projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3563fc2) | patch
x86/msr: Virtualise MSR_FLUSH_CMD for guests
authorAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 13 Apr 2018 15:34:01 +0000 (15:34 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 15:56:47 +0000 (16:56 +0100)
commitfd9823faf9df057a69a9a53c2e100691d3f4267c
treed13c9af2ed58a00b75280143117de928b46a4c4ctree | snapshot
parent3563fc2b2731a63fd7e8372ab0f5cef205bf8477commit | diff
x86/msr: Virtualise MSR_FLUSH_CMD for guests

Guests (outside of the nested virt case, which isn't supported yet) don't need
L1D_FLUSH for their L1TF mitigations, but offering/emulating MSR_FLUSH_CMD is
easy and doesn't pose an issue for Xen.

The MSR is offered to HVM guests only.  PV guests attempting to use it would
trap for emulation, and the L1D cache would fill long before the return to
guest context.  As such, PV guests can't make any use of the L1D_FLUSH
functionality.

This is part of XSA-273 / CVE-2018-3646.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/domctl.c diff | blob | history
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/msr.c diff | blob | history
xen/include/public/arch-x86/cpufeatureset.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.