Re: [PATCH 3/7] target/i386: Allow MCDT_NO if host supports
On Mon, Jun 26, 2023 at 03:03:12PM +0200, Igor Mammedov wrote: > On Fri, 16 Jun 2023 11:23:07 +0800 > Tao Su wrote: > > > MCDT_NO bit indicates HW contains the security fix and doesn't need to > > be mitigated to avoid data-dependent behaviour for certain instructions. > > It needs no hypervisor support. Treat it as supported regardless of what > > KVM reports. > > > > Signed-off-by: Tao Su > > Reviewed-by: Xiaoyao Li > > --- > > target/i386/kvm/kvm.c | 5 + > > 1 file changed, 5 insertions(+) > > > > diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c > > index de531842f6..4defd8b479 100644 > > --- a/target/i386/kvm/kvm.c > > +++ b/target/i386/kvm/kvm.c > > @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, > > uint32_t function, > > uint32_t eax; > > host_cpuid(7, 1, , , , ); > > ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS | > > CPUID_7_1_EAX_FSRC); > > +} else if (function == 7 && index == 2 && reg == R_EDX) { > > > +/* Not new instructions, just an optimization. */ > comment doesn't make much sense to me, just drop it or > describe what MCDT_NO is/mitigates. Ok, I will drop it in the next version, thanks! > > > +uint32_t edx; > > +host_cpuid(7, 2, , , , ); > > +ret |= edx & CPUID_7_2_EDX_MCDT_NO; > > } else if (function == 0xd && index == 0 && > > (reg == R_EAX || reg == R_EDX)) { > > /* > >
Re: [PATCH 3/7] target/i386: Allow MCDT_NO if host supports
On Fri, 16 Jun 2023 11:23:07 +0800 Tao Su wrote: > MCDT_NO bit indicates HW contains the security fix and doesn't need to > be mitigated to avoid data-dependent behaviour for certain instructions. > It needs no hypervisor support. Treat it as supported regardless of what > KVM reports. > > Signed-off-by: Tao Su > Reviewed-by: Xiaoyao Li > --- > target/i386/kvm/kvm.c | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c > index de531842f6..4defd8b479 100644 > --- a/target/i386/kvm/kvm.c > +++ b/target/i386/kvm/kvm.c > @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, > uint32_t function, > uint32_t eax; > host_cpuid(7, 1, , , , ); > ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS | > CPUID_7_1_EAX_FSRC); > +} else if (function == 7 && index == 2 && reg == R_EDX) { > +/* Not new instructions, just an optimization. */ comment doesn't make much sense to me, just drop it or describe what MCDT_NO is/mitigates. > +uint32_t edx; > +host_cpuid(7, 2, , , , ); > +ret |= edx & CPUID_7_2_EDX_MCDT_NO; > } else if (function == 0xd && index == 0 && > (reg == R_EAX || reg == R_EDX)) { > /*
[PATCH 3/7] target/i386: Allow MCDT_NO if host supports
MCDT_NO bit indicates HW contains the security fix and doesn't need to be mitigated to avoid data-dependent behaviour for certain instructions. It needs no hypervisor support. Treat it as supported regardless of what KVM reports. Signed-off-by: Tao Su Reviewed-by: Xiaoyao Li --- target/i386/kvm/kvm.c | 5 + 1 file changed, 5 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index de531842f6..4defd8b479 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, uint32_t eax; host_cpuid(7, 1, , , , ); ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS | CPUID_7_1_EAX_FSRC); +} else if (function == 7 && index == 2 && reg == R_EDX) { +/* Not new instructions, just an optimization. */ +uint32_t edx; +host_cpuid(7, 2, , , , ); +ret |= edx & CPUID_7_2_EDX_MCDT_NO; } else if (function == 0xd && index == 0 && (reg == R_EAX || reg == R_EDX)) { /* -- 2.34.1