[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86/pv: Enable pv-l1tf mitigations for dom0 by default

At the time XSA-273 was published, shadowing dom0 had proved to be unstable,
which is why dom0 was unprotected by default.  The instability was identified
to be problems with shadowing PV superpages, and fixed.

In hindsight, this patch should have been posted at the same time.

There is now no legitimate reason to handle dom0 differently to domu when it
comes to pv-l1tf protections.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Juergen Gross <jgross@xxxxxxxx>

This wants backporting to whichever trees have the PV superpage shadowing
 docs/misc/xen-command-line.pandoc | 2 +-
 xen/arch/x86/spec_ctrl.c          | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/misc/xen-command-line.pandoc 
index 6a33775..18ba8df 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -1616,7 +1616,7 @@ turning it off can reduce the attack surface.
 > `= List of [ <bool>, dom0=<bool>, domu=<bool> ]`
 > Default: `false` on believed-unaffected hardware, or in pv-shim mode.
->          `domu`  on believed-affected hardware.
+>          `true`  on believed-affected hardware.
 Mitigations for L1TF / XSA-273 / CVE-2018-3620 for PV guests.
diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index ad72ecd..5bdd1a8 100644
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -822,14 +822,14 @@ void __init init_speculation_mitigations(void)
-     * By default, enable PV domU L1TF mitigations on all L1TF-vulnerable
-     * hardware, except when running in shim mode.
+     * By default, enable PV L1TF mitigations on all L1TF-vulnerable hardware,
+     * except when running in shim mode.
      * In shim mode, SHADOW is expected to be compiled out, and a malicious
      * guest kernel can only attack the shim Xen, not the host Xen.
     if ( opt_pv_l1tf_hwdom == -1 )
-        opt_pv_l1tf_hwdom = 0;
+        opt_pv_l1tf_hwdom = cpu_has_bug_l1tf;
     if ( opt_pv_l1tf_domu == -1 )
         opt_pv_l1tf_domu = !pv_shim && cpu_has_bug_l1tf;

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.