target/i386: Expose bits related to SRSO vulnerability

Add following bits related Speculative Return Stack Overflow (SRSO). Guests can make use of these bits if supported. These bits are reported via CPUID Fn8000_0021_EAX. =================================================================== Bit Feature Description =================================================================== 27 SBPB Indicates support for the Selective Branch Predictor Barrier. 28 IBPB_BRTYPE MSR_PRED_CMD[IBPB] flushes all branch type predictions. 29 SRSO_NO Not vulnerable to SRSO. 30 SRSO_USER_KERNEL_NO Not vulnerable to SRSO at the user-kernel boundary. =================================================================== Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip Signed-off-by: Babu Moger <babu.moger@amd.com> Link: https://lore.kernel.org/r/dadbd70c38f4e165418d193918a3747bd715c5f4.1729807947.git.babu.moger@amd.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-10-24 17:18:23 -05:00 · 2024-10-24 17:18:23 -05:00 · 2ec282b8ea
commit 2ec282b8ea
parent 209b0ac120
2 changed files with 12 additions and 4 deletions
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@ -1221,7 +1221,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, NULL,
            NULL, NULL, NULL, "sbpb",
-            "ibpb-brtype", NULL, NULL, NULL,
+            "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
        },
        .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
        .tcg_features = 0,
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@ -1015,13 +1015,21 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_8000_0008_EBX_AMD_PSFD    (1U << 28)

 /* Processor ignores nested data breakpoints */
-#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP    (1U << 0)
+#define CPUID_8000_0021_EAX_NO_NESTED_DATA_BP            (1U << 0)
 /* LFENCE is always serializing */
 #define CPUID_8000_0021_EAX_LFENCE_ALWAYS_SERIALIZING    (1U << 2)
 /* Null Selector Clears Base */
-#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE    (1U << 6)
+#define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE            (1U << 6)
 /* Automatic IBRS */
-#define CPUID_8000_0021_EAX_AUTO_IBRS   (1U << 8)
+#define CPUID_8000_0021_EAX_AUTO_IBRS                    (1U << 8)
+/* Selective Branch Predictor Barrier */
+#define CPUID_8000_0021_EAX_SBPB                         (1U << 27)
+/* IBPB includes branch type prediction flushing */
+#define CPUID_8000_0021_EAX_IBPB_BRTYPE                  (1U << 28)
+/* Not vulnerable to Speculative Return Stack Overflow */
+#define CPUID_8000_0021_EAX_SRSO_NO                      (1U << 29)
+/* Not vulnerable to SRSO at the user-kernel boundary */
+#define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO          (1U << 30)

 /* Performance Monitoring Version 2 */
 #define CPUID_8000_0022_EAX_PERFMON_V2  (1U << 0)