projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3c2a14e) | patch
x86/spec-ctrl: Make VERW flushing runtime conditional
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 13 Jun 2022 15:19:01 +0000 (16:19 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 16 Jun 2022 11:10:37 +0000 (12:10 +0100)
commite06b95c1d44ab80da255219fc9f1e2fc423edcb6
tree98b17893d04691d9381343edf5adc0ace37f186ctree | snapshot
parent3c2a14ea81c77ae7973c1e436a32436a7e6d017bcommit | diff
x86/spec-ctrl: Make VERW flushing runtime conditional

Currently, VERW flushing to mitigate MDS is boot time conditional per domain
type.  However, to provide mitigations for DRPW (CVE-2022-21166), we need to
conditionally use VERW based on the trustworthiness of the guest, and the
devices passed through.

Remove the PV/HVM alternatives and instead issue a VERW on the return-to-guest
path depending on the SCF_verw bit in cpuinfo spec_ctrl_flags.

Introduce spec_ctrl_init_domain() and d->arch.verw to calculate the VERW
disposition at domain creation time, and context switch the SCF_verw bit.

For now, VERW flushing is used and controlled exactly as before, but later
patches will add per-domain cases too.

No change in behaviour.

This is part of XSA-404.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
docs/misc/xen-command-line.pandoc diff | blob | history
xen/arch/x86/domain.c diff | blob | history
xen/arch/x86/hvm/vmx/entry.S diff | blob | history
xen/arch/x86/include/asm/cpufeatures.h diff | blob | history
xen/arch/x86/include/asm/domain.h diff | blob | history
xen/arch/x86/include/asm/spec_ctrl.h diff | blob | history
xen/arch/x86/include/asm/spec_ctrl_asm.h diff | blob | history
xen/arch/x86/spec_ctrl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.