x86/amd: Use newer SSBD mechanisms if they exist

The opencoded legacy Memory Disambiguation logic in init_amd() neglected
Fam19h for the Zen3 microarchitecture.  Further more, all Zen2 based system
have the architectural MSR_SPEC_CTRL and the SSBD bit within it, so shouldn't
be using MSR_AMD64_LS_CFG.

Implement the algorithm given in AMD's SSBD whitepaper, and leave a
printk_once() behind in the case that no controls can be found.

This now means that a user explicitly choosing `spec-ctrl=ssbd` will properly
turn off Memory Disambiguation on Fam19h/Zen3 systems.

This still remains a single system-wide setting (for now), and is not context
switched between vCPUs.  As such, it doesn't interact with Intel's use of
MSR_SPEC_CTRL and default_xen_spec_ctrl (yet).

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 2a4e6c4e4bea2e0bb720418c331ee28ff9c7632e)

diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index aa1b9d0dda6b86dfe0a0dff7a9f4d98901abc4b0..de0389810b25c19de397b194709688e5719edb45 100644 (file)
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -540,6 +540,56 @@ void early_init_amd(struct cpuinfo_x86 *c)
        ctxt_switch_levelling(NULL);
 }
 
+/*
+ * Refer to the AMD Speculative Store Bypass whitepaper:
+ * https://developer.amd.com/wp-content/resources/124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
+ */
+void amd_init_ssbd(const struct cpuinfo_x86 *c)
+{
+       int bit = -1;
+
+       if (cpu_has_ssb_no)
+               return;
+
+       if (cpu_has_amd_ssbd) {
+               wrmsrl(MSR_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0);
+               return;
+       }
+
+       if (cpu_has_virt_ssbd) {
+               wrmsrl(MSR_VIRT_SPEC_CTRL, opt_ssbd ? SPEC_CTRL_SSBD : 0);
+               return;
+       }
+
+       switch (c->x86) {
+       case 0x15: bit = 54; break;
+       case 0x16: bit = 33; break;
+       case 0x17:
+       case 0x18: bit = 10; break;
+       }
+
+       if (bit >= 0) {
+               uint64_t val, mask = 1ull << bit;
+
+               if (rdmsr_safe(MSR_AMD64_LS_CFG, val) ||
+                   ({
+                           val &= ~mask;
+                           if (opt_ssbd)
+                                   val |= mask;
+                           false;
+                   }) ||
+                   wrmsr_safe(MSR_AMD64_LS_CFG, val) ||
+                   ({
+                           rdmsrl(MSR_AMD64_LS_CFG, val);
+                           (val & mask) != (opt_ssbd * mask);
+                   }))
+                       bit = -1;
+       }
+
+       if (bit < 0)
+               printk_once(XENLOG_ERR "No SSBD controls available\n");
+}
+
 static void init_amd(struct cpuinfo_x86 *c)
 {
        u32 l, h;
@@ -616,24 +666,7 @@ static void init_amd(struct cpuinfo_x86 *c)
                                  c->x86_capability);
        }
 
-       /*
-        * If the user has explicitly chosen to disable Memory Disambiguation
-        * to mitigiate Speculative Store Bypass, poke the appropriate MSR.
-        */
-       if (opt_ssbd) {
-               int bit = -1;
-
-               switch (c->x86) {
-               case 0x15: bit = 54; break;
-               case 0x16: bit = 33; break;
-               case 0x17: bit = 10; break;
-               }
-
-               if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) {
-                       value |= 1ull << bit;
-                       wrmsr_safe(MSR_AMD64_LS_CFG, value);
-               }
-       }
+       amd_init_ssbd(c);
 
        /* MFENCE stops RDTSC speculation */
        if (!cpu_has_lfence_dispatch)

diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h
index c2f4d9a06ae542e8f64b0919893ec365ec9f0bc8..23ccd66115657ab5a07d6be135bd76ce698fe1fc 100644 (file)
--- a/xen/arch/x86/cpu/cpu.h
+++ b/xen/arch/x86/cpu/cpu.h
@@ -19,3 +19,4 @@ extern void detect_ht(struct cpuinfo_x86 *c);
 extern bool detect_extended_topology(struct cpuinfo_x86 *c);
 
 void early_init_amd(struct cpuinfo_x86 *c);
+void amd_init_ssbd(const struct cpuinfo_x86 *c);

diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c
index 9ab7aa8622e704d86e3f3873b9ef2a5f9a358dd8..b769e8ad9062c5b3d0803b85c74912575412b3c6 100644 (file)
--- a/xen/arch/x86/cpu/hygon.c
+++ b/xen/arch/x86/cpu/hygon.c
@@ -59,14 +59,7 @@ static void init_hygon(struct cpuinfo_x86 *c)
                __set_bit(X86_FEATURE_LFENCE_DISPATCH,
                          c->x86_capability);
 
-       /*
-        * If the user has explicitly chosen to disable Memory Disambiguation
-        * to mitigiate Speculative Store Bypass, poke the appropriate MSR.
-        */
-       if (opt_ssbd && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) {
-               value |= 1ull << 10;
-               wrmsr_safe(MSR_AMD64_LS_CFG, value);
-       }
+       amd_init_ssbd(c);
 
        /* MFENCE stops RDTSC speculation */
        if (!cpu_has_lfence_dispatch)

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index fec145a7b9e1960c52c1c22a6eea8f2571199eed..be3528c28ebb9217e2967da92ce9b79fb01494e6 100644 (file)
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -331,6 +331,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
            (caps & ARCH_CAPS_IBRS_ALL)                       ? " IBRS_ALL"       : "",
            (caps & ARCH_CAPS_RSBA)                           ? " RSBA"           : "",
            (caps & ARCH_CAPS_SKIP_L1DFL)                     ? " SKIP_L1DFL"     : "",
+           (e8b  & cpufeat_mask(X86_FEATURE_SSB_NO)) ||
            (caps & ARCH_CAPS_SSB_NO)                         ? " SSB_NO"         : "",
            (caps & ARCH_CAPS_MDS_NO)                         ? " MDS_NO"         : "",
            (caps & ARCH_CAPS_TAA_NO)                         ? " TAA_NO"         : "",
@@ -339,15 +340,17 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
            (caps & ARCH_CAPS_PSDP_NO)                        ? " PSDP_NO"        : "");
 
     /* Hardware features which need driving to mitigate issues. */
-    printk("  Hardware features:%s%s%s%s%s%s%s%s%s%s\n",
+    printk("  Hardware features:%s%s%s%s%s%s%s%s%s%s%s\n",
            (e8b  & cpufeat_mask(X86_FEATURE_IBPB)) ||
            (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB))          ? " IBPB"           : "",
            (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB))          ? " IBRS"           : "",
            (_7d0 & cpufeat_mask(X86_FEATURE_STIBP))          ? " STIBP"          : "",
+           (e8b  & cpufeat_mask(X86_FEATURE_AMD_SSBD)) ||
            (_7d0 & cpufeat_mask(X86_FEATURE_SSBD))           ? " SSBD"           : "",
            (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH))      ? " L1D_FLUSH"      : "",
            (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR))       ? " MD_CLEAR"       : "",
            (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL))     ? " SRBDS_CTRL"     : "",
+           (e8b  & cpufeat_mask(X86_FEATURE_VIRT_SSBD))      ? " VIRT_SSBD"      : "",
            (caps & ARCH_CAPS_TSX_CTRL)                       ? " TSX_CTRL"       : "",
            (caps & ARCH_CAPS_FB_CLEAR)                       ? " FB_CLEAR"       : "",
            (caps & ARCH_CAPS_FB_CLEAR_CTRL)                  ? " FB_CLEAR_CTRL"  : "");