File xsa297-0b.patch of Package xen.11298
x86/boot: Detect the firmware SMT setting correctly on Intel hardware
While boot_cpu_data.x86_num_siblings is an accurate value to use on AMD
hardware, it isn't on Intel when the user has disabled Hyperthreading in the
firmware. As a result, a user which has chosen to disable HT still gets
nagged on L1TF-vulnerable hardware when they haven't chosen an explicit
smt=<bool> setting.
Make use of the largely-undocumented MSR_INTEL_CORE_THREAD_COUNT which in
practice exists since Nehalem, when booting on real hardware. Fall back to
using the ACPI table APIC IDs.
While adjusting this logic, fix a latent bug in amd_get_topology(). The
thread count field in CPUID.0x8000001e.ebx is documented as 8 bits wide,
rather than 2 bits wide.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -412,7 +412,7 @@ static void __devinit amd_get_topology(s
u32 eax, ebx, ecx, edx;
cpuid(0x8000001e, &eax, &ebx, &ecx, &edx);
- c->x86_num_siblings = ((ebx >> 8) & 0x3) + 1;
+ c->x86_num_siblings = ((ebx >> 8) & 0xff) + 1;
if (c->x86 < 0x17)
c->compute_unit_id = ebx & 0xFF;
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -318,6 +318,45 @@ static void __init print_details(enum in
opt_pv_l1tf & OPT_PV_L1TF_DOMU ? "enabled" : "disabled");
}
+static bool_t __init check_smt_enabled(void)
+{
+ uint64_t val;
+ unsigned int cpu;
+
+ /*
+ * x86_num_siblings defaults to 1 in the absence of other information, and
+ * is adjusted based on other topology information found in CPUID leaves.
+ *
+ * On AMD hardware, it will be the current SMT configuration. On Intel
+ * hardware, it will represent the maximum capability, rather than the
+ * current configuration.
+ */
+ if ( boot_cpu_data.x86_num_siblings < 2 )
+ return 0;
+
+ /*
+ * Intel Nehalem and later hardware does have an MSR which reports the
+ * current count of cores/threads in the package.
+ *
+ * At the time of writing, it is almost completely undocumented, so isn't
+ * virtualised reliably.
+ */
+ if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && !cpu_has_hypervisor &&
+ !rdmsr_safe(MSR_INTEL_CORE_THREAD_COUNT, val) )
+ return (MASK_EXTR(val, MSR_CTC_CORE_MASK) !=
+ MASK_EXTR(val, MSR_CTC_THREAD_MASK));
+
+ /*
+ * Search over the CPUs reported in the ACPI tables. Any whose APIC ID
+ * has a non-zero thread id component indicates that SMT is active.
+ */
+ for_each_present_cpu ( cpu )
+ if ( x86_cpu_to_apicid[cpu] & (boot_cpu_data.x86_num_siblings - 1) )
+ return 1;
+
+ return 0;
+}
+
/* Calculate whether Retpoline is known-safe on this CPU. */
static bool_t __init __maybe_unused retpoline_safe(void)
{
@@ -616,7 +655,9 @@ static __init void l1tf_calculations(voi
void __init init_speculation_mitigations(void)
{
enum ind_thunk thunk = THUNK_DEFAULT;
- bool_t use_spec_ctrl = 0, ibrs = 0;
+ bool_t use_spec_ctrl = 0, ibrs = 0, hw_smt_enabled;
+
+ hw_smt_enabled = check_smt_enabled();
/*
* Has the user specified any custom BTI mitigations? If so, follow their
@@ -789,8 +830,7 @@ void __init init_speculation_mitigations
* However, if we are on affected hardware, with HT enabled, and the user
* hasn't explicitly chosen whether to use HT or not, nag them to do so.
*/
- if ( opt_smt == -1 && cpu_has_bug_l1tf &&
- boot_cpu_data.x86_num_siblings > 1 )
+ if ( opt_smt == -1 && cpu_has_bug_l1tf && hw_smt_enabled )
printk("**************************************************************\n"
"* Booted on L1TF-vulnerable hardware with SMT/Hyperthreading *\n"
"* enabled. Please assess your configuration and choose an *\n"
