1 files changed, 221 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa263-4.10-0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch b/system/xen/xsa/xsa263-4.10-0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
new file mode 100644
index 0000000000..f6e87244dc
--- /dev/null
+++ b/system/xen/xsa/xsa263-4.10-0004-x86-spec_ctrl-Fold-the-XEN_IBRS_-SET-CLEAR-ALTERNATI.patch
@@ -0,0 +1,221 @@
+From 0b1aded85866f48cdede20c54d30cf593f8a83f7 Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Date: Tue, 17 Apr 2018 14:15:04 +0100
+Subject: [PATCH] x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES
+ together
+
+Currently, the SPEC_CTRL_{ENTRY,EXIT}_* macros encode Xen's choice of
+MSR_SPEC_CTRL as an immediate constant, and chooses between IBRS or not by
+doubling up the entire alternative block.
+
+There is now a variable holding Xen's choice of value, so use that and
+simplify the alternatives.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Wei Liu <wei.liu2@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+Release-acked-by: Juergen Gross <jgross@suse.com>
+(cherry picked from commit af949407eaba7af71067f23d5866cd0bf1f1144d)
+---
+ xen/arch/x86/spec_ctrl.c            | 12 +++++-----
+ xen/include/asm-x86/cpufeatures.h   |  3 +--
+ xen/include/asm-x86/nops.h          |  3 ++-
+ xen/include/asm-x86/spec_ctrl.h     |  6 ++---
+ xen/include/asm-x86/spec_ctrl_asm.h | 45 +++++++++++++------------------------
+ 5 files changed, 26 insertions(+), 43 deletions(-)
+
+diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
+index 2d69910..b62cfcc 100644
+--- a/xen/arch/x86/spec_ctrl.c
++++ b/xen/arch/x86/spec_ctrl.c
+@@ -112,8 +112,9 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+            thunk == THUNK_RETPOLINE ? "RETPOLINE" :
+            thunk == THUNK_LFENCE    ? "LFENCE" :
+            thunk == THUNK_JMP       ? "JMP" : "?",
+-           boot_cpu_has(X86_FEATURE_XEN_IBRS_SET)    ? " IBRS+" :
+-           boot_cpu_has(X86_FEATURE_XEN_IBRS_CLEAR)  ? " IBRS-"      : "",
++           boot_cpu_has(X86_FEATURE_SC_MSR) ?
++           default_xen_spec_ctrl & SPEC_CTRL_IBRS    ? " IBRS+" :
++                                                       " IBRS-"      : "",
+            opt_ibpb                                  ? " IBPB"       : "",
+            boot_cpu_has(X86_FEATURE_RSB_NATIVE)      ? " RSB_NATIVE" : "",
+            boot_cpu_has(X86_FEATURE_RSB_VMEXIT)      ? " RSB_VMEXIT" : "");
+@@ -285,13 +286,10 @@ void __init init_speculation_mitigations(void)
+          * need the IBRS entry/exit logic to virtualise IBRS support for
+          * guests.
+          */
++        setup_force_cpu_cap(X86_FEATURE_SC_MSR);
++
+         if ( ibrs )
+-        {
+             default_xen_spec_ctrl |= SPEC_CTRL_IBRS;
+-            setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_SET);
+-        }
+-        else
+-            setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_CLEAR);
+ 
+         default_spec_ctrl_flags |= SCF_ist_wrmsr;
+     }
+diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h
+index c9b1a48..ca58b0e 100644
+--- a/xen/include/asm-x86/cpufeatures.h
++++ b/xen/include/asm-x86/cpufeatures.h
+@@ -26,8 +26,7 @@ XEN_CPUFEATURE(LFENCE_DISPATCH, (FSCAPINTS+0)*32+12) /* lfence set as Dispatch S
+ XEN_CPUFEATURE(IND_THUNK_LFENCE,(FSCAPINTS+0)*32+13) /* Use IND_THUNK_LFENCE */
+ XEN_CPUFEATURE(IND_THUNK_JMP,   (FSCAPINTS+0)*32+14) /* Use IND_THUNK_JMP */
+ XEN_CPUFEATURE(XEN_IBPB,        (FSCAPINTS+0)*32+15) /* IBRSB || IBPB */
+-XEN_CPUFEATURE(XEN_IBRS_SET,    (FSCAPINTS+0)*32+16) /* IBRSB && IRBS set in Xen */
+-XEN_CPUFEATURE(XEN_IBRS_CLEAR,  (FSCAPINTS+0)*32+17) /* IBRSB && IBRS clear in Xen */
++XEN_CPUFEATURE(SC_MSR,          (FSCAPINTS+0)*32+16) /* MSR_SPEC_CTRL used by Xen */
+ XEN_CPUFEATURE(RSB_NATIVE,      (FSCAPINTS+0)*32+18) /* RSB overwrite needed for native */
+ XEN_CPUFEATURE(RSB_VMEXIT,      (FSCAPINTS+0)*32+19) /* RSB overwrite needed for vmexit */
+ XEN_CPUFEATURE(NO_XPTI,         (FSCAPINTS+0)*32+20) /* XPTI mitigation not in use */
+diff --git a/xen/include/asm-x86/nops.h b/xen/include/asm-x86/nops.h
+index b744895..913e9f0 100644
+--- a/xen/include/asm-x86/nops.h
++++ b/xen/include/asm-x86/nops.h
+@@ -62,9 +62,10 @@
+ #define ASM_NOP8 _ASM_MK_NOP(K8_NOP8)
+ 
+ #define ASM_NOP17 ASM_NOP8; ASM_NOP7; ASM_NOP2
+-#define ASM_NOP22 ASM_NOP8; ASM_NOP8; ASM_NOP6
+ #define ASM_NOP24 ASM_NOP8; ASM_NOP8; ASM_NOP8
++#define ASM_NOP25 ASM_NOP8; ASM_NOP8; ASM_NOP7; ASM_NOP2
+ #define ASM_NOP33 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP7; ASM_NOP2
++#define ASM_NOP36 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP4
+ #define ASM_NOP40 ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8; ASM_NOP8
+ 
+ #define ASM_NOP_MAX 8
+diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
+index 059e291..7d7c42e 100644
+--- a/xen/include/asm-x86/spec_ctrl.h
++++ b/xen/include/asm-x86/spec_ctrl.h
+@@ -52,14 +52,14 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info)
+     barrier();
+     info->spec_ctrl_flags |= SCF_use_shadow;
+     barrier();
+-    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_XEN_IBRS_SET)
++    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_SC_MSR)
+                    :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0) : "memory" );
+ }
+ 
+ /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */
+ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info)
+ {
+-    uint32_t val = SPEC_CTRL_IBRS;
++    uint32_t val = info->xen_spec_ctrl;
+ 
+     /*
+      * Disable shadowing before updating the MSR.  There are no SMP issues
+@@ -67,7 +67,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info)
+      */
+     info->spec_ctrl_flags &= ~SCF_use_shadow;
+     barrier();
+-    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_XEN_IBRS_SET)
++    asm volatile ( ALTERNATIVE(ASM_NOP3, "wrmsr", X86_FEATURE_SC_MSR)
+                    :: "a" (val), "c" (MSR_SPEC_CTRL), "d" (0) : "memory" );
+ }
+ 
+diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h
+index 39fb4f8..17dd2cc 100644
+--- a/xen/include/asm-x86/spec_ctrl_asm.h
++++ b/xen/include/asm-x86/spec_ctrl_asm.h
+@@ -117,7 +117,7 @@
+     mov %\tmp, %rsp                 /* Restore old %rsp */
+ .endm
+ 
+-.macro DO_SPEC_CTRL_ENTRY_FROM_VMEXIT ibrs_val:req
++.macro DO_SPEC_CTRL_ENTRY_FROM_VMEXIT
+ /*
+  * Requires %rbx=current, %rsp=regs/cpuinfo
+  * Clobbers %rax, %rcx, %rdx
+@@ -138,11 +138,11 @@
+     andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
+ 
+     /* Load Xen's intended value. */
+-    mov $\ibrs_val, %eax
++    movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
+     wrmsr
+ .endm
+ 
+-.macro DO_SPEC_CTRL_ENTRY maybexen:req ibrs_val:req
++.macro DO_SPEC_CTRL_ENTRY maybexen:req
+ /*
+  * Requires %rsp=regs (also cpuinfo if !maybexen)
+  * Requires %r14=stack_end (if maybexen)
+@@ -167,12 +167,12 @@
+         setnz %al
+         not %eax
+         and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14)
++        movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax
+     .else
+         andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp)
++        movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax
+     .endif
+ 
+-    /* Load Xen's intended value. */
+-    mov $\ibrs_val, %eax
+     wrmsr
+ .endm
+ 
+@@ -220,47 +220,32 @@
+ #define SPEC_CTRL_ENTRY_FROM_VMEXIT                                     \
+     ALTERNATIVE __stringify(ASM_NOP40),                                 \
+         DO_OVERWRITE_RSB, X86_FEATURE_RSB_VMEXIT;                       \
+-    ALTERNATIVE_2 __stringify(ASM_NOP33),                               \
+-        __stringify(DO_SPEC_CTRL_ENTRY_FROM_VMEXIT                      \
+-                    ibrs_val=SPEC_CTRL_IBRS),                           \
+-        X86_FEATURE_XEN_IBRS_SET,                                       \
+-        __stringify(DO_SPEC_CTRL_ENTRY_FROM_VMEXIT                      \
+-                    ibrs_val=0),                                        \
+-        X86_FEATURE_XEN_IBRS_CLEAR
++    ALTERNATIVE __stringify(ASM_NOP36),                                 \
++        DO_SPEC_CTRL_ENTRY_FROM_VMEXIT, X86_FEATURE_SC_MSR
+ 
+ /* Use after an entry from PV context (syscall/sysenter/int80/int82/etc). */
+ #define SPEC_CTRL_ENTRY_FROM_PV                                         \
+     ALTERNATIVE __stringify(ASM_NOP40),                                 \
+         DO_OVERWRITE_RSB, X86_FEATURE_RSB_NATIVE;                       \
+-    ALTERNATIVE_2 __stringify(ASM_NOP22),                               \
+-        __stringify(DO_SPEC_CTRL_ENTRY maybexen=0                       \
+-                    ibrs_val=SPEC_CTRL_IBRS),                           \
+-        X86_FEATURE_XEN_IBRS_SET,                                       \
+-        __stringify(DO_SPEC_CTRL_ENTRY maybexen=0 ibrs_val=0),          \
+-        X86_FEATURE_XEN_IBRS_CLEAR
++    ALTERNATIVE __stringify(ASM_NOP25),                                 \
++        __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), X86_FEATURE_SC_MSR
+ 
+ /* Use in interrupt/exception context.  May interrupt Xen or PV context. */
+ #define SPEC_CTRL_ENTRY_FROM_INTR                                       \
+     ALTERNATIVE __stringify(ASM_NOP40),                                 \
+         DO_OVERWRITE_RSB, X86_FEATURE_RSB_NATIVE;                       \
+-    ALTERNATIVE_2 __stringify(ASM_NOP33),                               \
+-        __stringify(DO_SPEC_CTRL_ENTRY maybexen=1                       \
+-                    ibrs_val=SPEC_CTRL_IBRS),                           \
+-        X86_FEATURE_XEN_IBRS_SET,                                       \
+-        __stringify(DO_SPEC_CTRL_ENTRY maybexen=1 ibrs_val=0),          \
+-        X86_FEATURE_XEN_IBRS_CLEAR
++    ALTERNATIVE __stringify(ASM_NOP33),                                 \
++        __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), X86_FEATURE_SC_MSR
+ 
+ /* Use when exiting to Xen context. */
+ #define SPEC_CTRL_EXIT_TO_XEN                                           \
+-    ALTERNATIVE_2 __stringify(ASM_NOP17),                               \
+-        DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_XEN_IBRS_SET,             \
+-        DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_XEN_IBRS_CLEAR
++    ALTERNATIVE __stringify(ASM_NOP17),                                 \
++        DO_SPEC_CTRL_EXIT_TO_XEN, X86_FEATURE_SC_MSR
+ 
+ /* Use when exiting to guest context. */
+ #define SPEC_CTRL_EXIT_TO_GUEST                                         \
+-    ALTERNATIVE_2 __stringify(ASM_NOP24),                               \
+-        DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_XEN_IBRS_SET,           \
+-        DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_XEN_IBRS_CLEAR
++    ALTERNATIVE __stringify(ASM_NOP24),                                 \
++        DO_SPEC_CTRL_EXIT_TO_GUEST, X86_FEATURE_SC_MSR
+ 
+ /* TODO: Drop these when the alternatives infrastructure is NMI/#MC safe. */
+ .macro SPEC_CTRL_ENTRY_FROM_INTR_IST
+-- 
+2.1.4
+