File xsa435-0-36.patch of Package xen.32200
From ce8c930851a5ca21c4e70f83be7e8b290ce1b519 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 12 May 2023 18:50:59 +0100
Subject: x86/cpu-policy: MSR_ARCH_CAPS feature names
Seed the default visibility from the dom0 special case, which for the most
part just exposes the *_NO bits. EIBRS is the one non-*_NO bit, which is
"just" a status bit to the guest indicating a change in implemention of IBRS
which is already fully supported.
Insert a block dependency from the ARCH_CAPS CPUID bit to the entire content
of the MSR. This is because MSRs have no structure information similar to
CPUID, and used by x86_cpu_policy_clear_out_of_range_leaves(), in order to
bulk-clear inaccessable words.
The overall CPUID bit is still max-only, so all of MSR_ARCH_CAPS is hidden in
the default policies.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/tools/misc/xen-cpuid.c
+++ b/tools/misc/xen-cpuid.c
@@ -204,6 +204,19 @@ static const char *str_m10Al[32] =
static const char *str_m10Al[32] =
{
+ [ 0] = "rdcl-no", [ 1] = "eibrs",
+ [ 2] = "rsba", [ 3] = "skip-l1dfl",
+ [ 4] = "intel-ssb-no", [ 5] = "mds-no",
+ [ 6] = "if-pschange-mc-no", [ 7] = "tsx-ctrl",
+ [ 8] = "taa-no", [ 9] = "mcu-ctrl",
+ [10] = "misc-pkg-ctrl", [11] = "energy-ctrl",
+ [12] = "doitm", [13] = "sbdr-ssdp-no",
+ [14] = "fbsdp-no", [15] = "psdp-no",
+ /* 16 */ [17] = "fb-clear",
+ [18] = "fb-clear-ctrl", [19] = "rrsba",
+ [20] = "bhi-no", [21] = "xapic-status",
+ /* 22 */ [23] = "ovrclk-status",
+ [24] = "pbrsb-no",
};
static const char *str_m10Ah[32] =
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -282,6 +282,29 @@ XEN_CPUFEATURE(MCDT_NO, 13*32
/* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */
/* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.eax, word 16 */
+XEN_CPUFEATURE(RDCL_NO, 16*32+ 0) /*A No Rogue Data Cache Load (Meltdown) */
+XEN_CPUFEATURE(EIBRS, 16*32+ 1) /*A Enhanced IBRS */
+XEN_CPUFEATURE(RSBA, 16*32+ 2) /*!A RSB Alternative (Retpoline not safe) */
+XEN_CPUFEATURE(SKIP_L1DFL, 16*32+ 3) /* Don't need to flush L1D on VMEntry */
+XEN_CPUFEATURE(INTEL_SSB_NO, 16*32+ 4) /*A No Speculative Store Bypass */
+XEN_CPUFEATURE(MDS_NO, 16*32+ 5) /*A No Microarchitectural Data Sampling */
+XEN_CPUFEATURE(IF_PSCHANGE_MC_NO, 16*32+ 6) /*A No Instruction fetch #MC */
+XEN_CPUFEATURE(TSX_CTRL, 16*32+ 7) /* MSR_TSX_CTRL */
+XEN_CPUFEATURE(TAA_NO, 16*32+ 8) /*A No TSX Async Abort */
+XEN_CPUFEATURE(MCU_CTRL, 16*32+ 9) /* MSR_MCU_CTRL */
+XEN_CPUFEATURE(MISC_PKG_CTRL, 16*32+10) /* MSR_MISC_PKG_CTRL */
+XEN_CPUFEATURE(ENERGY_FILTERING, 16*32+11) /* MSR_MISC_PKG_CTRL.ENERGY_FILTERING */
+XEN_CPUFEATURE(DOITM, 16*32+12) /* Data Operand Invariant Timing Mode */
+XEN_CPUFEATURE(SBDR_SSDP_NO, 16*32+13) /*A No Shared Buffer Data Read or Sideband Stale Data Propagation */
+XEN_CPUFEATURE(FBSDP_NO, 16*32+14) /*A No Fill Buffer Stale Data Propagation */
+XEN_CPUFEATURE(PSDP_NO, 16*32+15) /*A No Primary Stale Data Propagation */
+XEN_CPUFEATURE(FB_CLEAR, 16*32+17) /*A Fill Buffers cleared by VERW */
+XEN_CPUFEATURE(FB_CLEAR_CTRL, 16*32+18) /* MSR_OPT_CPU_CTRL.FB_CLEAR_DIS */
+XEN_CPUFEATURE(RRSBA, 16*32+19) /*!A Restricted RSB Alternative */
+XEN_CPUFEATURE(BHI_NO, 16*32+20) /*A No Branch History Injection */
+XEN_CPUFEATURE(XAPIC_STATUS, 16*32+21) /* MSR_XAPIC_DISABLE_STATUS */
+XEN_CPUFEATURE(OVRCLK_STATUS, 16*32+23) /* MSR_OVERCLOCKING_STATUS */
+XEN_CPUFEATURE(PBRSB_NO, 16*32+24) /*A No Post-Barrier RSB predictions */
/* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.edx, word 17 */
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -300,6 +300,9 @@ def crunch_numbers(state):
# as dependent features simplifies Xen's logic, and prevents the guest
# from seeing implausible configurations.
IBRSB: [STIBP, SSBD, INTEL_PSFD],
+
+ # The ARCH_CAPS CPUID bit enumerates the availability of the whole register.
+ ARCH_CAPS: list(range(RDCL_NO, RDCL_NO + 64)),
}
deep_features = tuple(sorted(deps.keys()))
