vmm/cpu_config/x86_64/static_cpu_templates/t2s.rs
1// Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4use crate::cpu_config::templates::{CustomCpuTemplate, RegisterValueFilter};
5use crate::cpu_config::x86_64::cpuid::KvmCpuidFlags;
6use crate::cpu_config::x86_64::custom_cpu_template::{
7 CpuidLeafModifier, CpuidRegister, CpuidRegisterModifier, RegisterModifier,
8};
9
10/// T2S template
11///
12/// Mask CPUID to make exposed CPU features as close as possbile to AWS T2 instance and allow
13/// migrating snapshots between hosts with Intel Skylake and Cascade Lake securely.
14///
15/// Reference:
16/// - Intel SDM: <https://cdrdv2.intel.com/v1/dl/getContent/671200>
17/// - CPUID Enumeration and Architectural MSRs: <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html>
18#[allow(clippy::unusual_byte_groupings)]
19pub fn t2s() -> CustomCpuTemplate {
20 CustomCpuTemplate {
21 cpuid_modifiers: vec![
22 CpuidLeafModifier {
23 leaf: 0x1,
24 subleaf: 0x0,
25 flags: KvmCpuidFlags(0),
26 modifiers: vec![
27 // EAX: Version Information
28 // - Bits 03-00: Stepping ID.
29 // - Bits 07-04: Model.
30 // - Bits 11-08: Family.
31 // - Bits 13-12: Processor Type.
32 // - Bits 19-16: Extended Model ID.
33 // - Bits 27-20: Extended Family ID.
34 CpuidRegisterModifier {
35 register: CpuidRegister::Eax,
36 bitmap: RegisterValueFilter {
37 filter: 0b0000_11111111_1111_00_11_1111_1111_1111,
38 value: 0b0000_00000000_0011_00_00_0110_1111_0010,
39 },
40 },
41 // ECX: Feature Information
42 // - Bit 02: DTES64
43 // - Bit 03: MONITOR
44 // - Bit 04: DS-CPL
45 // - Bit 05: VMX
46 // - Bit 06: SMX
47 // - Bit 07: EIST
48 // - Bit 08: TM2
49 // - Bit 10: CNXT-ID
50 // - Bit 11: SDBG
51 // - Bit 14: xTPR Update Control
52 // - Bit 15: PDCM
53 // - Bit 18: DCA
54 CpuidRegisterModifier {
55 register: CpuidRegister::Ecx,
56 bitmap: RegisterValueFilter {
57 filter: 0b0000_0000_0000_0100_1100_1101_1111_1100,
58 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
59 },
60 },
61 // EDX: Feature Information
62 // - Bit 07: MCE
63 // - Bit 12: MTRR
64 // - Bit 18: PSN
65 // - Bit 21: DS
66 // - Bit 22: ACPI
67 // - Bit 27: SS
68 // - Bit 29: TM
69 // - Bit 30: IA-64 (deprecated) https://www.intel.com/content/dam/www/public/us/en/documents/manuals/itanium-architecture-vol-4-manual.pdf
70 // - Bit 31: PBE
71 CpuidRegisterModifier {
72 register: CpuidRegister::Edx,
73 bitmap: RegisterValueFilter {
74 filter: 0b1110_1000_0110_0100_0001_0000_1000_0000,
75 value: 0b0000_0000_0000_0000_0001_0000_1000_0000,
76 },
77 },
78 ],
79 },
80 CpuidLeafModifier {
81 leaf: 0x7,
82 subleaf: 0x0,
83 flags: KvmCpuidFlags(1),
84 modifiers: vec![
85 // EBX:
86 // - Bit 02: SGX
87 // - Bit 04: HLE
88 // - Bit 09: Enhanced REP MOVSB/STOSB
89 // - Bit 11: RTM
90 // - Bit 12: RDT-M
91 // - Bit 14: MPX
92 // - Bit 15: RDT-A
93 // - Bit 16: AVX512F
94 // - Bit 17: AVX512DQ
95 // - Bit 18: RDSEED
96 // - Bit 19: ADX
97 // - Bit 21: AVX512_IFMA
98 // - Bit 22: PCOMMIT (deprecated) https://www.intel.com/content/www/us/en/developer/articles/technical/deprecate-pcommit-instruction.html
99 // - Bit 23: CLFLUSHOPT
100 // - Bit 24: CLWB
101 // - Bit 25: Intel Processor Trace
102 // - Bit 26: AVX512PF
103 // - Bit 27: AVX512ER
104 // - Bit 28: AVX512CD
105 // - Bit 29: SHA
106 // - Bit 30: AVX512BW
107 // - Bit 31: AVX512VL
108 CpuidRegisterModifier {
109 register: CpuidRegister::Ebx,
110 bitmap: RegisterValueFilter {
111 filter: 0b1111_1111_1110_1111_1101_1010_0001_0100,
112 value: 0b0000_0000_0000_0000_0000_0010_0000_0000,
113 },
114 },
115 // ECX:
116 // - Bit 01: AVX512_VBMI
117 // - Bit 02: UMIP
118 // - Bit 03: PKU
119 // - Bit 04: OSPKE
120 // - Bit 06: AVX512_VBMI2
121 // - Bit 08: GFNI
122 // - Bit 09: VAES
123 // - Bit 10: VPCLMULQDQ
124 // - Bit 11: AVX512_VNNI
125 // - Bit 12: AVX512_BITALG
126 // - Bit 14: AVX512_VPOPCNTDQ
127 // - Bit 16: LA57
128 // - Bit 22: RDPID
129 // - Bit 30: SGX_LC
130 CpuidRegisterModifier {
131 register: CpuidRegister::Ecx,
132 bitmap: RegisterValueFilter {
133 filter: 0b0100_0000_0100_0001_0101_1111_0101_1110,
134 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
135 },
136 },
137 // EDX:
138 // - Bit 02: AVX512_4VNNIW
139 // - Bit 03: AVX512_4FMAPS
140 // - Bit 04: Fast Short REP MOV
141 // - Bit 08: AVX512_VP2INTERSECT
142 CpuidRegisterModifier {
143 register: CpuidRegister::Edx,
144 bitmap: RegisterValueFilter {
145 filter: 0b0000_0000_0000_0000_0000_0001_0001_1100,
146 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
147 },
148 },
149 ],
150 },
151 CpuidLeafModifier {
152 leaf: 0xd,
153 subleaf: 0x0,
154 flags: KvmCpuidFlags(1),
155 modifiers: vec![
156 // EAX:
157 // - Bits 04-03: MPX state
158 // - Bits 07-05: AVX-512 state
159 // - Bit 09: PKRU state
160 CpuidRegisterModifier {
161 register: CpuidRegister::Eax,
162 bitmap: RegisterValueFilter {
163 filter: 0b0000_0000_0000_0000_0000_00_1_0_111_11_000,
164 value: 0b0000_0000_0000_0000_0000_00_0_0_000_00_000,
165 },
166 },
167 ],
168 },
169 CpuidLeafModifier {
170 leaf: 0xd,
171 subleaf: 0x1,
172 flags: KvmCpuidFlags(1),
173 modifiers: vec![
174 // EAX:
175 // - Bit 01: Supports XSAVEC and the compacted form of XRSTOR
176 // - Bit 02: Supports XGETBV
177 // - Bit 03: Supports XSAVES/XRSTORS and IA32_XSS
178 CpuidRegisterModifier {
179 register: CpuidRegister::Eax,
180 bitmap: RegisterValueFilter {
181 filter: 0b0000_0000_0000_0000_0000_0000_0000_1110,
182 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
183 },
184 },
185 ],
186 },
187 CpuidLeafModifier {
188 leaf: 0x80000001,
189 subleaf: 0x0,
190 flags: KvmCpuidFlags(0),
191 modifiers: vec![
192 // ECX:
193 // - Bit 08: PREFETCHW
194 // - Bit 29: MONITORX and MWAITX
195 CpuidRegisterModifier {
196 register: CpuidRegister::Ecx,
197 bitmap: RegisterValueFilter {
198 filter: 0b0010_0000_0000_0000_0000_0001_0000_0000,
199 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
200 },
201 },
202 // EDX:
203 // - Bit 26: 1-GByte pages
204 CpuidRegisterModifier {
205 register: CpuidRegister::Edx,
206 bitmap: RegisterValueFilter {
207 filter: 0b0000_0100_0000_0000_0000_0000_0000_0000,
208 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
209 },
210 },
211 ],
212 },
213 CpuidLeafModifier {
214 leaf: 0x80000008,
215 subleaf: 0x0,
216 flags: KvmCpuidFlags(0),
217 modifiers: vec![
218 // EBX:
219 // - Bit 09: WBNOINVD
220 CpuidRegisterModifier {
221 register: CpuidRegister::Ebx,
222 bitmap: RegisterValueFilter {
223 filter: 0b0000_0000_0000_0000_0000_0010_0000_0000,
224 value: 0b0000_0000_0000_0000_0000_0000_0000_0000,
225 },
226 },
227 ],
228 },
229 ],
230 msr_modifiers: vec![
231 // IA32_ARCH_CAPABILITIES:
232 // - Bit 00: RDCL_NO
233 // - Bit 01: IBRS_ALL
234 // - Bit 02: RSBA
235 // - Bit 03: SKIP_L1DFL_VMENTRY
236 // - Bit 04: SSB_NO
237 // - Bit 05: MDS_NO
238 // - Bit 06: IF_PSCHANGE_MC_NO
239 // - Bit 07: TSX_CTRL
240 // - Bit 08: TAA_NO
241 // - Bit 09: MCU_CONTROL
242 // - Bit 10: MISC_PACKAGE_CTLS
243 // - Bit 11: ENERGY_FILTERING_CTL
244 // - Bit 12: DOITM
245 // - Bit 13: SBDR_SSDP_NO
246 // - Bit 14: FBSDP_NO
247 // - Bit 15: PSDP_NO
248 // - Bit 16: Reserved
249 // - Bit 17: FB_CLEAR
250 // - Bit 18: FB_CLEAR_CTRL
251 // - Bit 19: RRSBA
252 // - Bit 20: BHI_NO
253 // - Bit 21: XAPIC_DISABLE_STATUS
254 // - Bit 22: Reserved
255 // - Bit 23: OVERCLOCKING_STATUS
256 // - Bit 24: PBRSB_NO
257 // - Bit 26: GDS_NO
258 // - BIT 27: RFDS_NO
259 // - Bits 63-25: Reserved
260 RegisterModifier {
261 addr: 0x10a,
262 bitmap: RegisterValueFilter {
263 filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111,
264 value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_1100_0000_1000_0000_1100_0100_1100,
265 },
266 }],
267 ..Default::default()
268 }
269}