aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen/x86-spec-ctrl-Extend-repoline-safey-calcuations-for-.patch
blob: e311f8cec6a96ea0c0c28492ec6d4988e2e4b03a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
From 3b062f5040a103d86b44c5e8412ff9555b00d06c Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 3 May 2019 10:55:55 +0200
Subject: [PATCH 2/2] x86/spec-ctrl: Extend repoline safey calcuations for
 eIBRS and Atom parts

All currently-released Atom processors are in practice retpoline-safe, because
they don't fall back to a BTB prediction on RSB underflow.

However, an additional meaning of Enhanced IRBS is that the processor may not
be retpoline-safe.  The Gemini Lake platform, based on the Goldmont Plus
microarchitecture is the first Atom processor to support eIBRS.

Until Xen gets full eIBRS support, Gemini Lake will still be safe using
regular IBRS.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
master commit: 17f74242ccf0ce6e51c03a5860947865c0ef0dc2
master date: 2019-03-18 16:26:40 +0000
---
 xen/arch/x86/spec_ctrl.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 27b1158d84..8fa6c10528 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -365,8 +365,11 @@ static bool __init retpoline_safe(uint64_t caps)
     /*
      * RSBA may be set by a hypervisor to indicate that we may move to a
      * processor which isn't retpoline-safe.
+     *
+     * Processors offering Enhanced IBRS are not guarenteed to be
+     * repoline-safe.
      */
-    if ( caps & ARCH_CAPS_RSBA )
+    if ( caps & (ARCH_CAPS_RSBA | ARCH_CAPS_IBRS_ALL) )
         return false;
 
     switch ( boot_cpu_data.x86_model )
@@ -426,6 +429,23 @@ static bool __init retpoline_safe(uint64_t caps)
     case 0x9e:
         return false;
 
+        /*
+         * Atom processors before Goldmont Plus/Gemini Lake are retpoline-safe.
+         */
+    case 0x1c: /* Pineview */
+    case 0x26: /* Lincroft */
+    case 0x27: /* Penwell */
+    case 0x35: /* Cloverview */
+    case 0x36: /* Cedarview */
+    case 0x37: /* Baytrail / Valleyview (Silvermont) */
+    case 0x4d: /* Avaton / Rangely (Silvermont) */
+    case 0x4c: /* Cherrytrail / Brasswell */
+    case 0x4a: /* Merrifield */
+    case 0x5a: /* Moorefield */
+    case 0x5c: /* Goldmont */
+    case 0x5f: /* Denverton */
+        return true;
+
     default:
         printk("Unrecognised CPU model %#x - assuming not reptpoline safe\n",
                boot_cpu_data.x86_model);
-- 
2.20.1