File 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch of Package xen
# Commit 17f74242ccf0ce6e51c03a5860947865c0ef0dc2
# Date 2019-03-18 16:26:40 +0000
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/spec-ctrl: Extend repoline safey calcuations for eIBRS and Atom parts
All currently-released Atom processors are in practice retpoline-safe, because
they don't fall back to a BTB prediction on RSB underflow.
However, an additional meaning of Enhanced IRBS is that the processor may not
be retpoline-safe. The Gemini Lake platform, based on the Goldmont Plus
microarchitecture is the first Atom processor to support eIBRS.
Until Xen gets full eIBRS support, Gemini Lake will still be safe using
regular IBRS.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -316,8 +316,11 @@ static bool __init retpoline_safe(uint64
/*
* RSBA may be set by a hypervisor to indicate that we may move to a
* processor which isn't retpoline-safe.
+ *
+ * Processors offering Enhanced IBRS are not guarenteed to be
+ * repoline-safe.
*/
- if ( caps & ARCH_CAPS_RSBA )
+ if ( caps & (ARCH_CAPS_RSBA | ARCH_CAPS_IBRS_ALL) )
return false;
switch ( boot_cpu_data.x86_model )
@@ -377,6 +380,23 @@ static bool __init retpoline_safe(uint64
case 0x9e:
return false;
+ /*
+ * Atom processors before Goldmont Plus/Gemini Lake are retpoline-safe.
+ */
+ case 0x1c: /* Pineview */
+ case 0x26: /* Lincroft */
+ case 0x27: /* Penwell */
+ case 0x35: /* Cloverview */
+ case 0x36: /* Cedarview */
+ case 0x37: /* Baytrail / Valleyview (Silvermont) */
+ case 0x4d: /* Avaton / Rangely (Silvermont) */
+ case 0x4c: /* Cherrytrail / Brasswell */
+ case 0x4a: /* Merrifield */
+ case 0x5a: /* Moorefield */
+ case 0x5c: /* Goldmont */
+ case 0x5f: /* Denverton */
+ return true;
+
default:
printk("Unrecognised CPU model %#x - assuming not reptpoline safe\n",
boot_cpu_data.x86_model);
