head 1.2; access; symbols pkgsrc-2022Q2:1.1.0.18 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.16 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.14 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.12 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.10 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.8 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.6 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.4 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2022.06.28.16.33.25; author bouyer; state dead; branches; next 1.1; commitid lkljtNX5KSYPgPJD; 1.1 date 2020.07.16.09.57.17; author bouyer; state Exp; branches 1.1.2.1; next ; commitid hSaQAYyyo7nRXhgC; 1.1.2.1 date 2020.07.16.09.57.17; author bsiegert; state dead; branches; next 1.1.2.2; commitid 8vOqdXud3CR5tQlC; 1.1.2.2 date 2020.08.28.15.37.49; author bsiegert; state Exp; branches; next ; commitid 8vOqdXud3CR5tQlC; desc @@ 1.2 log @Remove xenkernel411 and xenkernel411, they're EOL upstream @ text @$NetBSD: patch-XSA320,v 1.1 2020/07/16 09:57:17 bouyer Exp $ From: Andrew Cooper Subject: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Wei Liu diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 194615bfc5..9be18ac99f 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -489,10 +489,10 @@@@ accounting for hardware capabilities as enumerated via CPUID. Currently accepted: -The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, -`l1d-flush` and `ssbd` are used by default if available and applicable. They can -be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and -won't offer them to guests. +The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, +`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +use them itself, and won't offer them to guests. ### cpuid\_mask\_cpu (AMD only) > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 5a1702d703..1235c8b91e 100644 --- tools/libxl/libxl_cpuid.c.orig +++ tools/libxl/libxl_cpuid.c @@@@ -202,6 +202,7 @@@@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, + {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1}, {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1}, {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1}, {"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4c9af6b7f0..8fb54c3001 100644 --- tools/misc/xen-cpuid.c.orig +++ tools/misc/xen-cpuid.c @@@@ -142,6 +142,7 @@@@ static const char *str_7d0[32] = { [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", + /* 8 */ [ 9] = "srbds-ctrl", [10] = "md-clear", /* 12 */ [13] = "tsx-force-abort", diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 04aefa555d..b8e5b6fe67 100644 --- xen/arch/x86/cpuid.c.orig +++ xen/arch/x86/cpuid.c @@@@ -58,6 +58,11 @@@@ static int __init parse_xen_cpuid(const char *s) if ( !val ) setup_clear_cpu_cap(X86_FEATURE_SSBD); } + else if ( (val = parse_boolean("srbds-ctrl", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); + } else rc = -EINVAL; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index ccb316c547..256e58d82b 100644 --- xen/arch/x86/msr.c.orig +++ xen/arch/x86/msr.c @@@@ -154,6 +154,7 @@@@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) /* Write-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: /* Not offered to guests. */ goto gp_fault; @@@@ -243,6 +244,7 @@@@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) /* Read-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: /* Not offered to guests. */ goto gp_fault; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ab196b156d..94ab8dd786 100644 --- xen/arch/x86/spec_ctrl.c.orig +++ xen/arch/x86/spec_ctrl.c @@@@ -365,12 +365,13 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 1761a01f1f..480d1d8102 100644 --- xen/include/asm-x86/msr-index.h.orig +++ xen/include/asm-x86/msr-index.h @@@@ -177,6 +177,9 @@@@ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_MCU_OPT_CTRL 0x00000123 +#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) + /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ #define MSR_K7_EVNTSEL0 0xc0010000 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a14d8a7013..9d210e74a0 100644 --- xen/include/public/arch-x86/cpufeatureset.h.orig +++ xen/include/public/arch-x86/cpufeatureset.h @@@@ -242,6 +242,7 @@@@ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ +XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ From: Andrew Cooper Subject: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel See patch documentation and comments. This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 9be18ac99f..3356e59fee 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -1858,7 +1858,7 @@@@ false disable the quirk workaround, which is also the default. ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush}= ]` +> l1d-flush,srb-lock}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@@@ -1930,6 +1930,12 @@@@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to use. By default, Xen will enable this mitigation on hardware believed to be vulnerable to L1TF. +On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force +or prevent Xen from protect the Special Register Buffer from leaking stale +data. By default, Xen will enable this mitigation, except on parts where MDS +is fixed and TAA is fixed/mitigated (in which case, there is believed to be no +way for an attacker to obtain the stale data). + ### sync\_console > `= ` diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 4c12794809..30e1bd5cd3 100644 --- xen/arch/x86/acpi/power.c.orig +++ xen/arch/x86/acpi/power.c @@@@ -266,6 +266,9 @@@@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); spec_ctrl_exit_idle(ci); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + done: spin_debug_enable(); local_irq_restore(flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 0887806e85..d24d215946 100644 --- xen/arch/x86/smpboot.c.orig +++ xen/arch/x86/smpboot.c @@@@ -369,12 +369,14 @@@@ void start_secondary(void *unused) microcode_resume_cpu(cpu); /* - * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard - * any firmware settings. Note: MSR_SPEC_CTRL may only become available - * after loading microcode. + * If any speculative control MSRs are available, apply Xen's default + * settings. Note: These MSRs may only become available after loading + * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 94ab8dd786..a306d10c34 100644 --- xen/arch/x86/spec_ctrl.c.orig +++ xen/arch/x86/spec_ctrl.c @@@@ -63,6 +63,9 @@@@ static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ +static int8_t __initdata opt_srb_lock = -1; +uint64_t __read_mostly default_xen_mcu_opt_ctrl; + static int __init parse_bti(const char *s) { const char *ss; @@@@ -166,6 +169,7 @@@@ static int __init parse_spec_ctrl(const char *s) opt_ibpb = false; opt_ssbd = false; opt_l1d_flush = 0; + opt_srb_lock = 0; } else if ( val > 0 ) rc = -EINVAL; @@@@ -231,6 +235,8 @@@@ static int __init parse_spec_ctrl(const char *s) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) opt_l1d_flush = val; + else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) + opt_srb_lock = val; else rc = -EINVAL; @@@@ -394,7 +400,7 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@@@ -405,6 +411,8 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", + !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); @@@@ -1196,6 +1204,34 @@@@ void __init init_speculation_mitigations(void) tsx_init(); } + /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + { + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock + * by default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way + * to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there + * is no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( opt_srb_lock == -1 && + (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && + (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) + opt_srb_lock = 0; + + val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; + if ( !opt_srb_lock ) + val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; + + default_xen_mcu_opt_ctrl = val; + } + print_details(thunk, caps); /* @@@@ -1227,6 +1263,9 @@@@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); } + + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 333d180b7e..bf10d2ce5c 100644 --- xen/include/asm-x86/spec_ctrl.h.orig +++ xen/include/asm-x86/spec_ctrl.h @@@@ -46,6 +46,8 @@@@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; +extern uint64_t default_xen_mcu_opt_ctrl; + static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); From: Andrew Cooper Subject: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode isn't available. This is part of XSA-320 / CVE-2020-0543. Signed-off-by: Andrew Cooper Acked-by: Julien Grall diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 3356e59fee..ac397e7de0 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -487,12 +487,18 @@@@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels. This option allows for fine tuning of the facilities Xen will use, after accounting for hardware capabilities as enumerated via CPUID. +Unless otherwise noted, options only have any effect in their negative form, +to hide the named feature(s). Ignoring a feature using this mechanism will +cause Xen not to use the feature, nor offer them as usable to guests. + Currently accepted: The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and -applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't -use them itself, and won't offer them to guests. +applicable. They can all be ignored. + +`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 / +CVE-2020-0543. ### cpuid\_mask\_cpu (AMD only) > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index b8e5b6fe67..78d08dbb32 100644 --- xen/arch/x86/cpuid.c.orig +++ xen/arch/x86/cpuid.c @@@@ -63,6 +63,16 @@@@ static int __init parse_xen_cpuid(const char *s) if ( !val ) setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); } + else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_RDRAND); + } + else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_RDSEED); + } else rc = -EINVAL; @ 1.1 log @Add patches for Xen Security Advisories XSA317, XSA319, XSA320, XSA321 and XSA328 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: $ @ 1.1.2.1 log @file patch-XSA320 was added on branch pkgsrc-2020Q2 on 2020-08-28 15:37:49 +0000 @ text @d1 371 @ 1.1.2.2 log @Pullup ticket #6308 - requested by bouyer sysutils/xenkernel411: security fix Revisions pulled up: - sysutils/xenkernel411/Makefile 1.14 - sysutils/xenkernel411/distinfo 1.12 - sysutils/xenkernel411/patches/patch-XSA317 1.1 - sysutils/xenkernel411/patches/patch-XSA319 1.1 - sysutils/xenkernel411/patches/patch-XSA320 1.1 - sysutils/xenkernel411/patches/patch-XSA321 1.1 - sysutils/xenkernel411/patches/patch-XSA328 1.1 --- Module Name: pkgsrc Committed By: bouyer Date: Thu Jul 16 09:57:17 UTC 2020 Modified Files: pkgsrc/sysutils/xenkernel411: Makefile distinfo Added Files: pkgsrc/sysutils/xenkernel411/patches: patch-XSA317 patch-XSA319 patch-XSA320 patch-XSA321 patch-XSA328 Log Message: Add patches for Xen Security Advisories XSA317, XSA319, XSA320, XSA321 and XSA328 Bump PKGREVISION @ text @a0 371 $NetBSD: patch-XSA320,v 1.1 2020/07/16 09:57:17 bouyer Exp $ From: Andrew Cooper Subject: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Wei Liu diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 194615bfc5..9be18ac99f 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -489,10 +489,10 @@@@ accounting for hardware capabilities as enumerated via CPUID. Currently accepted: -The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, -`l1d-flush` and `ssbd` are used by default if available and applicable. They can -be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and -won't offer them to guests. +The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, +`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +use them itself, and won't offer them to guests. ### cpuid\_mask\_cpu (AMD only) > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index 5a1702d703..1235c8b91e 100644 --- tools/libxl/libxl_cpuid.c.orig +++ tools/libxl/libxl_cpuid.c @@@@ -202,6 +202,7 @@@@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, + {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1}, {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1}, {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1}, {"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 4c9af6b7f0..8fb54c3001 100644 --- tools/misc/xen-cpuid.c.orig +++ tools/misc/xen-cpuid.c @@@@ -142,6 +142,7 @@@@ static const char *str_7d0[32] = { [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", + /* 8 */ [ 9] = "srbds-ctrl", [10] = "md-clear", /* 12 */ [13] = "tsx-force-abort", diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 04aefa555d..b8e5b6fe67 100644 --- xen/arch/x86/cpuid.c.orig +++ xen/arch/x86/cpuid.c @@@@ -58,6 +58,11 @@@@ static int __init parse_xen_cpuid(const char *s) if ( !val ) setup_clear_cpu_cap(X86_FEATURE_SSBD); } + else if ( (val = parse_boolean("srbds-ctrl", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); + } else rc = -EINVAL; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index ccb316c547..256e58d82b 100644 --- xen/arch/x86/msr.c.orig +++ xen/arch/x86/msr.c @@@@ -154,6 +154,7 @@@@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) /* Write-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: /* Not offered to guests. */ goto gp_fault; @@@@ -243,6 +244,7 @@@@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) /* Read-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: /* Not offered to guests. */ goto gp_fault; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ab196b156d..94ab8dd786 100644 --- xen/arch/x86/spec_ctrl.c.orig +++ xen/arch/x86/spec_ctrl.c @@@@ -365,12 +365,13 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) printk("Speculative mitigation facilities:\n"); /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 1761a01f1f..480d1d8102 100644 --- xen/include/asm-x86/msr-index.h.orig +++ xen/include/asm-x86/msr-index.h @@@@ -177,6 +177,9 @@@@ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_MCU_OPT_CTRL 0x00000123 +#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) + /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ #define MSR_K7_EVNTSEL0 0xc0010000 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index a14d8a7013..9d210e74a0 100644 --- xen/include/public/arch-x86/cpufeatureset.h.orig +++ xen/include/public/arch-x86/cpufeatureset.h @@@@ -242,6 +242,7 @@@@ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ +XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ From: Andrew Cooper Subject: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel See patch documentation and comments. This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 9be18ac99f..3356e59fee 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -1858,7 +1858,7 @@@@ false disable the quirk workaround, which is also the default. ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm,msr-sc,rsb,md-clear}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush}= ]` +> l1d-flush,srb-lock}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@@@ -1930,6 +1930,12 @@@@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to use. By default, Xen will enable this mitigation on hardware believed to be vulnerable to L1TF. +On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force +or prevent Xen from protect the Special Register Buffer from leaking stale +data. By default, Xen will enable this mitigation, except on parts where MDS +is fixed and TAA is fixed/mitigated (in which case, there is believed to be no +way for an attacker to obtain the stale data). + ### sync\_console > `= ` diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 4c12794809..30e1bd5cd3 100644 --- xen/arch/x86/acpi/power.c.orig +++ xen/arch/x86/acpi/power.c @@@@ -266,6 +266,9 @@@@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); spec_ctrl_exit_idle(ci); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + done: spin_debug_enable(); local_irq_restore(flags); diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 0887806e85..d24d215946 100644 --- xen/arch/x86/smpboot.c.orig +++ xen/arch/x86/smpboot.c @@@@ -369,12 +369,14 @@@@ void start_secondary(void *unused) microcode_resume_cpu(cpu); /* - * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard - * any firmware settings. Note: MSR_SPEC_CTRL may only become available - * after loading microcode. + * If any speculative control MSRs are available, apply Xen's default + * settings. Note: These MSRs may only become available after loading + * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 94ab8dd786..a306d10c34 100644 --- xen/arch/x86/spec_ctrl.c.orig +++ xen/arch/x86/spec_ctrl.c @@@@ -63,6 +63,9 @@@@ static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ +static int8_t __initdata opt_srb_lock = -1; +uint64_t __read_mostly default_xen_mcu_opt_ctrl; + static int __init parse_bti(const char *s) { const char *ss; @@@@ -166,6 +169,7 @@@@ static int __init parse_spec_ctrl(const char *s) opt_ibpb = false; opt_ssbd = false; opt_l1d_flush = 0; + opt_srb_lock = 0; } else if ( val > 0 ) rc = -EINVAL; @@@@ -231,6 +235,8 @@@@ static int __init parse_spec_ctrl(const char *s) opt_eager_fpu = val; else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) opt_l1d_flush = val; + else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) + opt_srb_lock = val; else rc = -EINVAL; @@@@ -394,7 +400,7 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@@@ -405,6 +411,8 @@@@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", + !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); @@@@ -1196,6 +1204,34 @@@@ void __init init_speculation_mitigations(void) tsx_init(); } + /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + { + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock + * by default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way + * to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there + * is no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( opt_srb_lock == -1 && + (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && + (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) + opt_srb_lock = 0; + + val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; + if ( !opt_srb_lock ) + val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; + + default_xen_mcu_opt_ctrl = val; + } + print_details(thunk, caps); /* @@@@ -1227,6 +1263,9 @@@@ void __init init_speculation_mitigations(void) wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); } + + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 333d180b7e..bf10d2ce5c 100644 --- xen/include/asm-x86/spec_ctrl.h.orig +++ xen/include/asm-x86/spec_ctrl.h @@@@ -46,6 +46,8 @@@@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; +extern uint64_t default_xen_mcu_opt_ctrl; + static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info(); From: Andrew Cooper Subject: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode isn't available. This is part of XSA-320 / CVE-2020-0543. Signed-off-by: Andrew Cooper Acked-by: Julien Grall diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 3356e59fee..ac397e7de0 100644 --- docs/misc/xen-command-line.markdown.orig +++ docs/misc/xen-command-line.markdown @@@@ -487,12 +487,18 @@@@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels. This option allows for fine tuning of the facilities Xen will use, after accounting for hardware capabilities as enumerated via CPUID. +Unless otherwise noted, options only have any effect in their negative form, +to hide the named feature(s). Ignoring a feature using this mechanism will +cause Xen not to use the feature, nor offer them as usable to guests. + Currently accepted: The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and -applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't -use them itself, and won't offer them to guests. +applicable. They can all be ignored. + +`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 / +CVE-2020-0543. ### cpuid\_mask\_cpu (AMD only) > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index b8e5b6fe67..78d08dbb32 100644 --- xen/arch/x86/cpuid.c.orig +++ xen/arch/x86/cpuid.c @@@@ -63,6 +63,16 @@@@ static int __init parse_xen_cpuid(const char *s) if ( !val ) setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); } + else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_RDRAND); + } + else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_RDSEED); + } else rc = -EINVAL; @