x86/spec-ctrl: Build with BRANCH_HARDEN lfences by default
Branch Harden is enabled by default at compile and boot time. Invert the
logic to compile with lfence by default and nop out in the non-default case.
This has several advantages. It removes 3829 patch points (in the random
build of Xen I have to hand) by default on boot, 70% (!) of the
.altinstr_replacement section. For builds of Xen with a non-nops capable tool
chain, the code after `spec-ctrl=no-branch-harden` is better because Xen can
write long nops.
Most importantly however, it means the disassembly actually matches what runs
in the common case, with the ability to distinguish the lfences from other
uses of nops.
Finally, make opt_branch_harden local to spec_ctrl.c and __initdata. It has
never been used externally, even at it's introduction in c/s
3860d5534df4
"spec: add l1tf-barrier".
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
projects / xen.git / commit