projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7539d62) | patch
x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=`
authorAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 26 Apr 2018 09:52:55 +0000 (10:52 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Tue, 22 May 2018 17:41:33 +0000 (18:41 +0100)
commit8a4f032abf8fcb45bb8b83945752283a68c8b7b4
treedd218b38a90481b023f1a6cb9cb3be1627629df2tree | snapshot
parent7539d626296f322c102489a2c23145c9f241eb74commit | diff
x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=`

In hindsight, the options for `bti=` aren't as flexible or useful as expected
(including several options which don't appear to behave as intended).
Changing the behaviour of an existing option is problematic for compatibility,
so introduce a new `spec-ctrl=` in the hopes that we can do better.

One common way of deploying Xen is with a single PV dom0 and all domUs being
HVM domains.  In such a setup, an administrator who has weighed up the risks
may wish to forgo protection against malicious PV domains, to reduce the
overall performance hit.  To cater for this usecase, `spec-ctrl=no-pv` will
disable all speculative protection for PV domains, while leaving all
speculative protection for HVM domains intact.

For coding clarity as much as anything else, the suboptions are grouped by
logical area; those which affect the alternatives blocks, and those which
affect Xen's in-hypervisor settings.  See the xen-command-line.markdown for
full details of the new options.

While changing the command line options, take the time to change how the data
is reported to the user.  The three DEBUG printks are upgraded to unilateral,
as they are all relevant pieces of information, and the old "mitigations:"
line is split in the two logical areas described above.

Sample output from booting with `spec-ctrl=no-pv` looks like:

  (XEN) Speculative mitigation facilities:
  (XEN)   Hardware features: IBRS/IBPB STIBP IBPB
  (XEN)   Compiled-in support: INDIRECT_THUNK
  (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS-, Other: IBPB
  (XEN)   Support for VMs: PV: None, HVM: MSR_SPEC_CTRL RSB
  (XEN)   XPTI (64-bit PV only): Dom0 enabled, DomU enabled

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
(cherry picked from commit 3352afc26c497d26ecb70527db3cb29daf7b1422)

Gbp-Pq: Name x86spec_ctrl-introduce-a-new-spec-ctrl=-.patch
docs/misc/xen-command-line.markdown diff | blob | history
xen/arch/x86/spec_ctrl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.