From: Ashok Raj <ashok.raj@intel.com>
To: linux-kernel@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Tim Chen <tim.c.chen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg KH <gregkh@linuxfoundation.org>
Cc: Ashok Raj <ashok.raj@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Andi Kleen <ak@linux.intel.com>,
Arjan Van De Ven <arjan.van.de.ven@intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Peter Zijlstra <peterz@infradead.org>,
Dan Williams <dan.j.williams@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jun Nakajima <jun.nakajima@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>
Subject: [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier
Date: Thu, 11 Jan 2018 17:32:19 -0800 [thread overview]
Message-ID: <1515720739-43819-6-git-send-email-ashok.raj@intel.com> (raw)
In-Reply-To: <1515720739-43819-1-git-send-email-ashok.raj@intel.com>
cpuid ax=0x7, return rdx bit 26 to indicate presence of both
IA32_SPEC_CTRL(MSR 0x48) and IA32_PRED_CMD(MSR 0x49)
BIT0: Indirect Branch Prediction Barrier
When this MSR is written with IBPB=1 it ensures that earlier code's behavior
doesn't control later indirect branch predictions.
Note this MSR is only writable and does not carry any state. Its a barrier
so the code should perform a wrmsr when the barrier is needed.
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 3 +++
arch/x86/kernel/cpu/spec_ctrl.c | 7 +++++++
arch/x86/kvm/svm.c | 16 ++++++++++++++++
arch/x86/kvm/vmx.c | 10 ++++++++++
5 files changed, 37 insertions(+)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 624b58e..52f37fc 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -213,6 +213,7 @@
#define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */
#define X86_FEATURE_SPEC_CTRL ( 7*32+19) /* Speculation Control */
#define X86_FEATURE_SPEC_CTRL_IBRS ( 7*32+20) /* Speculation Control, use IBRS */
+#define X86_FEATURE_PRED_CMD ( 7*32+21) /* Indirect Branch Prediction Barrier */
/* Virtualization flags: Linux defined, word 8 */
#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 3e1cb18..1888e19 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -46,6 +46,9 @@
#define SPEC_CTRL_DISABLE_IBRS (0 << 0)
#define SPEC_CTRL_ENABLE_IBRS (1 << 0)
+#define MSR_IA32_PRED_CMD 0x00000049
+#define FEATURE_SET_IBPB (1<<0)
+
#define MSR_IA32_PERFCTR0 0x000000c1
#define MSR_IA32_PERFCTR1 0x000000c2
#define MSR_FSB_FREQ 0x000000cd
diff --git a/arch/x86/kernel/cpu/spec_ctrl.c b/arch/x86/kernel/cpu/spec_ctrl.c
index 02fc630..6cfec19 100644
--- a/arch/x86/kernel/cpu/spec_ctrl.c
+++ b/arch/x86/kernel/cpu/spec_ctrl.c
@@ -15,6 +15,13 @@ void spec_ctrl_scan_feature(struct cpuinfo_x86 *c)
if (!c->cpu_index)
static_branch_enable(&spec_ctrl_dynamic_ibrs);
}
+ /*
+ * For Intel CPU's this MSR is shared the same cpuid
+ * enumeration. When MSR_IA32_SPEC_CTRL is present
+ * MSR_IA32_SPEC_CTRL is also available
+ * TBD: AMD might have a separate enumeration for each.
+ */
+ set_cpu_cap(c, X86_FEATURE_PRED_CMD);
}
}
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 7c14471a..36924c9 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -251,6 +251,7 @@ static const struct svm_direct_access_msrs {
{ .index = MSR_SYSCALL_MASK, .always = true },
#endif
{ .index = MSR_IA32_SPEC_CTRL, .always = true },
+ { .index = MSR_IA32_PRED_CMD, .always = false },
{ .index = MSR_IA32_LASTBRANCHFROMIP, .always = false },
{ .index = MSR_IA32_LASTBRANCHTOIP, .always = false },
{ .index = MSR_IA32_LASTINTFROMIP, .always = false },
@@ -531,6 +532,7 @@ struct svm_cpu_data {
struct kvm_ldttss_desc *tss_desc;
struct page *save_area;
+ struct vmcb *current_vmcb;
};
static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
@@ -923,6 +925,8 @@ static void svm_vcpu_init_msrpm(u32 *msrpm)
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
set_msr_interception(msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
+ if (boot_cpu_has(X86_FEATURE_PRED_CMD))
+ set_msr_interception(msrpm, MSR_IA32_PRED_CMD, 1, 1);
}
static void add_msr_offset(u32 offset)
@@ -1711,11 +1715,18 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu)
__free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
kvm_vcpu_uninit(vcpu);
kmem_cache_free(kvm_vcpu_cache, svm);
+ /*
+ * The VMCB could be recycled, causing a false negative in svm_vcpu_load;
+ * block speculative execution.
+ */
+ if (boot_cpu_has(X86_FEATURE_PRED_CMD))
+ native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
}
static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
+ struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
int i;
if (unlikely(cpu != vcpu->cpu)) {
@@ -1744,6 +1755,11 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
if (static_cpu_has(X86_FEATURE_RDTSCP))
wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
+ if (sd->current_vmcb != svm->vmcb) {
+ sd->current_vmcb = svm->vmcb;
+ if (boot_cpu_has(X86_FEATURE_PRED_CMD))
+ native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
+ }
avic_vcpu_load(vcpu, cpu);
}
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 1913896..caeb9ff 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -2280,6 +2280,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) {
per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
vmcs_load(vmx->loaded_vmcs->vmcs);
+ if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+ native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
}
if (!already_loaded) {
@@ -3837,6 +3839,12 @@ static void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
free_vmcs(loaded_vmcs->vmcs);
loaded_vmcs->vmcs = NULL;
WARN_ON(loaded_vmcs->shadow_vmcs != NULL);
+ /*
+ * The VMCS could be recycled, causing a false negative in vmx_vcpu_load
+ * block speculative execution.
+ */
+ if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+ native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
}
static void free_kvm_area(void)
@@ -6804,6 +6812,8 @@ static __init int hardware_setup(void)
*/
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
vmx_disable_intercept_for_msr(MSR_IA32_SPEC_CTRL, false);
+ if (boot_cpu_has(X86_FEATURE_PRED_CMD))
+ vmx_disable_intercept_for_msr(MSR_IA32_PRED_CMD, false);
vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
--
2.7.4
next prev parent reply other threads:[~2018-01-12 1:32 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-12 1:32 [PATCH 0/5] Add support for IBRS & IBPB KVM support Ashok Raj
2018-01-12 1:32 ` [PATCH 1/5] x86/ibrs: Introduce native_rdmsrl, and native_wrmsrl Ashok Raj
2018-01-12 1:41 ` Andy Lutomirski
2018-01-12 1:52 ` Raj, Ashok
2018-01-12 2:20 ` Andy Lutomirski
2018-01-12 3:01 ` Raj, Ashok
2018-01-12 5:03 ` Dave Hansen
2018-01-12 16:28 ` Josh Poimboeuf
2018-01-12 16:28 ` Woodhouse, David
2018-01-13 6:20 ` Andy Lutomirski
2018-01-13 13:52 ` Van De Ven, Arjan
2018-01-13 15:20 ` Andy Lutomirski
2018-01-13 6:19 ` Andy Lutomirski
2018-01-12 7:54 ` Greg KH
2018-01-12 12:28 ` Borislav Petkov
2018-01-12 1:32 ` [PATCH 2/5] x86/ibrs: Add new helper macros to save/restore MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 1:32 ` [PATCH 3/5] x86/ibrs: Add direct access support for MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 1:58 ` Dave Hansen
2018-01-12 3:14 ` Raj, Ashok
2018-01-12 9:51 ` Peter Zijlstra
2018-01-12 10:09 ` David Woodhouse
2018-01-15 13:45 ` Peter Zijlstra
2018-01-15 13:59 ` David Woodhouse
2018-01-15 14:45 ` Peter Zijlstra
2018-01-12 1:32 ` [PATCH 4/5] x86/svm: Direct access to MSR_IA32_SPEC_CTRL Ashok Raj
2018-01-12 7:23 ` David Woodhouse
2018-01-12 9:58 ` Peter Zijlstra
2018-01-12 10:13 ` David Woodhouse
2018-01-12 12:38 ` Paolo Bonzini
2018-01-12 15:14 ` Tom Lendacky
2018-01-12 1:32 ` Ashok Raj [this message]
2018-01-12 10:08 ` [PATCH 5/5] x86/feature: Detect the x86 feature Indirect Branch Prediction Barrier Peter Zijlstra
2018-01-12 12:32 ` Borislav Petkov
2018-01-12 12:39 ` Woodhouse, David
2018-01-12 15:21 ` Tom Lendacky
2018-01-12 15:31 ` Tom Lendacky
2018-01-12 15:36 ` Woodhouse, David
2018-01-12 17:06 ` Tom Lendacky
2018-02-01 21:59 [PATCH v6 0/5] KVM: Expose speculation control feature to guests KarimAllah Ahmed
2018-02-01 21:59 ` KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KarimAllah Ahmed
2018-02-02 17:37 ` Jim Mattson
2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 2/5] KVM: x86: Add IBPB support KarimAllah Ahmed
2018-02-02 17:49 ` Konrad Rzeszutek Wilk
2018-02-02 18:02 ` David Woodhouse
2018-02-02 18:02 ` David Woodhouse
2018-02-02 19:56 ` Konrad Rzeszutek Wilk
2018-02-02 20:16 ` David Woodhouse
2018-02-02 20:16 ` David Woodhouse
2018-02-02 20:28 ` Konrad Rzeszutek Wilk
2018-02-02 20:31 ` David Woodhouse
2018-02-02 20:31 ` David Woodhouse
2018-02-02 20:52 ` Konrad Rzeszutek Wilk
2018-02-02 20:52 ` Alan Cox
2018-02-05 19:22 ` Paolo Bonzini
2018-02-05 19:24 ` Paolo Bonzini
2018-02-03 22:50 ` [tip:x86/pti] KVM/x86: " tip-bot for Ashok Raj
2018-02-16 3:44 ` [PATCH v6 2/5] KVM: x86: " Jim Mattson
2018-02-16 4:22 ` Andi Kleen
2018-05-03 1:27 ` Wanpeng Li
2018-05-03 9:19 ` Paolo Bonzini
2018-05-03 12:01 ` Wanpeng Li
2018-05-03 12:46 ` Tian, Kevin
2018-02-01 21:59 ` [PATCH v6 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KarimAllah Ahmed
2018-02-02 10:53 ` Darren Kenny
2018-02-02 17:35 ` Jim Mattson
2018-02-02 17:51 ` Konrad Rzeszutek Wilk
2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL KarimAllah Ahmed
2018-02-02 11:03 ` Darren Kenny
2018-02-02 11:27 ` David Woodhouse
2018-02-02 11:27 ` David Woodhouse
2018-02-02 17:53 ` Konrad Rzeszutek Wilk
2018-02-02 18:05 ` David Woodhouse
2018-02-02 18:19 ` Konrad Rzeszutek Wilk
2018-02-02 17:57 ` Jim Mattson
2018-02-03 22:51 ` [tip:x86/pti] KVM/VMX: " tip-bot for KarimAllah Ahmed
2018-02-01 21:59 ` [PATCH v6 5/5] KVM: SVM: " KarimAllah Ahmed
2018-02-02 11:06 ` Darren Kenny
2018-02-02 18:02 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515720739-43819-6-git-send-email-ashok.raj@intel.com \
--to=ashok.raj@intel.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=asit.k.mallick@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jun.nakajima@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.