github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-28 08:16:54 +00:00
Code Issues Projects Releases Wiki Activity

HV: add CPU capabilities detection for L1TF mitigation

Browse Source 
- detect if current processor is affected by L1TF
  - detect the presence of of "IA32_FLUSH_CMD(MSR 0x10B)
    if processor is affected by L1TF.

Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
This commit is contained in:
Yonghua Huang 2018-09-05 01:52:49 +08:00 committed by lijinxia
parent 2731628e27
commit d43d2c9295
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hypervisor/arch/x86/cpu.c
View File

@ -30,6 +30,8 @@ uint64_t pcpu_active_bitmap = 0UL;
/* X2APIC mode is disabled by default. */ /* X2APIC mode is disabled by default. */
bool x2apic_enabled = false; bool x2apic_enabled = false;
static bool skip_l1dfl_vmentry;
static uint64_t x86_arch_capabilities;
/* TODO: add more capability per requirement */ /* TODO: add more capability per requirement */
/* APICv features */ /* APICv features */
@ -418,6 +420,18 @@ void bsp_boot_init(void)
static bool check_cpu_security_config(void) static bool check_cpu_security_config(void)
{ {
if (cpu_has_cap(X86_FEATURE_ARCH_CAP)) {
x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
skip_l1dfl_vmentry = ((x86_arch_capabilities
& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
} else {
return false;
}
if ((!cpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
return false;
}
if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) && if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
!cpu_has_cap(X86_FEATURE_STIBP)) { !cpu_has_cap(X86_FEATURE_STIBP)) {
return false; return false;

2
hypervisor/include/arch/x86/cpufeatures.h
View File

@ -77,6 +77,8 @@
/* Intel-defined CPU features, CPUID level 0x00000007 (EDX)*/ /* Intel-defined CPU features, CPUID level 0x00000007 (EDX)*/
#define X86_FEATURE_IBRS_IBPB ((FEAT_7_0_EDX << 5U) + 26U) #define X86_FEATURE_IBRS_IBPB ((FEAT_7_0_EDX << 5U) + 26U)
#define X86_FEATURE_STIBP ((FEAT_7_0_EDX << 5U) + 27U) #define X86_FEATURE_STIBP ((FEAT_7_0_EDX << 5U) + 27U)
#define X86_FEATURE_L1D_FLUSH ((FEAT_7_0_EDX << 5U) + 28U)
#define X86_FEATURE_ARCH_CAP ((FEAT_7_0_EDX << 5U) + 29U)
/* Intel-defined CPU features, CPUID level 0x80000001 (EDX)*/ /* Intel-defined CPU features, CPUID level 0x80000001 (EDX)*/
#define X86_FEATURE_NX ((FEAT_8000_0001_EDX << 5U) + 20U) #define X86_FEATURE_NX ((FEAT_8000_0001_EDX << 5U) + 20U)

12
hypervisor/include/arch/x86/msr.h
View File

@ -44,6 +44,8 @@
#define MSR_IA32_APERF 0x000000E8U #define MSR_IA32_APERF 0x000000E8U
/* Actual performance clock counter */ /* Actual performance clock counter */
#define MSR_IA32_MTRR_CAP 0x000000FEU /* MTRR capability */ #define MSR_IA32_MTRR_CAP 0x000000FEU /* MTRR capability */
#define MSR_IA32_ARCH_CAPABILITIES 0x0000010AU
#define MSR_IA32_FLUSH_CMD 0x0000010BU
#define MSR_IA32_SYSENTER_CS 0x00000174U /* CS for sysenter */ #define MSR_IA32_SYSENTER_CS 0x00000174U /* CS for sysenter */
#define MSR_IA32_SYSENTER_ESP 0x00000175U /* ESP for sysenter */ #define MSR_IA32_SYSENTER_ESP 0x00000175U /* ESP for sysenter */
#define MSR_IA32_SYSENTER_EIP 0x00000176U /* EIP for sysenter */ #define MSR_IA32_SYSENTER_EIP 0x00000176U /* EIP for sysenter */
@ -567,4 +569,14 @@ static inline bool pat_mem_type_invalid(uint64_t x)
#define SPEC_ENABLE_STIBP (1U<<1U) #define SPEC_ENABLE_STIBP (1U<<1U)
#define PRED_SET_IBPB (1U<<0U) #define PRED_SET_IBPB (1U<<0U)
/* IA32 ARCH Capabilities bit */
#define IA32_ARCH_CAP_RDCL_NO (1U << 0U)
#define IA32_ARCH_CAP_IBRS_ALL (1U << 1U)
#define IA32_ARCH_CAP_RSBA (1U << 2U)
#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3U)
#define IA32_ARCH_CAP_SSB_NO (1U << 4U)
/* Flush L1 D-cache */
#define IA32_L1D_FLUSH (1UL << 0U)
#endif /* MSR_H */ #endif /* MSR_H */