Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
xen.26345
xsa398.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa398.patch of Package xen.26345
# Commit 8d03080d2a339840d3a59e0932a94f804e45110d # Date 2022-03-08 16:38:02 +0000 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Update the default heuristics to never select THUNK_LFENCE. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1887,9 +1887,9 @@ to use. If Xen was compiled with INDIRECT\_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -937,16 +937,10 @@ void __init init_speculation_mitigations if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ibrs = true;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor