRSO at the user-kernel boundary */
>> +#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO          (1U << 30)
> 
> These feature bits defination could be added in patch 7 because only
> patch 7 uses these macros.

Sure. Looks like Paolo already pulled this in. I will take care of this if
there is another revision.


> BTW, which platform supports CPUID_8000_0021_EAX_SRSO_NO? I found that
> even the Turin model added in patch 7 does not support this feature.

SRSO_NO is not supported in Turin. I added it for completion as it is in
the same CPUID fn.

> 
> Thanks,
> Zhao
> 
>>  /* Performance Monitoring Version 2 */
>>  #define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)
>> -- 
>> 2.34.1
>>
>>
> 

-- 
Thanks
Babu Moger

[PATCH v3 6/7] target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX

[Babu Moger]

Newer AMD CPUs support ERAPS (Enhanced Return Address Prediction Security)
feature that enables the auto-clear of RSB entries on a TLB flush, context
switches and VMEXITs. The number of default RSP entries is reflected in
RapSize.

Add the feature bit and feature word to support these features.

CPUID_Fn80000021_EAX
Bits   Feature Description
24     ERAPS:
       Indicates support for enhanced return address predictor security.

CPUID_Fn80000021_EBX
Bits   Feature Description
31-24  Reserved
23:16  RapSize:
       Return Address Predictor size. RapSize x 8 is the minimum number
       of CALL instructions software needs to execute to flush the RAP.
15-00  MicrocodePatchSize. Read-only.
       Reports the size of the Microcode patch in 16-byte multiples.
       If 0, the size of the patch is at most 5568 (15C0h) bytes.

Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: New patch
---
 target/i386/cpu.c | 11 +++++++++--
 target/i386/cpu.h |  9 +++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 642e71b636..5bfa07adbf 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1220,13 +1220,19 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, "sbpb",
+            "eraps", NULL, NULL, "sbpb",
             "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
         },
         .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
         .tcg_features = 0,
         .unmigratable_flags = 0,
     },
+    [FEAT_8000_0021_EBX] = {
+        .type = CPUID_FEATURE_WORD,
+        .cpuid = { .eax = 0x80000021, .reg = R_EBX, },
+        .tcg_features = 0,
+        .unmigratable_flags = 0,
+    },
     [FEAT_8000_0022_EAX] = {
         .type = CPUID_FEATURE_WORD,
         .feat_names = {
@@ -7114,8 +7120,9 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         }
         break;
     case 0x80000021:
+        *eax = *ebx = *ecx = *edx = 0;
         *eax = env->features[FEAT_8000_0021_EAX];
-        *ebx = *ecx = *edx = 0;
+        *ebx = env->features[FEAT_8000_0021_EBX];
         break;
     default:
         /* reserved values: zero */
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 792518b62d..e2e10f55b2 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -634,6 +634,7 @@ typedef enum FeatureWord {
     FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */
     FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */
     FEAT_8000_0021_EAX, /* CPUID[8000_0021].EAX */
+    FEAT_8000_0021_EBX, /* CPUID[8000_0021].EBX */
     FEAT_8000_0022_EAX, /* CPUID[8000_0022].EAX */
     FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */
     FEAT_KVM,           /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */
@@ -1022,6 +1023,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE            (1U << 6)
 /* Automatic IBRS */
 #define CPUID_8000_0021_EAX_AUTO_IBRS                    (1U << 8)
+/* Enhanced Return Address Predictor Scurity */
+#define CPUID_8000_0021_EAX_ERAPS                        (1U << 24)
 /* Selective Branch Predictor Barrier */
 #define CPUID_8000_0021_EAX_SBPB                         (1U << 27)
 /* IBPB includes branch type prediction flushing */
@@ -1031,6 +1034,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 /* Not vulnerable to SRSO at the user-kernel boundary */
 #define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO          (1U << 30)
 
+/*
+ * Return Address Predictor size. RapSize x 8 is the minimum number of
+ * CALL instructions software needs to execute to flush the RAP.
+ */
+#define CPUID_8000_0021_EBX_RAPSIZE    (8U << 16)
+
 /* Performance Monitoring Version 2 */
 #define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)
 
-- 
2.34.1

[PATCH v3 7/7] target/i386: Add support for EPYC-Turin model

[Babu Moger]

Add the support for AMD EPYC zen 5 processors (EPYC-Turin).

Add the following new feature bits on top of the feature bits from
the previous generation EPYC models.

movdiri             : Move Doubleword as Direct Store Instruction
movdir64b           : Move 64 Bytes as Direct Store Instruction
avx512-vp2intersect : AVX512 Vector Pair Intersection to a Pair
                      of Mask Register
avx-vnni            : AVX VNNI Instruction
sbpb                : Selective Branch Predictor Barrier
ibpb-brtype         : IBPB includes branch type prediction flushing
srso-user-kernel-no : Not vulnerable to SRSO at the user-kernel boundary
eraps               : Enhanced Return Address Predictor Security
rapsize             : Return Address Predictor size. RapSize x 8 is the
                      minimum number of CALL instructions software needs
                      to execute to flush the RAP

Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Signed-off-by: Babu Moger <babu.moger@amd.com>
---
v3: Removed Zhao's Reviewed-by as the patch has changed,
    Added sbpb, ibpb-brtype, srso-user-kernel-no, eraps, rapsize

v2: Fixed minor typo.
    Added Zhao's Reviewed-by.
---
 target/i386/cpu.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 136 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5bfa07adbf..eb49650450 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2411,6 +2411,60 @@ static const CPUCaches epyc_genoa_cache_info = {
     },
 };
 
+static const CPUCaches epyc_turin_cache_info = {
+    .l1d_cache = &(CPUCacheInfo) {
+        .type = DATA_CACHE,
+        .level = 1,
+        .size = 48 * KiB,
+        .line_size = 64,
+        .associativity = 12,
+        .partitions = 1,
+        .sets = 64,
+        .lines_per_tag = 1,
+        .self_init = 1,
+        .no_invd_sharing = true,
+        .share_level = CPU_TOPO_LEVEL_CORE,
+    },
+    .l1i_cache = &(CPUCacheInfo) {
+        .type = INSTRUCTION_CACHE,
+        .level = 1,
+        .size = 32 * KiB,
+        .line_size = 64,
+        .associativity = 8,
+        .partitions = 1,
+        .sets = 64,
+        .lines_per_tag = 1,
+        .self_init = 1,
+        .no_invd_sharing = true,
+        .share_level = CPU_TOPO_LEVEL_CORE,
+    },
+    .l2_cache = &(CPUCacheInfo) {
+        .type = UNIFIED_CACHE,
+        .level = 2,
+        .size = 1 * MiB,
+        .line_size = 64,
+        .associativity = 16,
+        .partitions = 1,
+        .sets = 1024,
+        .lines_per_tag = 1,
+        .share_level = CPU_TOPO_LEVEL_CORE,
+    },
+    .l3_cache = &(CPUCacheInfo) {
+        .type = UNIFIED_CACHE,
+        .level = 3,
+        .size = 32 * MiB,
+        .line_size = 64,
+        .associativity = 16,
+        .partitions = 1,
+        .sets = 32768,
+        .lines_per_tag = 1,
+        .self_init = true,
+        .inclusive = true,
+        .complex_indexing = false,
+        .share_level = CPU_TOPO_LEVEL_DIE,
+    },
+};
+
 /* The following VMX features are not supported by KVM and are left out in the
  * CPU definitions:
  *
@@ -5329,6 +5383,88 @@ static const X86CPUDefinition builtin_x86_defs[] = {
             { /* end of list */ }
         }
     },
+    {
+        .name = "EPYC-Turin",
+        .level = 0xd,
+        .vendor = CPUID_VENDOR_AMD,
+        .family = 26,
+        .model = 0,
+        .stepping = 0,
+        .features[FEAT_1_ECX] =
+            CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
+            CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
+            CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
+            CPUID_EXT_PCID | CPUID_EXT_CX16 | CPUID_EXT_FMA |
+            CPUID_EXT_SSSE3 | CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ |
+            CPUID_EXT_SSE3,
+        .features[FEAT_1_EDX] =
+            CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
+            CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
+            CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
+            CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
+            CPUID_VME | CPUID_FP87,
+        .features[FEAT_6_EAX] =
+            CPUID_6_EAX_ARAT,
+        .features[FEAT_7_0_EBX] =
+            CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
+            CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS |
+            CPUID_7_0_EBX_INVPCID | CPUID_7_0_EBX_AVX512F |
+            CPUID_7_0_EBX_AVX512DQ | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
+            CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_AVX512IFMA |
+            CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB |
+            CPUID_7_0_EBX_AVX512CD | CPUID_7_0_EBX_SHA_NI |
+            CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512VL,
+        .features[FEAT_7_0_ECX] =
+            CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
+            CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
+            CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
+            CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
+            CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57 |
+            CPUID_7_0_ECX_RDPID | CPUID_7_0_ECX_MOVDIRI |
+            CPUID_7_0_ECX_MOVDIR64B,
+        .features[FEAT_7_0_EDX] =
+            CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_AVX512_VP2INTERSECT,
+        .features[FEAT_7_1_EAX] =
+            CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16,
+        .features[FEAT_8000_0001_ECX] =
+            CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
+            CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
+            CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
+            CPUID_EXT3_TOPOEXT | CPUID_EXT3_PERFCORE,
+        .features[FEAT_8000_0001_EDX] =
+            CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
+            CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
+            CPUID_EXT2_SYSCALL,
+        .features[FEAT_8000_0007_EBX] =
+            CPUID_8000_0007_EBX_OVERFLOW_RECOV | CPUID_8000_0007_EBX_SUCCOR,
+        .features[FEAT_8000_0008_EBX] =
+            CPUID_8000_0008_EBX_CLZERO | CPUID_8000_0008_EBX_XSAVEERPTR |
+            CPUID_8000_0008_EBX_WBNOINVD | CPUID_8000_0008_EBX_IBPB |
+            CPUID_8000_0008_EBX_IBRS | CPUID_8000_0008_EBX_STIBP |
+            CPUID_8000_0008_EBX_STIBP_ALWAYS_ON |
+            CPUID_8000_0008_EBX_AMD_SSBD | CPUID_8000_0008_EBX_AMD_PSFD,
+        .features[FEAT_8000_0021_EAX] =
+            CPUID_8000_0021_EAX_NO_NESTED_DATA_BP |
+            CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING |
+            CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE |
+            CPUID_8000_0021_EAX_AUTO_IBRS |
+            CPUID_8000_0021_EAX_ERAPS | CPUID_8000_0021_EAX_SBPB |
+            CPUID_8000_0021_EAX_IBPB_BRTYPE |
+            CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO,
+        .features[FEAT_8000_0021_EBX] =
+            CPUID_8000_0021_EBX_RAPSIZE,
+        .features[FEAT_8000_0022_EAX] =
+            CPUID_8000_0022_EAX_PERFMON_V2,
+        .features[FEAT_XSAVE] =
+            CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
+            CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
+        .features[FEAT_SVM] =
+            CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE | CPUID_SVM_VNMI |
+            CPUID_SVM_SVME_ADDR_CHK,
+        .xlevel = 0x80000022,
+        .model_id = "AMD EPYC-Turin Processor",
+        .cache_info = &epyc_turin_cache_info,
+    },
 };
 
 /*
-- 
2.34.1

Re: [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Paolo Bonzini]

On 10/25/24 00:18, Babu Moger wrote:
> 
> This series adds the support for following features in qemu.
> 1. RAS feature bits (SUCCOR, McaOverflowRecov)
> 2. perfmon-v2
> 3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
> 4. Support for bits related to SRSO (sbpb, ibpb-brtype, srso-user-kernel-no)
> 5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
>     to address CPUID enforcement requirement in Turin platforms.
> 6. Add support for EPYC-Turin.

Queued, thanks.  I looked at 
https://gitlab.com/qemu-project/qemu/-/issues/2571 and I think it's 
caused by the ignore_msrs=1 parameter on the KVM kernel module.

However, can you look into adding new CPUID_SVM_* bits?

Thanks,

Paolo

> Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
> Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
> ---
> v3: Added SBPB, IBPB_BRTYPE, SRSO_USER_KERNEL_NO, ERAPS and RAPSIZE bits
>      to EPYC-Turin.
> 
> v2: Fixed couple of typos.
>      Added Reviewed-by tag from Zhao.
>      Rebased on top of 6d00c6f98256 ("Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging")
> 
> v2: https://lore.kernel.org/kvm/cover.1723068946.git.babu.moger@amd.com/
>    
> v1: https://lore.kernel.org/qemu-devel/cover.1718218999.git.babu.moger@amd.com/
> 
> Babu Moger (6):
>    target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit
>    target/i386: Add RAS feature bits on EPYC CPU models
>    target/i386: Enable perfmon-v2 and RAS feature bits on EPYC-Genoa
>    target/i386: Expose bits related to SRSO vulnerability
>    target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX
>    target/i386: Add support for EPYC-Turin model
> 
> Sandipan Das (1):
>    target/i386: Add PerfMonV2 feature bit
> 
>   target/i386/cpu.c | 222 +++++++++++++++++++++++++++++++++++++++++++++-
>   target/i386/cpu.h |  27 +++++-
>   2 files changed, 242 insertions(+), 7 deletions(-)
> 

Re: [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Moger, Babu]

Hi Paolo,

On 10/28/24 03:37, Paolo Bonzini wrote:
> On 10/25/24 00:18, Babu Moger wrote:
>>
>> This series adds the support for following features in qemu.
>> 1. RAS feature bits (SUCCOR, McaOverflowRecov)
>> 2. perfmon-v2
>> 3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
>> 4. Support for bits related to SRSO (sbpb, ibpb-brtype,
>> srso-user-kernel-no)
>> 5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
>>     to address CPUID enforcement requirement in Turin platforms.
>> 6. Add support for EPYC-Turin.
> 
> Queued, thanks.  I looked at

Thanks.

> https://gitlab.com/qemu-project/qemu/-/issues/2571 and I think it's caused
> by the ignore_msrs=1 parameter on the KVM kernel module.

Thanks again.

> 
> However, can you look into adding new CPUID_SVM_* bits?

I normally pickup bits when it is added in kernel/kvm. Are you thinking of
any specific bits here?
Thanks
Babu

Re: [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Paolo Bonzini]

On Mon, Oct 28, 2024 at 3:23 PM Moger, Babu <babu.moger@amd.com> wrote:
>
> Hi Paolo,
>
> On 10/28/24 03:37, Paolo Bonzini wrote:
> > On 10/25/24 00:18, Babu Moger wrote:
> >>
> >> This series adds the support for following features in qemu.
> >> 1. RAS feature bits (SUCCOR, McaOverflowRecov)
> >> 2. perfmon-v2
> >> 3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
> >> 4. Support for bits related to SRSO (sbpb, ibpb-brtype,
> >> srso-user-kernel-no)
> >> 5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
> >>     to address CPUID enforcement requirement in Turin platforms.
> >> 6. Add support for EPYC-Turin.
> >
> > Queued, thanks.  I looked at
>
> Thanks.
>
> > https://gitlab.com/qemu-project/qemu/-/issues/2571 and I think it's caused
> > by the ignore_msrs=1 parameter on the KVM kernel module.
>
> Thanks again.
>
> >
> > However, can you look into adding new CPUID_SVM_* bits?
>
> I normally pickup bits when it is added in kernel/kvm. Are you thinking of
> any specific bits here?

Yes, KVM already supports vGIF, virtual VMLOAD/VMSAVE, virtual TSC
rate MSR, vNMI, virtual LBR, virtual pause filter and virtual pause
filter threshold.

Paolo

Re: [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Moger, Babu]

On 10/28/24 09:25, Paolo Bonzini wrote:
> On Mon, Oct 28, 2024 at 3:23 PM Moger, Babu <babu.moger@amd.com> wrote:
>>
>> Hi Paolo,
>>
>> On 10/28/24 03:37, Paolo Bonzini wrote:
>>> On 10/25/24 00:18, Babu Moger wrote:
>>>>
>>>> This series adds the support for following features in qemu.
>>>> 1. RAS feature bits (SUCCOR, McaOverflowRecov)
>>>> 2. perfmon-v2
>>>> 3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
>>>> 4. Support for bits related to SRSO (sbpb, ibpb-brtype,
>>>> srso-user-kernel-no)
>>>> 5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
>>>>     to address CPUID enforcement requirement in Turin platforms.
>>>> 6. Add support for EPYC-Turin.
>>>
>>> Queued, thanks.  I looked at
>>
>> Thanks.
>>
>>> https://gitlab.com/qemu-project/qemu/-/issues/2571 and I think it's caused
>>> by the ignore_msrs=1 parameter on the KVM kernel module.
>>
>> Thanks again.
>>
>>>
>>> However, can you look into adding new CPUID_SVM_* bits?
>>
>> I normally pickup bits when it is added in kernel/kvm. Are you thinking of
>> any specific bits here?
> 
> Yes, KVM already supports vGIF, virtual VMLOAD/VMSAVE, virtual TSC
> rate MSR, vNMI, virtual LBR, virtual pause filter and virtual pause
> filter threshold.

Oh ok. Sure. I will look into this.
-- 
Thanks
Babu Moger

Re: [PATCH v3 0/7] target/i386: Add support for perfmon-v2, RAS bits and EPYC-Turin CPU model

[Paolo Bonzini]

On 10/25/24 00:18, Babu Moger wrote:
> 
> This series adds the support for following features in qemu.
> 1. RAS feature bits (SUCCOR, McaOverflowRecov)
> 2. perfmon-v2
> 3. Update EPYC-Genoa to support perfmon-v2 and RAS bits
> 4. Support for bits related to SRSO (sbpb, ibpb-brtype, srso-user-kernel-no)
> 5. Added support for feature bits CPUID_Fn80000021_EAX/CPUID_Fn80000021_EBX
>     to address CPUID enforcement requirement in Turin platforms.
> 6. Add support for EPYC-Turin.

Queued the following

- target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit
- target/i386: Add PerfMonV2 feature bit
- target/i386: Expose bits related to SRSO vulnerability
- target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX

I am leaving out the CPU model updates so that they are updated just 
once instead of twice (especially Turin should have the right CPUID bits 
for nested SVM).

Paolo