On Fri, 16 Jun 2023 11:23:07 +0800
Tao Su <tao1...@linux.intel.com> wrote:
> MCDT_NO bit indicates HW contains the security fix and doesn't need to
> be mitigated to avoid data-dependent behaviour for certain instructions.
> It needs no hypervisor support. Treat it as supported regardless of what
> KVM reports.
>
> Signed-off-by: Tao Su <tao1...@linux.intel.com>
> Reviewed-by: Xiaoyao Li <xiaoyao...@intel.com>
> ---
> target/i386/kvm/kvm.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index de531842f6..4defd8b479 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -432,6 +432,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
> uint32_t function,
> uint32_t eax;
> host_cpuid(7, 1, &eax, &unused, &unused, &unused);
> ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS |
> CPUID_7_1_EAX_FSRC);
> + } else if (function == 7 && index == 2 && reg == R_EDX) {
> + /* Not new instructions, just an optimization. */
comment doesn't make much sense to me, just drop it or
describe what MCDT_NO is/mitigates.
> + uint32_t edx;
> + host_cpuid(7, 2, &unused, &unused, &unused, &edx);
> + ret |= edx & CPUID_7_2_EDX_MCDT_NO;
> } else if (function == 0xd && index == 0 &&
> (reg == R_EAX || reg == R_EDX)) {
> /*
