Xen project Mailing List

[Xen-devel] [PATCH 12/12] x86/xpti: add per-domain parameter for controlling xpti

From: Juergen Gross <jgross@xxxxxxxx>

Date: Tue, 18 Sep 2018 08:03:09 +0200

Cc: Juergen Gross <jgross@xxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Tue, 18 Sep 2018 06:03:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Add a per-domain parameter to switch xpti for single pv domains on or off. Signed-off-by: Juergen Gross <jgross@xxxxxxxx> --- docs/man/xl.cfg.pod.5.in | 12 +++++++++++- xen/arch/x86/pv/domain.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/docs/man/xl.cfg.pod.5.in b/docs/man/xl.cfg.pod.5.in index c97ae77129..524f9f23d4 100644 --- a/docs/man/xl.cfg.pod.5.in +++ b/docs/man/xl.cfg.pod.5.in @@ -612,7 +612,17 @@ The following parameter settings are supported: =over 4 -NONE +=item B<xpti=BOOLEAN> + +Override default selection of whether to isolate 64-bit PV guest page +tables of a domain. + +B<true> activates page table isolation even on hardware not vulnerable by +Meltdown for the domain. + +B<false> deactivates page table isolation on all systems for the domain. + +Can be modified at runtime. =back diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 355f320fa3..86d9f8fb67 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -287,6 +287,43 @@ int pv_domain_initialise(struct domain *d) return rc; } +static int dompar_xpti(const char *s, struct domain *d) +{ + switch ( parse_bool(s, NULL) ) + { + case 0: + d->arch.pv.xpti = false; + break; + + case 1: + d->arch.pv.xpti = true; + break; + + default: + return -EINVAL; + } + + switch ( opt_pcid ) + { + case PCID_XPTI: + d->arch.pv.pcid = d->arch.pv.xpti; + break; + + case PCID_NOXPTI: + d->arch.pv.pcid = !d->arch.pv.xpti; + break; + + default: + break; + } + + return 0; +} + +custom_domain_param("xpti", + PARAM_FLAG_RUNTIME | PARAM_FLAG_NOHVM | PARAM_FLAG_NOPV32, + dompar_xpti); + bool __init xpti_pcid_enabled(void) { return use_invpcid && cpu_has_pcid && -- 2.16.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.