x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden

author Andrew Cooper <andrew.cooper3@citrix.com>

Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Thu, 11 Jun 2020 15:27:47 +0000 (16:27 +0100)
author Andrew Cooper <andrew.cooper3@citrix.com>
Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Thu, 11 Jun 2020 15:27:47 +0000 (16:27 +0100)
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown

index 4b34eefeb5a5e6e944e8afe8ad424182d53a2942..44a5a911c01505985c8a6ce0dadd89afce128eb0 100644 (file)
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -454,12 +454,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels.
  This option allows for fine tuning of the facilities Xen will use, after
  accounting for hardware capabilities as enumerated via CPUID.
  
+Unless otherwise noted, options only have any effect in their negative form,
+to hide the named feature(s).  Ignoring a feature using this mechanism will
+cause Xen not to use the feature, nor offer them as usable to guests.
+
  Currently accepted:
  
  The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
  `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
-applicable.  They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
-use them itself, and won't offer them to guests.
+applicable.  They can all be ignored.
+
+`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 /
+CVE-2020-0543.
  
  ### cpuid\_mask\_cpu (AMD only)
  > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b`
diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c

index 5a2c67fcacdd4b0ab3904c02edd4bdf3bfac19f2..ea2e708c4721a1e492b5b23ab345c404e0de8ad1 100644 (file)
--- a/tools/libxl/libxl_cpuid.c
+++ b/tools/libxl/libxl_cpuid.c
@@ -89,7 +89,7 @@ static libxl_cpuid_policy_list cpuid_find_match(libxl_cpuid_policy_list *list,
  int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
  {
  #define NA XEN_CPUID_INPUT_UNUSED
-    struct cpuid_flags cpuid_flags[] = {
+    static const struct cpuid_flags cpuid_flags[] = {
          {"maxleaf",      0x00000000, NA, CPUID_REG_EAX,  0, 32},
        /* the following two entries are subject to tweaking later in the code */
          {"family",       0x00000001, NA, CPUID_REG_EAX,  8,  8},
@@ -100,6 +100,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
          {"clflush",      0x00000001, NA, CPUID_REG_EBX,  8,  8},
          {"brandid",      0x00000001, NA, CPUID_REG_EBX,  0,  8},
          {"hypervisor",   0x00000001, NA, CPUID_REG_ECX, 31,  1},
+        {"rdrand",       0x00000001, NA, CPUID_REG_ECX, 30,  1},
          {"f16c",         0x00000001, NA, CPUID_REG_ECX, 29,  1},
          {"avx",          0x00000001, NA, CPUID_REG_ECX, 28,  1},
          {"osxsave",      0x00000001, NA, CPUID_REG_ECX, 27,  1},
@@ -160,6 +161,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
          {"fpu",          0x00000001, NA, CPUID_REG_EDX,  0,  1},
          {"srbds-ctrl",   0x00000007,  0, CPUID_REG_EDX,  9,  1},
          {"md-clear",     0x00000007,  0, CPUID_REG_EDX, 10,  1},
+        {"rdseed",       0x00000007,  0, CPUID_REG_EBX, 18,  1},
          {"ibrsb",        0x00000007,  0, CPUID_REG_EDX, 26,  1},
          {"stibp",        0x00000007,  0, CPUID_REG_EDX, 27,  1},
          {"l1d-flush",    0x00000007,  0, CPUID_REG_EDX, 28,  1},
@@ -211,7 +213,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
  #undef NA
      char *sep, *val, *endptr;
      int i;
-    struct cpuid_flags *flag;
+    const struct cpuid_flags *flag;
      struct libxl__cpuid_policy *entry;
      unsigned long num;
      char flags[33], *resstr;
diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c

index b4988ba527c7c86006d061dfdf4f9e6fc36ba9d3..8fb98c1dad258c18c5f5561de24ad54041095ffc 100644 (file)
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -63,6 +63,16 @@ static int __init parse_xen_cpuid(const char *s)
              if ( !val )
                  setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL);
          }
+        else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 )
+        {
+            if ( !val )
+                setup_clear_cpu_cap(X86_FEATURE_RDRAND);
+        }
+        else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 )
+        {
+            if ( !val )
+                setup_clear_cpu_cap(X86_FEATURE_RDSEED);
+        }
          else
              rc = -EINVAL;
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 11 Jun 2020 15:27:47 +0000 (16:27 +0100)
docs/misc/xen-command-line.markdown		patch \| blob \| blame \| history
tools/libxl/libxl_cpuid.c		patch \| blob \| blame \| history
xen/arch/x86/cpuid.c		patch \| blob \| blame \| history