File xsa471-16.patch of Package xen.39650
# Commit 7c5025394dafe4b788ff9e1afc688f6becab9300
# Date 2025-07-08 15:08:08 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/cpu-policy: Rearrange guest_common_*_feature_adjustments()
Turn the if()s into switch()es, as we're going to need AMD sections.
Move the RTM adjustments into the Intel section, where they ought to live.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu-policy.c
+++ b/xen/arch/x86/cpu-policy.c
@@ -413,8 +413,9 @@ static void __init calculate_host_policy
static void __init guest_common_max_feature_adjustments(uint32_t *fs)
{
- if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL )
+ switch ( boot_cpu_data.x86_vendor )
{
+ case X86_VENDOR_INTEL:
/*
* MSR_ARCH_CAPS is just feature data, and we can offer it to guests
* unconditionally, although limit it to Intel systems as it is highly
@@ -459,28 +460,30 @@ static void __init guest_common_max_feat
boot_cpu_data.x86_model == 0x55 /* INTEL_FAM6_SKYLAKE_X */ &&
raw_cpu_policy.feat.clwb )
__set_bit(X86_FEATURE_CLWB, fs);
- }
- /*
- * To mitigate Native-BHI, one option is to use a TSX Abort on capable
- * systems. This is safe even if RTM has been disabled for other reasons
- * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to
- * know this type of information.
- *
- * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead
- * mean "XBEGIN won't fault". This is enough for a guest kernel to make
- * an informed choice WRT mitigating Native-BHI.
- *
- * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT.
- */
- if ( test_bit(X86_FEATURE_RTM, fs) )
- __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs);
+ /*
+ * To mitigate Native-BHI, one option is to use a TSX Abort on capable
+ * systems. This is safe even if RTM has been disabled for other
+ * reasons via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel
+ * doesn't get to know this type of information.
+ *
+ * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to
+ * instead mean "XBEGIN won't fault". This is enough for a guest
+ * kernel to make an informed choice WRT mitigating Native-BHI.
+ *
+ * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT.
+ */
+ if ( test_bit(X86_FEATURE_RTM, fs) )
+ __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs);
+ break;
+ }
}
static void __init guest_common_default_feature_adjustments(uint32_t *fs)
{
- if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL )
+ switch ( boot_cpu_data.x86_vendor )
{
+ case X86_VENDOR_INTEL:
/*
* IvyBridge client parts suffer from leakage of RDRAND data due to SRBDS
* (XSA-320 / CVE-2020-0543), and won't be receiving microcode to
@@ -524,21 +527,23 @@ static void __init guest_common_default_
boot_cpu_data.x86_model == 0x55 /* INTEL_FAM6_SKYLAKE_X */ &&
raw_cpu_policy.feat.clwb )
__clear_bit(X86_FEATURE_CLWB, fs);
- }
- /*
- * On certain hardware, speculative or errata workarounds can result in
- * TSX being placed in "force-abort" mode, where it doesn't actually
- * function as expected, but is technically compatible with the ISA.
- *
- * Do not advertise RTM to guests by default if it won't actually work.
- * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe
- * to use, e.g. for mitigating Native-BHI.
- */
- if ( rtm_disabled )
- {
- __clear_bit(X86_FEATURE_RTM, fs);
- __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs);
+ /*
+ * On certain hardware, speculative or errata workarounds can result
+ * in TSX being placed in "force-abort" mode, where it doesn't
+ * actually function as expected, but is technically compatible with
+ * the ISA.
+ *
+ * Do not advertise RTM to guests by default if it won't actually
+ * work. Instead, advertise RTM_ALWAYS_ABORT indicating that TSX
+ * Aborts are safe to use, e.g. for mitigating Native-BHI.
+ */
+ if ( rtm_disabled )
+ {
+ __clear_bit(X86_FEATURE_RTM, fs);
+ __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs);
+ }
+ break;
}
}
