From nobody Wed Mar 30 10:31:02 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E4CBC1A47163; Wed, 30 Mar 2022 10:31:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KT2lV51cTz3kqS; Wed, 30 Mar 2022 10:31:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648636262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RhRmpZi50jjUlXl1amecphP6LAK0MdMhTxJuh6mqGp4=; b=sUdkoEBqzz+fY0+J7cz/TgF+Hb5T5I84nmr2K54ddJgELD6GRrmR9sjmH/xzY8Tbyn3NrP 0nZwqQbeKnHjbfdmXF8rvJWkhZ0dyB91H2d1EVzqs6rh2XIBbWH9qOH8MZFeZojE9Q70fi fiB0ct9vsP0iQepyARMXUCv+38jWeacWqpEDHEyFe2UeTGQpGt0NVO23lClIMQlTkaE/7c BQ8Ah4Puk9x1CU9rbxvemB9ZEea31q/baL7aRl6IobdbPpgf8KqeucEN7pDlUNSQzT8r7J Q806CP85Whl8A5s8spgvkFsy6fmoV4xdsBvINYz5UPEmZd//ejv0K0fpAg0FRg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7AFB91177D; Wed, 30 Mar 2022 10:31:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22UAV2QS094133; Wed, 30 Mar 2022 10:31:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22UAV2Jk094132; Wed, 30 Mar 2022 10:31:02 GMT (envelope-from git) Date: Wed, 30 Mar 2022 10:31:02 GMT Message-Id: <202203301031.22UAV2Jk094132@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Roger Pau Monn=C3=A9?= Subject: git: b717e6878059 - main - {emulators,sysutils}/xen-{kernel,tools}: update to 4.16.0 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: royger X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b717e6878059d9ca5dee77cbfa6d8f6db38b0f87 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648636262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RhRmpZi50jjUlXl1amecphP6LAK0MdMhTxJuh6mqGp4=; b=XO5FDe/XOlwHC/8AxXH/WgyMHExzdd37EhhxRAJ8vSo9xg2fTzoYhtSo6VbHeKqWnIKp2X 5vtnC0nKZNWUB7v1AegHD72gpa9FLrnSMPRI2ncyeuAu++Fj6wz3DkpQiLlXl3X/Q793UT SWJKOHBZD4M5ICi2qIP8rpb6fB/DJmfadZIlnEETjpo+Hd0fpxxRSBlsrzXXhb+kSme7zA rn1E2MwFGTlHE/ItCyErROewqr+5Qbd0CgM+0FYWhLxkIVXR2/HGQR4NkfihwswE591jOi AebZqSC8JW+XZo/u5Xrcfy0E6iw/96TZZkzEmho/5fofL21iYdocWtu3fRWbrg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648636262; a=rsa-sha256; cv=none; b=A1tuwkeZd1pEJZcINSdaiFyk4ubs+949+54PmQ1s8GTI4Gc9plq38r6Qb06sVnqc0WWTMm HYocPyrlcCsjxhAGBejYcmEKIJa9Z5I07MMC4xppLNKHlL54uLochDvpCsDXqIfZ8qExlV 0clNFpRDUBdJUULFL5VLmMwOAHAxqdFUPPngwI1kjBCZApkGjuVQbMKUyfBluXXr9cGhUf wuWJj2lC6QrzaIzAenbsfSq3yXVkG8Nw3Jzgg7bAR5iMm5iI0nptGL2yIPNdqP1D293M1N i8x8uqYHsSfsBvOyGe6wvofYZ3FO66m48GSqXAKSmmzxRn9bU2nKKDNh5mNA8Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by royger (src committer): URL: https://cgit.FreeBSD.org/ports/commit/?id=b717e6878059d9ca5dee77cbfa6d8f6db38b0f87 commit b717e6878059d9ca5dee77cbfa6d8f6db38b0f87 Author: Roger Pau Monné AuthorDate: 2022-03-29 13:55:42 +0000 Commit: Roger Pau Monné CommitDate: 2022-03-30 10:30:55 +0000 {emulators,sysutils}/xen-{kernel,tools}: update to 4.16.0 Add fixes for XSA-{395,398} and backport clang retpoline support from unstable. Sponsored by: Citrix Systems R&D Approved by: bapt (implicit) --- emulators/xen-kernel/Makefile | 32 +- emulators/xen-kernel/distinfo | 6 +- ...gnment-of-function-parameters-in-compat-m.patch | 105 ------ ...-x86-mtrr-remove-stale-function-prototype.patch | 31 -- ...ne-split-retpoline-compiler-support-into-.patch | 66 ++++ ...-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch | 65 ++++ .../0002-x86-clang-add-retpoline-support.patch | 56 +++ ...mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch | 377 --------------------- ...-ctrl-Introduce-new-has_spec_ctrl-boolean.patch | 97 ++++++ ...ce-WB-cache-attributes-for-grant-and-fore.patch | 139 -------- emulators/xen-kernel/files/xsa395.patch | 42 +++ ...spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch | 118 +++++++ sysutils/xen-tools/Makefile | 21 +- sysutils/xen-tools/distinfo | 6 +- ...gnment-of-function-parameters-in-compat-m.patch | 105 ------ sysutils/xen-tools/pkg-plist | 49 +-- 16 files changed, 506 insertions(+), 809 deletions(-) diff --git a/emulators/xen-kernel/Makefile b/emulators/xen-kernel/Makefile index bb8cdb93dab0..72ace54c0a32 100644 --- a/emulators/xen-kernel/Makefile +++ b/emulators/xen-kernel/Makefile @@ -1,6 +1,6 @@ PORTNAME= xen -PORTVERSION= 4.15.0 -PORTREVISION= 2 +PORTVERSION= 4.16.0 +PORTREVISION= 0 CATEGORIES= emulators MASTER_SITES= http://downloads.xenproject.org/release/xen/${PORTVERSION}/ PKGNAMESUFFIX= -kernel @@ -21,15 +21,21 @@ MAKE_ARGS= clang=y PYTHON=${PYTHON_CMD} ARCH=x86_64 NO_MTREE= yes STRIP= # PLIST_FILES= /boot/xen \ - lib/debug/boot/xen.debug + /boot/xen-debug \ + lib/debug/boot/xen.debug \ + lib/debug/boot/xen-debug.debug -# Fix grant/foreign mapping cache attributes on Intel. -EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-mtrr-remove-stale-function-prototype.patch:-p1 \ - ${PATCHDIR}/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch:-p1 \ - ${PATCHDIR}/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch:-p1 +# XSA-395 +EXTRA_PATCHES+= ${PATCHDIR}/xsa395.patch:-p1 -# Fix build with clang 13.0.0 -EXTRA_PATCHES+= ${PATCHDIR}/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch:-p1 +# XSA-398 +EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch:-p1 \ + ${PATCHDIR}/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch:-p1 \ + ${PATCHDIR}/xsa398-4.16-6-x86-spec-ctrl-Cease-using-thunk-lfence-on-AMD.patch:-p1 + +# Add retpoline support for clang builds +EXTRA_PATCHES+= ${PATCHDIR}/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch:-p1 \ + ${PATCHDIR}/0002-x86-clang-add-retpoline-support.patch:-p1 .include @@ -39,7 +45,13 @@ IGNORE= only supported on FreeBSD # The ports native 'build' target cannot be used because it sets # CFLAGS, and that breaks the Xen build system. +# +# Build both a production and a debug hypervisor. do-build: + ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} build-xen ${MAKE_ARGS} debug=y + cp ${WRKSRC}/xen/xen ${WRKSRC}/xen/xen-debug + cp ${WRKSRC}/xen/xen-syms ${WRKSRC}/xen/xen-debug-syms + ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} clean-xen ${MAKE_ARGS} ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC} build-xen ${MAKE_ARGS} do-install: @@ -47,5 +59,7 @@ do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/lib/debug/boot/ ${INSTALL_PROGRAM} ${WRKSRC}/xen/xen ${STAGEDIR}/boot ${INSTALL_DATA} ${WRKSRC}/xen/xen-syms ${STAGEDIR}${PREFIX}/lib/debug/boot/xen.debug + ${INSTALL_PROGRAM} ${WRKSRC}/xen/xen-debug ${STAGEDIR}/boot + ${INSTALL_DATA} ${WRKSRC}/xen/xen-debug-syms ${STAGEDIR}${PREFIX}/lib/debug/boot/xen-debug.debug .include diff --git a/emulators/xen-kernel/distinfo b/emulators/xen-kernel/distinfo index 740fd456bc18..d197e536add4 100644 --- a/emulators/xen-kernel/distinfo +++ b/emulators/xen-kernel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1620647879 -SHA256 (xen-4.15.0.tar.gz) = 6cf41394726c9f2913edcd6707457d9b7a910a4d75d95e9ecdebf02b00f1adad -SIZE (xen-4.15.0.tar.gz) = 40785399 +TIMESTAMP = 1648563575 +SHA256 (xen-4.16.0.tar.gz) = adc87a90e614d090a2014b9aebae8d815a7348bf329d169b3cb655256d0ee995 +SIZE (xen-4.16.0.tar.gz) = 44982322 diff --git a/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch b/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch deleted file mode 100644 index 1612c5a113a1..000000000000 --- a/emulators/xen-kernel/files/0001-efi-fix-alignment-of-function-parameters-in-compat-m.patch +++ /dev/null @@ -1,105 +0,0 @@ -From be12fcca8b784e456df3adedbffe657d753c5ff9 Mon Sep 17 00:00:00 2001 -From: Roger Pau Monne -Date: Thu, 18 Nov 2021 09:28:06 +0100 -Subject: [PATCH] efi: fix alignment of function parameters in compat mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently the max_store_size, remain_store_size and max_size in -compat_pf_efi_runtime_call are 4 byte aligned, which makes clang -13.0.0 complain with: - -In file included from compat.c:30: -./runtime.c:646:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 2 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_store_size, - ^ -./runtime.c:647:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 3 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.remain_store_size, - ^ -./runtime.c:648:13: error: passing 4-byte aligned argument to 8-byte aligned parameter 4 of 'QueryVariableInfo' may result in an unaligned pointer access [-Werror,-Walign-mismatch] - &op->u.query_variable_info.max_size); - ^ -Fix this by bouncing the variables on the stack in order for them to -be 8 byte aligned. - -Note this could be done in a more selective manner to only apply to -compat code calls, but given the overhead of making an EFI call doing -an extra copy of 3 variables doesn't seem to warrant the special -casing. - -Signed-off-by: Roger Pau Monné -Release-Acked-by: Ian Jackson -Reviewed-by: Ian Jackson -Signed-off-by: Ian Jackson -Reviewed-by: Jan Beulich - ---- -Changes since v3: - - Remove hard tabs. Apply Jan's r-b as authorised in email. -Changes since v2: - - Adjust the commentary as per discussion. -Changes since v1: - - Copy back the results. ---- - xen/common/efi/runtime.c | 31 +++++++++++++++++++++++++++---- - 1 file changed, 27 insertions(+), 4 deletions(-) - -diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c -index 375b94229e..d2fdc28df3 100644 ---- a/xen/common/efi/runtime.c -+++ b/xen/common/efi/runtime.c -@@ -607,6 +607,9 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - break; - - case XEN_EFI_query_variable_info: -+ { -+ uint64_t max_store_size, remain_store_size, max_size; -+ - if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT ) - return -EINVAL; - -@@ -638,16 +641,36 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) - - if ( !efi_enabled(EFI_RS) || (efi_rs->Hdr.Revision >> 16) < 2 ) - return -EOPNOTSUPP; -+ -+ /* -+ * Bounce the variables onto the stack to make them 8 byte aligned when -+ * called from the compat handler, as their placement in -+ * compat_pf_efi_runtime_call will make them 4 byte aligned instead and -+ * and compilers may validly complain. -+ * -+ * Note that while the function parameters are OUT only, copy the -+ * values here anyway just in case. This is done regardless of whether -+ * called from the compat handler or not, as it's not worth the extra -+ * logic to differentiate. -+ */ -+ max_store_size = op->u.query_variable_info.max_store_size; -+ remain_store_size = op->u.query_variable_info.remain_store_size; -+ max_size = op->u.query_variable_info.max_size; -+ - state = efi_rs_enter(); - if ( !state.cr3 ) - return -EOPNOTSUPP; - status = efi_rs->QueryVariableInfo( -- op->u.query_variable_info.attr, -- &op->u.query_variable_info.max_store_size, -- &op->u.query_variable_info.remain_store_size, -- &op->u.query_variable_info.max_size); -+ op->u.query_variable_info.attr, &max_store_size, &remain_store_size, -+ &max_size); - efi_rs_leave(&state); -+ -+ op->u.query_variable_info.max_store_size = max_store_size; -+ op->u.query_variable_info.remain_store_size = remain_store_size; -+ op->u.query_variable_info.max_size = max_size; -+ - break; -+ } - - case XEN_EFI_query_capsule_capabilities: - case XEN_EFI_update_capsule: --- -2.33.0 - diff --git a/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch b/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch deleted file mode 100644 index b4cd1a4061ce..000000000000 --- a/emulators/xen-kernel/files/0001-x86-mtrr-remove-stale-function-prototype.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c8aaa97f84170192b05b3020a55c69f71d84629f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Mon, 31 May 2021 12:47:12 +0200 -Subject: [PATCH 1/3] x86/mtrr: remove stale function prototype -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fixes: 1c84d04673 ('VMX: remove the problematic set_uc_mode logic') -Signed-off-by: Roger Pau Monné -Acked-by: Jan Beulich ---- - xen/include/asm-x86/mtrr.h | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/xen/include/asm-x86/mtrr.h b/xen/include/asm-x86/mtrr.h -index 4be704cb6a..24e5de5c22 100644 ---- a/xen/include/asm-x86/mtrr.h -+++ b/xen/include/asm-x86/mtrr.h -@@ -78,8 +78,6 @@ extern u32 get_pat_flags(struct vcpu *v, u32 gl1e_flags, paddr_t gpaddr, - extern int epte_get_entry_emt(struct domain *, unsigned long gfn, mfn_t mfn, - unsigned int order, uint8_t *ipat, - bool_t direct_mmio); --extern void ept_change_entry_emt_with_range( -- struct domain *d, unsigned long start_gfn, unsigned long end_gfn); - extern unsigned char pat_type_2_pte_flags(unsigned char pat_type); - extern int hold_mtrr_updates_on_aps; - extern void mtrr_aps_sync_begin(void); --- -2.31.1 - diff --git a/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch b/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch new file mode 100644 index 000000000000..bee5db0ab16c --- /dev/null +++ b/emulators/xen-kernel/files/0001-x86-retpoline-split-retpoline-compiler-support-into-.patch @@ -0,0 +1,66 @@ +From e245bc154300b5d0367b64e8b937c9d1da508ad3 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Fri, 18 Feb 2022 15:34:14 +0100 +Subject: [PATCH 1/2] x86/retpoline: split retpoline compiler support into + separate option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Keep the previous option as a way to signal generic retpoline support +regardless of the underlying compiler, while introducing a new +CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler +supports retpoline. + +No functional change intended. + +Signed-off-by: Roger Pau Monné +Acked-by: Andrew Cooper +--- + xen/arch/x86/Kconfig | 6 +++++- + xen/arch/x86/arch.mk | 10 ++++++---- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig +index b4abfca46f..fe89fa7274 100644 +--- a/xen/arch/x86/Kconfig ++++ b/xen/arch/x86/Kconfig +@@ -32,9 +32,13 @@ config ARCH_DEFCONFIG + string + default "arch/x86/configs/x86_64_defconfig" + +-config INDIRECT_THUNK ++config CC_HAS_INDIRECT_THUNK + def_bool $(cc-option,-mindirect-branch-register) + ++config INDIRECT_THUNK ++ def_bool y ++ depends on CC_HAS_INDIRECT_THUNK ++ + config HAS_AS_CET_SS + # binutils >= 2.29 or LLVM >= 6 + def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk +index bfd5eaa35f..15d0cbe487 100644 +--- a/xen/arch/x86/arch.mk ++++ b/xen/arch/x86/arch.mk +@@ -42,10 +42,12 @@ CFLAGS += -mno-red-zone -fpic + # SSE setup for variadic function calls. + CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) + +-# Compile with thunk-extern, indirect-branch-register if avaiable. +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register +-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables ++ifeq ($(CONFIG_INDIRECT_THUNK),y) ++# Compile with gcc thunk-extern, indirect-branch-register if available. ++CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern ++CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register ++CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables ++endif + + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow + # this to be overridden elsewhere. +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch b/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch new file mode 100644 index 000000000000..42bde92c5de5 --- /dev/null +++ b/emulators/xen-kernel/files/0001-x86-spec-ctrl-Drop-use_spec_ctrl-boolean.patch @@ -0,0 +1,65 @@ +From 7f34b6a895d10744bab32fc843246c45da444d8b Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Tue, 25 Jan 2022 16:09:59 +0000 +Subject: [PATCH 1/2] x86/spec-ctrl: Drop use_spec_ctrl boolean + +Several bugfixes have reduced the utility of this variable from it's original +purpose, and now all it does is aid in the setup of SCF_ist_wrmsr. + +Simplify the logic by drop the variable, and doubling up the setting of +SCF_ist_wrmsr for the PV and HVM blocks, which will make the AMD SPEC_CTRL +support easier to follow. Leave a comment explaining why SCF_ist_wrmsr is +still necessary for the VMExit case. + +No functional change. + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich +(cherry picked from commit ec083bf552c35e10347449e21809f4780f8155d2) +--- + xen/arch/x86/spec_ctrl.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index c18cc8aa49..8a550d0a09 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) + void __init init_speculation_mitigations(void) + { + enum ind_thunk thunk = THUNK_DEFAULT; +- bool use_spec_ctrl = false, ibrs = false, hw_smt_enabled; ++ bool ibrs = false, hw_smt_enabled; + bool cpu_has_bug_taa; + uint64_t caps = 0; + +@@ -1016,19 +1016,21 @@ void __init init_speculation_mitigations(void) + { + if ( opt_msr_sc_pv ) + { +- use_spec_ctrl = true; ++ default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); + } + + if ( opt_msr_sc_hvm ) + { +- use_spec_ctrl = true; ++ /* ++ * While the guest MSR_SPEC_CTRL value is loaded/saved atomically, ++ * Xen's value is not restored atomically. An early NMI hitting ++ * the VMExit path needs to restore Xen's value for safety. ++ */ ++ default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } + +- if ( use_spec_ctrl ) +- default_spec_ctrl_flags |= SCF_ist_wrmsr; +- + if ( ibrs ) + default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch b/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch new file mode 100644 index 000000000000..e650a71b59ab --- /dev/null +++ b/emulators/xen-kernel/files/0002-x86-clang-add-retpoline-support.patch @@ -0,0 +1,56 @@ +From 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Fri, 18 Feb 2022 15:34:15 +0100 +Subject: [PATCH 2/2] x86/clang: add retpoline support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Detect whether the compiler supports clang retpoline option and enable +by default if available, just like it's done for gcc. + +Note clang already disables jump tables when retpoline is enabled, so +there's no need to also pass the fno-jump-tables parameter. Also clang +already passes the return address in a register always on amd64, so +there's no need for any equivalent mindirect-branch-register +parameter. + +Reported-by: Andrew Cooper +Signed-off-by: Roger Pau Monné +Acked-by: Andrew Cooper +--- + xen/arch/x86/Kconfig | 3 ++- + xen/arch/x86/arch.mk | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig +index fe89fa7274..1465874097 100644 +--- a/xen/arch/x86/Kconfig ++++ b/xen/arch/x86/Kconfig +@@ -33,7 +33,8 @@ config ARCH_DEFCONFIG + default "arch/x86/configs/x86_64_defconfig" + + config CC_HAS_INDIRECT_THUNK +- def_bool $(cc-option,-mindirect-branch-register) ++ def_bool $(cc-option,-mindirect-branch-register) || \ ++ $(cc-option,-mretpoline-external-thunk) + + config INDIRECT_THUNK + def_bool y +diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk +index 15d0cbe487..edfc043dbb 100644 +--- a/xen/arch/x86/arch.mk ++++ b/xen/arch/x86/arch.mk +@@ -47,6 +47,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) + CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern + CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register + CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables ++ ++# Enable clang retpoline support if available. ++CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk + endif + + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch b/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch deleted file mode 100644 index 5490b63534c0..000000000000 --- a/emulators/xen-kernel/files/0002-x86-mtrr-move-epte_get_entry_emt-to-p2m-ept.c.patch +++ /dev/null @@ -1,377 +0,0 @@ -From bad7fc7a20452f5ba5e2aaf0019affec7fa87271 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Thu, 17 Jun 2021 17:58:11 +0200 -Subject: [PATCH 2/3] x86/mtrr: move epte_get_entry_emt to p2m-ept.c -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is an EPT specific function, so it shouldn't live in the generic -mtrr file. Such movement is also needed for future work that will -require passing a p2m_type_t parameter to epte_get_entry_emt, and -making that type visible to the mtrr users is cumbersome and -unneeded. - -Moving epte_get_entry_emt out of mtrr.c requires making the helper to -get the MTRR type of an address from the mtrr state public. While -there rename the function to start with the mtrr prefix, like other -mtrr related functions. - -While there fix some of the types of the function parameters. - -No functional change intended. - -Signed-off-by: Roger Pau Monné -Reviewed-by: Jan Beulich -Reviewed-by: Kevin Tian ---- - xen/arch/x86/hvm/mtrr.c | 109 +--------------------------- - xen/arch/x86/mm/p2m-ept.c | 115 ++++++++++++++++++++++++++++-- - xen/include/asm-x86/hvm/vmx/vmx.h | 2 + - xen/include/asm-x86/mtrr.h | 5 +- - 4 files changed, 117 insertions(+), 114 deletions(-) - -diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c -index fb051d59c3..4a9f3177ed 100644 ---- a/xen/arch/x86/hvm/mtrr.c -+++ b/xen/arch/x86/hvm/mtrr.c -@@ -194,8 +194,7 @@ void hvm_vcpu_cacheattr_destroy(struct vcpu *v) - * May return a negative value when order > 0, indicating to the caller - * that the respective mapping needs splitting. - */ --static int get_mtrr_type(const struct mtrr_state *m, -- paddr_t pa, unsigned int order) -+int mtrr_get_type(const struct mtrr_state *m, paddr_t pa, unsigned int order) - { - uint8_t overlap_mtrr = 0; - uint8_t overlap_mtrr_pos = 0; -@@ -323,7 +322,7 @@ static uint8_t effective_mm_type(struct mtrr_state *m, - * just use it - */ - if ( gmtrr_mtype == NO_HARDCODE_MEM_TYPE ) -- mtrr_mtype = get_mtrr_type(m, gpa, 0); -+ mtrr_mtype = mtrr_get_type(m, gpa, 0); - else - mtrr_mtype = gmtrr_mtype; - -@@ -350,7 +349,7 @@ uint32_t get_pat_flags(struct vcpu *v, - guest_eff_mm_type = effective_mm_type(g, pat, gpaddr, - gl1e_flags, gmtrr_mtype); - /* 2. Get the memory type of host physical address, with MTRR */ -- shadow_mtrr_type = get_mtrr_type(&mtrr_state, spaddr, 0); -+ shadow_mtrr_type = mtrr_get_type(&mtrr_state, spaddr, 0); - - /* 3. Find the memory type in PAT, with host MTRR memory type - * and guest effective memory type. -@@ -789,108 +788,6 @@ void memory_type_changed(struct domain *d) - } - } - --int epte_get_entry_emt(struct domain *d, unsigned long gfn, mfn_t mfn, -- unsigned int order, uint8_t *ipat, bool_t direct_mmio) --{ -- int gmtrr_mtype, hmtrr_mtype; -- struct vcpu *v = current; -- unsigned long i; -- -- *ipat = 0; -- -- if ( v->domain != d ) -- v = d->vcpu ? d->vcpu[0] : NULL; -- -- /* Mask, not add, for order so it works with INVALID_MFN on unmapping */ -- if ( rangeset_overlaps_range(mmio_ro_ranges, mfn_x(mfn), -- mfn_x(mfn) | ((1UL << order) - 1)) ) -- { -- if ( !order || rangeset_contains_range(mmio_ro_ranges, mfn_x(mfn), -- mfn_x(mfn) | ((1UL << order) - 1)) ) -- { -- *ipat = 1; -- return MTRR_TYPE_UNCACHABLE; -- } -- /* Force invalid memory type so resolve_misconfig() will split it */ -- return -1; -- } -- -- if ( !mfn_valid(mfn) ) -- { -- *ipat = 1; -- return MTRR_TYPE_UNCACHABLE; -- } -- -- if ( !direct_mmio && !is_iommu_enabled(d) && !cache_flush_permitted(d) ) -- { -- *ipat = 1; -- return MTRR_TYPE_WRBACK; -- } -- -- for ( i = 0; i < (1ul << order); i++ ) -- { -- if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) ) -- { -- if ( order ) -- return -1; -- *ipat = 1; -- return MTRR_TYPE_WRBACK; -- } -- } -- -- if ( direct_mmio ) -- return MTRR_TYPE_UNCACHABLE; -- -- gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, _gfn(gfn), order); -- if ( gmtrr_mtype >= 0 ) -- { -- *ipat = 1; -- return gmtrr_mtype != PAT_TYPE_UC_MINUS ? gmtrr_mtype -- : MTRR_TYPE_UNCACHABLE; -- } -- if ( gmtrr_mtype == -EADDRNOTAVAIL ) -- return -1; -- -- gmtrr_mtype = is_hvm_domain(d) && v ? -- get_mtrr_type(&v->arch.hvm.mtrr, -- gfn << PAGE_SHIFT, order) : -- MTRR_TYPE_WRBACK; -- hmtrr_mtype = get_mtrr_type(&mtrr_state, mfn_x(mfn) << PAGE_SHIFT, order); -- if ( gmtrr_mtype < 0 || hmtrr_mtype < 0 ) -- return -1; -- -- /* If both types match we're fine. */ -- if ( likely(gmtrr_mtype == hmtrr_mtype) ) -- return hmtrr_mtype; -- -- /* If either type is UC, we have to go with that one. */ -- if ( gmtrr_mtype == MTRR_TYPE_UNCACHABLE || -- hmtrr_mtype == MTRR_TYPE_UNCACHABLE ) -- return MTRR_TYPE_UNCACHABLE; -- -- /* If either type is WB, we have to go with the other one. */ -- if ( gmtrr_mtype == MTRR_TYPE_WRBACK ) -- return hmtrr_mtype; -- if ( hmtrr_mtype == MTRR_TYPE_WRBACK ) -- return gmtrr_mtype; -- -- /* -- * At this point we have disagreeing WC, WT, or WP types. The only -- * combination that can be cleanly resolved is WT:WP. The ones involving -- * WC need to be converted to UC, both due to the memory ordering -- * differences and because WC disallows reads to be cached (WT and WP -- * permit this), while WT and WP require writes to go straight to memory -- * (WC can buffer them). -- */ -- if ( (gmtrr_mtype == MTRR_TYPE_WRTHROUGH && -- hmtrr_mtype == MTRR_TYPE_WRPROT) || -- (gmtrr_mtype == MTRR_TYPE_WRPROT && -- hmtrr_mtype == MTRR_TYPE_WRTHROUGH) ) -- return MTRR_TYPE_WRPROT; -- -- return MTRR_TYPE_UNCACHABLE; --} -- - /* - * Local variables: - * mode: C -diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c -index 23d411f01d..542fe5ef34 100644 ---- a/xen/arch/x86/mm/p2m-ept.c -+++ b/xen/arch/x86/mm/p2m-ept.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -485,6 +486,109 @@ static int ept_invalidate_emt_range(struct p2m_domain *p2m, - return rc; - } - -+int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -+ unsigned int order, bool *ipat, bool direct_mmio) -+{ -+ int gmtrr_mtype, hmtrr_mtype; -+ struct vcpu *v = current; -+ unsigned long i; -+ -+ *ipat = false; -+ -+ if ( v->domain != d ) -+ v = d->vcpu ? d->vcpu[0] : NULL; -+ -+ /* Mask, not add, for order so it works with INVALID_MFN on unmapping */ -+ if ( rangeset_overlaps_range(mmio_ro_ranges, mfn_x(mfn), -+ mfn_x(mfn) | ((1UL << order) - 1)) ) -+ { -+ if ( !order || rangeset_contains_range(mmio_ro_ranges, mfn_x(mfn), -+ mfn_x(mfn) | ((1UL << order) - 1)) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_UNCACHABLE; -+ } -+ /* Force invalid memory type so resolve_misconfig() will split it */ -+ return -1; -+ } -+ -+ if ( !mfn_valid(mfn) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_UNCACHABLE; -+ } -+ -+ if ( !direct_mmio && !is_iommu_enabled(d) && !cache_flush_permitted(d) ) -+ { -+ *ipat = true; -+ return MTRR_TYPE_WRBACK; -+ } -+ -+ for ( i = 0; i < (1ul << order); i++ ) -+ { -+ if ( is_special_page(mfn_to_page(mfn_add(mfn, i))) ) -+ { -+ if ( order ) -+ return -1; -+ *ipat = true; -+ return MTRR_TYPE_WRBACK; -+ } -+ } -+ -+ if ( direct_mmio ) -+ return MTRR_TYPE_UNCACHABLE; -+ -+ gmtrr_mtype = hvm_get_mem_pinned_cacheattr(d, gfn, order); -+ if ( gmtrr_mtype >= 0 ) -+ { -+ *ipat = true; -+ return gmtrr_mtype != PAT_TYPE_UC_MINUS ? gmtrr_mtype -+ : MTRR_TYPE_UNCACHABLE; -+ } -+ if ( gmtrr_mtype == -EADDRNOTAVAIL ) -+ return -1; -+ -+ gmtrr_mtype = is_hvm_domain(d) && v ? -+ mtrr_get_type(&v->arch.hvm.mtrr, -+ gfn << PAGE_SHIFT, order) : -+ MTRR_TYPE_WRBACK; -+ hmtrr_mtype = mtrr_get_type(&mtrr_state, mfn_x(mfn) << PAGE_SHIFT, -+ order); -+ if ( gmtrr_mtype < 0 || hmtrr_mtype < 0 ) -+ return -1; -+ -+ /* If both types match we're fine. */ -+ if ( likely(gmtrr_mtype == hmtrr_mtype) ) -+ return hmtrr_mtype; -+ -+ /* If either type is UC, we have to go with that one. */ -+ if ( gmtrr_mtype == MTRR_TYPE_UNCACHABLE || -+ hmtrr_mtype == MTRR_TYPE_UNCACHABLE ) -+ return MTRR_TYPE_UNCACHABLE; -+ -+ /* If either type is WB, we have to go with the other one. */ -+ if ( gmtrr_mtype == MTRR_TYPE_WRBACK ) -+ return hmtrr_mtype; -+ if ( hmtrr_mtype == MTRR_TYPE_WRBACK ) -+ return gmtrr_mtype; -+ -+ /* -+ * At this point we have disagreeing WC, WT, or WP types. The only -+ * combination that can be cleanly resolved is WT:WP. The ones involving -+ * WC need to be converted to UC, both due to the memory ordering -+ * differences and because WC disallows reads to be cached (WT and WP -+ * permit this), while WT and WP require writes to go straight to memory -+ * (WC can buffer them). -+ */ -+ if ( (gmtrr_mtype == MTRR_TYPE_WRTHROUGH && -+ hmtrr_mtype == MTRR_TYPE_WRPROT) || -+ (gmtrr_mtype == MTRR_TYPE_WRPROT && -+ hmtrr_mtype == MTRR_TYPE_WRTHROUGH) ) -+ return MTRR_TYPE_WRPROT; -+ -+ return MTRR_TYPE_UNCACHABLE; -+} -+ - /* - * Resolve deliberately mis-configured (EMT field set to an invalid value) - * entries in the page table hierarchy for the given GFN: -@@ -519,7 +623,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - - if ( level == 0 || is_epte_superpage(&e) ) - { -- uint8_t ipat = 0; -+ bool ipat; - - if ( e.emt != MTRR_NUM_TYPES ) - break; -@@ -535,7 +639,7 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - e.emt = 0; - if ( !is_epte_valid(&e) || !is_epte_present(&e) ) - continue; -- e.emt = epte_get_entry_emt(p2m->domain, gfn + i, -+ e.emt = epte_get_entry_emt(p2m->domain, _gfn(gfn + i), - _mfn(e.mfn), 0, &ipat, - e.sa_p2mt == p2m_mmio_direct); - e.ipat = ipat; -@@ -553,7 +657,8 @@ static int resolve_misconfig(struct p2m_domain *p2m, unsigned long gfn) - } - else - { -- int emt = epte_get_entry_emt(p2m->domain, gfn, _mfn(e.mfn), -+ int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), -+ _mfn(e.mfn), - level * EPT_TABLE_ORDER, &ipat, - e.sa_p2mt == p2m_mmio_direct); - bool_t recalc = e.recalc; -@@ -678,7 +783,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - int ret, rc = 0; - bool_t entry_written = 0; - bool_t direct_mmio = (p2mt == p2m_mmio_direct); -- uint8_t ipat = 0; -+ bool ipat = false; - bool_t need_modify_vtd_table = 1; - bool_t vtd_pte_present = 0; - unsigned int iommu_flags = p2m_get_iommu_flags(p2mt, mfn); -@@ -790,7 +895,7 @@ ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mfn_t mfn, - - if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) - { -- int emt = epte_get_entry_emt(p2m->domain, gfn, mfn, -+ int emt = epte_get_entry_emt(p2m->domain, _gfn(gfn), mfn, - i * EPT_TABLE_ORDER, &ipat, direct_mmio); - - if ( emt >= 0 ) -diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h -index 534e9fc221..f668ee1f09 100644 ---- a/xen/include/asm-x86/hvm/vmx/vmx.h -+++ b/xen/include/asm-x86/hvm/vmx/vmx.h -@@ -599,6 +599,8 @@ void ept_p2m_uninit(struct p2m_domain *p2m); - - void ept_walk_table(struct domain *d, unsigned long gfn); - bool_t ept_handle_misconfig(uint64_t gpa); -+int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn, -+ unsigned int order, bool *ipat, bool direct_mmio); - void setup_ept_dump(void); - void p2m_init_altp2m_ept(struct domain *d, unsigned int i); - /* Locate an alternate p2m by its EPTP */ -diff --git a/xen/include/asm-x86/mtrr.h b/xen/include/asm-x86/mtrr.h -index 24e5de5c22..e0fd1005ce 100644 ---- a/xen/include/asm-x86/mtrr.h -+++ b/xen/include/asm-x86/mtrr.h -@@ -72,12 +72,11 @@ extern int mtrr_add_page(unsigned long base, unsigned long size, - unsigned int type, char increment); - extern int mtrr_del(int reg, unsigned long base, unsigned long size); - extern int mtrr_del_page(int reg, unsigned long base, unsigned long size); -+extern int mtrr_get_type(const struct mtrr_state *m, paddr_t pa, -+ unsigned int order); - extern void mtrr_centaur_report_mcr(int mcr, u32 lo, u32 hi); - extern u32 get_pat_flags(struct vcpu *v, u32 gl1e_flags, paddr_t gpaddr, - paddr_t spaddr, uint8_t gmtrr_mtype); --extern int epte_get_entry_emt(struct domain *, unsigned long gfn, mfn_t mfn, -- unsigned int order, uint8_t *ipat, -- bool_t direct_mmio); - extern unsigned char pat_type_2_pte_flags(unsigned char pat_type); - extern int hold_mtrr_updates_on_aps; - extern void mtrr_aps_sync_begin(void); --- -2.31.1 - diff --git a/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch b/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch new file mode 100644 index 000000000000..7b6b1e062721 --- /dev/null +++ b/emulators/xen-kernel/files/0002-x86-spec-ctrl-Introduce-new-has_spec_ctrl-boolean.patch @@ -0,0 +1,97 @@ +From 08fc03c855c071e9b1aaaa96403f2a90433336a7 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Tue, 25 Jan 2022 17:14:48 +0000 +Subject: [PATCH 2/2] x86/spec-ctrl: Introduce new has_spec_ctrl boolean + +Most MSR_SPEC_CTRL setup will be common between Intel and AMD. Instead of +opencoding an OR of two features everywhere, introduce has_spec_ctrl instead. + +Reword the comment above the Intel specific alternatives block to highlight +that it is Intel specific, and pull the setting of default_xen_spec_ctrl.IBRS +out because it will want to be common. + +No functional change. + +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich +(cherry picked from commit 5d9eff3a312763d889cfbf3c8468b6dfb3ab490c) +--- + xen/arch/x86/spec_ctrl.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index 8a550d0a09..2072daf662 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -927,7 +927,7 @@ static __init void mds_calculations(uint64_t caps) + void __init init_speculation_mitigations(void) + { + enum ind_thunk thunk = THUNK_DEFAULT; +- bool ibrs = false, hw_smt_enabled; ++ bool has_spec_ctrl, ibrs = false, hw_smt_enabled; + bool cpu_has_bug_taa; + uint64_t caps = 0; + +@@ -936,6 +936,8 @@ void __init init_speculation_mitigations(void) + + hw_smt_enabled = check_smt_enabled(); + ++ has_spec_ctrl = boot_cpu_has(X86_FEATURE_IBRSB); ++ + /* + * First, disable the use of retpolines if Xen is using shadow stacks, as + * they are incompatible. +@@ -973,11 +975,11 @@ void __init init_speculation_mitigations(void) + */ + else if ( retpoline_safe(caps) ) + thunk = THUNK_RETPOLINE; +- else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ else if ( has_spec_ctrl ) + ibrs = true; + } + /* Without compiler thunk support, use IBRS if available. */ +- else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ else if ( has_spec_ctrl ) + ibrs = true; + } + +@@ -1008,10 +1010,7 @@ void __init init_speculation_mitigations(void) + else if ( thunk == THUNK_JMP ) + setup_force_cpu_cap(X86_FEATURE_IND_THUNK_JMP); + +- /* +- * If we are on hardware supporting MSR_SPEC_CTRL, see about setting up +- * the alternatives blocks so we can virtualise support for guests. +- */ ++ /* Intel hardware: MSR_SPEC_CTRL alternatives setup. */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + { + if ( opt_msr_sc_pv ) +@@ -1030,11 +1029,12 @@ void __init init_speculation_mitigations(void) + default_spec_ctrl_flags |= SCF_ist_wrmsr; + setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); + } +- +- if ( ibrs ) +- default_xen_spec_ctrl |= SPEC_CTRL_IBRS; + } + ++ /* If we have IBRS available, see whether we should use it. */ ++ if ( has_spec_ctrl && ibrs ) ++ default_xen_spec_ctrl |= SPEC_CTRL_IBRS; ++ + /* If we have SSBD available, see whether we should use it. */ + if ( boot_cpu_has(X86_FEATURE_SSBD) && opt_ssbd ) + default_xen_spec_ctrl |= SPEC_CTRL_SSBD; +@@ -1268,7 +1268,7 @@ void __init init_speculation_mitigations(void) + * boot won't have any other code running in a position to mount an + * attack. + */ +- if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ++ if ( has_spec_ctrl ) + { + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; + +-- +2.35.1 + diff --git a/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch b/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch deleted file mode 100644 index 8119283dd746..000000000000 --- a/emulators/xen-kernel/files/0003-x86-ept-force-WB-cache-attributes-for-grant-and-fore.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 8ce6832518035a17e2d89a98235359f3d551f2c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Thu, 17 Jun 2021 18:00:57 +0200 -Subject: [PATCH 3/3] x86/ept: force WB cache attributes for grant and foreign - maps -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Force WB type for grants and foreign pages. Those are usually mapped -over unpopulated physical ranges in the p2m, and those ranges would -usually be UC in the MTRR state, which is unlikely to be the correct -cache attribute. It's also cumbersome (or even impossible) for the -guest to be setting the MTRR type for all those mappings as WB, as -MTRR ranges are finite. - -Note that this is not an issue on AMD because WB cache attribute is -already set on grants and foreign mappings in the p2m and MTRR types -are ignored. Also on AMD Xen cannot force a cache attribute because of -the lack of ignore PAT equivalent, so the behavior here slightly -diverges between AMD and Intel (or EPT vs NPT/shadow). - -Signed-off-by: Roger Pau Monné -Reviewed-by: Jan Beulich -Reviewed-by: Kevin Tian ---- - xen/arch/x86/mm/p2m-ept.c | 38 +++++++++++++++++++++++++------ - xen/include/asm-x86/hvm/vmx/vmx.h | 2 +- - 2 files changed, 32 insertions(+), 8 deletions(-) - -diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c *** 614 LINES SKIPPED ***