x86/spec-ctrl: Update docs with SRBDS workaround

author Andrew Cooper <andrew.cooper3@citrix.com>

Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Thu, 11 Jun 2020 15:28:08 +0000 (16:28 +0100)
author Andrew Cooper <andrew.cooper3@citrix.com>
Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Thu, 11 Jun 2020 15:28:08 +0000 (16:28 +0100)
diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc

index c78031253121ed5b8d1f9274acb74cd84aaf8e30..81e12d053c01fdd9bb29e941e2af44c59f3dd7be 100644 (file)
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -481,12 +481,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels.
  This option allows for fine tuning of the facilities Xen will use, after
  accounting for hardware capabilities as enumerated via CPUID.
  
+Unless otherwise noted, options only have any effect in their negative form,
+to hide the named feature(s).  Ignoring a feature using this mechanism will
+cause Xen not to use the feature, nor offer them as usable to guests.
+
  Currently accepted:
  
  The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
  `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
-applicable.  They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
-use them itself, and won't offer them to guests.
+applicable.  They can all be ignored.
+
+`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 /
+CVE-2020-0543.
  
  ### cpuid_mask_cpu
  > `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b`
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 10 Jun 2020 17:57:00 +0000 (18:57 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 11 Jun 2020 15:28:08 +0000 (16:28 +0100)