x86: split opt_pv_l1tf

Use separate tracking variables for the hardware domain and DomU-s.

No functional change intended, but adjust the comment in
init_speculation_mitigations() to match prior as well as resulting code.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
index f300b562caa485b85222891efdedd5680fa4cdb6..bee6b38598f42e4cf6c2c407880cba417e294cf7 100644 (file)
--- a/xen/arch/x86/spec_ctrl.c
+++ b/xen/arch/x86/spec_ctrl.c
@@ -143,8 +143,10 @@ static int __init parse_spec_ctrl(const char *s)
             if ( opt_smt < 0 )
                 opt_smt = 1;
 
-            if ( opt_pv_l1tf < 0 )
-                opt_pv_l1tf = 0;
+            if ( opt_pv_l1tf_hwdom < 0 )
+                opt_pv_l1tf_hwdom = 0;
+            if ( opt_pv_l1tf_domu < 0 )
+                opt_pv_l1tf_domu = 0;
 
         disable_common:
             opt_rsb_pv = false;
@@ -222,7 +224,8 @@ static int __init parse_spec_ctrl(const char *s)
 }
 custom_param("spec-ctrl", parse_spec_ctrl);
 
-int8_t __read_mostly opt_pv_l1tf = -1;
+int8_t __read_mostly opt_pv_l1tf_hwdom = -1;
+int8_t __read_mostly opt_pv_l1tf_domu = -1;
 
 static __init int parse_pv_l1tf(const char *s)
 {
@@ -230,12 +233,14 @@ static __init int parse_pv_l1tf(const char *s)
     int val, rc = 0;
 
     /* Inhibit the defaults as an explicit choice has been given. */
-    if ( opt_pv_l1tf == -1 )
-        opt_pv_l1tf = 0;
+    if ( opt_pv_l1tf_hwdom == -1 )
+        opt_pv_l1tf_hwdom = 0;
+    if ( opt_pv_l1tf_domu == -1 )
+        opt_pv_l1tf_domu = 0;
 
     /* Interpret 'pv-l1tf' alone in its positive boolean form. */
     if ( *s == '\0' )
-        opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU;
+        opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1;
 
     do {
         ss = strchr(s, ',');
@@ -245,20 +250,18 @@ static __init int parse_pv_l1tf(const char *s)
         switch ( parse_bool(s, ss) )
         {
         case 0:
-            opt_pv_l1tf = 0;
+            opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 0;
             break;
 
         case 1:
-            opt_pv_l1tf = OPT_PV_L1TF_DOM0 | OPT_PV_L1TF_DOMU;
+            opt_pv_l1tf_hwdom = opt_pv_l1tf_domu = 1;
             break;
 
         default:
             if ( (val = parse_boolean("dom0", s, ss)) >= 0 )
-                opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOM0) |
-                               (val ? OPT_PV_L1TF_DOM0 : 0));
+                opt_pv_l1tf_hwdom = val;
             else if ( (val = parse_boolean("domu", s, ss)) >= 0 )
-                opt_pv_l1tf = ((opt_pv_l1tf & ~OPT_PV_L1TF_DOMU) |
-                               (val ? OPT_PV_L1TF_DOMU : 0));
+                opt_pv_l1tf_domu = val;
             else if ( *s )
                 rc = -EINVAL;
             break;
@@ -321,7 +324,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
            opt_l1d_flush                             ? " L1D_FLUSH" : "");
 
     /* L1TF diagnostics, printed if vulnerable or PV shadowing is in use. */
-    if ( cpu_has_bug_l1tf || opt_pv_l1tf )
+    if ( cpu_has_bug_l1tf || opt_pv_l1tf_hwdom || opt_pv_l1tf_domu )
         printk("  L1TF: believed%s vulnerable, maxphysaddr L1D %u, CPUID %u"
                ", Safe address %"PRIx64"\n",
                cpu_has_bug_l1tf ? "" : " not",
@@ -356,8 +359,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
            xpti_pcid_enabled() ? "" : "out");
 
     printk("  PV L1TF shadowing: Dom0 %s, DomU %s\n",
-           opt_pv_l1tf & OPT_PV_L1TF_DOM0  ? "enabled"  : "disabled",
-           opt_pv_l1tf & OPT_PV_L1TF_DOMU  ? "enabled"  : "disabled");
+           opt_pv_l1tf_hwdom ? "enabled"  : "disabled",
+           opt_pv_l1tf_domu  ? "enabled"  : "disabled");
 #endif
 }
 
@@ -894,13 +897,10 @@ void __init init_speculation_mitigations(void)
      * In shim mode, SHADOW is expected to be compiled out, and a malicious
      * guest kernel can only attack the shim Xen, not the host Xen.
      */
-    if ( opt_pv_l1tf == -1 )
-    {
-        if ( pv_shim || !cpu_has_bug_l1tf )
-            opt_pv_l1tf = 0;
-        else
-            opt_pv_l1tf = OPT_PV_L1TF_DOMU;
-    }
+    if ( opt_pv_l1tf_hwdom == -1 )
+        opt_pv_l1tf_hwdom = 0;
+    if ( opt_pv_l1tf_domu == -1 )
+        opt_pv_l1tf_domu = !pv_shim && cpu_has_bug_l1tf;
 
     /*
      * By default, enable L1D_FLUSH on L1TF-vulnerable hardware, unless

diff --git a/xen/include/asm-x86/shadow.h b/xen/include/asm-x86/shadow.h
index b3ebe56ab09deb3ae9f1550dbf8b13636a90300f..122f1dff633ccbd0aa97d5cde9cd78364f9f4b9f 100644 (file)
--- a/xen/include/asm-x86/shadow.h
+++ b/xen/include/asm-x86/shadow.h
@@ -224,9 +224,8 @@ void pv_l1tf_tasklet(unsigned long data);
 
 static inline void pv_l1tf_domain_init(struct domain *d)
 {
-    d->arch.pv.check_l1tf =
-        opt_pv_l1tf & (is_hardware_domain(d)
-                       ? OPT_PV_L1TF_DOM0 : OPT_PV_L1TF_DOMU);
+    d->arch.pv.check_l1tf = is_hardware_domain(d) ? opt_pv_l1tf_hwdom
+                                                  : opt_pv_l1tf_domu;
 
 #if defined(CONFIG_SHADOW_PAGING) && defined(CONFIG_PV)
     tasklet_init(&d->arch.paging.shadow.pv_l1tf_tasklet,

diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
index c6c20c1b43df783ed5ac84552cbce6de4d2b13a1..779da2b14d96af55b6e474fe7c9043c56c778fac 100644 (file)
--- a/xen/include/asm-x86/spec_ctrl.h
+++ b/xen/include/asm-x86/spec_ctrl.h
@@ -44,9 +44,7 @@ extern uint8_t default_spec_ctrl_flags;
 
 extern int8_t opt_xpti_hwdom, opt_xpti_domu;
 
-extern int8_t opt_pv_l1tf;
-#define OPT_PV_L1TF_DOM0  0x01
-#define OPT_PV_L1TF_DOMU  0x02
+extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu;
 
 /*
  * The L1D address mask, which might be wider than reported in CPUID, and the