xenbits.xensource.com Git - people/andrewcoop/xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 8 Jun 2023 18:41:44 +0000 (19:41 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 9 Apr 2024 15:37:30 +0000 (16:37 +0100)
commit	954c983abceee97bf5f6230b9ae164f2c49a9aa9
tree	f4de027c036e79255b170f1793f67d5af521db55	tree
parent	62a1106415c5e8a49b45147ca84d54a58d471343	commit \| diff

x86/spec-ctrl: Software BHB-clearing sequences

Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant
is set up as the "short" sequence.

Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call
to selected clearing routine.

Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't
be included alongside a CALL in a single alternative block. This is going to
require further work to untangle.

The BHB sequences (if used) must be after the restoration of Xen's
MSR_SPEC_CTRL value, which must be accounted for when judging whether it is
safe to skip the safety LFENCEs.

This is part of XSA-456 / CVE-2024-2201.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Roger Pau Monné <roger.pau@citrix.com>

xen/arch/x86/Makefile		diff \| blob \| blame \| history
xen/arch/x86/bhb-thunk.S	[new file with mode: 0644]	blob
xen/arch/x86/hvm/vmx/entry.S		diff \| blob \| blame \| history
xen/arch/x86/include/asm/cpufeature.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/spec_ctrl.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/spec_ctrl_asm.h		diff \| blob \| blame \| history
xen/arch/x86/spec_ctrl.c		diff \| blob \| blame \| history