From 1adcc54fab8fde334a25d1b100ff42513ad93b2d Mon Sep 17 00:00:00 2001 From: jsg Date: Mon, 12 Feb 2024 02:57:14 +0000 Subject: [PATCH] Intel and AMD use different cpuid bits for MSR_PRED_CMD IBPB ok guenther@ --- sys/arch/amd64/amd64/cpu.c | 10 +++++++--- sys/arch/amd64/amd64/vmm_machdep.c | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c index c89099a0f25..37da9dc7113 100644 --- a/sys/arch/amd64/amd64/cpu.c +++ b/sys/arch/amd64/amd64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.179 2024/02/12 01:18:17 guenther Exp $ */ +/* $OpenBSD: cpu.c,v 1.180 2024/02/12 02:57:14 jsg Exp $ */ /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */ /*- @@ -188,7 +188,7 @@ replacemeltdown(void) { static int replacedone = 0; struct cpu_info *ci = &cpu_info_primary; - int swapgs_vuln = 0, ibrs = 0, s; + int swapgs_vuln = 0, ibrs = 0, s, ibpb = 0; if (strcmp(cpu_vendor, "GenuineIntel") == 0) { int family = ci->ci_family; @@ -211,6 +211,8 @@ replacemeltdown(void) } else if (ci->ci_feature_sefflags_edx & SEFF0EDX_IBRS) { ibrs = 1; } + if (ci->ci_feature_sefflags_edx & SEFF0EDX_IBRS) + ibpb = 1; } else if (strcmp(cpu_vendor, "AuthenticAMD") == 0 && ci->ci_pnfeatset >= 0x80000008) { if (ci->ci_feature_amdspec_ebx & CPUIDEBX_IBRS_ALWAYSON) { @@ -219,6 +221,8 @@ replacemeltdown(void) (ci->ci_feature_amdspec_ebx & CPUIDEBX_IBRS_PREF)) { ibrs = 1; } + if (ci->ci_feature_amdspec_ebx & CPUIDEBX_IBPB) + ibpb = 1; } /* Enhanced IBRS: turn it on once on each CPU and don't touch again */ @@ -232,7 +236,7 @@ replacemeltdown(void) s = splhigh(); /* If we don't have IBRS/IBPB, then don't use IBPB */ - if ((ci->ci_feature_sefflags_edx & SEFF0EDX_IBRS) == 0) + if (ibpb == 0) codepatch_nop(CPTAG_IBPB_NOP); if (ibrs == 2 || (ci->ci_feature_sefflags_edx & SEFF0EDX_IBT)) { diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index ccc3c809557..7cc3759171c 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.17 2024/02/12 01:18:17 guenther Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.18 2024/02/12 02:57:14 jsg Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -6513,7 +6513,7 @@ vcpu_run_svm(struct vcpu *vcpu, struct vm_run_params *vrp) * then use it to prevent cross-VM branch-target injection. */ if (ci->ci_guest_vcpu != vcpu && - (ci->ci_feature_sefflags_edx & SEFF0EDX_IBRS)) { + (ci->ci_feature_amdspec_ebx & CPUIDEBX_IBPB)) { wrmsr(MSR_PRED_CMD, PRED_CMD_IBPB); ci->ci_guest_vcpu = vcpu; } -- 2.20.1