projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d044f6c) | patch
x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 23 Jul 2018 13:46:10 +0000 (13:46 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 16:15:06 +0000 (17:15 +0100)
commit57483c09ef4fe9489ec4214989a97949916fecc0
treec6aeacbbf71290488b5695f44f44e4098a3ef194tree | snapshot
parentd044f6cc590c58178d87ad78f1859d1c7905ee0bcommit | diff
x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests

Shadowing a PV guest is only available when shadow paging is compiled in.
When shadow paging isn't available, guests can be crashed instead as
mitigation from Xen's point of view.

Ideally, dom0 would also be potentially-shadowed-by-default, but dom0 has
never been shadowed before, and there are some stability issues under
investigation.

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 66a4e986819a86ba66ca2fe9d925e62a4fd30114)
docs/misc/xen-command-line.markdown diff | blob | history
xen/arch/x86/Kconfig diff | blob | history
xen/arch/x86/spec_ctrl.c diff | blob | history
xen/include/asm-x86/spec_ctrl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.