diff --git a/1139-target-i386-Introduce-SierraForest-v2-model.patch b/1139-target-i386-Introduce-SierraForest-v2-model.patch new file mode 100644 index 0000000000000000000000000000000000000000..3235a1ba6bdadb2831f05b68a0129bca9aa1c088 --- /dev/null +++ b/1139-target-i386-Introduce-SierraForest-v2-model.patch @@ -0,0 +1,62 @@ +From 0748054f23e1a28c85995eb0419c77c93367268c Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Tue, 21 Jan 2025 10:06:47 +0800 +Subject: [PATCH 1/5] target/i386: Introduce SierraForest-v2 model + +commit c597ff5339a9918b00d9f4160126db0ac2a423cc upstream. + +Update SierraForest CPU model to add LAM, 4 bits indicating certain bits +of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl, +bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri, +movdir64b) + +Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are +mitigated in stepping 3. + +Intel-SIG: commit c597ff5339a9 target/i386: Introduce SierraForest-v2 model. +backporting CWF model and new ISAs, plus new model changes + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20250121020650.1899618-2-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 923fa99b6..f8f22c2ef 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -3958,6 +3958,25 @@ static const X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Xeon Processor (SierraForest)", + .versions = (X86CPUVersionDefinition[]) { + { .version = 1 }, ++ { ++ .version = 2, ++ .props = (PropValue[]) { ++ { "ss", "on" }, ++ { "tsc-adjust", "on" }, ++ { "cldemote", "on" }, ++ { "movdiri", "on" }, ++ { "movdir64b", "on" }, ++ { "gds-no", "on" }, ++ { "rfds-no", "on" }, ++ { "lam", "on" }, ++ { "intel-psfd", "on"}, ++ { "ipred-ctrl", "on"}, ++ { "rrsba-ctrl", "on"}, ++ { "bhi-ctrl", "on"}, ++ { "stepping", "3" }, ++ { /* end of list */ } ++ } ++ }, + { /* end of list */ }, + }, + }, +-- +2.47.1 + diff --git a/1140-target-i386-Export-BHI_NO-bit-to-guests.patch b/1140-target-i386-Export-BHI_NO-bit-to-guests.patch new file mode 100644 index 0000000000000000000000000000000000000000..9f927ca0e805357af1ffc3a92b75e930517c7427 --- /dev/null +++ b/1140-target-i386-Export-BHI_NO-bit-to-guests.patch @@ -0,0 +1,45 @@ +From 447cf8ba4f0394cb3104dd9284e5ec73d3d9faa6 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Tue, 21 Jan 2025 10:06:48 +0800 +Subject: [PATCH 2/5] target/i386: Export BHI_NO bit to guests + +commit b611931d4f70b9a3e49e39c405c63b3b5e9c0df1 upstream. + +Branch History Injection (BHI) is a CPU side-channel vulnerability, where +an attacker may manipulate branch history before transitioning from user +to supervisor mode or from VMX non-root/guest to root mode. CPUs that set +BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional +mitigation is required to prevent BHI. + +Make BHI_NO bit available to guests. + +Intel-SIG: commit b611931d4f70 target/i386: Export BHI_NO bit to guests. +backporting CWF model and new ISAs, plus new model changes + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20250121020650.1899618-3-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index f8f22c2ef..f9fdf40b4 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1052,7 +1052,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "taa-no", NULL, NULL, NULL, + NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no", + NULL, "fb-clear", NULL, NULL, +- NULL, NULL, NULL, NULL, ++ "bhi-no", NULL, NULL, NULL, + "pbrsb-no", NULL, "gds-no", "rfds-no", + "rfds-clear", NULL, NULL, NULL, + }, +-- +2.47.1 + diff --git a/1141-target-i386-Add-new-CPU-model-ClearwaterForest.patch b/1141-target-i386-Add-new-CPU-model-ClearwaterForest.patch new file mode 100644 index 0000000000000000000000000000000000000000..3a68b109b1b033adb8aff7b9fe1c5aaaa7742254 --- /dev/null +++ b/1141-target-i386-Add-new-CPU-model-ClearwaterForest.patch @@ -0,0 +1,264 @@ +From e8fe9dc2a8e7195541e8818ea3c222ce8c46ba38 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Tue, 21 Jan 2025 10:06:49 +0800 +Subject: [PATCH 3/5] target/i386: Add new CPU model ClearwaterForest + +commit 56e84d898f17606b5d88778726466540af96b234 upstream. + +According to table 1-2 in Intel Architecture Instruction Set Extensions +and Future Features (rev 056) [1], ClearwaterForest has the following new +features which have already been virtualized: + + - AVX-VNNI-INT16 CPUID.(EAX=7,ECX=1):EDX[bit 10] + - SHA512 CPUID.(EAX=7,ECX=1):EAX[bit 0] + - SM3 CPUID.(EAX=7,ECX=1):EAX[bit 1] + - SM4 CPUID.(EAX=7,ECX=1):EAX[bit 2] + +Add above features to new CPU model ClearwaterForest. Comparing with +SierraForest, ClearwaterForest bare-metal contains all features of +SierraForest-v2 CPU model and adds: + + - PREFETCHI CPUID.(EAX=7,ECX=1):EDX[bit 14] + - DDPD_U CPUID.(EAX=7,ECX=2):EDX[bit 3] + - BHI_NO IA32_ARCH_CAPABILITIES[bit 20] + +Add above and all features of SierraForest-v2 CPU model to new CPU model +ClearwaterForest. + +[1] https://cdrdv2.intel.com/v1/dl/getContent/671368 + +Intel-SIG: commit 56e84d898f17 target/i386: Add new CPU model ClearwaterForest. +backporting CWF model and new ISAs, plus new model changes + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20250121020650.1899618-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++ + target/i386/cpu.h | 29 ++++++++++ + 2 files changed, 163 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index f9fdf40b4..ae62d156f 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -3980,6 +3980,140 @@ static const X86CPUDefinition builtin_x86_defs[] = { + { /* end of list */ }, + }, + }, ++ { ++ .name = "ClearwaterForest", ++ .level = 0x23, ++ .xlevel = 0x80000008, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 221, ++ .stepping = 0, ++ /* ++ * please keep the ascending order so that we can have a clear view of ++ * bit position of each feature. ++ */ ++ .features[FEAT_1_EDX] = ++ CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC | ++ CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | ++ CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | ++ CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR | ++ CPUID_SSE | CPUID_SSE2 | CPUID_SS, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSSE3 | ++ CPUID_EXT_FMA | CPUID_EXT_CX16 | CPUID_EXT_PCID | CPUID_EXT_SSE41 | ++ CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE | ++ CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES | ++ CPUID_EXT_XSAVE | CPUID_EXT_AVX | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB | ++ CPUID_EXT2_RDTSCP | CPUID_EXT2_LM, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_LAHF_LM | CPUID_EXT3_ABM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_8000_0008_EBX] = ++ CPUID_8000_0008_EBX_WBNOINVD, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_TSC_ADJUST | ++ CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | ++ CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_SHA_NI, ++ .features[FEAT_7_0_ECX] = ++ CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU | CPUID_7_0_ECX_GFNI | ++ CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ | ++ CPUID_7_0_ECX_RDPID | CPUID_7_0_ECX_BUS_LOCK_DETECT | ++ CPUID_7_0_ECX_CLDEMOTE | CPUID_7_0_ECX_MOVDIRI | ++ CPUID_7_0_ECX_MOVDIR64B, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_SERIALIZE | ++ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES | ++ CPUID_7_0_EDX_SPEC_CTRL_SSBD, ++ .features[FEAT_ARCH_CAPABILITIES] = ++ MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL | ++ MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO | ++ MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_SBDR_SSDP_NO | ++ MSR_ARCH_CAP_FBSDP_NO | MSR_ARCH_CAP_PSDP_NO | ++ MSR_ARCH_CAP_BHI_NO | MSR_ARCH_CAP_PBRSB_NO | ++ MSR_ARCH_CAP_GDS_NO | MSR_ARCH_CAP_RFDS_NO, ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .features[FEAT_7_1_EAX] = ++ CPUID_7_1_EAX_SHA512 | CPUID_7_1_EAX_SM3 | CPUID_7_1_EAX_SM4 | ++ CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_CMPCCXADD | ++ CPUID_7_1_EAX_FSRS | CPUID_7_1_EAX_AVX_IFMA, ++ .features[FEAT_7_1_EDX] = ++ CPUID_7_1_EDX_AVX_VNNI_INT8 | CPUID_7_1_EDX_AVX_NE_CONVERT | ++ CPUID_7_1_EDX_AVX_VNNI_INT16 | CPUID_7_1_EDX_PREFETCHITI, ++ .features[FEAT_7_2_EDX] = ++ CPUID_7_2_EDX_PSFD | CPUID_7_2_EDX_IPRED_CTRL | ++ CPUID_7_2_EDX_RRSBA_CTRL | CPUID_7_2_EDX_DDPD_U | ++ CPUID_7_2_EDX_BHI_CTRL | CPUID_7_2_EDX_MCDT_NO, ++ .features[FEAT_VMX_BASIC] = ++ MSR_VMX_BASIC_INS_OUTS | MSR_VMX_BASIC_TRUE_CTLS, ++ .features[FEAT_VMX_ENTRY_CTLS] = ++ VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_IA32E_MODE | ++ VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | ++ VMX_VM_ENTRY_LOAD_IA32_PAT | VMX_VM_ENTRY_LOAD_IA32_EFER, ++ .features[FEAT_VMX_EPT_VPID_CAPS] = ++ MSR_VMX_EPT_EXECONLY | MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | ++ MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB | MSR_VMX_EPT_1GB | ++ MSR_VMX_EPT_INVEPT | MSR_VMX_EPT_AD_BITS | ++ MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT | ++ MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR | ++ MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | ++ MSR_VMX_EPT_INVVPID_ALL_CONTEXT | ++ MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS, ++ .features[FEAT_VMX_EXIT_CTLS] = ++ VMX_VM_EXIT_SAVE_DEBUG_CONTROLS | ++ VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL | ++ VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_IA32_PAT | ++ VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER | ++ VMX_VM_EXIT_LOAD_IA32_EFER | VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER, ++ .features[FEAT_VMX_MISC] = ++ MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_ACTIVITY_HLT | ++ MSR_VMX_MISC_VMWRITE_VMEXIT, ++ .features[FEAT_VMX_PINBASED_CTLS] = ++ VMX_PIN_BASED_EXT_INTR_MASK | VMX_PIN_BASED_NMI_EXITING | ++ VMX_PIN_BASED_VIRTUAL_NMIS | VMX_PIN_BASED_VMX_PREEMPTION_TIMER | ++ VMX_PIN_BASED_POSTED_INTR, ++ .features[FEAT_VMX_PROCBASED_CTLS] = ++ VMX_CPU_BASED_VIRTUAL_INTR_PENDING | ++ VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING | ++ VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING | ++ VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING | ++ VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING | ++ VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING | ++ VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_VIRTUAL_NMI_PENDING | ++ VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING | ++ VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_TRAP_FLAG | ++ VMX_CPU_BASED_USE_MSR_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING | ++ VMX_CPU_BASED_PAUSE_EXITING | ++ VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS, ++ .features[FEAT_VMX_SECONDARY_CTLS] = ++ VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | ++ VMX_SECONDARY_EXEC_ENABLE_EPT | VMX_SECONDARY_EXEC_DESC | ++ VMX_SECONDARY_EXEC_RDTSCP | ++ VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | ++ VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_WBINVD_EXITING | ++ VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST | ++ VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT | ++ VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | ++ VMX_SECONDARY_EXEC_RDRAND_EXITING | ++ VMX_SECONDARY_EXEC_ENABLE_INVPCID | ++ VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS | ++ VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML | ++ VMX_SECONDARY_EXEC_XSAVES, ++ .features[FEAT_VMX_VMFUNC] = ++ MSR_VMX_VMFUNC_EPT_SWITCHING, ++ .model_id = "Intel Xeon Processor (ClearwaterForest)", ++ .versions = (X86CPUVersionDefinition[]) { ++ { .version = 1 }, ++ { /* end of list */ }, ++ }, ++ }, + { + .name = "Denverton", + .level = 21, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index b0d79a151..3702e7949 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -764,6 +764,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + + /* Support RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE */ + #define CPUID_7_0_EBX_FSGSBASE (1U << 0) ++/* Support TSC adjust MSR */ ++#define CPUID_7_0_EBX_TSC_ADJUST (1U << 1) + /* Support SGX */ + #define CPUID_7_0_EBX_SGX (1U << 2) + /* 1st Group of Advanced Bit Manipulation Extensions */ +@@ -891,6 +893,12 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + /* Speculative Store Bypass Disable */ + #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) + ++/* SHA512 Instruction */ ++#define CPUID_7_1_EAX_SHA512 (1U << 0) ++/* SM3 Instruction */ ++#define CPUID_7_1_EAX_SM3 (1U << 1) ++/* SM4 Instruction */ ++#define CPUID_7_1_EAX_SM4 (1U << 2) + /* AVX VNNI Instruction */ + #define CPUID_7_1_EAX_AVX_VNNI (1U << 4) + /* AVX512 BFloat16 Instruction */ +@@ -903,6 +911,12 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define CPUID_7_1_EAX_FSRS (1U << 11) + /* Fast Short REP CMPS/SCAS */ + #define CPUID_7_1_EAX_FSRC (1U << 12) ++/* Flexible return and event delivery (FRED) */ ++#define CPUID_7_1_EAX_FRED (1U << 17) ++/* Load into IA32_KERNEL_GS_BASE (LKGS) */ ++#define CPUID_7_1_EAX_LKGS (1U << 18) ++/* Non-Serializing Write to Model Specific Register (WRMSRNS) */ ++#define CPUID_7_1_EAX_WRMSRNS (1U << 19) + /* Support Tile Computational Operations on FP16 Numbers */ + #define CPUID_7_1_EAX_AMX_FP16 (1U << 21) + /* Support for VPMADD52[H,L]UQ */ +@@ -914,9 +928,21 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define CPUID_7_1_EDX_AVX_NE_CONVERT (1U << 5) + /* AMX COMPLEX Instructions */ + #define CPUID_7_1_EDX_AMX_COMPLEX (1U << 8) ++/* AVX-VNNI-INT15 Instructions */ ++#define CPUID_7_1_EDX_AVX_VNNI_INT16 (1U << 10) + /* PREFETCHIT0/1 Instructions */ + #define CPUID_7_1_EDX_PREFETCHITI (1U << 14) + ++/* Indicate bit 7 of the IA32_SPEC_CTRL MSR is supported */ ++#define CPUID_7_2_EDX_PSFD (1U << 0) ++/* Indicate bits 3 and 4 of the IA32_SPEC_CTRL MSR are supported */ ++#define CPUID_7_2_EDX_IPRED_CTRL (1U << 1) ++/* Indicate bits 5 and 6 of the IA32_SPEC_CTRL MSR are supported */ ++#define CPUID_7_2_EDX_RRSBA_CTRL (1U << 2) ++/* Indicate bit 8 of the IA32_SPEC_CTRL MSR is supported */ ++#define CPUID_7_2_EDX_DDPD_U (1U << 3) ++/* Indicate bit 10 of the IA32_SPEC_CTRL MSR is supported */ ++#define CPUID_7_2_EDX_BHI_CTRL (1U << 4) + /* Do not exhibit MXCSR Configuration Dependent Timing (MCDT) behavior */ + #define CPUID_7_2_EDX_MCDT_NO (1U << 5) + +@@ -997,7 +1023,10 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define MSR_ARCH_CAP_FBSDP_NO (1U << 14) + #define MSR_ARCH_CAP_PSDP_NO (1U << 15) + #define MSR_ARCH_CAP_FB_CLEAR (1U << 17) ++#define MSR_ARCH_CAP_BHI_NO (1U << 20) + #define MSR_ARCH_CAP_PBRSB_NO (1U << 24) ++#define MSR_ARCH_CAP_GDS_NO (1U << 26) ++#define MSR_ARCH_CAP_RFDS_NO (1U << 27) + + #define MSR_CORE_CAP_SPLIT_LOCK_DETECT (1U << 5) + +-- +2.47.1 + diff --git a/1142-docs-Add-GNR-SRF-and-CWF-CPU-models.patch b/1142-docs-Add-GNR-SRF-and-CWF-CPU-models.patch new file mode 100644 index 0000000000000000000000000000000000000000..06cb7d6e88b93fd96f9bf4c576de06b5e12912f8 --- /dev/null +++ b/1142-docs-Add-GNR-SRF-and-CWF-CPU-models.patch @@ -0,0 +1,120 @@ +From 8575a605fbc5063c9fb48170b6f53b1dc1e9365d Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Tue, 21 Jan 2025 10:06:50 +0800 +Subject: [PATCH 4/5] docs: Add GNR, SRF and CWF CPU models + +commit 0a6dec6d11e5e392dcd6299548bf1514f1201707 upstream. + +Update GraniteRapids, SierraForest and ClearwaterForest CPU models in +section "Preferred CPU models for Intel x86 hosts". + +Also introduce bhi-no, gds-no and rfds-no in doc. + +Intel-SIG: commit 0a6dec6d11e5 docs: Add GNR, SRF and CWF CPU models. +backporting CWF model and new ISAs, plus new model changes + +Suggested-by: Zhao Liu +Signed-off-by: Tao Su +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20250121020650.1899618-5-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + docs/system/cpu-models-x86.rst.inc | 50 +++++++++++++++++++++++++++--- + 1 file changed, 46 insertions(+), 4 deletions(-) + +diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc +index 7f6368f99..37fe1d0ac 100644 +--- a/docs/system/cpu-models-x86.rst.inc ++++ b/docs/system/cpu-models-x86.rst.inc +@@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration + compatibility is required, use the newest CPU model that is compatible + across all desired hosts. + ++``ClearwaterForest`` ++ Intel Xeon Processor (ClearwaterForest, 2025) ++ ++``SierraForest``, ``SierraForest-v2`` ++ Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 mitigates ++ the GDS and RFDS vulnerabilities with stepping 3. ++ ++``GraniteRapids``, ``GraniteRapids-v2`` ++ Intel Xeon Processor (GraniteRapids, 2024) ++ + ``Cascadelake-Server``, ``Cascadelake-Server-noTSX`` + Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6 + or 7 only. (The Cascade Lake Xeon processor with *stepping 5 is +@@ -181,7 +191,7 @@ features are included if using "Host passthrough" or "Host model". + CVE-2018-12127, [MSBDS] CVE-2018-12126). + + This is an MSR (Model-Specific Register) feature rather than a CPUID feature, +- so it will not appear in the Linux ``/proc/cpuinfo`` in the host or ++ therefore it will not appear in the Linux ``/proc/cpuinfo`` in the host or + guest. Instead, the host kernel uses it to populate the MDS + vulnerability file in ``sysfs``. + +@@ -189,10 +199,10 @@ features are included if using "Host passthrough" or "Host model". + affected} in the ``/sys/devices/system/cpu/vulnerabilities/mds`` file. + + ``taa-no`` +- Recommended to inform that the guest that the host is ``not`` ++ Recommended to inform the guest that the host is ``not`` + vulnerable to CVE-2019-11135, TSX Asynchronous Abort (TAA). + +- This too is an MSR feature, so it does not show up in the Linux ++ This is also an MSR feature, therefore it does not show up in the Linux + ``/proc/cpuinfo`` in the host or guest. + + It should only be enabled for VMs if the host reports ``Not affected`` +@@ -214,7 +224,7 @@ features are included if using "Host passthrough" or "Host model". + By disabling TSX, KVM-based guests can avoid paying the price of + mitigating TSX-based attacks. + +- Note that ``tsx-ctrl`` too is an MSR feature, so it does not show ++ Note that ``tsx-ctrl`` is also an MSR feature, therefore it does not show + up in the Linux ``/proc/cpuinfo`` in the host or guest. + + To validate that Intel TSX is indeed disabled for the guest, there are +@@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model". + ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in + the guest should report ``Mitigation: TSX disabled``. + ++``bhi-no`` ++ Recommended to inform the guest that the host is ``not`` ++ vulnerable to CVE-2022-0001, Branch History Injection (BHI). ++ ++ This is also an MSR feature, therefore it does not show up in the Linux ++ ``/proc/cpuinfo`` in the host or guest. ++ ++ It should only be enabled for VMs if the host reports ++ ``BHI: Not affected`` in the ++ ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. ++ ++``gds-no`` ++ Recommended to inform the guest that the host is ``not`` ++ vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). ++ ++ This is also an MSR feature, therefore it does not show up in the Linux ++ ``/proc/cpuinfo`` in the host or guest. ++ ++ It should only be enabled for VMs if the host reports ``Not affected`` ++ in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` ++ file. ++ ++``rfds-no`` ++ Recommended to inform the guest that the host is ``not`` ++ vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). ++ ++ This is also an MSR feature, therefore it does not show up in the Linux ++ ``/proc/cpuinfo`` in the host or guest. ++ ++ It should only be enabled for VMs if the host reports ``Not affected`` ++ in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` ++ file. + + Preferred CPU models for AMD x86 hosts + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-- +2.47.1 + diff --git a/1143-target-i386-add-sha512-sm3-sm4-feature-bits.patch b/1143-target-i386-add-sha512-sm3-sm4-feature-bits.patch new file mode 100644 index 0000000000000000000000000000000000000000..671b9844a2f6b2476efeeaa6b509106f571d7c3c --- /dev/null +++ b/1143-target-i386-add-sha512-sm3-sm4-feature-bits.patch @@ -0,0 +1,41 @@ +From 7915662e51eb0bd242e5ef5a8db85f0640a79618 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 3 Jul 2024 13:42:49 +0200 +Subject: [PATCH 5/5] target/i386: add sha512, sm3, sm4 feature bits + +commit 78be258c0eeba3d5613c37888889e84f2ba9bd94 upstream. + +SHA512, SM3, SM4 (CPUID[EAX=7,ECX=1).EAX bits 0 to 2) is supported by +Clearwater Forest processor, add it to QEMU as it does not need any +specific enablement. + +See https://lore.kernel.org/kvm/20241105054825.870939-1-tao1.su@linux.intel.com/ +for reference. + +Intel-SIG: commit 78be258c0eeb target/i386: add sha512, sm3, sm4 feature bits. +backporting CWF model and new ISAs, plus new model changes + +Reviewed-by: Tao Su +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index ae62d156f..aa4bb2b6f 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -873,7 +873,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + [FEAT_7_1_EAX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +- NULL, NULL, NULL, NULL, ++ "sha512", "sm3", "sm4", NULL, + "avx-vnni", "avx512-bf16", NULL, "cmpccxadd", + NULL, NULL, "fzrm", "fsrs", + "fsrc", NULL, NULL, NULL, +-- +2.47.1 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 42a3950069ca712d6576d486ebef232ae758e146..0110435ccbefc213f7c061875c6f430ded8a1719 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -1044,6 +1044,11 @@ Patch1135: 1135-bugfix-hw-vfio-hct-fix-ccp-index-error-caused-by-uni.patch Patch1136: 1136-newfeature-hw-vfio-hct-sharing-CCP-resources-between.patch Patch1137: 1137-bugfix-hw-vfio-hct-exit-once-mdev-deivce-realize-fai.patch Patch1138: 1138-bugfix-hw-vfio-hct-build-hct-device-in-default.patch +Patch1139: 1139-target-i386-Introduce-SierraForest-v2-model.patch +Patch1140: 1140-target-i386-Export-BHI_NO-bit-to-guests.patch +Patch1141: 1141-target-i386-Add-new-CPU-model-ClearwaterForest.patch +Patch1142: 1142-docs-Add-GNR-SRF-and-CWF-CPU-models.patch +Patch1143: 1143-target-i386-add-sha512-sm3-sm4-feature-bits.patch BuildRequires: wget BuildRequires: rpm-build @@ -2282,6 +2287,14 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %endif %changelog +* Tue Mar 4 2025 Quanxian Wang - 6.2.0-53.0.1.7 +- Backporting CWF model and new ISAs, plus new model changes +- 1139-target-i386-Introduce-SierraForest-v2-model.patch +- 1140-target-i386-Export-BHI_NO-bit-to-guests.patch +- 1141-target-i386-Add-new-CPU-model-ClearwaterForest.patch +- 1142-docs-Add-GNR-SRF-and-CWF-CPU-models.patch +- 1143-target-i386-add-sha512-sm3-sm4-feature-bits.patch + * Fri Feb 14 2025 yangdepei - 6.2.0-53.0.1.6 - support Hygon CCP used in guest - 1133-newfeature-hw-vfio-add-hct-device-based-mediated-use.patch