[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.9] x86: Make "spec-ctrl=no" a global disable of all mitigations
commit c95088f090e8c1c5207f9da1d3c5bcf72af41cc7 Author: Jan Beulich <JBeulich@xxxxxxxx> AuthorDate: Mon Aug 13 05:07:23 2018 -0600 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Aug 14 17:20:02 2018 +0100 x86: Make "spec-ctrl=no" a global disable of all mitigations In order to have a simple and easy to remember means to suppress all the more or less recent workarounds for hardware vulnerabilities, force settings not controlled by "spec-ctrl=" also to their original defaults, unless they've been forced to specific values already by earlier command line options. This is part of XSA-273. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> (cherry picked from commit d8800a82c3840b06b17672eddee4878bbfdacc6d) --- docs/misc/xen-command-line.markdown | 13 +++++++++---- xen/arch/x86/spec_ctrl.c | 9 +++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index e2787fc71e..60094504f4 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1691,10 +1691,15 @@ extreme care.** An overall boolean value, `spec-ctrl=no`, can be specified to turn off all mitigations, including pieces of infrastructure used to virtualise certain -mitigation features for guests. Alternatively, a slightly more restricted -`spec-ctrl=no-xen` can be used to turn off all of Xen's mitigations, while -leaving the virtualisation support in place for guests to use. Use of a -positive boolean value for either of these options is invalid. +mitigation features for guests. This also includes settings which `xpti`, +`smt`, `pv-l1tf` control, unless the respective option(s) have been +specified earlier on the command line. + +Alternatively, a slightly more restricted `spec-ctrl=no-xen` can be used to +turn off all of Xen's mitigations, while leaving the virtualisation support +in place for guests to use. + +Use of a positive boolean value for either of these options is invalid. The booleans `pv=`, `hvm=`, `msr-sc=` and `rsb=` offer fine grained control over the alternative blocks used by Xen. These impact Xen's ability to diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f4992d936d..60c65222d2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -117,6 +117,15 @@ static int __init parse_spec_ctrl(char *s) opt_eager_fpu = 0; + if ( opt_xpti < 0 ) + opt_xpti = 0; + + if ( opt_smt < 0 ) + opt_smt = 1; + + if ( opt_pv_l1tf < 0 ) + opt_pv_l1tf = 0; + disable_common: opt_rsb_pv = false; opt_rsb_hvm = false; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.9 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |