[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.7] x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IBPB
commit e9220b40c67a6c1eab6b3613f6054adfacea65eb Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Wed Feb 14 11:35:00 2018 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Wed Feb 14 11:35:00 2018 +0100 x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IBPB Instead of gaining yet another top level boolean, introduce a more generic cpuid= option. Also introduce a helper function to parse a generic boolean value. This is part of XSA-254. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> xen/cmdline: Fix parse_boolean() for unadorned values A command line such as "cpuid=no-ibrsb,no-stibp" tickles a bug in parse_boolean() because the separating comma fails the NUL case. Instead, check for slen == nlen which accounts for the boundary (if any) passed via the 'e' parameter. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 7850b1c00749df834ea2ad0c1f5d9364c4838795 master date: 2018-01-16 17:45:50 +0000 master commit: ac37ec1ddef234eeba6f438c29ff687c64962ebd master date: 2018-01-31 10:47:12 +0000 --- docs/misc/xen-command-line.markdown | 12 ++++++++++++ xen/arch/x86/cpuid.c | 35 +++++++++++++++++++++++++++++++++++ xen/common/kernel.c | 36 ++++++++++++++++++++++++++++++++++++ xen/include/xen/lib.h | 7 +++++++ 4 files changed, 90 insertions(+) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index c1cb1a1..01631f1 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -420,6 +420,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels. respectively. * `verbose` option can be included as a string or also as `verbose=<integer>` +### cpuid (x86) +> `= List of comma separated booleans` + +This option allows for fine tuning of the facilities Xen will use, after +accounting for hardware capabilities as enumerated via CPUID. + +Currently accepted: + +The Speculation Control hardware features `ibrsb`, `stibp`, `ibpb` are used by +default if avaiable. They can be ignored, e.g. `no-ibrsb`, at which point Xen +won't use them itself, and won't offer them to guests. + ### cpuid\_mask\_cpu (AMD only) > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g > | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 63b2db9..7a7c8de 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -17,6 +17,41 @@ uint32_t __read_mostly raw_featureset[FSCAPINTS]; uint32_t __read_mostly pv_featureset[FSCAPINTS]; uint32_t __read_mostly hvm_featureset[FSCAPINTS]; +static int __init parse_xen_cpuid(const char *s) +{ + const char *ss; + int val, rc = 0; + + do { + ss = strchr(s, ','); + if ( !ss ) + ss = strchr(s, '\0'); + + if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_IBPB); + } + else if ( (val = parse_boolean("ibrsb", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_IBRSB); + } + else if ( (val = parse_boolean("stibp", s, ss)) >= 0 ) + { + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_STIBP); + } + else + rc = -EINVAL; + + s = ss + 1; + } while ( *ss ); + + return rc; +} +custom_param("cpuid", parse_xen_cpuid); + static void __init sanitise_featureset(uint32_t *fs) { /* for_each_set_bit() uses unsigned longs. Extend with zeroes. */ diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 1a6823a..06a817e 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -168,6 +168,42 @@ int __init parse_bool(const char *s) return -1; } +int parse_boolean(const char *name, const char *s, const char *e) +{ + size_t slen, nlen; + int val = !!strncmp(s, "no-", 3); + + if ( !val ) + s += 3; + + slen = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); + nlen = strlen(name); + + /* Does s now start with name? */ + if ( slen < nlen || strncmp(s, name, nlen) ) + return -1; + + /* Exact, unadorned name? Result depends on the 'no-' prefix. */ + if ( slen == nlen ) + return val; + + /* =$SOMETHING? Defer to the regular boolean parsing. */ + if ( s[nlen] == '=' ) + { + char buf[8]; + + s += nlen + 1; + if ( e <= s || e - s >= ARRAY_SIZE(buf) ) + return -1; + memcpy(buf, s, e - s); + buf[e - s] = 0; + return parse_bool(buf); + } + + /* Unrecognised. Give up. */ + return -1; +} + /** * print_tainted - return a string to represent the kernel taint state. * diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h index 1c652bb..5d3bac7 100644 --- a/xen/include/xen/lib.h +++ b/xen/include/xen/lib.h @@ -62,6 +62,13 @@ struct domain; void cmdline_parse(const char *cmdline); int parse_bool(const char *s); +/** + * Given a specific name, parses a string of the form: + * [no-]$NAME[=...] + * returning 0 or 1 for a recognised boolean, or -1 for an error. + */ +int parse_boolean(const char *name, const char *s, const char *e); + /*#define DEBUG_TRACE_DUMP*/ #ifdef DEBUG_TRACE_DUMP extern void debugtrace_dump(void); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.7 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |