vmm/cpu_config/x86_64/static_cpu_templates/t2cl.rs
1// Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4use crate::cpu_config::templates::{CustomCpuTemplate, RegisterValueFilter};
5use crate::cpu_config::x86_64::cpuid::KvmCpuidFlags;
6use crate::cpu_config::x86_64::custom_cpu_template::{
7 CpuidLeafModifier, CpuidRegister, CpuidRegisterModifier, RegisterModifier,
8};
9
10/// T2CL template
11///
12/// Mask CPUID to make exposed CPU features as close as possbile to Intel Cascade Lake and provide
13/// instruction set feature partity with AMD Milan using T2A template.
14///
15/// References:
16/// - Intel SDM: <https://cdrdv2.intel.com/v1/dl/getContent/671200>
17/// - AMD APM: <https://www.amd.com/system/files/TechDocs/40332.pdf>
18/// - CPUID Enumeration and Architectural MSRs: <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html>
19#[allow(clippy::unusual_byte_groupings)]
20pub fn t2cl() -> CustomCpuTemplate {
21 CustomCpuTemplate {
22 cpuid_modifiers: vec![
23 CpuidLeafModifier {
24 leaf: 0x1,
25 subleaf: 0x0,
26 flags: KvmCpuidFlags(0),
27 modifiers: vec![
28 // EAX: Version Information
29 // - Bits 03-00: Stepping ID (Intel SDM) / Stepping (AMD APM)
30 // - Bits 07-04: Model (Intel SDM) / BaseModel (AMD APM)
31 // - Bits 11-08: Family (Intel SDM) / BaseFamily (AMD APM)
32 // - Bits 13-12: Processor Type (Intel SDM) / Reserved (AMD APM)
33 // - Bits 19-16: Extended Model ID (Intel SDM) / ExtModel (AMD APM)
34 // - Bits 27-20: Extended Family ID (Intel SDM) / ExtFamily (AMD APM)
35 CpuidRegisterModifier {
36 register: CpuidRegister::Eax,
37 bitmap: RegisterValueFilter {
38 filter: 0b0000_11111111_1111_00_11_1111_1111_1111,
39 value: 0b0000_00000000_0011_00_00_0110_1111_0010,
40 },
41 },
42 // ECX: Feature Information
43 // - Bit 02: DTES64 (Intel SDM) / Reserved (AMD APM)
44 // - Bit 03: MONITOR (Intel SDM) / MONITOR (AMD APM)
45 // - Bit 04: DS-CPL (Intel SDM) / Reserved (AMD APM)
46 // - Bit 05: VMX (Intel SDM) / Reserved (AMD APM)
47 // - Bit 06: SMX (Intel SDM) / Reserved (AMD APM)
48 // - Bit 07: EIST (Intel SDM) / Reserved (AMD APM)
49 // - Bit 08: TM2 (Intel SDM) / Reserved (AMD APM)
50 // - Bit 10: CNXT-ID (Intel SDM) / Reserved (AMD APM)
51 // - Bit 11: SDBG (Intel SDM) / Reserved (AMD APM)
52 // - Bit 14: xTPR Update Control (Intel SDM) / Reserved (AMD APM)
53 // - Bit 15: PDCM (Intel SDM) / Reserved (AMD APM)
54 // - Bit 18: DCA (Intel SDM) / Reserevd (AMD APM)
55 CpuidRegisterModifier {
56 register: CpuidRegister::Ecx,
57 bitmap: RegisterValueFilter {
58 filter: 0b0000_0000_0000_0100_1100_1101_1111_1100,
59 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
60 },
61 },
62 // EDX: Feature Information
63 // - Bit 07: MCE (Intel SDM) / MCE (AMD APM)
64 // - Bit 12: MTRR (Intel SDM) / MTRR (AMD APM)
65 // - Bit 18: PSN (Intel SDM) / Reserved (AMD APM)
66 // - Bit 21: DS (Intel SDM) / Reserved (AMD APM)PC
67 // - Bit 22: ACPI (Intel SDM) / Reserved (AMD APM)
68 // - Bit 27: SS (Intel SDM) / Reserved (AMD APM)
69 // - Bit 29: TM (Intel SDM) / Reserved (AMD APM)
70 // - Bit 30: IA64 (deprecated) / Reserved (AMD APM) https://www.intel.com/content/dam/www/public/us/en/documents/manuals/itanium-architecture-vol-4-manual.pdf
71 // - Bit 31: PBE (Intel SDM) / Reserved (AMD APM)
72 CpuidRegisterModifier {
73 register: CpuidRegister::Edx,
74 bitmap: RegisterValueFilter {
75 filter: 0b1110_1000_0110_0100_0001_0000_1000_0000,
76 value: 0b0000_0000_0000_0000_0001_0000_1000_0000,
77 },
78 },
79 ],
80 },
81 CpuidLeafModifier {
82 leaf: 0x7,
83 subleaf: 0x0,
84 flags: KvmCpuidFlags(1),
85 modifiers: vec![
86 // EBX:
87 // - Bit 02: SGX (Intel SDM) / Reserved (AMD APM)
88 // - Bit 04: HLE (Intel SDM) / Reserved (AMD APM)
89 // - Bit 09: Enhanced REP MOVSB/STOSB (Intel SDM) / Reserved (AMD APM)
90 // - Bit 11: RTM (Intel SDM) / Reserved (AMD APM)
91 // - Bit 12: RDT-M (Intel SDM) / PQM (AMD APM)
92 // - Bit 14: MPX (Intel SDM) / Reserved (AMD APM)
93 // - Bit 15: RDT-A (Intel SDM) / PQE (AMD APM)
94 // - Bit 16: AVX512F (Intel SDM) / Reserved (AMD APM)
95 // - Bit 17: AVX512DQ (Intel SDM) / Reserved (AMD APM)
96 // - Bit 18: RDSEED (Intel SDM) / RDSEED (AMD APM)
97 // - Bit 19: ADX (Intel SDM) / ADX (AMD APM)
98 // - Bit 21: AVX512_IFMA (Intel SDM) / Reserved (AMD APM)
99 // - Bit 22: Reserved (Intel SDM) / RDPID (AMD APM)
100 // On kernel codebase and Intel SDM, RDPID is enumerated at CPUID.07h:ECX.RDPID[bit 22].
101 // https://elixir.bootlin.com/linux/v6.3.8/source/arch/x86/include/asm/cpufeatures.h#L389
102 // - Bit 23: CLFLUSHOPT (Intel SDM) / CLFLUSHOPT (AMD APM)
103 // - Bit 24: CLWB (Intel SDM) / CLWB (AMD APM)
104 // - Bit 25: Intel Processor Trace (Intel SDM) / Reserved (AMD APM)
105 // - Bit 26: AVX512PF (Intel SDM) / Reserved (AMD APM)
106 // - Bit 27: AVX512ER (Intel SDM) / Reserved (AMD APM)
107 // - Bit 28: AVX512CD (Intel SDM) / Reserved (AMD APM)
108 // - Bit 29: SHA (Intel SDM) / SHA (AMD APM)
109 // - Bit 30: AVX512BW (Intel SDM) / Reserved (AMD APM)
110 // - Bit 31: AVX512VL (Intel SDM) / Reserved (AMD APM)
111 CpuidRegisterModifier {
112 register: CpuidRegister::Ebx,
113 bitmap: RegisterValueFilter {
114 filter: 0b1111_1111_1110_1111_1101_1010_0001_0100,
115 value: 0b0000_0000_0000_0000_0000_0010_0000_0000,
116 },
117 },
118 // ECX:
119 // - Bit 01: AVX512_VBMI (Intel SDM) / Reserved (AMD APM)
120 // - Bit 02: UMIP (Intel SDM) / UMIP (AMD APM)
121 // - Bit 03: PKU (Intel SDM) / PKU (AMD APM)
122 // - Bit 04: OSPKE (Intel SDM) / OSPKE (AMD APM)
123 // - Bit 06: AVX512_VBMI2 (Intel SDM) / Reserved (AMD APM)
124 // - Bit 08: GFNI (Intel SDM) / Reserved (AMD APM)
125 // - Bit 09: VAES (Intel SDM) / VAES (AMD APM)
126 // - Bit 10: VPCLMULQDQ (Intel SDM) / VPCLMULQDQ (AMD APM)
127 // - Bit 11: AVX512_VNNI (Intel SDM) / Reserved (AMD APM)
128 // - Bit 12: AVX512_BITALG (Intel SDM) / Reserved (AMD APM)
129 // - Bit 14: AVX512_VPOPCNTDQ (Intel SDM) / Reserved (AMD APM)
130 // - Bit 16: LA57 (Intel SDM) / LA57 (AMD APM)
131 // - Bit 22: RDPID and IA32_TSC_AUX (Intel SDM) / Reserved (AMD APM)
132 // - Bit 30: SGX_LC (Intel SDM) / Reserved (AMD APM)
133 CpuidRegisterModifier {
134 register: CpuidRegister::Ecx,
135 bitmap: RegisterValueFilter {
136 filter: 0b0100_0000_0100_0001_0101_1111_0101_1110,
137 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
138 },
139 },
140 // EDX:
141 // - Bit 02: AVX512_4VNNIW (Intel SDM) / Reserved (AMD APM)
142 // - Bit 03: AVX512_4FMAPS (Intel SDM) / Reserved (AMD APM)
143 // - Bit 04: Fast Short REP MOV (Intel SDM) / Reserved (AMD APM)
144 // - Bit 08: AVX512_VP2INTERSECT (Intel SDM) / Reserved (AMD APM)
145 CpuidRegisterModifier {
146 register: CpuidRegister::Edx,
147 bitmap: RegisterValueFilter {
148 filter: 0b0000_0000_0000_0000_0000_0001_0001_1100,
149 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
150 },
151 },
152 ],
153 },
154 CpuidLeafModifier {
155 leaf: 0xd,
156 subleaf: 0x0,
157 flags: KvmCpuidFlags(1),
158 modifiers: vec![
159 // EAX:
160 // - Bits 04-03: MPX state (Intel SDM) / Reserved (AMD APM)
161 // - Bits 07-05: AVX-512 state (Intel SDM) / Reserved (AMD APM)
162 // - Bit 09: PKRU state (Intel SDM) / MPK (AMD APM)
163 CpuidRegisterModifier {
164 register: CpuidRegister::Eax,
165 bitmap: RegisterValueFilter {
166 filter: 0b0000_0000_0000_0000_0000_00_1_0_111_11_000,
167 value: 0b0000_0000_0000_0000_0000_00_0_0_000_00_000,
168 },
169 },
170 ],
171 },
172 CpuidLeafModifier {
173 leaf: 0xd,
174 subleaf: 0x1,
175 flags: KvmCpuidFlags(1),
176 modifiers: vec![
177 // EAX:
178 // - Bit 01: Supports XSAVEC and the compacted form of XRSTOR (Intel SDM) /
179 // XSAVEC (AMD APM)
180 // - Bit 02: Supports XGETBV (Intel SDM) / XGETBV (AMD APM)
181 // - Bit 03: Supports XSAVES/XRSTORS and IA32_XSS (Intel SDM) / XSAVES (AMD
182 // APM)
183 CpuidRegisterModifier {
184 register: CpuidRegister::Eax,
185 bitmap: RegisterValueFilter {
186 filter: 0b0000_0000_0000_0000_0000_0000_0000_1110,
187 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
188 },
189 },
190 ],
191 },
192 CpuidLeafModifier {
193 leaf: 0x80000001,
194 subleaf: 0x0,
195 flags: KvmCpuidFlags(0),
196 modifiers: vec![
197 // ECX:
198 // - Bit 06: Reserved (Intel SDM) / SSE4A (AMD APM)
199 // - Bit 07: Reserved (Intel SDM) / MisAlignSse (AMD APM)
200 // - Bit 08: PREFETCHW (Intel SDM) / 3DNowPrefetch (AMD APM)
201 // - Bit 29: MONITORX and MWAITX (Intel SDM) / MONITORX (AMD APM)
202 CpuidRegisterModifier {
203 register: CpuidRegister::Ecx,
204 bitmap: RegisterValueFilter {
205 filter: 0b0010_0000_0000_0000_0000_0001_1100_0000,
206 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
207 },
208 },
209 // EDX:
210 // - Bit 22: Reserved (Intel SDM) / MmxExt (AMD APM)
211 // - Bit 23: Reserved (Intel SDM) / MMX (AMD APM)
212 // - Bit 24: Reserved (Intel SDM) / FSXR (AMD APM)
213 // - Bit 25: Reserved (Intel SDM) / FFXSR (AMD APM)
214 // - Bit 26: 1-GByte pages (Intel SDM) / Page1GB (AMD APM)
215 CpuidRegisterModifier {
216 register: CpuidRegister::Edx,
217 bitmap: RegisterValueFilter {
218 filter: 0b0000_0111_1100_0000_0000_0000_0000_0000,
219 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
220 },
221 },
222 ],
223 },
224 CpuidLeafModifier {
225 leaf: 0x80000008,
226 subleaf: 0x0,
227 flags: KvmCpuidFlags(0),
228 modifiers: vec![
229 // EBX:
230 // - Bit 09: WBNOINVD (Intel SDM) / WBNOINVD (AMD APM)
231 CpuidRegisterModifier {
232 register: CpuidRegister::Ebx,
233 bitmap: RegisterValueFilter {
234 filter: 0b0000_0000_0000_0000_0000_0010_0000_0000,
235 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
236 },
237 },
238 ],
239 },
240 ],
241 msr_modifiers: vec![
242 // IA32_ARCH_CAPABILITIES:
243 // - Bit 09: MCU_CONTROL
244 // - Bit 10: MISC_PACKAGE_CTLS
245 // - Bit 11: ENERGY_FILTERING_CTL
246 // - Bit 12: DOITM
247 // - Bit 16: Reserved
248 // - Bit 18: FB_CLEAR_CTRL
249 // - Bit 20: BHI_NO
250 // - Bit 21: XAPIC_DISABLE_STATUS
251 // - Bit 22: Reserved
252 // - Bit 23: OVERCLOCKING_STATUS
253 // - Bit 25: GDS_CTRL
254 // - Bits 63-27: Reserved (Intel SDM)
255 //
256 // As T2CL template does not aim to provide an ability to migrate securely guests across
257 // different processors, there is no need to mask hardware security mitigation bits off
258 // only to make it appear to the guest as if it's running on the most vulnerable of the
259 // supported processors. Guests might be able to benefit from performance improvements
260 // by making the most use of available mitigations on the processor. Thus, T2CL template
261 // passes through security mitigation bits that KVM thinks are able to be passed
262 // through. The list of such bits are found in the following link.
263 // https://elixir.bootlin.com/linux/v6.8.2/source/arch/x86/kvm/x86.c#L1621
264 // - Bit 00: RDCL_NO
265 // - Bit 01: IBRS_ALL
266 // - Bit 02: RSBA
267 // - Bit 03: SKIP_L1DFL_VMENTRY
268 // - Bit 04: SSB_NO
269 // - Bit 05: MDS_NO
270 // - Bit 06: IF_PSCHANGE_MC_NO
271 // - Bit 07: TSX_CTRL
272 // - Bit 08: TAA_NO
273 // - Bit 13: SBDR_SSDP_NO
274 // - Bit 14: FBSDP_NO
275 // - Bit 15: PSDP_NO
276 // - Bit 17: FB_CLEAR
277 // - Bit 19: RRSBA
278 // - Bit 24: PBRSB_NO
279 // - Bit 26: GDS_NO
280 // - Bit 27: RFDS_NO
281 // - Bit 28: RFDS_CLEAR
282 //
283 // Note that this MSR is specific to Intel processors.
284 RegisterModifier {
285 addr: 0x10a,
286 bitmap: RegisterValueFilter {
287 filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1110_0010_1111_0101_0001_1110_0000_0000,
288 value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000,
289 },
290 },
291 ],
292 ..Default::default()
293 }
294}