Xen project Mailing List

[Xen-devel] [PATCH] x86/pv: Enable pv-l1tf mitigations for dom0 by default

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 31 Jan 2019 13:59:24 +0000

Cc: Juergen Gross <jgross@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 31 Jan 2019 13:59:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

At the time XSA-273 was published, shadowing dom0 had proved to be unstable, which is why dom0 was unprotected by default. The instability was identified to be problems with shadowing PV superpages, and fixed. In hindsight, this patch should have been posted at the same time. There is now no legitimate reason to handle dom0 differently to domu when it comes to pv-l1tf protections. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Wei Liu <wei.liu2@xxxxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Juergen Gross <jgross@xxxxxxxx> This wants backporting to whichever trees have the PV superpage shadowing fixes. --- docs/misc/xen-command-line.pandoc | 2 +- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 6a33775..18ba8df 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1616,7 +1616,7 @@ turning it off can reduce the attack surface. > `= List of [ <bool>, dom0=<bool>, domu=<bool> ]` > Default: `false` on believed-unaffected hardware, or in pv-shim mode. -> `domu` on believed-affected hardware. +> `true` on believed-affected hardware. Mitigations for L1TF / XSA-273 / CVE-2018-3620 for PV guests. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ad72ecd..5bdd1a8 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -822,14 +822,14 @@ void __init init_speculation_mitigations(void) l1tf_calculations(caps); /* - * By default, enable PV domU L1TF mitigations on all L1TF-vulnerable - * hardware, except when running in shim mode. + * By default, enable PV L1TF mitigations on all L1TF-vulnerable hardware, + * except when running in shim mode. * * In shim mode, SHADOW is expected to be compiled out, and a malicious * guest kernel can only attack the shim Xen, not the host Xen. */ if ( opt_pv_l1tf_hwdom == -1 ) - opt_pv_l1tf_hwdom = 0; + opt_pv_l1tf_hwdom = cpu_has_bug_l1tf; if ( opt_pv_l1tf_domu == -1 ) opt_pv_l1tf_domu = !pv_shim && cpu_has_bug_l1tf; -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.