xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 7 Mar 2022 16:35:52 +0000 (16:35 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 8 Mar 2022 16:38:02 +0000 (16:38 +0000)
commit	8d03080d2a339840d3a59e0932a94f804e45110d
tree	1804a45d11fdac55ad43c94c439572f4c853e069	tree
parent	c0a56ea0fd92ecb471936b7355ddbecbaea3707c	commit \| diff

x86/spec-ctrl: Cease using thunk=lfence on AMD

AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer
considered safe.  AMD are recommending using retpoline everywhere.

Retpoline is incompatible with CET.  All CET-capable hardware has efficient
IBRS (specifically, not something retrofitted in microcode), so use IBRS (and
STIBP for consistency sake).

This is a logical change on AMD, but not on Intel as the default calculations
would end up with these settings anyway.  Leave behind a message if IBRS is
found to be missing.

Also update the default heuristics to never select THUNK_LFENCE.  This causes
AMD CPUs to change their default to retpoline.

Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and
STIBP now that we set it for consistency sake.

This is part of XSA-398 / CVE-2021-26401.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

docs/misc/xen-command-line.pandoc		diff \| blob \| blame \| history
xen/arch/x86/spec_ctrl.c		diff \| blob \| blame \| history