From de17162cafd27f2865a3102a2ec0f386a02ed03d Mon Sep 17 00:00:00 2001

From: Andrew Cooper <andrew.cooper3@citrix.com>

Date: Thu, 29 Feb 2024 11:26:40 +0000

Subject: [PATCH] x86/cpu-policy: Allow for levelling of VERW side effects

MIME-Version: 1.0

Content-Type: text/plain; charset=utf8

Content-Transfer-Encoding: 8bit

MD_CLEAR and FB_CLEAR need OR-ing across a migrate pool.  Allow this, by

having them unconditinally set in max, with the host values reflected in

default.  Annotate the bits as having special properies.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

---

 xen/arch/x86/cpu-policy.c                   | 24 +++++++++++++++++++++

 xen/arch/x86/include/asm/cpufeature.h       |  1 +

 xen/include/public/arch-x86/cpufeatureset.h |  4 ++--

 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c

index 609db6946f..2c6f03057b 100644

--- a/xen/arch/x86/cpu-policy.c

+++ b/xen/arch/x86/cpu-policy.c

@@ -442,6 +442,16 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs)

         __set_bit(X86_FEATURE_RSBA, fs);

         __set_bit(X86_FEATURE_RRSBA, fs);

+        /*

+         * These bits indicate that the VERW instruction may have gained

+         * scrubbing side effects.  With pooling, they mean "you might migrate

+         * somewhere where scrubbing is necessary", and may need exposing on

+         * unaffected hardware.  This is fine, because the VERW instruction

+         * has been around since the 286.

+         */

+        __set_bit(X86_FEATURE_MD_CLEAR, fs);

+        __set_bit(X86_FEATURE_FB_CLEAR, fs);

+

         /*

          * The Gather Data Sampling microcode mitigation (August 2023) has an

          * adverse performance impact on the CLWB instruction on SKX/CLX/CPX.

@@ -486,6 +496,20 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs)

              cpu_has_rdrand && !is_forced_cpu_cap(X86_FEATURE_RDRAND) )

             __clear_bit(X86_FEATURE_RDRAND, fs);

+        /*

+         * These bits indicate that the VERW instruction may have gained

+         * scrubbing side effects.  The max policy has them set for migration

+         * reasons, so reset the default policy back to the host values in

+         * case we're unaffected.

+         */

+        __clear_bit(X86_FEATURE_MD_CLEAR, fs);

+        if ( cpu_has_md_clear )

+            __set_bit(X86_FEATURE_MD_CLEAR, fs);

+

+        __clear_bit(X86_FEATURE_FB_CLEAR, fs);

+        if ( cpu_has_fb_clear )

+            __set_bit(X86_FEATURE_FB_CLEAR, fs);

+

         /*

          * The Gather Data Sampling microcode mitigation (August 2023) has an

          * adverse performance impact on the CLWB instruction on SKX/CLX/CPX.

diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h

index be16492c68..ad24d0fa88 100644

--- a/xen/arch/x86/include/asm/cpufeature.h

+++ b/xen/arch/x86/include/asm/cpufeature.h

@@ -178,6 +178,7 @@ static inline bool boot_cpu_has(unsigned int feat)

 #define cpu_has_avx512_4fmaps   boot_cpu_has(X86_FEATURE_AVX512_4FMAPS)

 #define cpu_has_avx512_vp2intersect boot_cpu_has(X86_FEATURE_AVX512_VP2INTERSECT)

 #define cpu_has_srbds_ctrl      boot_cpu_has(X86_FEATURE_SRBDS_CTRL)

+#define cpu_has_md_clear        boot_cpu_has(X86_FEATURE_MD_CLEAR)

 #define cpu_has_rtm_always_abort boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT)

 #define cpu_has_tsx_force_abort boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT)

 #define cpu_has_serialize       boot_cpu_has(X86_FEATURE_SERIALIZE)

diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h

index b230d3a690..0374cec3a2 100644

--- a/xen/include/public/arch-x86/cpufeatureset.h

+++ b/xen/include/public/arch-x86/cpufeatureset.h

@@ -262,7 +262,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A  AVX512 Multiply Accumulation Single

 XEN_CPUFEATURE(FSRM,          9*32+ 4) /*A  Fast Short REP MOVS */

 XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a  VP2INTERSECT{D,Q} insns */

 XEN_CPUFEATURE(SRBDS_CTRL,    9*32+ 9) /*   MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */

-XEN_CPUFEATURE(MD_CLEAR,      9*32+10) /*A  VERW clears microarchitectural buffers */

+XEN_CPUFEATURE(MD_CLEAR,      9*32+10) /*!A VERW clears microarchitectural buffers */

 XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */

 XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */

 XEN_CPUFEATURE(SERIALIZE,     9*32+14) /*A  SERIALIZE insn */

@@ -334,7 +334,7 @@ XEN_CPUFEATURE(DOITM,              16*32+12) /*   Data Operand Invariant Timing

 XEN_CPUFEATURE(SBDR_SSDP_NO,       16*32+13) /*A  No Shared Buffer Data Read or Sideband Stale Data Propagation */

 XEN_CPUFEATURE(FBSDP_NO,           16*32+14) /*A  No Fill Buffer Stale Data Propagation */

 XEN_CPUFEATURE(PSDP_NO,            16*32+15) /*A  No Primary Stale Data Propagation */

-XEN_CPUFEATURE(FB_CLEAR,           16*32+17) /*A  Fill Buffers cleared by VERW */

+XEN_CPUFEATURE(FB_CLEAR,           16*32+17) /*!A Fill Buffers cleared by VERW */

 XEN_CPUFEATURE(FB_CLEAR_CTRL,      16*32+18) /*   MSR_OPT_CPU_CTRL.FB_CLEAR_DIS */

 XEN_CPUFEATURE(RRSBA,              16*32+19) /*!  Restricted RSB Alternative */

 XEN_CPUFEATURE(BHI_NO,             16*32+20) /*A  No Branch History Injection  */

-- 

2.30.2