AMD processors will execute loads and stores with the same base register in
program order, which is typically how a compiler emits code.
Therefore, by default no mitigating actions are taken, despite there being
corner cases which are vulnerable to the issue.
For performance testing, or for users with particularly sensitive workloads,
the `spec-ctrl=ssbd` command line option is available to force Xen to disable
Memory Disambiguation on applicable hardware.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit:
8c0e338086f060eba31d37b83fbdb883928aa085
master date: 2018-05-21 14:20:06 +0100
### spec-ctrl (x86)
> `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb}=<bool>,
-> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb}=<bool> ]`
+> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd}=<bool> ]`
Controls for speculative execution sidechannel mitigations. By default, Xen
will pick the most appropriate mitigations based on compiled in support,
option can be used to force (the default) or prevent Xen from issuing branch
prediction barriers on vcpu context switches.
+On hardware supporting SSBD (Speculative Store Bypass Disable), the `ssbd=`
+option can be used to force or prevent Xen using the feature itself. On AMD
+hardware, this is a global option applied at boot, and not virtualised for
+guest use.
+
### sync\_console
> `= <boolean>`
#include <asm/amd.h>
#include <asm/hvm/support.h>
#include <asm/setup.h> /* amd_init_cpu */
+#include <asm/spec_ctrl.h>
#include <asm/acpi.h>
#include <asm/apic.h>
c->x86_capability);
}
+ /*
+ * If the user has explicitly chosen to disable Memory Disambiguation
+ * to mitigiate Speculative Store Bypass, poke the appropriate MSR.
+ */
+ if (opt_ssbd) {
+ int bit = -1;
+
+ switch (c->x86) {
+ case 0x15: bit = 54; break;
+ case 0x16: bit = 33; break;
+ case 0x17: bit = 10; break;
+ }
+
+ if (bit >= 0 && !rdmsr_safe(MSR_AMD64_LS_CFG, value)) {
+ value |= 1ull << bit;
+ wrmsr_safe(MSR_AMD64_LS_CFG, value);
+ }
+ }
+
switch(c->x86)
{
case 0xf ... 0x17:
} opt_thunk __initdata = THUNK_DEFAULT;
static int8_t __initdata opt_ibrs = -1;
bool_t __read_mostly opt_ibpb = 1;
+bool_t __read_mostly opt_ssbd = 0;
bool_t __initdata bsp_delay_spec_ctrl;
uint8_t __read_mostly default_xen_spec_ctrl;
opt_ibrs = val;
else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 )
opt_ibpb = val;
+ else if ( (val = parse_boolean("ssbd", s, ss)) >= 0 )
+ opt_ssbd = val;
else
rc = -EINVAL;
void init_speculation_mitigations(void);
extern bool_t opt_ibpb;
+extern bool_t opt_ssbd;
extern bool_t bsp_delay_spec_ctrl;
extern uint8_t default_xen_spec_ctrl;
projects / xen.git / commitdiff