|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] x86: allow easier disabling of BTI mitigations
commit 37f02a06b9d2f9d965b747a6752301314e935571
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Feb 2 11:56:08 2018 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Feb 2 11:56:08 2018 +0100
x86: allow easier disabling of BTI mitigations
Support both a "disable everything" and a "disable all RSB overwriting"
sub-option.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
docs/misc/xen-command-line.markdown | 12 ++++++++----
xen/arch/x86/spec_ctrl.c | 18 +++++++++++++++++-
2 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/docs/misc/xen-command-line.markdown
b/docs/misc/xen-command-line.markdown
index 9c10d3a..79feba6 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -246,7 +246,7 @@ enough. Setting this to a high value may cause boot
failure, particularly if
the NMI watchdog is also enabled.
### bti (x86)
-> `= List of [ thunk=retpoline|lfence|jmp, ibrs=<bool>, ibpb=<bool>,
rsb_{vmexit,native}=<bool> ]`
+> `= List of [ <bool>, thunk=retpoline|lfence|jmp, ibrs=<bool>, ibpb=<bool>,
rsb=<bool>, rsb_{vmexit,native}=<bool> ]`
Branch Target Injection controls. By default, Xen will pick the most
appropriate BTI mitigations based on compiled in support, loaded microcode,
@@ -255,6 +255,9 @@ and hardware details.
**WARNING: Any use of this option may interfere with heuristics. Use with
extreme care.**
+A (negative) boolean value can be specified to turn off all mitigations.
+(Use of a positive boolean value is invalid.)
+
If Xen was compiled with INDIRECT_THUNK support, `thunk=` can be used to
select which of the thunks gets patched into the `__x86_indirect_thunk_%reg`
locations. The default thunk is `retpoline` (generally preferred for Intel
@@ -268,9 +271,10 @@ functionality is still set up so IBRS can be virtualised
for guests.
On hardware supporting IBPB, the `ibpb=` option can be used to prevent Xen
from issuing Branch Prediction Barriers on vcpu context switches.
-The `rsb_vmexit=` and `rsb_native=` options can be used to fine tune when the
-RSB gets overwritten. There are individual controls for an entry from HVM
-context, and an entry from a native (PV or Xen) context.
+The `rsb=`, `rsb_vmexit=` and `rsb_native=` options can be used to control
+when the RSB gets overwritten. The former control all RSB overwriting, while
+the latter two can be used to fine tune overwriting on from HVM context, and
+an entry from a native (PV or Xen) context.
### xenheap\_megabytes (arm32)
> `= <size>`
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index 9c1fe19..f10ffbf 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -50,7 +50,18 @@ static int __init parse_bti(const char *s)
if ( !ss )
ss = strchr(s, '\0');
- if ( !strncmp(s, "thunk=", 6) )
+ val = parse_bool(s, ss);
+ if ( !val )
+ {
+ opt_thunk = THUNK_JMP;
+ opt_ibrs = 0;
+ opt_ibpb = false;
+ opt_rsb_native = false;
+ opt_rsb_vmexit = false;
+ }
+ else if ( val > 0 )
+ rc = -EINVAL;
+ else if ( !strncmp(s, "thunk=", 6) )
{
s += 6;
@@ -71,6 +82,11 @@ static int __init parse_bti(const char *s)
opt_rsb_native = val;
else if ( (val = parse_boolean("rsb_vmexit", s, ss)) >= 0 )
opt_rsb_vmexit = val;
+ else if ( (val = parse_boolean("rsb", s, ss)) >= 0 )
+ {
+ opt_rsb_native = val;
+ opt_rsb_vmexit = val;
+ }
else
rc = -EINVAL;
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |