From 9c07a7af5da66f11a97f56ad1b21f3b12e138a67 Mon Sep 17 00:00:00 2001 From: Babu Moger Date: Thu, 24 Oct 2024 17:18:24 -0500 Subject: [PATCH] target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX Newer AMD CPUs support ERAPS (Enhanced Return Address Prediction Security) feature that enables the auto-clear of RSB entries on a TLB flush, context switches and VMEXITs. The number of default RSP entries is reflected in RapSize. Add the feature bit and feature word to support these features. CPUID_Fn80000021_EAX Bits Feature Description 24 ERAPS: Indicates support for enhanced return address predictor security. CPUID_Fn80000021_EBX Bits Feature Description 31-24 Reserved 23:16 RapSize: Return Address Predictor size. RapSize x 8 is the minimum number of CALL instructions software needs to execute to flush the RAP. 15-00 MicrocodePatchSize. Read-only. Reports the size of the Microcode patch in 16-byte multiples. If 0, the size of the patch is at most 5568 (15C0h) bytes. Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/57238.zip Signed-off-by: Babu Moger Link: https://lore.kernel.org/r/7c62371fe60af1e9bbd853f5f8e949bf2d908bd0.1729807947.git.babu.moger@amd.com Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 11 +++++++++-- target/i386/cpu.h | 9 +++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 8d4d3d9e3d..5886b44fcf 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1220,13 +1220,19 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, "sbpb", + "eraps", NULL, NULL, "sbpb", "ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL, }, .cpuid = { .eax = 0x80000021, .reg = R_EAX, }, .tcg_features = 0, .unmigratable_flags = 0, }, + [FEAT_8000_0021_EBX] = { + .type = CPUID_FEATURE_WORD, + .cpuid = { .eax = 0x80000021, .reg = R_EBX, }, + .tcg_features = 0, + .unmigratable_flags = 0, + }, [FEAT_8000_0022_EAX] = { .type = CPUID_FEATURE_WORD, .feat_names = { @@ -7069,8 +7075,9 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, } break; case 0x80000021: + *eax = *ebx = *ecx = *edx = 0; *eax = env->features[FEAT_8000_0021_EAX]; - *ebx = *ecx = *edx = 0; + *ebx = env->features[FEAT_8000_0021_EBX]; break; default: /* reserved values: zero */ diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 792518b62d..e2e10f55b2 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -634,6 +634,7 @@ typedef enum FeatureWord { FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */ FEAT_8000_0008_EBX, /* CPUID[8000_0008].EBX */ FEAT_8000_0021_EAX, /* CPUID[8000_0021].EAX */ + FEAT_8000_0021_EBX, /* CPUID[8000_0021].EBX */ FEAT_8000_0022_EAX, /* CPUID[8000_0022].EAX */ FEAT_C000_0001_EDX, /* CPUID[C000_0001].EDX */ FEAT_KVM, /* CPUID[4000_0001].EAX (KVM_CPUID_FEATURES) */ @@ -1022,6 +1023,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); #define CPUID_8000_0021_EAX_NULL_SEL_CLR_BASE (1U << 6) /* Automatic IBRS */ #define CPUID_8000_0021_EAX_AUTO_IBRS (1U << 8) +/* Enhanced Return Address Predictor Scurity */ +#define CPUID_8000_0021_EAX_ERAPS (1U << 24) /* Selective Branch Predictor Barrier */ #define CPUID_8000_0021_EAX_SBPB (1U << 27) /* IBPB includes branch type prediction flushing */ @@ -1031,6 +1034,12 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); /* Not vulnerable to SRSO at the user-kernel boundary */ #define CPUID_8000_0021_EAX_SRSO_USER_KERNEL_NO (1U << 30) +/* + * Return Address Predictor size. RapSize x 8 is the minimum number of + * CALL instructions software needs to execute to flush the RAP. + */ +#define CPUID_8000_0021_EBX_RAPSIZE (8U << 16) + /* Performance Monitoring Version 2 */ #define CPUID_8000_0022_EAX_PERFMON_V2 (1U << 0)