Re: [PATCH 3/7] target/i386: Allow MCDT_NO if host supports
On Mon, Jun 26, 2023 at 03:03:12PM +0200, Igor Mammedov wrote:
> On Fri, 16 Jun 2023 11:23:07 +0800
> Tao Su wrote:
>
> > MCDT_NO bit indicates HW contains the security fix and doesn't need to
> > be mitigated to avoid data-dependent behaviour for certain instructions.
> > It needs no hypervisor support. Treat it as supported regardless of what
> > KVM reports.
> >
> > Signed-off-by: Tao Su
> > Reviewed-by: Xiaoyao Li
> > ---
> > target/i386/kvm/kvm.c | 5 +
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> > index de531842f6..4defd8b479 100644
> > --- a/target/i386/kvm/kvm.c
> > +++ b/target/i386/kvm/kvm.c
> > @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
> > uint32_t function,
> > uint32_t eax;
> > host_cpuid(7, 1, , , , );
> > ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS |
> > CPUID_7_1_EAX_FSRC);
> > +} else if (function == 7 && index == 2 && reg == R_EDX) {
>
> > +/* Not new instructions, just an optimization. */
> comment doesn't make much sense to me, just drop it or
> describe what MCDT_NO is/mitigates.
Ok, I will drop it in the next version, thanks!
>
> > +uint32_t edx;
> > +host_cpuid(7, 2, , , , );
> > +ret |= edx & CPUID_7_2_EDX_MCDT_NO;
> > } else if (function == 0xd && index == 0 &&
> > (reg == R_EAX || reg == R_EDX)) {
> > /*
>
>
Re: [PATCH 3/7] target/i386: Allow MCDT_NO if host supports
On Fri, 16 Jun 2023 11:23:07 +0800
Tao Su wrote:
> MCDT_NO bit indicates HW contains the security fix and doesn't need to
> be mitigated to avoid data-dependent behaviour for certain instructions.
> It needs no hypervisor support. Treat it as supported regardless of what
> KVM reports.
>
> Signed-off-by: Tao Su
> Reviewed-by: Xiaoyao Li
> ---
> target/i386/kvm/kvm.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index de531842f6..4defd8b479 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
> uint32_t function,
> uint32_t eax;
> host_cpuid(7, 1, , , , );
> ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS |
> CPUID_7_1_EAX_FSRC);
> +} else if (function == 7 && index == 2 && reg == R_EDX) {
> +/* Not new instructions, just an optimization. */
comment doesn't make much sense to me, just drop it or
describe what MCDT_NO is/mitigates.
> +uint32_t edx;
> +host_cpuid(7, 2, , , , );
> +ret |= edx & CPUID_7_2_EDX_MCDT_NO;
> } else if (function == 0xd && index == 0 &&
> (reg == R_EAX || reg == R_EDX)) {
> /*
[PATCH 3/7] target/i386: Allow MCDT_NO if host supports
MCDT_NO bit indicates HW contains the security fix and doesn't need to
be mitigated to avoid data-dependent behaviour for certain instructions.
It needs no hypervisor support. Treat it as supported regardless of what
KVM reports.
Signed-off-by: Tao Su
Reviewed-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index de531842f6..4defd8b479 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
uint32_t function,
uint32_t eax;
host_cpuid(7, 1, , , , );
ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS |
CPUID_7_1_EAX_FSRC);
+} else if (function == 7 && index == 2 && reg == R_EDX) {
+/* Not new instructions, just an optimization. */
+uint32_t edx;
+host_cpuid(7, 2, , , , );
+ret |= edx & CPUID_7_2_EDX_MCDT_NO;
} else if (function == 0xd && index == 0 &&
(reg == R_EAX || reg == R_EDX)) {
/*
--
2.34.1
