Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.10697
5afc13ae-4-x86-explicitly-set-Xen-default-SPEC_...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5afc13ae-4-x86-explicitly-set-Xen-default-SPEC_CTRL.patch of Package xen.10697
# Commit cb8c12020307b39a89273d7699e89000451987ab # Date 2018-05-16 12:19:10 +0100 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value With the impending ability to disable MSR_SPEC_CTRL handling on a per-guest-type basis, the first exit-from-guest may not have the side effect of loading Xen's choice of value. Explicitly set Xen's default during the BSP and AP boot paths. For the BSP however, delay setting a non-zero MSR_SPEC_CTRL default until after dom0 has been constructed when safe to do so. Oracle report that this speeds up boots of some hardware by 50s. "when safe to do so" is based on whether we are virtualised. A native boot won't have any other code running in a position to mount an attack. Reported-by: Zhenzhong Duan <zhenzhong.duan@oracle.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1475,6 +1475,13 @@ void __init __start_xen(unsigned long mb dmi_end_boot(); + if ( bsp_delay_spec_ctrl ) + { + get_cpu_info()->use_shadow_spec_ctrl = 0; + barrier(); + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + } + system_state = SYS_STATE_active; domain_unpause_by_systemcontroller(dom0); --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -364,6 +364,14 @@ void start_secondary(void *unused) else microcode_resume_cpu(cpu); + /* + * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard + * any firmware settings. Note: MSR_SPEC_CTRL may only become available + * after loading microcode. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + smp_callin(); init_percpu_time(); --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -34,6 +34,8 @@ static int8_t __initdata opt_ibrs = -1; static bool_t __initdata opt_rsb_pv = 1; static bool_t __initdata opt_rsb_hvm = 1; bool_t __read_mostly opt_ibpb = 1; + +bool_t __initdata bsp_delay_spec_ctrl; int8_t __read_mostly default_xen_spec_ctrl = -1; uint8_t __read_mostly default_xen_rsb = 0; @@ -173,6 +175,36 @@ void __init init_speculation_mitigations init_shadow_spec_ctrl_state(); print_details(thunk, caps); + + /* + * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard + * any firmware settings. For performance reasons, when safe to do so, we + * delay applying non-zero settings until after dom0 has been constructed. + * + * "when safe to do so" is based on whether we are virtualised. A native + * boot won't have any other code running in a position to mount an + * attack. + */ + if ( default_xen_spec_ctrl >= 0 ) + { + bsp_delay_spec_ctrl = !cpu_has_hypervisor && default_xen_spec_ctrl; + + /* + * If delaying MSR_SPEC_CTRL setup, use the same mechanism as + * spec_ctrl_enter_idle(), by using a shadow value of zero. + */ + if ( bsp_delay_spec_ctrl ) + { + struct cpu_info *info = get_cpu_info(); + + info->shadow_spec_ctrl = 0; + barrier(); + info->use_shadow_spec_ctrl = 1; + barrier(); + } + + wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + } } /* --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -27,6 +27,8 @@ void init_speculation_mitigations(void); extern int8_t opt_xpti; extern bool_t opt_ibpb; + +extern bool_t bsp_delay_spec_ctrl; extern int8_t default_xen_spec_ctrl; extern uint8_t default_xen_rsb;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor