projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fde4acd) | patch
x86/spec-ctrl: Hide RDRAND by default on IvyBridge client
authorAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 12 Jun 2020 12:39:13 +0000 (13:39 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 17 Jun 2020 12:54:12 +0000 (13:54 +0100)
commit71ca0e0ad000e690899936327eb09709ab182ade
treefcb803b61791e16ab6ddde98012829b9ac56d24ftree | snapshot
parentfde4acd5feb7961269a2e6edd918c7a46626cf6bcommit | diff
x86/spec-ctrl: Hide RDRAND by default on IvyBridge client

To combat the absence of mitigating microcode, arrange to hide RDRAND by
default on IvyBridge client hardware.

Adjust the default feature derivation to hide RDRAND on IvyBridge client
parts, unless `cpuid=rdrand` is explicitly provided.

Adjust the restore path in xc_cpuid_apply_policy() to not hide RDRAND from VMs
which migrated from pre-4.14.

In all cases, individual guests can continue using RDRAND if explicitly
enabled in their config files.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Release-acked-by: Paul Durrant <paul@xen.org>
docs/misc/xen-command-line.pandoc diff | blob | history
tools/libxc/xc_cpuid_x86.c diff | blob | history
xen/arch/x86/cpuid.c diff | blob | history
xen/include/public/arch-x86/cpufeatureset.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.