This is an AMD feature to reduce the IBRS handling overhead. Once enabled,
processes running at CPL=0 are automatically IBRS-protected even if
SPEC_CTRL.IBRS is not set. Furthermore, the RAS/RSB is cleared on VMEXIT.
The feature is exposed in CPUID and toggled in EFER.
Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit:
8347d6bb29bfd0c3b5acdc078574a8643c5a5637
master date: 2023-05-30 18:24:07 +0100
{
[ 2] = "lfence+",
[ 6] = "nscb",
+ [ 8] = "auto-ibrs",
/* 26 */ [27] = "sbpb",
[28] = "ibpb-brtype", [29] = "srso-no",
#define cpu_has_amd_ssbd boot_cpu_has(X86_FEATURE_AMD_SSBD)
#define cpu_has_virt_ssbd boot_cpu_has(X86_FEATURE_VIRT_SSBD)
#define cpu_has_ssb_no boot_cpu_has(X86_FEATURE_SSB_NO)
+#define cpu_has_auto_ibrs boot_cpu_has(X86_FEATURE_AUTO_IBRS)
/* CPUID level 0x00000007:0.edx */
#define cpu_has_avx512_4vnniw boot_cpu_has(X86_FEATURE_AVX512_4VNNIW)
#define EFER_NXE (_AC(1, ULL) << 11) /* No Execute Enable */
#define EFER_SVME (_AC(1, ULL) << 12) /* Secure Virtual Machine Enable */
#define EFER_FFXSE (_AC(1, ULL) << 14) /* Fast FXSAVE/FXRSTOR */
+#define EFER_AIBRSE (_AC(1, ULL) << 21) /* Automatic IBRS Enable */
#define EFER_KNOWN_MASK \
(EFER_SCE | EFER_LME | EFER_LMA | EFER_NXE | EFER_SVME | EFER_FFXSE)
/* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */
XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */
XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */
+XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /* Automatic IBRS */
XEN_CPUFEATURE(SBPB, 11*32+27) /*A Selective Branch Predictor Barrier */
XEN_CPUFEATURE(IBPB_BRTYPE, 11*32+28) /*A IBPB flushes Branch Type predictions too */
XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Speculative Return Stack Overflow */
projects / people / aperard / xen-unstable.git / commitdiff