HV: add CPU capabilities detection for L1TF mitigation

- detect if current processor is affected by L1TF - detect the presence of of "IA32_FLUSH_CMD(MSR 0x10B) if processor is affected by L1TF. Tracked-On: #1672 Signed-off-by: Yonghua Huang <yonghua.huang@intel.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
2025-06-26 15:31:35 +00:00 · 2018-09-05 01:52:49 +08:00 · 2018-09-05 01:52:49 +08:00 · d43d2c9295
commit d43d2c9295
parent 2731628e27
3 changed files with 28 additions and 0 deletions
--- a/hypervisor/arch/x86/cpu.c
+++ b/hypervisor/arch/x86/cpu.c
@ -30,6 +30,8 @@ uint64_t pcpu_active_bitmap = 0UL;

 /* X2APIC mode is disabled by default. */
 bool x2apic_enabled = false;
+static bool skip_l1dfl_vmentry;
+static uint64_t x86_arch_capabilities;

 /* TODO: add more capability per requirement */
 /* APICv features */
@ -418,6 +420,18 @@ void bsp_boot_init(void)

 static bool check_cpu_security_config(void)
 {
+	if (cpu_has_cap(X86_FEATURE_ARCH_CAP)) {
+		x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
+		skip_l1dfl_vmentry = ((x86_arch_capabilities
+			& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
+	} else {
+		return false;
+	}
+
+	if ((!cpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
+		return false;
+	}
+
 	if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
 		!cpu_has_cap(X86_FEATURE_STIBP)) {
 		return false;
--- a/hypervisor/include/arch/x86/cpufeatures.h
+++ b/hypervisor/include/arch/x86/cpufeatures.h
@ -77,6 +77,8 @@
 /* Intel-defined CPU features, CPUID level 0x00000007 (EDX)*/
 #define X86_FEATURE_IBRS_IBPB	((FEAT_7_0_EDX << 5U) + 26U)
 #define X86_FEATURE_STIBP	((FEAT_7_0_EDX << 5U) + 27U)
+#define X86_FEATURE_L1D_FLUSH	((FEAT_7_0_EDX << 5U) + 28U)
+#define X86_FEATURE_ARCH_CAP	((FEAT_7_0_EDX << 5U) + 29U)

 /* Intel-defined CPU features, CPUID level 0x80000001 (EDX)*/
 #define X86_FEATURE_NX		((FEAT_8000_0001_EDX << 5U) + 20U)
--- a/hypervisor/include/arch/x86/msr.h
+++ b/hypervisor/include/arch/x86/msr.h
@ -44,6 +44,8 @@
 #define MSR_IA32_APERF                      0x000000E8U
 /* Actual performance clock counter */
 #define MSR_IA32_MTRR_CAP                   0x000000FEU	/* MTRR capability */
+#define MSR_IA32_ARCH_CAPABILITIES          0x0000010AU
+#define MSR_IA32_FLUSH_CMD                  0x0000010BU
 #define MSR_IA32_SYSENTER_CS                0x00000174U	/* CS for sysenter */
 #define MSR_IA32_SYSENTER_ESP               0x00000175U	/* ESP for sysenter */
 #define MSR_IA32_SYSENTER_EIP               0x00000176U	/* EIP for sysenter */
@ -567,4 +569,14 @@ static inline bool pat_mem_type_invalid(uint64_t x)
 #define SPEC_ENABLE_STIBP		(1U<<1U)
 #define PRED_SET_IBPB			(1U<<0U)

+/* IA32 ARCH Capabilities bit */
+#define IA32_ARCH_CAP_RDCL_NO			(1U << 0U)
+#define IA32_ARCH_CAP_IBRS_ALL			(1U << 1U)
+#define IA32_ARCH_CAP_RSBA			(1U << 2U)
+#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY	(1U << 3U)
+#define IA32_ARCH_CAP_SSB_NO			(1U << 4U)
+
+/* Flush L1 D-cache */
+#define IA32_L1D_FLUSH		(1UL << 0U)
+
 #endif /* MSR_H */