dgit.raspbian.org Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 19 Jun 2019 17:16:03 +0000 (18:16 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 12 Nov 2019 17:15:38 +0000 (17:15 +0000)
commit	56590acd7fe460514e27d520d28ec5dc66535b1e
tree	fb2efddb257a9ca5150fc6868649b1928f40f5de	tree \| snapshot
parent	cc06f60b96d91c995d17b4798176061dc3d6925d	commit \| diff

x86/tsx: Introduce tsx= to use MSR_TSX_CTRL when available

To protect against the TSX Async Abort speculative vulnerability, Intel have
released new microcode for affected parts which introduce the MSR_TSX_CTRL
control, which allows TSX to be turned off.  This will be architectural on
future parts.

Introduce tsx= to provide a global on/off for TSX, including its enumeration
via CPUID.  Provide stub virtualisation of this MSR, as it is not exposed to
guests at the moment.

VMs may have booted before microcode is loaded, or before hosts have rebooted,
and they still want to migrate freely.  A VM which booted seeing TSX can
migrate safely to hosts with TSX disabled - TSX will start unconditionally
aborting, but still behave in a manner compatible with the ABI.

The guest-visible behaviour is equivalent to late loading the microcode and
setting the RTM_DISABLE bit in the course of live patching.

This is part of XSA-305 / CVE-2019-11135

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

docs/misc/xen-command-line.markdown		diff \| blob \| history
xen/arch/x86/Makefile		diff \| blob \| history
xen/arch/x86/cpuid.c		diff \| blob \| history
xen/arch/x86/msr.c		diff \| blob \| history
xen/arch/x86/setup.c		diff \| blob \| history
xen/arch/x86/smpboot.c		diff \| blob \| history
xen/arch/x86/tsx.c	[new file with mode: 0644]	blob
xen/include/asm-x86/msr-index.h		diff \| blob \| history
xen/include/asm-x86/processor.h		diff \| blob \| history
xen/include/xen/lib.h		diff \| blob \| history