qemu/target-i386-Export-BHI_NO-bit-to-guests.patch

From bd65b82f94b07c90f856a34cb10d535b5301d9d9 Mon Sep 17 00:00:00 2001
From: Tao Su <tao1.su@linux.intel.com>
Date: Tue, 21 Jan 2025 10:06:48 +0800
Subject: [PATCH] target/i386: Export BHI_NO bit to guests

commit b611931d4f70b9a3e49e39c405c63b3b5e9c0df1 upstream.

Branch History Injection (BHI) is a CPU side-channel vulnerability, where
an attacker may manipulate branch history before transitioning from user
to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
mitigation is required to prevent BHI.

Make BHI_NO bit available to guests.

Intel-SIG: commit b611931d4f70 target/i386: Export BHI_NO bit to guests.

Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250121020650.1899618-3-tao1.su@linux.intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[ Quanxian Wang: amend commit log ]
Signed-off-by: Quanxian Wang <quanxian.wang@intel.com>
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index bad30581ce..b5231432e7 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1157,7 +1157,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "taa-no", NULL, NULL, NULL,
             NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
             NULL, "fb-clear", NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            "bhi-no", NULL, NULL, NULL,
             "pbrsb-no", NULL, "gds-no", "rfds-no",
             "rfds-clear", NULL, NULL, NULL,
         },
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-32: - target/i386: csv: Release CSV3 shared pages after unmapping DMA - target/i386: Add new CPU model ClearwaterForest - target/i386: add sha512, sm3, sm4 feature bits - docs: Add GNR, SRF and CWF CPU models - target/i386: Export BHI_NO bit to guests - target/i386: Introduce SierraForest-v2 model - vdpa/iommufd:Implement DMA mapping through the iommufd interface - vdpa/iommufd:Introduce vdpa-iommufd module - vdpa/iommufd:support associating iommufd backend for vDPA devices - Kconfig/iommufd/VDPA: Update IOMMUFD module configuration dependencies The vDPA module can also use IOMMUFD like the VFIO module. - backends/iommufd: Get rid of qemu_open_old() - backends/iommufd: Make iommufd_backend_*() return bool - backends/iommufd: Fix missing ERRP_GUARD() for error_prepend() - backends/iommufd: Remove mutex - backends/iommufd: Remove check on number of backend users - hw/intc: Add extioi ability of 256 vcpu interrupt routing - hw/rtc: Fixed loongson rtc emulation errors - hw/loongarch/boot: Adjust the loading position of the initrd - target/loongarch: Fix the cpu unplug resource leak - target/loongarch: fix vcpu reset command word issue - vdpa:Fix dirty page bitmap synchronization not done after suspend for vdpa devices Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit a5212066e7516ff2a316e1b2feaa75dd5ee4d17a) 2025-05-15 15:38:13 +08:00			`From bd65b82f94b07c90f856a34cb10d535b5301d9d9 Mon Sep 17 00:00:00 2001`
			`From: Tao Su <tao1.su@linux.intel.com>`
			`Date: Tue, 21 Jan 2025 10:06:48 +0800`
			`Subject: [PATCH] target/i386: Export BHI_NO bit to guests`

			`commit b611931d4f70b9a3e49e39c405c63b3b5e9c0df1 upstream.`

			`Branch History Injection (BHI) is a CPU side-channel vulnerability, where`
			`an attacker may manipulate branch history before transitioning from user`
			`to supervisor mode or from VMX non-root/guest to root mode. CPUs that set`
			`BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional`
			`mitigation is required to prevent BHI.`

			`Make BHI_NO bit available to guests.`

			`Intel-SIG: commit b611931d4f70 target/i386: Export BHI_NO bit to guests.`

			`Tested-by: Xuelian Guo <xuelian.guo@intel.com>`
			`Signed-off-by: Tao Su <tao1.su@linux.intel.com>`
			`Reviewed-by: Zhao Liu <zhao1.liu@intel.com>`
			`Link: https://lore.kernel.org/r/20250121020650.1899618-3-tao1.su@linux.intel.com`
			`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
			`[ Quanxian Wang: amend commit log ]`
			`Signed-off-by: Quanxian Wang <quanxian.wang@intel.com>`
			`---`
			`target/i386/cpu.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/target/i386/cpu.c b/target/i386/cpu.c`
			`index bad30581ce..b5231432e7 100644`
			`--- a/target/i386/cpu.c`
			`+++ b/target/i386/cpu.c`
			`@@ -1157,7 +1157,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {`
			`"taa-no", NULL, NULL, NULL,`
			`NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",`
			`NULL, "fb-clear", NULL, NULL,`
			`- NULL, NULL, NULL, NULL,`
			`+ "bhi-no", NULL, NULL, NULL,`
			`"pbrsb-no", NULL, "gds-no", "rfds-no",`
			`"rfds-clear", NULL, NULL, NULL,`
			`},`
			`--`
			`2.41.0.windows.1`