|
Daniel P. Berrangé |
b91dae |
From 70913a1bded444b1d264c3723fca2f6a7966d667 Mon Sep 17 00:00:00 2001
|
|
Daniel P. Berrangé |
b91dae |
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
Daniel P. Berrangé |
b91dae |
Date: Mon, 21 May 2018 22:54:24 +0100
|
|
Daniel P. Berrangé |
b91dae |
Subject: [PATCH 2/3] i386: Define the Virt SSBD MSR and handling of it
|
|
Daniel P. Berrangé |
b91dae |
(CVE-2018-3639)
|
|
Daniel P. Berrangé |
b91dae |
MIME-Version: 1.0
|
|
Daniel P. Berrangé |
b91dae |
Content-Type: text/plain; charset=UTF-8
|
|
Daniel P. Berrangé |
b91dae |
Content-Transfer-Encoding: 8bit
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
"Some AMD processors only support a non-architectural means of enabling
|
|
Daniel P. Berrangé |
b91dae |
speculative store bypass disable (SSBD). To allow a simplified view of
|
|
Daniel P. Berrangé |
b91dae |
this to a guest, an architectural definition has been created through a new
|
|
Daniel P. Berrangé |
b91dae |
CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
|
|
Daniel P. Berrangé |
b91dae |
hypervisor can virtualize the existence of this definition and provide an
|
|
Daniel P. Berrangé |
b91dae |
architectural method for using SSBD to a guest.
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
Add the new CPUID feature, the new MSR and update the existing SSBD
|
|
Daniel P. Berrangé |
b91dae |
support to use this MSR when present." (from x86/speculation: Add virtualized
|
|
Daniel P. Berrangé |
b91dae |
speculative store bypass disable support in Linux).
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
Daniel P. Berrangé |
b91dae |
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Daniel P. Berrangé |
b91dae |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Daniel P. Berrangé |
b91dae |
Message-Id: <20180521215424.13520-4-berrange@redhat.com>
|
|
Daniel P. Berrangé |
b91dae |
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
|
|
Daniel P. Berrangé |
b91dae |
(cherry picked from commit cfeea0c021db6234c154dbc723730e81553924ff)
|
|
Daniel P. Berrangé |
b91dae |
---
|
|
Daniel P. Berrangé |
b91dae |
target/i386/cpu.h | 2 ++
|
|
Daniel P. Berrangé |
b91dae |
target/i386/kvm.c | 16 ++++++++++++++--
|
|
Daniel P. Berrangé |
b91dae |
target/i386/machine.c | 20 ++++++++++++++++++++
|
|
Daniel P. Berrangé |
b91dae |
3 files changed, 36 insertions(+), 2 deletions(-)
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
|
|
Daniel P. Berrangé |
b91dae |
index 970ab96e54..75e821cefe 100644
|
|
Daniel P. Berrangé |
b91dae |
--- a/target/i386/cpu.h
|
|
Daniel P. Berrangé |
b91dae |
+++ b/target/i386/cpu.h
|
|
Daniel P. Berrangé |
b91dae |
@@ -351,6 +351,7 @@ typedef enum X86Seg {
|
|
Daniel P. Berrangé |
b91dae |
#define MSR_IA32_FEATURE_CONTROL 0x0000003a
|
|
Daniel P. Berrangé |
b91dae |
#define MSR_TSC_ADJUST 0x0000003b
|
|
Daniel P. Berrangé |
b91dae |
#define MSR_IA32_SPEC_CTRL 0x48
|
|
Daniel P. Berrangé |
b91dae |
+#define MSR_VIRT_SSBD 0xc001011f
|
|
Daniel P. Berrangé |
b91dae |
#define MSR_IA32_TSCDEADLINE 0x6e0
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
#define FEATURE_CONTROL_LOCKED (1<<0)
|
|
Daniel P. Berrangé |
b91dae |
@@ -1150,6 +1151,7 @@ typedef struct CPUX86State {
|
|
Daniel P. Berrangé |
b91dae |
uint32_t pkru;
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
uint64_t spec_ctrl;
|
|
Daniel P. Berrangé |
b91dae |
+ uint64_t virt_ssbd;
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
/* End of state preserved by INIT (dummy marker). */
|
|
Daniel P. Berrangé |
b91dae |
struct {} end_init_save;
|
|
Daniel P. Berrangé |
b91dae |
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
|
|
Daniel P. Berrangé |
b91dae |
index 6c49954e68..19e6aa320d 100644
|
|
Daniel P. Berrangé |
b91dae |
--- a/target/i386/kvm.c
|
|
Daniel P. Berrangé |
b91dae |
+++ b/target/i386/kvm.c
|
|
Daniel P. Berrangé |
b91dae |
@@ -92,6 +92,7 @@ static bool has_msr_hv_stimer;
|
|
Daniel P. Berrangé |
b91dae |
static bool has_msr_hv_frequencies;
|
|
Daniel P. Berrangé |
b91dae |
static bool has_msr_xss;
|
|
Daniel P. Berrangé |
b91dae |
static bool has_msr_spec_ctrl;
|
|
Daniel P. Berrangé |
b91dae |
+static bool has_msr_virt_ssbd;
|
|
Daniel P. Berrangé |
b91dae |
static bool has_msr_smi_count;
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
static uint32_t has_architectural_pmu_version;
|
|
Daniel P. Berrangé |
b91dae |
@@ -1218,6 +1219,9 @@ static int kvm_get_supported_msrs(KVMState *s)
|
|
Daniel P. Berrangé |
b91dae |
case MSR_IA32_SPEC_CTRL:
|
|
Daniel P. Berrangé |
b91dae |
has_msr_spec_ctrl = true;
|
|
Daniel P. Berrangé |
b91dae |
break;
|
|
Daniel P. Berrangé |
b91dae |
+ case MSR_VIRT_SSBD:
|
|
Daniel P. Berrangé |
b91dae |
+ has_msr_virt_ssbd = true;
|
|
Daniel P. Berrangé |
b91dae |
+ break;
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
@@ -1706,6 +1710,10 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
|
|
Daniel P. Berrangé |
b91dae |
if (has_msr_spec_ctrl) {
|
|
Daniel P. Berrangé |
b91dae |
kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, env->spec_ctrl);
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
+ if (has_msr_virt_ssbd) {
|
|
Daniel P. Berrangé |
b91dae |
+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, env->virt_ssbd);
|
|
Daniel P. Berrangé |
b91dae |
+ }
|
|
Daniel P. Berrangé |
b91dae |
+
|
|
Daniel P. Berrangé |
b91dae |
#ifdef TARGET_X86_64
|
|
Daniel P. Berrangé |
b91dae |
if (lm_capable_kernel) {
|
|
Daniel P. Berrangé |
b91dae |
kvm_msr_entry_add(cpu, MSR_CSTAR, env->cstar);
|
|
Daniel P. Berrangé |
b91dae |
@@ -2077,8 +2085,9 @@ static int kvm_get_msrs(X86CPU *cpu)
|
|
Daniel P. Berrangé |
b91dae |
if (has_msr_spec_ctrl) {
|
|
Daniel P. Berrangé |
b91dae |
kvm_msr_entry_add(cpu, MSR_IA32_SPEC_CTRL, 0);
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
-
|
|
Daniel P. Berrangé |
b91dae |
-
|
|
Daniel P. Berrangé |
b91dae |
+ if (has_msr_virt_ssbd) {
|
|
Daniel P. Berrangé |
b91dae |
+ kvm_msr_entry_add(cpu, MSR_VIRT_SSBD, 0);
|
|
Daniel P. Berrangé |
b91dae |
+ }
|
|
Daniel P. Berrangé |
b91dae |
if (!env->tsc_valid) {
|
|
Daniel P. Berrangé |
b91dae |
kvm_msr_entry_add(cpu, MSR_IA32_TSC, 0);
|
|
Daniel P. Berrangé |
b91dae |
env->tsc_valid = !runstate_is_running();
|
|
Daniel P. Berrangé |
b91dae |
@@ -2444,6 +2453,9 @@ static int kvm_get_msrs(X86CPU *cpu)
|
|
Daniel P. Berrangé |
b91dae |
case MSR_IA32_SPEC_CTRL:
|
|
Daniel P. Berrangé |
b91dae |
env->spec_ctrl = msrs[i].data;
|
|
Daniel P. Berrangé |
b91dae |
break;
|
|
Daniel P. Berrangé |
b91dae |
+ case MSR_VIRT_SSBD:
|
|
Daniel P. Berrangé |
b91dae |
+ env->virt_ssbd = msrs[i].data;
|
|
Daniel P. Berrangé |
b91dae |
+ break;
|
|
Daniel P. Berrangé |
b91dae |
case MSR_IA32_RTIT_CTL:
|
|
Daniel P. Berrangé |
b91dae |
env->msr_rtit_ctrl = msrs[i].data;
|
|
Daniel P. Berrangé |
b91dae |
break;
|
|
Daniel P. Berrangé |
b91dae |
diff --git a/target/i386/machine.c b/target/i386/machine.c
|
|
Daniel P. Berrangé |
b91dae |
index bd2d82e91b..f0a835c292 100644
|
|
Daniel P. Berrangé |
b91dae |
--- a/target/i386/machine.c
|
|
Daniel P. Berrangé |
b91dae |
+++ b/target/i386/machine.c
|
|
Daniel P. Berrangé |
b91dae |
@@ -893,6 +893,25 @@ static const VMStateDescription vmstate_msr_intel_pt = {
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
};
|
|
Daniel P. Berrangé |
b91dae |
|
|
Daniel P. Berrangé |
b91dae |
+static bool virt_ssbd_needed(void *opaque)
|
|
Daniel P. Berrangé |
b91dae |
+{
|
|
Daniel P. Berrangé |
b91dae |
+ X86CPU *cpu = opaque;
|
|
Daniel P. Berrangé |
b91dae |
+ CPUX86State *env = &cpu->env;
|
|
Daniel P. Berrangé |
b91dae |
+
|
|
Daniel P. Berrangé |
b91dae |
+ return env->virt_ssbd != 0;
|
|
Daniel P. Berrangé |
b91dae |
+}
|
|
Daniel P. Berrangé |
b91dae |
+
|
|
Daniel P. Berrangé |
b91dae |
+static const VMStateDescription vmstate_msr_virt_ssbd = {
|
|
Daniel P. Berrangé |
b91dae |
+ .name = "cpu/virt_ssbd",
|
|
Daniel P. Berrangé |
b91dae |
+ .version_id = 1,
|
|
Daniel P. Berrangé |
b91dae |
+ .minimum_version_id = 1,
|
|
Daniel P. Berrangé |
b91dae |
+ .needed = virt_ssbd_needed,
|
|
Daniel P. Berrangé |
b91dae |
+ .fields = (VMStateField[]){
|
|
Daniel P. Berrangé |
b91dae |
+ VMSTATE_UINT64(env.virt_ssbd, X86CPU),
|
|
Daniel P. Berrangé |
b91dae |
+ VMSTATE_END_OF_LIST()
|
|
Daniel P. Berrangé |
b91dae |
+ }
|
|
Daniel P. Berrangé |
b91dae |
+};
|
|
Daniel P. Berrangé |
b91dae |
+
|
|
Daniel P. Berrangé |
b91dae |
VMStateDescription vmstate_x86_cpu = {
|
|
Daniel P. Berrangé |
b91dae |
.name = "cpu",
|
|
Daniel P. Berrangé |
b91dae |
.version_id = 12,
|
|
Daniel P. Berrangé |
b91dae |
@@ -1015,6 +1034,7 @@ VMStateDescription vmstate_x86_cpu = {
|
|
Daniel P. Berrangé |
b91dae |
&vmstate_spec_ctrl,
|
|
Daniel P. Berrangé |
b91dae |
&vmstate_mcg_ext_ctl,
|
|
Daniel P. Berrangé |
b91dae |
&vmstate_msr_intel_pt,
|
|
Daniel P. Berrangé |
b91dae |
+ &vmstate_msr_virt_ssbd,
|
|
Daniel P. Berrangé |
b91dae |
NULL
|
|
Daniel P. Berrangé |
b91dae |
}
|
|
Daniel P. Berrangé |
b91dae |
};
|
|
Daniel P. Berrangé |
b91dae |
--
|
|
Daniel P. Berrangé |
b91dae |
2.17.0
|
|
Daniel P. Berrangé |
b91dae |
|