>>> On 16.05.18 at 19:27, <andrew.coop...@citrix.com> wrote:
> c/s 62b187969 "x86: further CPUID handling adjustments" make some adjustments.
> However, it breaks levelling of guests, making it impossible for the toolstack
> to hide STIBP or IBPB from guests on hardware with up-to-date microcode.
> 
> The dom0 issue referenced in the commit message was fixed by the hunk
> adjusting the zeroing alone.  STIBP and IBPB don't need (and indeed, must not
> be for levelling purposes) OR'd into the leaf.
> 
> One final item which was missed in backport was the need to ignore the
> toolstack choice of STIBP, and set it equal to IBRSB.  This needs doing after
> the mask has been applied.
> 
> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>

What about the patch below instead? This then allows the tool stack to override
STIBP independent of IBRSB.

Jan

x86: correct "further CPUID handling adjustments"

Commit 62b187969 "x86: further CPUID handling adjustments" went too far,
breaking feature levelling of DomU-s. Restrict the PV overrides to just
Dom0 and undo the HVM overrides.

Reported-by: Andrew Cooper <andrew.coop...@citrix.com>
Signed-off-by: Jan Beulich <jbeul...@suse.com>

--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3587,7 +3587,6 @@ void hvm_cpuid(unsigned int input, unsig
 
             *ecx &= hvm_featureset[FEATURESET_7c0];
 
-            *edx |= cpufeat_mask(X86_FEATURE_STIBP);
             *edx &= hvm_featureset[FEATURESET_7d0];
 
             /* Don't expose HAP-only features to non-hap guests. */
@@ -3761,7 +3760,6 @@ void hvm_cpuid(unsigned int input, unsig
         hvm_cpuid(0x80000001, NULL, NULL, NULL, &_edx);
         *eax |= (_edx & cpufeat_mask(X86_FEATURE_LM) ? vaddr_bits : 32) << 8;
 
-        *ebx |= cpufeat_mask(X86_FEATURE_IBPB);
         *ebx &= hvm_featureset[FEATURESET_e8b];
         break;
     }
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1156,7 +1156,8 @@ void pv_cpuid(struct cpu_user_regs *regs
 
             c &= pv_featureset[FEATURESET_7c0];
 
-            d |= cpufeat_mask(X86_FEATURE_STIBP);
+            if ( is_hardware_domain(currd) || is_control_domain(currd) )
+                d |= cpufeat_mask(X86_FEATURE_STIBP);
             d &= pv_featureset[FEATURESET_7d0];
 
             if ( !is_pvh_domain(currd) )
@@ -1271,7 +1272,8 @@ void pv_cpuid(struct cpu_user_regs *regs
 
     case 0x80000008:
         a = paddr_bits | (vaddr_bits << 8);
-        b |= cpufeat_mask(X86_FEATURE_IBPB);
+        if ( is_hardware_domain(currd) || is_control_domain(currd) )
+            b |= cpufeat_mask(X86_FEATURE_IBPB);
         b &= pv_featureset[FEATURESET_e8b];
         break;
 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to