github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-06 19:30:46 +00:00
Code Issues Projects Releases Wiki Activity

HV: add CPU capabilities detection for L1TF mitigation

Browse Source 
- detect if current processor is affected by L1TF
  - detect the presence of of "IA32_FLUSH_CMD(MSR 0x10B)
    if processor is affected by L1TF.

Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
This commit is contained in:
Yonghua Huang
2018-09-05 01:52:49 +08:00
committed by lijinxia
parent 2731628e27
commit d43d2c9295
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hypervisor/arch/x86/cpu.c
View File

@@ -30,6 +30,8 @@ uint64_t pcpu_active_bitmap = 0UL;
/* X2APIC mode is disabled by default. */
bool x2apic_enabled = false;
static bool skip_l1dfl_vmentry;
static uint64_t x86_arch_capabilities;
/* TODO: add more capability per requirement */
/* APICv features */
@@ -418,6 +420,18 @@ void bsp_boot_init(void)
static bool check_cpu_security_config(void)
{
if (cpu_has_cap(X86_FEATURE_ARCH_CAP)) {
x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
skip_l1dfl_vmentry = ((x86_arch_capabilities
& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
} else {
return false;
}
if ((!cpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
return false;
}
if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
!cpu_has_cap(X86_FEATURE_STIBP)) {
return false;