| Message ID | 9a38877857392b5c2deae7e7db1b170d15510314.1710341348.git.pawan.kumar.gupta@linux.intel.com |
|---|---|
| State | New |
| Headers | show |
| Series | target/i386: Export RFDS bit to guests | expand |
Hi Pawan, On Wed, Mar 13, 2024 at 07:53:23AM -0700, Pawan Gupta wrote: > Date: Wed, 13 Mar 2024 07:53:23 -0700 > From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > Subject: [PATCH] target/i386: Export RFDS bit to guests > > Register File Data Sampling (RFDS) is a CPU side-channel vulnerability > that may expose stale register value. CPUs that set RFDS_NO bit in MSR > IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. > Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has > the microcode to help mitigate RFDS. > > Make RFDS_CLEAR and RFDS_NO bits available to guests. Are these two bits going to be supported by microcode updates to existing products? (Let me aslo attach the related spec to make it easy for more people to learn about backgrounds: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html) > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > --- > target/i386/cpu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) LGTM, Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
On Fri, Mar 15, 2024 at 03:50:18PM +0800, Zhao Liu wrote: > > Make RFDS_CLEAR and RFDS_NO bits available to guests. > > Are these two bits going to be supported by microcode updates to > existing products? RFDS_CLEAR is supported by the microcode update that is needed to mitigate RFDS. RFDS_NO will be supported by future unaffected parts and some of the existing parts. AFAIK, not all unaffected existing parts will get RFDS_NO, for such parts KVM synthesizes RFDS_NO. > (Let me aslo attach the related spec to make it easy for more people to > learn about backgrounds: > https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html) > > > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > > --- > > target/i386/cpu.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > LGTM, > > Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Thank you.
On 3/13/2024 10:53 PM, Pawan Gupta wrote: > Register File Data Sampling (RFDS) is a CPU side-channel vulnerability > that may expose stale register value. CPUs that set RFDS_NO bit in MSR > IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. > Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has > the microcode to help mitigate RFDS. > > Make RFDS_CLEAR and RFDS_NO bits available to guests. What's the status of KVM part? > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> > --- > target/i386/cpu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/target/i386/cpu.c b/target/i386/cpu.c > index 9a210d8d9290..693a5e0fb2ce 100644 > --- a/target/i386/cpu.c > +++ b/target/i386/cpu.c > @@ -1158,8 +1158,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no", > NULL, "fb-clear", NULL, NULL, > NULL, NULL, NULL, NULL, > - "pbrsb-no", NULL, "gds-no", NULL, > - NULL, NULL, NULL, NULL, > + "pbrsb-no", NULL, "gds-no", "rfds-no", > + "rfds-clear", NULL, NULL, NULL, > }, > .msr = { > .index = MSR_IA32_ARCH_CAPABILITIES, > > base-commit: a1932d7cd6507d4d9db2044a54731fff3e749bac
On Tue, Mar 19, 2024 at 12:22:08PM +0800, Xiaoyao Li wrote: > On 3/13/2024 10:53 PM, Pawan Gupta wrote: > > Register File Data Sampling (RFDS) is a CPU side-channel vulnerability > > that may expose stale register value. CPUs that set RFDS_NO bit in MSR > > IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. > > Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has > > the microcode to help mitigate RFDS. > > > > Make RFDS_CLEAR and RFDS_NO bits available to guests. > > What's the status of KVM part? KVM part is already upstreamed and backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.8.1&id=50d33b98b1e23d1cd8743b3cac7a0ae5718b8b00
On 3/19/2024 11:08 PM, Pawan Gupta wrote: > On Tue, Mar 19, 2024 at 12:22:08PM +0800, Xiaoyao Li wrote: >> On 3/13/2024 10:53 PM, Pawan Gupta wrote: >>> Register File Data Sampling (RFDS) is a CPU side-channel vulnerability >>> that may expose stale register value. CPUs that set RFDS_NO bit in MSR >>> IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. >>> Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has >>> the microcode to help mitigate RFDS. >>> >>> Make RFDS_CLEAR and RFDS_NO bits available to guests. >> >> What's the status of KVM part? > > KVM part is already upstreamed and backported: > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.8.1&id=50d33b98b1e23d1cd8743b3cac7a0ae5718b8b00 I see. It was not sent to kvm maillist and not merged through KVM tree. With KVM part in palce, Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
On Wed, Mar 20, 2024 at 08:23:39AM +0800, Xiaoyao Li wrote: > On 3/19/2024 11:08 PM, Pawan Gupta wrote: > > On Tue, Mar 19, 2024 at 12:22:08PM +0800, Xiaoyao Li wrote: > > > On 3/13/2024 10:53 PM, Pawan Gupta wrote: > > > > Register File Data Sampling (RFDS) is a CPU side-channel vulnerability > > > > that may expose stale register value. CPUs that set RFDS_NO bit in MSR > > > > IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. > > > > Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has > > > > the microcode to help mitigate RFDS. > > > > > > > > Make RFDS_CLEAR and RFDS_NO bits available to guests. > > > > > > What's the status of KVM part? > > > > KVM part is already upstreamed and backported: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.8.1&id=50d33b98b1e23d1cd8743b3cac7a0ae5718b8b00 > > I see. It was not sent to kvm maillist and not merged through KVM tree. > > With KVM part in palce, > > Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Thanks.
Queued, thanks. Paolo
diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 9a210d8d9290..693a5e0fb2ce 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1158,8 +1158,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no", NULL, "fb-clear", NULL, NULL, NULL, NULL, NULL, NULL, - "pbrsb-no", NULL, "gds-no", NULL, - NULL, NULL, NULL, NULL, + "pbrsb-no", NULL, "gds-no", "rfds-no", + "rfds-clear", NULL, NULL, NULL, }, .msr = { .index = MSR_IA32_ARCH_CAPABILITIES,
Register File Data Sampling (RFDS) is a CPU side-channel vulnerability that may expose stale register value. CPUs that set RFDS_NO bit in MSR IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS. Similarly, RFDS_CLEAR indicates that CPU is affected by RFDS, and has the microcode to help mitigate RFDS. Make RFDS_CLEAR and RFDS_NO bits available to guests. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> --- target/i386/cpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) base-commit: a1932d7cd6507d4d9db2044a54731fff3e749bac