projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 007752f) | patch
x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests
authorAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 29 May 2018 17:44:16 +0000 (18:44 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 16:15:49 +0000 (17:15 +0100)
commit2a47c7550910f5d591ca0de369234f8c18daa2d2
treec521f5d14f495e519a8dad02044362742032b92ftree | snapshot
parent007752fb9b85b9235fe2820677988c6408c583dacommit | diff
x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests

This mitigation requires up-to-date microcode, and is enabled by default on
affected hardware if available, and is used for HVM guests

The default for SMT/Hyperthreading is far more complicated to reason about,
not least because we don't know if the user is going to want to run any HVM
guests to begin with.  If a explicit default isn't given, nag the user to
perform a risk assessment and choose an explicit default, and leave other
configuration to the toolstack.

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 3bd36952dab60290f33d6791070b57920e10754b)
docs/misc/xen-command-line.markdown diff | blob | history
xen/arch/x86/hvm/vmx/vmcs.c diff | blob | history
xen/arch/x86/spec_ctrl.c diff | blob | history
xen/include/asm-x86/spec_ctrl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.