[xen stable-4.10] x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen stable-4.10] x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value

patchbot
commit c9fdfbb47866a664530774e6ceb488a701a1f985
Author:     Andrew Cooper <[hidden email]>
AuthorDate: Tue May 29 09:22:27 2018 +0200
Commit:     Jan Beulich <[hidden email]>
CommitDate: Tue May 29 09:22:27 2018 +0200

    x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value
   
    With the impending ability to disable MSR_SPEC_CTRL handling on a
    per-guest-type basis, the first exit-from-guest may not have the side effect
    of loading Xen's choice of value.  Explicitly set Xen's default during the BSP
    and AP boot paths.
   
    For the BSP however, delay setting a non-zero MSR_SPEC_CTRL default until
    after dom0 has been constructed when safe to do so.  Oracle report that this
    speeds up boots of some hardware by 50s.
   
    "when safe to do so" is based on whether we are virtualised.  A native boot
    won't have any other code running in a position to mount an attack.
   
    Reported-by: Zhenzhong Duan <[hidden email]>
    Signed-off-by: Andrew Cooper <[hidden email]>
    Reviewed-by: Wei Liu <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
    master commit: cb8c12020307b39a89273d7699e89000451987ab
    master date: 2018-05-16 12:19:10 +0100
---
 xen/arch/x86/setup.c            |  7 +++++++
 xen/arch/x86/smpboot.c          |  8 ++++++++
 xen/arch/x86/spec_ctrl.c        | 32 ++++++++++++++++++++++++++++++++
 xen/include/asm-x86/spec_ctrl.h |  2 ++
 4 files changed, 49 insertions(+)

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 482fe11669..1995c4c7b1 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1746,6 +1746,13 @@ void __init noreturn __start_xen(unsigned long mbi_p)
 
     setup_io_bitmap(dom0);
 
+    if ( bsp_delay_spec_ctrl )
+    {
+        get_cpu_info()->spec_ctrl_flags &= ~SCF_use_shadow;
+        barrier();
+        wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
+    }
+
     /* Jump to the 1:1 virtual mappings of cpu0_stack. */
     asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" ::
                   [stk] "g" (__va(__pa(get_stack_bottom()))),
diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c
index f81fc2ca65..ee8b18331d 100644
--- a/xen/arch/x86/smpboot.c
+++ b/xen/arch/x86/smpboot.c
@@ -351,6 +351,14 @@ void start_secondary(void *unused)
     else
         microcode_resume_cpu(cpu);
 
+    /*
+     * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard
+     * any firmware settings.  Note: MSR_SPEC_CTRL may only become available
+     * after loading microcode.
+     */
+    if ( boot_cpu_has(X86_FEATURE_IBRSB) )
+        wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
+
     if ( xen_guest )
         hypervisor_ap_setup();
 
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index a940308142..3adec1a284 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -38,6 +38,8 @@ static int8_t __initdata opt_ibrs = -1;
 static bool __initdata opt_rsb_pv = true;
 static bool __initdata opt_rsb_hvm = true;
 bool __read_mostly opt_ibpb = true;
+
+bool __initdata bsp_delay_spec_ctrl;
 uint8_t __read_mostly default_xen_spec_ctrl;
 uint8_t __read_mostly default_spec_ctrl_flags;
 
@@ -334,6 +336,36 @@ void __init init_speculation_mitigations(void)
         setup_force_cpu_cap(X86_FEATURE_SC_MSR_IDLE);
 
     print_details(thunk, caps);
+
+    /*
+     * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard
+     * any firmware settings.  For performance reasons, when safe to do so, we
+     * delay applying non-zero settings until after dom0 has been constructed.
+     *
+     * "when safe to do so" is based on whether we are virtualised.  A native
+     * boot won't have any other code running in a position to mount an
+     * attack.
+     */
+    if ( boot_cpu_has(X86_FEATURE_IBRSB) )
+    {
+        bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl;
+
+        /*
+         * If delaying MSR_SPEC_CTRL setup, use the same mechanism as
+         * spec_ctrl_enter_idle(), by using a shadow value of zero.
+         */
+        if ( bsp_delay_spec_ctrl )
+        {
+            struct cpu_info *info = get_cpu_info();
+
+            info->shadow_spec_ctrl = 0;
+            barrier();
+            info->spec_ctrl_flags |= SCF_use_shadow;
+            barrier();
+        }
+
+        wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl);
+    }
 }
 
 static void __init __maybe_unused build_assertions(void)
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index 77f92ba586..c6a38f495d 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -27,6 +27,8 @@
 void init_speculation_mitigations(void);
 
 extern bool opt_ibpb;
+
+extern bool bsp_delay_spec_ctrl;
 extern uint8_t default_xen_spec_ctrl;
 extern uint8_t default_spec_ctrl_flags;
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.10

_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog