projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fd9823f) | patch
x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests
authorAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 29 May 2018 17:44:16 +0000 (18:44 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 15:56:47 +0000 (16:56 +0100)
commit3bd36952dab60290f33d6791070b57920e10754b
treee3b71bae6e298d852c1ecdb6d00e69b75750e394tree | snapshot
parentfd9823faf9df057a69a9a53c2e100691d3f4267ccommit | diff
x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests

This mitigation requires up-to-date microcode, and is enabled by default on
affected hardware if available, and is used for HVM guests

The default for SMT/Hyperthreading is far more complicated to reason about,
not least because we don't know if the user is going to want to run any HVM
guests to begin with.  If a explicit default isn't given, nag the user to
perform a risk assessment and choose an explicit default, and leave other
configuration to the toolstack.

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
docs/misc/xen-command-line.markdown diff | blob | history
xen/arch/x86/hvm/vmx/vmcs.c diff | blob | history
xen/arch/x86/spec_ctrl.c diff | blob | history
xen/include/asm-x86/spec_ctrl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.