On 30/05/2023 2:58 pm, Alejandro Vallejo wrote: > This is an AMD feature to reduce the IBRS handling overhead. Once enabled, > processes running at CPL=0 are automatically IBRS-protected even if > SPEC_CTRL.IBRS is not set. Furthermore, the RAS/RSB is cleared on VMEXIT. > > The feature is exposed in CPUID and toggled in EFER. > > Signed-off-by: Alejandro Vallejo <alejandro.vall...@cloud.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>, but... > diff --git a/xen/include/public/arch-x86/cpufeatureset.h > b/xen/include/public/arch-x86/cpufeatureset.h > index 777041425e..3ac144100e 100644 > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -287,6 +287,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA > Instructions */ > /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ > XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing > */ > XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base > (and limit too) */ > +XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /* HW can handle IBRS on its > own */ ... I've changed this on commit to just "Automatic IBRS". The behaviour is more far complicated than this, and anyone who wants to know needs to read the manual extra carefully. For one, there's a behaviour which depends on whether SEV-SNP was enabled in firmware... ~Andrew
