rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ab9af75c93
qemu-kvm/SOURCES/kvm-target-i386-Expose-bits-related-to-SRSO-vulnerabilit.patch

85 lines
3.8 KiB
Diff
Raw Blame History

From 1d667a354613385b1552fdbae91799882776f908 Mon Sep 17 00:00:00 2001
From: Babu Moger <babu.moger@amd.com>
Date: Thu, 24 Oct 2024 17:18:23 -0500
Subject: [PATCH 15/57] target/i386: Expose bits related to SRSO vulnerability
RH-Author: John Allen <None>
RH-MergeRequest: 378: Update EPYC Models and Feature Bits
RH-Jira: RHEL-52649
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/8] 9a6f4126ab023269e8afb3537aaa94ae60228382 (johnalle/qemu-kvm-fork)
Add following bits related Speculative Return Stack Overflow (SRSO).
Guests can make use of these bits if supported.
These bits are reported via CPUID Fn8000_0021_EAX.
===================================================================
Bit Feature Description
===================================================================
27 SBPB Indicates support for the Selective Branch Predictor Barrier.
28 IBPB_BRTYPE MSR_PRED_CMD[IBPB] flushes all branch type predictions.
29 SRSO_NO Not vulnerable to SRSO.
30 SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary.
===================================================================
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip
Signed-off-by: Babu Moger <babu.moger@amd.com>
Link: https://lore.kernel.org/r/dadbd70c38f4e165418d193918a3747bd715c5f4.1729807947.git.babu.moger@amd.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 2ec282b8eaaddf5c136f7566b5f61d80288a2065)
JIRA: https://issues.redhat.com/browse/RHEL-52649
Signed-off-by: John Allen <johnalle@redhat.com>
---
target/i386/cpu.c | 2 +-
target/i386/cpu.h | 14 +++++++++++---
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 0a955b1c45..53069a460c 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1240,7 +1240,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
+ "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
},
.cpuid = { .eax = 0x80000021, .reg = R_EAX, },
.tcg_features = 0,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 4da9ed5930..9a16239b8e 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1028,13 +1028,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
#define CPUID_8000_0008_EBX_AMD_PSFD (1U << 28)
/* Processor ignores nested data breakpoints */
-#define CPUID_8000_0021_EAX_No_NESTED_DATA_BP (1U << 0)
+#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP (1U << 0)
/* LFENCE is always serializing */
#define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING (1U << 2)
/* Null Selector Clears Base */
-#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6)
+#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6)
/* Automatic IBRS */
-#define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8)
+#define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8)
+/* Selective Branch Predictor Barrier */
+#define CPUID_8000_0021_EAX_SBPB (1U << 27)
+/* IBPB includes branch type prediction flushing */
+#define CPUID_8000_0021_EAX_IBPB_BRTYPE (1U << 28)
+/* Not vulnerable to Speculative Return Stack Overflow */
+#define CPUID_8000_0021_EAX_SRSO_NO (1U << 29)
+/* Not vulnerable to SRSO at the user-kernel boundary */
+#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO (1U << 30)
#define CPUID_XSAVE_XSAVEOPT (1U << 0)
#define CPUID_XSAVE_XSAVEC (1U << 1)
--
2.39.3
Reference in New Issue View Git Blame Copy Permalink