From 314257e4d7c565bd35f71619cfc7ac1c50ec0614 Mon Sep 17 00:00:00 2001
From: Takahiro Itazuri <itazur@amazon.com>
Date: Mon, 3 Jul 2023 13:56:33 +0000
Subject: [PATCH] fix(vmm): Set IA32_ARCH_CAPABILITIES.RRSBA to 1 with T2S

We updated the fingerprint files in PR #3813, since Intel microcode
release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA
(bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already
in place which is eIBRS.

Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode
regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests
should not get impacted by this change. However, it has a role to inform
softwares whether the part has the RRSBA behavior.

The T2S template has set it to 0 explicitly before, but this commit
changes to set it to 1 so that guest kernels and applications can know
that the processor has the RRSBA behavior. The reason why it sets the
bit to 1 instead of passing through it from the host is that it aims to
provide the ability to securely migrate snapshots between Intel Skylake
and Intel CascadeLake.

Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
---
 CHANGELOG.md                              | 2 ++
 resources/tests/msr/msr_list_T2S_4.14.csv | 2 +-
 resources/tests/msr/msr_list_T2S_5.10.csv | 2 +-
 src/cpuid/src/template/intel/t2s.rs       | 3 ++-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e3430f95e8..7afd5f619b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@
 ### Fixed
 
 - Fixed passing through cache information from host in CPUID leaf 0x80000006.
+- Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES
+  MSR to 1 in accordance with an Intel microcode update.
 
 ## [1.2.1]
 
diff --git a/resources/tests/msr/msr_list_T2S_4.14.csv b/resources/tests/msr/msr_list_T2S_4.14.csv
index f201a716ddd..7c37903b774 100644
--- a/resources/tests/msr/msr_list_T2S_4.14.csv
+++ b/resources/tests/msr/msr_list_T2S_4.14.csv
@@ -265,7 +265,7 @@ MSR_ADDR,STATUS,VALUE
 0x107,unimplemented,0x0
 0x108,unimplemented,0x0
 0x109,unimplemented,0x0
-0x10a,implemented,0xc4c
+0x10a,implemented,0x80c4c
 0x10b,unimplemented,0x0
 0x10c,unimplemented,0x0
 0x10d,unimplemented,0x0
diff --git a/resources/tests/msr/msr_list_T2S_5.10.csv b/resources/tests/msr/msr_list_T2S_5.10.csv
index a2faab71cea..26f28e5a82a 100644
--- a/resources/tests/msr/msr_list_T2S_5.10.csv
+++ b/resources/tests/msr/msr_list_T2S_5.10.csv
@@ -265,7 +265,7 @@ MSR_ADDR,STATUS,VALUE
 0x107,unimplemented,0x0
 0x108,unimplemented,0x0
 0x109,unimplemented,0x0
-0x10a,implemented,0xc4c
+0x10a,implemented,0x80c4c
 0x10b,unimplemented,0x0
 0x10c,unimplemented,0x0
 0x10d,unimplemented,0x0
diff --git a/src/cpuid/src/template/intel/t2s.rs b/src/cpuid/src/template/intel/t2s.rs
index d6a4ed43a26..4f3b9638868 100644
--- a/src/cpuid/src/template/intel/t2s.rs
+++ b/src/cpuid/src/template/intel/t2s.rs
@@ -35,7 +35,8 @@ pub fn update_msr_entries(msr_entries: &mut Vec<kvm_msr_entry>) {
         | ArchCapaMSRFlags::SKIP_L1DFL_VMENTRY
         | ArchCapaMSRFlags::IF_PSCHANGE_MC_NO
         | ArchCapaMSRFlags::MISC_PACKAGE_CTRLS
-        | ArchCapaMSRFlags::ENERGY_FILTERING_CTL;
+        | ArchCapaMSRFlags::ENERGY_FILTERING_CTL
+        | ArchCapaMSRFlags::RRSBA;
     msr_entries.push(kvm_msr_entry {
         index: MSR_IA32_ARCH_CAPABILITIES,
         data: capabilities.bits(),