`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
applicable. They can all be ignored.
-`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 /
-CVE-2020-0543. The RDRAND feature is disabled by default on certain AMD
-systems, due to possible malfunctions after ACPI S3 suspend/resume. `rdrand`
-may be used in its positive form to override Xen's default behaviour on these
-systems, and make the feature fully usable.
+`rdrand` and `rdseed` have multiple interactions.
+
+* For Special Register Buffer Data Sampling (SRBDS, XSA-320, CVE-2020-0543),
+ RDRAND and RDSEED can be ignored.
+
+ Due to the absence of microcode to address SRBDS on IvyBridge client
+ hardware, the RDRAND feature is hidden by default for guests, unless
+ `rdrand` is used in its positive form. Irrespective of the setting here,
+ VMs can use RDRAND if explicitly enabled in guest config file, and VMs
+ already using RDRAND can migrate in.
+
+* The RDRAND feature is disabled by default on AMD Fam15/16 systems, due to
+ possible malfunctions after ACPI S3 suspend/resume. `rdrand` may be used
+ in its positive form to override Xen's default behaviour on these systems,
+ and make the feature fully usable.
### cpuid_mask_cpu
> `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b`
*/
if ( restore )
{
+ p->basic.rdrand = test_bit(X86_FEATURE_RDRAND, host_featureset);
+
if ( di.hvm )
{
p->feat.mpx = test_bit(X86_FEATURE_MPX, host_featureset);
}
}
+static void __init guest_common_default_feature_adjustments(uint32_t *fs)
+{
+ /*
+ * IvyBridge client parts suffer from leakage of RDRAND data due to SRBDS
+ * (XSA-320 / CVE-2020-0543), and won't be receiving microcode to
+ * compensate.
+ *
+ * Mitigate by hiding RDRAND from guests by default, unless explicitly
+ * overridden on the Xen command line (cpuid=rdrand). Irrespective of the
+ * default setting, guests can use RDRAND if explicitly enabled
+ * (cpuid="host,rdrand=1") in the VM's config file, and VMs which were
+ * previously using RDRAND can migrate in.
+ */
+ if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+ boot_cpu_data.x86 == 6 && boot_cpu_data.x86_model == 0x3a &&
+ cpu_has_rdrand && !is_forced_cpu_cap(X86_FEATURE_RDRAND) )
+ __clear_bit(X86_FEATURE_RDRAND, fs);
+}
+
static void __init guest_common_feature_adjustments(uint32_t *fs)
{
/* Unconditionally claim to be able to set the hypervisor bit. */
pv_featureset[i] &= pv_def_featuremask[i];
guest_common_feature_adjustments(pv_featureset);
+ guest_common_default_feature_adjustments(pv_featureset);
sanitise_featureset(pv_featureset);
cpuid_featureset_to_policy(pv_featureset, p);
hvm_featureset[i] &= hvm_featuremask[i];
guest_common_feature_adjustments(hvm_featureset);
+ guest_common_default_feature_adjustments(hvm_featureset);
sanitise_featureset(hvm_featureset);
cpuid_featureset_to_policy(hvm_featureset, p);
XEN_CPUFEATURE(OSXSAVE, 1*32+27) /*! OSXSAVE */
XEN_CPUFEATURE(AVX, 1*32+28) /*A Advanced Vector Extensions */
XEN_CPUFEATURE(F16C, 1*32+29) /*A Half-precision convert instruction */
-XEN_CPUFEATURE(RDRAND, 1*32+30) /*A Digital Random Number Generator */
+XEN_CPUFEATURE(RDRAND, 1*32+30) /*!A Digital Random Number Generator */
XEN_CPUFEATURE(HYPERVISOR, 1*32+31) /*!A Running under some hypervisor */
/* AMD-defined CPU features, CPUID level 0x80000001.edx, word 2 */
projects / xen.git / commitdiff