x86/spec-ctrl: Rename spec_ctrl_flags to scf

XSA-455 was ultimately caused by having fields with too-similar names.

Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL
value.  The spec_ctrl_flags field contains Xen-internal flags.

To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is
also the prefix of the constants used by the fields.

No functional change.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27)

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index b76f673acb1ab861a6898d0552d6e8458df0d26a..5cddb0f0f60859d7b282125ffe4f21829d128fc0 100644 (file)
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -246,7 +246,7 @@ static int enter_state(u32 state)
 
     ci = get_cpu_info();
     /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */
-    ci->spec_ctrl_flags &= ~SCF_IST_MASK;
+    ci->scf &= ~SCF_IST_MASK;
 
     ACPI_FLUSH_CPU_CACHE();
 
@@ -290,7 +290,7 @@ static int enter_state(u32 state)
         panic("Missing previously available feature(s)\n");
 
     /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */
-    ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK);
+    ci->scf |= (default_scf & SCF_IST_MASK);
 
     if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) )
     {

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index aca9fa310cc89e67cce7a8650ca494effde81537..228763b5e9665d57948b2833e852cc7367abd317 100644 (file)
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -2096,10 +2096,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next)
             }
         }
 
-        /* Update the top-of-stack block with the new spec_ctrl settings. */
-        info->spec_ctrl_flags =
-            (info->spec_ctrl_flags       & ~SCF_DOM_MASK) |
-            (nextd->arch.spec_ctrl_flags &  SCF_DOM_MASK);
+        /* Update the top-of-stack block with the new speculation settings. */
+        info->scf =
+            (info->scf       & ~SCF_DOM_MASK) |
+            (nextd->arch.scf &  SCF_DOM_MASK);
     }
 
     sched_context_switched(prev, next);

diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S
index c19e964bc65088eaa4e86904d1172ccf23e81af8..0264e0bac2cf0eacc3d4a52f5f6ce0483121523f 100644 (file)
--- a/xen/arch/x86/hvm/svm/entry.S
+++ b/xen/arch/x86/hvm/svm/entry.S
@@ -103,7 +103,7 @@ __UNLIKELY_END(nsvm_hap)
         /* SPEC_CTRL_ENTRY_FROM_SVM    Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */
 
         .macro svm_vmexit_cond_ibpb
-            testb  $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp)
+            testb  $SCF_entry_ibpb, CPUINFO_scf(%rsp)
             jz     .L_skip_ibpb
 
             mov    $MSR_PRED_CMD, %ecx

diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
index cdde76e1389201c6c123fc91fa49a971306e58ad..4ee529c57a6f3e9a6f2e7639043cf8d8b1d72c06 100644 (file)
--- a/xen/arch/x86/hvm/vmx/entry.S
+++ b/xen/arch/x86/hvm/vmx/entry.S
@@ -111,7 +111,7 @@ UNLIKELY_END(realmode)
         BUILD_BUG_ON(SCF_verw & ~0xff)
         movzbl VCPU_vmx_launched(%rbx), %ecx
         shl  $31, %ecx
-        movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax
+        movzbl CPUINFO_scf(%rsp), %eax
         and  $SCF_verw, %eax
         or   %eax, %ecx
 

diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 49d51fb5246a1d8c78c679fbf8a00656c157d90f..f0fb4874b8f9eaddeb772856b216e68bdd298c46 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1386,7 +1386,7 @@ static int construct_vmcs(struct vcpu *v)
         rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D,
                          VMX_MSR_GUEST_LOADONLY);
 
-    if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) )
+    if ( !rc && (d->arch.scf & SCF_entry_ibpb) )
         rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB,
                          VMX_MSR_HOST);
 

diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h
index da5e152a10cc8c4e731efe9c8874ff59e3a2a952..9cc8d8e3d44ddd7c4d95d799734090697bbdf70b 100644 (file)
--- a/xen/arch/x86/include/asm/current.h
+++ b/xen/arch/x86/include/asm/current.h
@@ -57,7 +57,7 @@ struct cpu_info {
     unsigned int shadow_spec_ctrl;
     uint8_t      xen_spec_ctrl;
     uint8_t      last_spec_ctrl;
-    uint8_t      spec_ctrl_flags;
+    uint8_t      scf; /* SCF_* */
 
     /*
      * The following field controls copying of the L4 page table of 64-bit

diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h
index 5293c0cde405dab7dd9fbfc9233eb4aa6c99ec2b..f90a268b0195db5e928ae36185caf302f142761e 100644 (file)
--- a/xen/arch/x86/include/asm/domain.h
+++ b/xen/arch/x86/include/asm/domain.h
@@ -324,7 +324,7 @@ struct arch_domain
     uint32_t pci_cf8;
     uint8_t cmos_idx;
 
-    uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */
+    uint8_t scf; /* See SCF_DOM_MASK */
 
     union {
         struct pv_domain pv;

diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h
index a431fea58764df8419523c09af5f731ed45a2829..8fc350abe2736194525eb5cedcb843a38638b28c 100644 (file)
--- a/xen/arch/x86/include/asm/spec_ctrl.h
+++ b/xen/arch/x86/include/asm/spec_ctrl.h
@@ -21,10 +21,10 @@
 #define __X86_SPEC_CTRL_H__
 
 /*
- * Encoding of:
- *   cpuinfo.spec_ctrl_flags
- *   default_spec_ctrl_flags
- *   domain.spec_ctrl_flags
+ * Encoding of Xen's speculation control flags in:
+ *   cpuinfo.scf
+ *   default_scf
+ *   domain.scf
  *
  * Live settings are in the top-of-stack block, because they need to be
  * accessable when XPTI is active.  Some settings are fixed from boot, some
@@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush;
 
 extern bool bsp_delay_spec_ctrl;
 extern uint8_t default_xen_spec_ctrl;
-extern uint8_t default_spec_ctrl_flags;
+extern uint8_t default_scf;
 
 extern int8_t opt_xpti_hwdom, opt_xpti_domu;
 
@@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void)
 
     info->shadow_spec_ctrl = 0;
     info->xen_spec_ctrl = default_xen_spec_ctrl;
-    info->spec_ctrl_flags = default_spec_ctrl_flags;
+    info->scf = default_scf;
 
     /*
      * For least latency, the VERW selector should be a writeable data
@@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info)
      */
     info->shadow_spec_ctrl = val;
     barrier();
-    info->spec_ctrl_flags |= SCF_use_shadow;
+    info->scf |= SCF_use_shadow;
     barrier();
     alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE,
                       "a" (val), "c" (MSR_SPEC_CTRL), "d" (0));
@@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info)
      * Disable shadowing before updating the MSR.  There are no SMP issues
      * here; only local processor ordering concerns.
      */
-    info->spec_ctrl_flags &= ~SCF_use_shadow;
+    info->scf &= ~SCF_use_shadow;
     barrier();
     alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE,
                       "a" (val), "c" (MSR_SPEC_CTRL), "d" (0));

diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h
index e85db1a329783caaee9b7af680d0d607ba8cb13d..8c488be048897ab3710fa673362fcdae0fee7f3d 100644 (file)
--- a/xen/arch/x86/include/asm/spec_ctrl_asm.h
+++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h
@@ -51,7 +51,7 @@
  *     shadowing logic.
  *
  * Factor 2 is harder.  We maintain a shadow_spec_ctrl value, and a use_shadow
- * boolean in the per cpu spec_ctrl_flags.  The synchronous use is:
+ * boolean in the per cpu scf.  The synchronous use is:
  *
  *  1) Store guest value in shadow_spec_ctrl
  *  2) Set the use_shadow boolean
@@ -98,11 +98,11 @@
  * interrupting Xen.
  */
     .if \maybexen
-        testb  $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+        testb  $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14)
         jz     .L\@_skip
         testb  $3, UREGS_cs(%rsp)
     .else
-        testb  $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp)
+        testb  $SCF_entry_ibpb, CPUINFO_scf(%rsp)
     .endif
     jz     .L\@_skip
 
@@ -172,8 +172,8 @@
 #define STK_REL(field, top_of_stk) ((field) - (top_of_stk))
 
 .macro SPEC_CTRL_COND_VERW \
-    scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \
-    sel=STK_REL(CPUINFO_verw_sel,        CPUINFO_error_code)
+    scf=STK_REL(CPUINFO_scf,      CPUINFO_error_code), \
+    sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code)
 /*
  * Requires \scf and \sel as %rsp-relative expressions
  * Clobbers eflags
@@ -228,10 +228,10 @@
         testb $3, UREGS_cs(%rsp)
         setnz %al
         not %eax
-        and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+        and %al, STACK_CPUINFO_FIELD(scf)(%r14)
         movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax
     .else
-        andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
+        andb $~SCF_use_shadow, CPUINFO_scf(%rsp)
         movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
     .endif
 
@@ -250,7 +250,7 @@
     mov %eax, CPUINFO_shadow_spec_ctrl(%rsp)
 
     /* Set SPEC_CTRL shadowing *before* loading the guest value. */
-    orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
+    orb $SCF_use_shadow, CPUINFO_scf(%rsp)
 
     mov $MSR_SPEC_CTRL, %ecx
     xor %edx, %edx
@@ -328,7 +328,7 @@
  *    DO_SPEC_CTRL_ENTRY maybexen=1
  * but with conditionals rather than alternatives.
  */
-    movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx
+    movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
     test    $SCF_ist_ibpb, %bl
     jz      .L\@_skip_ibpb
@@ -353,7 +353,7 @@
     testb $3, UREGS_cs(%rsp)
     setnz %al
     not %eax
-    and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
+    and %al, STACK_CPUINFO_FIELD(scf)(%r14)
 
     /* Load Xen's intended value. */
     mov $MSR_SPEC_CTRL, %ecx
@@ -387,7 +387,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise):
  * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs
  * Clobbers %rax, %rbx, %rcx, %rdx
  */
-    movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx
+    movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx
 
     testb $SCF_ist_sc_msr, %bl
     jz .L\@_skip_sc_msr

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 0c00ea875d6f07ef4bada7ff47e052ff335d2178..d47f1567117df8fd9b796322399a8a7d1061de0a 100644 (file)
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1984,7 +1984,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
 
     if ( bsp_delay_spec_ctrl )
     {
-        info->spec_ctrl_flags &= ~SCF_use_shadow;
+        info->scf &= ~SCF_use_shadow;
         barrier();
         wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
         info->last_spec_ctrl = default_xen_spec_ctrl;

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 0a2de8859322fac95d399d0e32fb7e0e2976d619..ab81ad457bea6974aafebf21e956b7805cb7d2d6 100644 (file)
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -69,7 +69,7 @@ static bool __initdata opt_lock_harden;
 
 bool __initdata bsp_delay_spec_ctrl;
 uint8_t __ro_after_init default_xen_spec_ctrl;
-uint8_t __ro_after_init default_spec_ctrl_flags;
+uint8_t __ro_after_init default_scf;
 
 paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr;
 bool __ro_after_init cpu_has_bug_l1tf;
@@ -1117,7 +1117,7 @@ static void __init ibpb_calculations(void)
          * NMI/#MC, so can't interrupt Xen ahead of having already flushed the
          * BTB.
          */
-        default_spec_ctrl_flags |= SCF_ist_ibpb;
+        default_scf |= SCF_ist_ibpb;
     }
     if ( opt_ibpb_entry_hvm )
         setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM);
@@ -1618,7 +1618,7 @@ void spec_ctrl_init_domain(struct domain *d)
     bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) &&
                  (d->domain_id != 0 || opt_ibpb_entry_dom0));
 
-    d->arch.spec_ctrl_flags =
+    d->arch.scf =
         (verw   ? SCF_verw         : 0) |
         (ibpb   ? SCF_entry_ibpb   : 0) |
         0;
@@ -1723,7 +1723,7 @@ void __init init_speculation_mitigations(void)
     {
         if ( opt_msr_sc_pv )
         {
-            default_spec_ctrl_flags |= SCF_ist_sc_msr;
+            default_scf |= SCF_ist_sc_msr;
             setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV);
         }
 
@@ -1734,7 +1734,7 @@ void __init init_speculation_mitigations(void)
              * Xen's value is not restored atomically.  An early NMI hitting
              * the VMExit path needs to restore Xen's value for safety.
              */
-            default_spec_ctrl_flags |= SCF_ist_sc_msr;
+            default_scf |= SCF_ist_sc_msr;
             setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM);
         }
     }
@@ -1869,7 +1869,7 @@ void __init init_speculation_mitigations(void)
     if ( opt_rsb_pv )
     {
         setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV);
-        default_spec_ctrl_flags |= SCF_ist_rsb;
+        default_scf |= SCF_ist_rsb;
     }
 
     /*
@@ -1892,7 +1892,7 @@ void __init init_speculation_mitigations(void)
          * possible rogue RSB speculation.
          */
         if ( !cpu_has_svm )
-            default_spec_ctrl_flags |= SCF_ist_rsb;
+            default_scf |= SCF_ist_rsb;
     }
 
     srso_calculations(hw_smt_enabled);
@@ -1905,7 +1905,7 @@ void __init init_speculation_mitigations(void)
     if ( opt_eager_fpu == -1 )
         opt_eager_fpu = should_use_eager_fpu();
 
-    /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */
+    /* (Re)init BSP state now that default_scf has been calculated. */
     init_shadow_spec_ctrl_state();
 
     /*
@@ -2178,7 +2178,7 @@ void __init init_speculation_mitigations(void)
         {
             info->shadow_spec_ctrl = 0;
             barrier();
-            info->spec_ctrl_flags |= SCF_use_shadow;
+            info->scf |= SCF_use_shadow;
             barrier();
         }
 

diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c
index 4cd5938d7b9de4d17feeeec26aaa5d6db6530a3e..fba82d643686b558c07acf6090b23456127f6fb7 100644 (file)
--- a/xen/arch/x86/x86_64/asm-offsets.c
+++ b/xen/arch/x86/x86_64/asm-offsets.c
@@ -154,7 +154,7 @@ void __dummy__(void)
     OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl);
     OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl);
     OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl);
-    OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags);
+    OFFSET(CPUINFO_scf, struct cpu_info, scf);
     OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed);
     OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3);
     DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info));

diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S
index 3b2fbcd8733ac24de3246da4186f22ad90709e39..fab85eb733577171bb970b37c0709fa5e7e9e63e 100644 (file)
--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest)
 
         /* Account for ev/ec having already been popped off the stack. */
         SPEC_CTRL_COND_VERW \
-            scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \
-            sel=STK_REL(CPUINFO_verw_sel,        CPUINFO_rip)
+            scf=STK_REL(CPUINFO_scf,      CPUINFO_rip), \
+            sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip)
 
 .Lft0:  iretq
         _ASM_PRE_EXTABLE(.Lft0, handle_exception)

diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index ef517e2945b06a63385bcebd52be717d72bbfa18..50fc048834c91eb413c87363e16b6c543cce0020 100644 (file)
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -692,7 +692,7 @@ UNLIKELY_END(exit_cr3)
         /*
          * When the CPU pushed this exception frame, it zero-extended eflags.
          * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of
-         * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs,
+         * scf and ver_sel above eflags, as we can't use any GPRs,
          * and we're at a random place on the stack, not in a CPUFINFO block.
          *
          * Account for ev/ec having already been popped off the stack.