From patchwork Fri Apr 14 06:25:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Gao X-Patchwork-Id: 83252 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp177450vqo; Thu, 13 Apr 2023 23:49:13 -0700 (PDT) X-Google-Smtp-Source: AKy350adR2ZE2LrKQssD5/AGV/QR1icZF1fIhi81qSXMelct13ES8Xqcdm111OQrU5QJJnK/lOvC X-Received: by 2002:a05:6a00:148d:b0:63b:64a6:571 with SMTP id v13-20020a056a00148d00b0063b64a60571mr2227457pfu.29.1681454952879; Thu, 13 Apr 2023 23:49:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681454952; cv=none; d=google.com; s=arc-20160816; b=pdlZnQtwGu2pE3xPBSMvcECXsUDp1y6Mr8v1zDELXguk1gbM23fTihFemCj+bBhFSR f01rIh1CZMOU8V81EHjzP/MuMG0YGIXMm20edPYESz9xgLEMj0TNlnUDerLl6QDR2AtK VfSJW1OcHUJrwe+RyT2RuBM3qRML3om9WMoMzDSVhsE0/IbfMZZpiW76uZoccxwAHaCh rxIeILc6HmwHqDr3K500yr26sLiKV5FrRZFdch2ErriWII6V0ilAeDw92D0XLJeoGiQS crr9kSozS/hMYW0LEdwllyKBCR4ixQWEbEDv6yTYZILKlnjWnzJQa1wsDsDr7+CUmXvy 0wyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=E9phkZuVgjiMxUb7rNRSqh7lPmTFv0eMVPfZJFSTem0=; b=o8yWpcH6p+UpDVE8nwVPO+JiIy8joNYgD5zKAANaGOtcsvlyvgsMm/aG6PhQZs8CDA xJ1qMThqsiSIdCvxbKYPfWqaHUUtTIZeMSO+cX9QqmPz7h+ZWqgBL7EMaWq0qy1nDwc8 5EansG0mdg2UjD5+D+viemFqNR6OdeJJMLgQFD9I/51DI74FKA1m/pY2z8OoemxqLJ/h gcI8vQN8v4EGtJspNHHJqTMzdOGe8PrEmxwVEMe72K76UdYpZVFboUUT5Ia47ZfJXqkL K/v/aS2Jr1SSHFLhXkn5afb7NN61IuQ4Lc8q2sd6H3UBTUVXm6wRuXZzT4XiiRi1mx/s 2VjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QGFqjePA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v18-20020aa799d2000000b00624ac1abef6si3646433pfi.218.2023.04.13.23.49.00; Thu, 13 Apr 2023 23:49:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QGFqjePA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230083AbjDNG0Q (ORCPT + 99 others); Fri, 14 Apr 2023 02:26:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230030AbjDNG0M (ORCPT ); Fri, 14 Apr 2023 02:26:12 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D17A16A5B; Thu, 13 Apr 2023 23:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1681453570; x=1712989570; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ygndTyg8hBNkzZXLP9ZLaPaNVa47s+9GCJKETWJ9QoU=; b=QGFqjePAAt5qwMDE+NIMT6WKOaIFtxXMqi8MBPltefwOO3TSKkZCyJUW UdVOijYxb+AUcyVecuIabkoIKFSIw4zyrKUs98Zhi/imQJbVC1oIRFPpm roMG39CS6A1jClhWe192H+j3JoHuj1PJG4ma9O//P4Ebqem98odiLiqsB QtscPmvhOxXrZNAlBmDMOVYZE1MRu+fOLjodYpC+iSBBepRTYjBqsB2fv 2k/7FpGaWcTUy73xMsW96Bj/RqZWSP48DYFPLX8pTtB4jqsQR5vn4+PaJ oX+4D+1HsnMbZUVzsXakPHhaUtkjJvQx6laMo91cz3YUXLoYlyEBttznj A==; X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="341892686" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="341892686" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2023 23:26:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10679"; a="935885803" X-IronPort-AV: E=Sophos;i="5.99,195,1677571200"; d="scan'208";a="935885803" Received: from spr.sh.intel.com ([10.239.53.106]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2023 23:26:04 -0700 From: Chao Gao To: kvm@vger.kernel.org Cc: Jiaan Lu , Zhang Chen , Chao Gao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Pawan Gupta , Daniel Sneddon , Sandipan Das , Nikunj A Dadhania , Arnaldo Carvalho de Melo , linux-kernel@vger.kernel.org Subject: [RFC PATCH v2 01/11] x86/msr-index: Add bit definitions for BHI_DIS_S and BHI_NO Date: Fri, 14 Apr 2023 14:25:22 +0800 Message-Id: <20230414062545.270178-2-chao.gao@intel.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230414062545.270178-1-chao.gao@intel.com> References: <20230414062545.270178-1-chao.gao@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1763133308531519037?= X-GMAIL-MSGID: =?utf-8?q?1763133308531519037?= From: Zhang Chen To ensure VM migration from a system where software mitigation works to a system where it doesn't won't harm guest's security level, KVM must mitigate BHI attacks for guests since migration is transparent to guests and guests won't and can't react to VM migration. For example, simple BHB clear sequence [1] is effective in mitigating BHI attacks on processors prior to Alder Lake, but it is not on Alder Lake. Guests migrated from prior to Alder Lake host to Alder Lake host become vulnerable to BHI attacks even if the simmple BHB clear sequence is deployed. In this case, KVM can enable hardware mitigation for guests by setting BHI_DIS_S bit of IA32_SPEC_CTRL MSR. Define the SPEC_CTRL_BHI_DIS_S of IA32_SPEC_CTRL MSR and BHI_NO bits in arch_capabilities, which will be used by KVM later. [1]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html#inpage-nav-2-4 Signed-off-by: Zhang Chen Co-developed-by: Chao Gao Signed-off-by: Chao Gao Tested-by: Jiaan Lu --- arch/x86/include/asm/msr-index.h | 8 +++++++- tools/arch/x86/include/asm/msr-index.h | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index ad35355ee43e..60b25d87b82c 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -48,8 +48,10 @@ #define SPEC_CTRL_STIBP BIT(SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ #define SPEC_CTRL_SSBD BIT(SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ -#define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior */ +#define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior in supervisor mode */ #define SPEC_CTRL_RRSBA_DIS_S BIT(SPEC_CTRL_RRSBA_DIS_S_SHIFT) +#define SPEC_CTRL_BHI_DIS_S_SHIFT 10 /* Disable BHI behavior in supervisor mode */ +#define SPEC_CTRL_BHI_DIS_S BIT(SPEC_CTRL_BHI_DIS_S_SHIFT) /* A mask for bits which the kernel toggles when controlling mitigations */ #define SPEC_CTRL_MITIGATIONS_MASK (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD \ @@ -151,6 +153,10 @@ * are restricted to targets in * kernel. */ +#define ARCH_CAP_BHI_NO BIT(20) /* + * Not susceptible to Branch History + * Injection. + */ #define ARCH_CAP_PBRSB_NO BIT(24) /* * Not susceptible to Post-Barrier * Return Stack Buffer Predictions. diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h index ad35355ee43e..6079a5fdb40b 100644 --- a/tools/arch/x86/include/asm/msr-index.h +++ b/tools/arch/x86/include/asm/msr-index.h @@ -48,8 +48,10 @@ #define SPEC_CTRL_STIBP BIT(SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ #define SPEC_CTRL_SSBD BIT(SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ -#define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior */ +#define SPEC_CTRL_RRSBA_DIS_S_SHIFT 6 /* Disable RRSBA behavior in supervisor mode */ #define SPEC_CTRL_RRSBA_DIS_S BIT(SPEC_CTRL_RRSBA_DIS_S_SHIFT) +#define SPEC_CTRL_BHI_DIS_S_SHIFT 10 /* Disable BHI behavior in supervisor mode */ +#define SPEC_CTRL_BHI_DIS_S BIT(SPEC_CTRL_BHI_DIS_S_SHIFT) /* A mask for bits which the kernel toggles when controlling mitigations */ #define SPEC_CTRL_MITIGATIONS_MASK (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD \ @@ -151,6 +153,10 @@ * are restricted to targets in * kernel. */ +#define ARCH_CAP_BHI_NO BIT(20) /* + * Not susceptible to Branch History + * Injection. + */ #define ARCH_CAP_PBRSB_NO BIT(24) /* * Not susceptible to Post-Barrier * Return Stack Buffer Predictions.