|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.10] x86: split opt_pv_l1tf
commit b79ac2746c4614e15e69266048d92be9b03194fd
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Nov 5 15:09:16 2018 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Nov 5 15:09:16 2018 +0100
x86: split opt_pv_l1tf
Use separate tracking variables for the hardware domain and DomU-s.
No functional change intended, but adjust the comment in
init_speculation_mitigations() to match prior as well as resulting code.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
master commit: 0b89643ef6ef14e2c2b731ca675d23e405ed69b1
master date: 2018-10-04 14:49:19 +0200
---
xen/arch/x86/spec_ctrl.c | 44 ++++++++++++++++++++---------------------
xen/include/asm-x86/shadow.h | 5 ++---
xen/include/asm-x86/spec_ctrl.h | 4 +---
3 files changed, 25 insertions(+), 28 deletions(-)
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index a5e32112a2..5d8c888687 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -126,8 +126,10 @@ static int __init parse_spec_ctrl(const char *s)
if ( opt_smt < 0 )
opt_smt = 1;
- if ( opt_pv_l1tf < 0 )
- opt_pv_l1tf = 0;
+ if ( opt_pv_l1tf_hwdom < 0 )
+ opt_pv_l1tf_hwdom = 0;
+ if ( opt_pv_l1tf_domu < 0 )
+ opt_pv_l1tf_domu = 0;
disable_common:
opt_rsb_pv = false;
@@ -205,7 +207,8 @@ static int __init parse_spec_ctrl(const char *s)
}
custom_param("spec-ctrl", parse_spec_ctrl);
-int8_t __read_mostly opt_pv_l1tf = -1;
+int8_t __read_mostly opt_pv_l1tf_hwdom = -1;
+int8_t __read_mostly opt_pv_l1tf_domu = -1;
static __init int parse_pv_l1tf(const char *s)
{
@@ -213,12 +216,14 @@ static __init int parse_pv_l1tf(const char *s)
int val, rc = 0;
/* Inhibit the defaults as an explicit choice has been given. */
- if ( opt_pv_l1tf == -1 )
- opt_pv_l1tf = 0;
+ if ( opt_pv_l1tf_hwdom == -1 )
+ opt_pv_l1tf_hwdom = 0;
+ if ( opt_pv_l1tf_domu == -1 )
+ opt_pv_l1tf_domu = 0;
/* Interpret 'pv-l1tf' alone in its positive boolean form. */
if ( *s == '\0' )
- opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU;
+ opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1;
do {
ss = strchr(s, ',');
@@ -228,20 +233,18 @@ static __init int parse_pv_l1tf(const char *s)
switch ( parse_bool(s, ss) )
{
case 0:
- opt_pv_l1tf = 0;
+ opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 0;
break;
case 1:
- opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU;
+ opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1;
break;
default:
if ( (val = parse_boolean("dom0", s, ss)) >= 0 )
- opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOM0) |
- (val ? OPT_PV_L1TF_DOM0 : 0));
+ opt_pv_l1tf_hwdom = val;
else if ( (val = parse_boolean("domu", s, ss)) >= 0 )
- opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOMU) |
- (val ? OPT_PV_L1TF_DOMU : 0));
+ opt_pv_l1tf_domu = val;
else if ( *s )
rc = -EINVAL;
break;
@@ -304,7 +307,7 @@ static void __init print_details(enum ind_thunk thunk,
uint64_t caps)
opt_l1d_flush ? " L1D_FLUSH" : "");
/* L1TF diagnostics, printed if vulnerable or PV shadowing is in use. */
- if ( cpu_has_bug_l1tf || opt_pv_l1tf )
+ if ( cpu_has_bug_l1tf || opt_pv_l1tf_hwdom || opt_pv_l1tf_domu )
printk(" L1TF: believed%s vulnerable, maxphysaddr L1D %u, CPUID %u"
", Safe address %"PRIx64"\n",
cpu_has_bug_l1tf ? "" : " not",
@@ -333,8 +336,8 @@ static void __init print_details(enum ind_thunk thunk,
uint64_t caps)
opt_xpti_domu ? "enabled" : "disabled");
printk(" PV L1TF shadowing: Dom0 %s, DomU %s\n",
- opt_pv_l1tf & OPT_PV_L1TF_DOM0 ? "enabled" : "disabled",
- opt_pv_l1tf & OPT_PV_L1TF_DOMU ? "enabled" : "disabled");
+ opt_pv_l1tf_hwdom ? "enabled" : "disabled",
+ opt_pv_l1tf_domu ? "enabled" : "disabled");
}
/* Calculate whether Retpoline is known-safe on this CPU. */
@@ -875,13 +878,10 @@ void __init init_speculation_mitigations(void)
* In shim mode, SHADOW is expected to be compiled out, and a malicious
* guest kernel can only attack the shim Xen, not the host Xen.
*/
- if ( opt_pv_l1tf == -1 )
- {
- if ( pv_shim || !cpu_has_bug_l1tf )
- opt_pv_l1tf = 0;
- else
- opt_pv_l1tf = OPT_PV_L1TF_DOMU;
- }
+ if ( opt_pv_l1tf_hwdom == -1 )
+ opt_pv_l1tf_hwdom = 0;
+ if ( opt_pv_l1tf_domu == -1 )
+ opt_pv_l1tf_domu = !pv_shim && cpu_has_bug_l1tf;
/*
* By default, enable L1D_FLUSH on L1TF-vulnerable hardware, unless
diff --git a/xen/include/asm-x86/shadow.h b/xen/include/asm-x86/shadow.h
index f40f411871..1a494029fa 100644
--- a/xen/include/asm-x86/shadow.h
+++ b/xen/include/asm-x86/shadow.h
@@ -224,9 +224,8 @@ void pv_l1tf_tasklet(unsigned long data);
static inline void pv_l1tf_domain_init(struct domain *d)
{
- d->arch.pv_domain.check_l1tf =
- opt_pv_l1tf & (is_hardware_domain(d)
- ? OPT_PV_L1TF_DOM0 : OPT_PV_L1TF_DOMU);
+ d->arch.pv_domain.check_l1tf = is_hardware_domain(d) ? opt_pv_l1tf_hwdom
+ : opt_pv_l1tf_domu;
#if defined(CONFIG_SHADOW_PAGING) && defined(CONFIG_PV)
tasklet_init(&d->arch.paging.shadow.pv_l1tf_tasklet,
diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index 1b29f45b1b..c8463544ae 100644
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -37,9 +37,7 @@ extern uint8_t default_spec_ctrl_flags;
extern int8_t opt_xpti_hwdom, opt_xpti_domu;
-extern int8_t opt_pv_l1tf;
-#define OPT_PV_L1TF_DOM0 0x01
-#define OPT_PV_L1TF_DOMU 0x02
+extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu;
/*
* The L1D address mask, which might be wider than reported in CPUID, and the
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.10
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |