Hello community, here is the log from the commit of package xen for openSUSE:Leap:15.2 checked in at 2020-06-10 16:49:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/xen (Old) and /work/SRC/openSUSE:Leap:15.2/.xen.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen" Wed Jun 10 16:49:50 2020 rev:86 rq:813020 version:4.13.1_02 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/xen/xen.changes 2020-04-21 19:08:03.992055245 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.xen.new.3606/xen.changes 2020-06-10 16:49:53.724357469 +0200 @@ -1,0 +2,66 @@ +Thu May 28 08:35:20 MDT 2020 - [email protected] + +- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer + Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) + xsa320-1.patch + xsa320-2.patch + +------------------------------------------------------------------- +Mon May 18 10:55:26 MDT 2020 - [email protected] + +- Update to Xen 4.13.1 bug fix release (bsc#1027519) + xen-4.13.1-testing-src.tar.bz2 + 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch + 5eb51caa-sched-vcpu-pause-flags-atomic.patch + 5ec2a760-x86-determine-MXCSR-mask-always.patch +- Drop patches contained in new tarball + 5de65f84-gnttab-map-always-do-IOMMU-part.patch + 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch + 5e15e03d-sched-fix-S3-resume-with-smt=0.patch + 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch + 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch + 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch + 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch + 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch + 5e318cd4-x86-apic-fix-disabling-LVT0.patch + 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch + 5e3bd385-EFI-recheck-variable-name-strings.patch + 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch + 5e3bd3f8-xmalloc-guard-against-overflow.patch + 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch + 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch + 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch + 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch + 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch + 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch + 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch + 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch + 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch + 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch + 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch + 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch + 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch + 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch + 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch + 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch + 5e86f7fd-credit2-fix-credit-too-few-resets.patch + 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch + 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch + 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch + 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch + 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch + 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch + +------------------------------------------------------------------- +Wed May 13 21:07:29 UTC 2020 - James Fehlig <[email protected]> + +- spec: Remove invocation of autogen.sh +- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares + +------------------------------------------------------------------- +Wed May 13 09:56:49 MDT 2020 - [email protected] + +- bsc#1170968 - GCC 10: xen build fails on i586 + gcc10-fixes.patch + +------------------------------------------------------------------- @@ -43,0 +110,7 @@ + +------------------------------------------------------------------- +Wed Mar 25 18:18:18 UTC 2020 - [email protected] + +- bsc#1167608 - unbound limit for max_event_channels + domUs with many vcpus and/or resources fail to start + libxl.max_event_channels.patch Old: ---- 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch xen-4.13.0-testing-src.tar.bz2 New: ---- 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch libxl.max_event_channels.patch xen-4.13.1-testing-src.tar.bz2 xsa320-1.patch xsa320-2.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:55.544362749 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:55.548362760 +0200 @@ -1,7 +1,7 @@ # # spec file for package xen # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ Name: xen ExclusiveArch: %ix86 x86_64 aarch64 %define changeset 40162 -%define xen_build_dir xen-4.13.0-testing +%define xen_build_dir xen-4.13.1-testing # %define with_gdbsx 0 %define with_dom0_support 0 @@ -70,10 +70,6 @@ BuildRequires: libfdt1-devel %endif %endif -# JWF: Until Anthony's series to load BIOS via toolstack is merged, -# autoconf is needed by autogen.sh. -# http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html -BuildRequires: autoconf >= 2.67 BuildRequires: bison BuildRequires: fdupes %if 0%{?suse_version} > 1315 @@ -127,12 +123,12 @@ BuildRequires: pesign-obs-integration %endif -Version: 4.13.0_12 +Version: 4.13.1_02 Release: 0 Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License: GPL-2.0-only Group: System/Kernel -Source0: xen-4.13.0-testing-src.tar.bz2 +Source0: xen-4.13.1-testing-src.tar.bz2 Source1: stubdom.tar.bz2 Source5: ipxe.tar.bz2 Source6: mini-os.tar.bz2 @@ -166,42 +162,11 @@ # For xen-libs Source99: baselibs.conf # Upstream patches -Patch1: 5de65f84-gnttab-map-always-do-IOMMU-part.patch -Patch2: 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch -Patch3: 5e15e03d-sched-fix-S3-resume-with-smt=0.patch -Patch4: 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch -Patch5: 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch -Patch6: 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch -Patch7: 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch -Patch8: 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch -Patch9: 5e318cd4-x86-apic-fix-disabling-LVT0.patch -Patch10: 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch -Patch11: 5e3bd385-EFI-recheck-variable-name-strings.patch -Patch12: 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch -Patch13: 5e3bd3f8-xmalloc-guard-against-overflow.patch -Patch14: 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch -Patch15: 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch -Patch16: 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch -Patch17: 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch -Patch18: 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch -Patch19: 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch -Patch20: 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch -Patch21: 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch -Patch22: 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch -Patch23: 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch -Patch24: 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch -Patch25: 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch -Patch26: 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch -Patch27: 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch -Patch28: 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch -Patch29: 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch -Patch30: 5e86f7fd-credit2-fix-credit-too-few-resets.patch -Patch31: 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch -Patch32: 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch -Patch33: 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch -Patch34: 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch -Patch35: 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch -Patch36: 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch +Patch1: 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch +Patch2: 5eb51caa-sched-vcpu-pause-flags-atomic.patch +Patch3: 5ec2a760-x86-determine-MXCSR-mask-always.patch +Patch100: xsa320-1.patch +Patch101: xsa320-2.patch # Our platform specific patches Patch400: xen-destdir.patch Patch401: vif-bridge-no-iptables.patch @@ -228,6 +193,7 @@ Patch457: pygrub-handle-one-line-menu-entries.patch Patch458: aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch Patch459: aarch64-maybe-uninitialized.patch +Patch461: libxl.max_event_channels.patch Patch462: libxc.sr.superpage.patch Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch Patch464: libxl.pvscsi.patch @@ -297,8 +263,7 @@ %if 0%{?suse_version} >= 1315 Requires: grub2-x86_64-xen %endif -# Uncomment when ovmf is supported -#Requires: qemu-ovmf-x86_64 +Recommends: qemu-ovmf-x86_64 Requires: qemu-x86 %endif %ifarch %arm aarch64 @@ -431,39 +396,8 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 +%patch100 -p1 +%patch101 -p1 # Our platform specific patches %patch400 -p1 %patch401 -p1 @@ -490,6 +424,7 @@ %patch457 -p1 %patch458 -p1 %patch459 -p1 +%patch461 -p1 %patch462 -p1 %patch463 -p1 %patch464 -p1 @@ -517,9 +452,6 @@ %build %define _lto_cflags %{nil} -# JWF: Anthony's series to load BIOS from toolstack requires autogen.sh. -# http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html -./autogen.sh # we control the version info of this package # to gain control of filename of xen.gz ++++++ 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch ++++++ # Commit 498d73647fa17d9eb7a67d2e9bdccac6b438e559 # Date 2020-05-08 10:44:22 +0200 # Author Juergen Gross <[email protected]> # Committer Jan Beulich <[email protected]> cpupool: fix removing cpu from a cpupool Commit cb563d7665f2 ("xen/sched: support core scheduling for moving cpus to/from cpupools") introduced a regression when trying to remove an offline cpu from a cpupool, as the system would crash in this situation. Fix that by testing the cpu to be online. Fixes: cb563d7665f2 ("xen/sched: support core scheduling for moving cpus to/from cpupools") Signed-off-by: Juergen Gross <[email protected]> Acked-by: Dario Faggioli <[email protected]> --- a/xen/common/cpupool.c +++ b/xen/common/cpupool.c @@ -519,6 +519,9 @@ static int cpupool_unassign_cpu(struct c debugtrace_printk("cpupool_unassign_cpu(pool=%d,cpu=%d)\n", c->cpupool_id, cpu); + if ( !cpu_online(cpu) ) + return -EINVAL; + master_cpu = sched_get_resource_cpu(cpu); ret = cpupool_unassign_cpu_start(c, master_cpu); if ( ret ) ++++++ 5eb51caa-sched-vcpu-pause-flags-atomic.patch ++++++ # Commit e0d92d9bd7997c6bcda17a19aba4f3957dd1a2e9 # Date 2020-05-08 10:47:38 +0200 # Author Juergen Gross <[email protected]> # Committer Jan Beulich <[email protected]> sched: always modify vcpu pause flags atomically credit2 is currently modifying the pause flags of vcpus non-atomically via sched_set_pause_flags() and sched_clear_pause_flags(). This is dangerous as there are cases where the paus flags are modified without any lock held. So drop the non-atomic pause flag modification functions and rename the atomic ones dropping the _atomic suffix. Fixes: a76255b4266516 ("xen/sched: make credit2 scheduler vcpu agnostic.") Signed-off-by: Juergen Gross <[email protected]> Reviewed-by: Dario Faggioli <[email protected]> --- a/xen/common/sched_credit.c +++ b/xen/common/sched_credit.c @@ -452,7 +452,7 @@ static inline void __runq_tickle(struct SCHED_UNIT_STAT_CRANK(cur, kicked_away); SCHED_UNIT_STAT_CRANK(cur, migrate_r); SCHED_STAT_CRANK(migrate_kicked_away); - sched_set_pause_flags_atomic(cur->unit, _VPF_migrating); + sched_set_pause_flags(cur->unit, _VPF_migrating); } /* Tickle cpu anyway, to let new preempt cur. */ SCHED_STAT_CRANK(tickled_busy_cpu); @@ -983,7 +983,7 @@ csched_unit_acct(struct csched_private * { SCHED_UNIT_STAT_CRANK(svc, migrate_r); SCHED_STAT_CRANK(migrate_running); - sched_set_pause_flags_atomic(currunit, _VPF_migrating); + sched_set_pause_flags(currunit, _VPF_migrating); /* * As we are about to tickle cpu, we should clear its bit in * idlers. But, if we are here, it means there is someone running --- a/xen/include/xen/sched-if.h +++ b/xen/include/xen/sched-if.h @@ -175,7 +175,7 @@ static inline void sched_set_pause_flags struct vcpu *v; for_each_sched_unit_vcpu ( unit, v ) - __set_bit(bit, &v->pause_flags); + set_bit(bit, &v->pause_flags); } /* Clear a bit in pause_flags of all vcpus of a unit. */ @@ -184,26 +184,6 @@ static inline void sched_clear_pause_fla { struct vcpu *v; - for_each_sched_unit_vcpu ( unit, v ) - __clear_bit(bit, &v->pause_flags); -} - -/* Set a bit in pause_flags of all vcpus of a unit via atomic updates. */ -static inline void sched_set_pause_flags_atomic(struct sched_unit *unit, - unsigned int bit) -{ - struct vcpu *v; - - for_each_sched_unit_vcpu ( unit, v ) - set_bit(bit, &v->pause_flags); -} - -/* Clear a bit in pause_flags of all vcpus of a unit via atomic updates. */ -static inline void sched_clear_pause_flags_atomic(struct sched_unit *unit, - unsigned int bit) -{ - struct vcpu *v; - for_each_sched_unit_vcpu ( unit, v ) clear_bit(bit, &v->pause_flags); } ++++++ 5ec2a760-x86-determine-MXCSR-mask-always.patch ++++++ # Commit 2b532519d64e653a6bbfd9eefed6040a09c8876d # Date 2020-05-18 17:18:56 +0200 # Author Jan Beulich <[email protected]> # Committer Jan Beulich <[email protected]> x86: determine MXCSR mask in all cases For its use(s) by the emulator to be correct in all cases, the filling of the variable needs to be independent of XSAVE availability. As there's no suitable function in i387.c to put the logic in, keep it in xstate_init(), arrange for the function to be called unconditionally, and pull the logic ahead of all return paths there. Fixes: 9a4496a35b20 ("x86emul: support {,V}{LD,ST}MXCSR") Signed-off-by: Jan Beulich <[email protected]> Reviewed-by: Andrew Cooper <[email protected]> --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -487,8 +487,7 @@ void identify_cpu(struct cpuinfo_x86 *c) /* Now the feature flags better reflect actual CPU features! */ - if ( cpu_has_xsave ) - xstate_init(c); + xstate_init(c); #ifdef NOISY_CAPS printk(KERN_DEBUG "CPU: After all inits, caps:"); --- a/xen/arch/x86/xstate.c +++ b/xen/arch/x86/xstate.c @@ -587,6 +587,18 @@ void xstate_init(struct cpuinfo_x86 *c) u32 eax, ebx, ecx, edx; u64 feature_mask; + if ( bsp ) + { + static typeof(current->arch.xsave_area->fpu_sse) __initdata ctxt; + + asm ( "fxsave %0" : "=m" (ctxt) ); + if ( ctxt.mxcsr_mask ) + mxcsr_mask = ctxt.mxcsr_mask; + } + + if ( !cpu_has_xsave ) + return; + if ( (bsp && !use_xsave) || boot_cpu_data.cpuid_level < XSTATE_CPUID ) { @@ -610,8 +622,6 @@ void xstate_init(struct cpuinfo_x86 *c) if ( bsp ) { - static typeof(current->arch.xsave_area->fpu_sse) __initdata ctxt; - xfeature_mask = feature_mask; /* * xsave_cntxt_size is the max size required by enabled features. @@ -620,10 +630,6 @@ void xstate_init(struct cpuinfo_x86 *c) xsave_cntxt_size = _xstate_ctxt_size(feature_mask); printk("xstate: size: %#x and states: %#"PRIx64"\n", xsave_cntxt_size, xfeature_mask); - - asm ( "fxsave %0" : "=m" (ctxt) ); - if ( ctxt.mxcsr_mask ) - mxcsr_mask = ctxt.mxcsr_mask; } else { ++++++ gcc10-fixes.patch ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:55.712363236 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:55.712363236 +0200 @@ -73,6 +73,15 @@ specified bound 108 equals destination size [-Werror=stringop-truncation] +xenpmd.c: In function 'get_next_battery_file': +xenpmd.c:92:37: error: '%s' directive output may be truncated writing between 4 and 2147483645 bytes into a region of size 271 [-Werror=format-truncation=] + 92 | #define BATTERY_STATE_FILE_PATH "/tmp/battery/%s/state" + | ^~~~~~~~~~~~~~~~~~~~~~~ +xenpmd.c:117:52: note: in expansion of macro 'BATTERY_STATE_FILE_PATH' + 117 | snprintf(file_name, sizeof(file_name), BATTERY_STATE_FILE_PATH, + | ^~~~~~~~~~~~~~~~~~~~~~~ + + Index: xen-4.13.0-testing/tools/libxl/libxlu_pci.c =================================================================== --- xen-4.13.0-testing.orig/tools/libxl/libxlu_pci.c @@ -107,7 +116,7 @@ +++ xen-4.13.0-testing/stubdom/polarssl.patch @@ -62,3 +62,25 @@ diff -Naur polarssl-1.1.4/library/bignum t_udbl r; - + r = (t_udbl) X.p[i] << biL; +--- polarssl-1.1.4/library/ssl_tls.c.orig 2012-05-30 01:39:36.000000000 -0600 ++++ polarssl-1.1.4/library/ssl_tls.c 2020-03-10 10:17:26.270755351 -0600 @@ -177,3 +186,17 @@ int libxl__prepare_sockaddr_un(libxl__gc *gc, struct sockaddr_un *un, const char *path, const char *what) +Index: xen-4.13.0-testing/tools/xenpmd/xenpmd.c +=================================================================== +--- xen-4.13.0-testing.orig/tools/xenpmd/xenpmd.c ++++ xen-4.13.0-testing/tools/xenpmd/xenpmd.c +@@ -86,6 +86,9 @@ struct battery_status { + + static struct xs_handle *xs; + ++#if __GNUC__ >= 10 ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++#endif + #ifdef RUN_IN_SIMULATE_MODE + #define BATTERY_DIR_PATH "/tmp/battery" + #define BATTERY_INFO_FILE_PATH "/tmp/battery/%s/info" ++++++ libxc.sr.superpage.patch ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:55.752363353 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:55.752363353 +0200 @@ -12,10 +12,10 @@ must be freed on the receiving side to avoid over-allocation. The existing code for x86_pv is moved unmodified into its own file. -Index: xen-4.12.0-testing/tools/libxc/xc_dom_x86.c +Index: xen-4.13.1-testing/tools/libxc/xc_dom_x86.c =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_dom_x86.c -+++ xen-4.12.0-testing/tools/libxc/xc_dom_x86.c +--- xen-4.13.1-testing.orig/tools/libxc/xc_dom_x86.c ++++ xen-4.13.1-testing/tools/libxc/xc_dom_x86.c @@ -45,11 +45,6 @@ #define SUPERPAGE_BATCH_SIZE 512 @@ -28,10 +28,10 @@ #define X86_CR0_PE 0x01 #define X86_CR0_ET 0x10 -Index: xen-4.12.0-testing/tools/libxc/xc_private.h +Index: xen-4.13.1-testing/tools/libxc/xc_private.h =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_private.h -+++ xen-4.12.0-testing/tools/libxc/xc_private.h +--- xen-4.13.1-testing.orig/tools/libxc/xc_private.h ++++ xen-4.13.1-testing/tools/libxc/xc_private.h @@ -71,6 +71,11 @@ struct iovec { #define DECLARE_FLASK_OP struct xen_flask_op op #define DECLARE_PLATFORM_OP struct xen_platform_op platform_op @@ -44,10 +44,10 @@ #undef PAGE_SHIFT #undef PAGE_SIZE #undef PAGE_MASK -Index: xen-4.12.0-testing/tools/libxc/xc_sr_common.c +Index: xen-4.13.1-testing/tools/libxc/xc_sr_common.c =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_sr_common.c -+++ xen-4.12.0-testing/tools/libxc/xc_sr_common.c +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_common.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_common.c @@ -156,6 +156,47 @@ static void __attribute__((unused)) buil } @@ -96,10 +96,10 @@ * Local variables: * mode: C * c-file-style: "BSD" -Index: xen-4.12.0-testing/tools/libxc/xc_sr_common.h +Index: xen-4.13.1-testing/tools/libxc/xc_sr_common.h =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_sr_common.h -+++ xen-4.12.0-testing/tools/libxc/xc_sr_common.h +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_common.h ++++ xen-4.13.1-testing/tools/libxc/xc_sr_common.h @@ -140,6 +140,16 @@ struct xc_sr_restore_ops int (*setup)(struct xc_sr_context *ctx); @@ -247,10 +247,10 @@ #endif /* * Local variables: -Index: xen-4.12.0-testing/tools/libxc/xc_sr_restore.c +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore.c =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_sr_restore.c -+++ xen-4.12.0-testing/tools/libxc/xc_sr_restore.c +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore.c @@ -69,132 +69,6 @@ static int read_headers(struct xc_sr_con } @@ -428,10 +428,10 @@ if ( ctx.dominfo.hvm ) { -Index: xen-4.12.0-testing/tools/libxc/xc_sr_restore_x86_hvm.c +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_hvm.c =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_sr_restore_x86_hvm.c -+++ xen-4.12.0-testing/tools/libxc/xc_sr_restore_x86_hvm.c +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore_x86_hvm.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_hvm.c @@ -135,6 +135,8 @@ static int x86_hvm_localise_page(struct static int x86_hvm_setup(struct xc_sr_context *ctx) { @@ -806,11 +806,11 @@ .process_record = x86_hvm_process_record, .stream_complete = x86_hvm_stream_complete, .cleanup = x86_hvm_cleanup, -Index: xen-4.12.0-testing/tools/libxc/xc_sr_restore_x86_pv.c +Index: xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_pv.c =================================================================== ---- xen-4.12.0-testing.orig/tools/libxc/xc_sr_restore_x86_pv.c -+++ xen-4.12.0-testing/tools/libxc/xc_sr_restore_x86_pv.c -@@ -938,6 +938,75 @@ static void x86_pv_set_gfn(struct xc_sr_ +--- xen-4.13.1-testing.orig/tools/libxc/xc_sr_restore_x86_pv.c ++++ xen-4.13.1-testing/tools/libxc/xc_sr_restore_x86_pv.c +@@ -960,6 +960,75 @@ static void x86_pv_set_gfn(struct xc_sr_ } /* @@ -886,7 +886,7 @@ * restore_ops function. Convert pfns back to mfns in pagetables. Possibly * needs to populate new frames if a PTE is found referring to a frame which * hasn't yet been seen from PAGE_DATA records. -@@ -981,7 +1050,7 @@ static int x86_pv_localise_page(struct x +@@ -1003,7 +1072,7 @@ static int x86_pv_localise_page(struct x } } @@ -895,7 +895,7 @@ return -1; for ( i = 0; i < (PAGE_SIZE / sizeof(uint64_t)); ++i ) -@@ -1161,6 +1230,7 @@ struct xc_sr_restore_ops restore_ops_x86 +@@ -1183,6 +1252,7 @@ struct xc_sr_restore_ops restore_ops_x86 .set_gfn = x86_pv_set_gfn, .localise_page = x86_pv_localise_page, .setup = x86_pv_setup, ++++++ libxl.libxl__domain_pvcontrol.patch ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:55.768363399 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:55.768363399 +0200 @@ -11,18 +11,11 @@ tools/libxl/libxl_domain.c | 3 +++ 1 file changed, 3 insertions(+) ---- a/tools/libxl/libxl_domain.c -+++ b/tools/libxl/libxl_domain.c -@@ -765,24 +765,27 @@ char * libxl__domain_pvcontrol_read(libxl__gc *gc, xs_transaction_t t, - - int libxl__domain_pvcontrol(libxl__egc *egc, libxl__xswait_state *pvcontrol, - domid_t domid, const char *cmd) - { - STATE_AO_GC(pvcontrol->ao); - const char *shutdown_path; - int rc; - - rc = libxl__domain_pvcontrol_available(gc, domid); +Index: xen-4.13.1-testing/tools/libxl/libxl_domain.c +=================================================================== +--- xen-4.13.1-testing.orig/tools/libxl/libxl_domain.c ++++ xen-4.13.1-testing/tools/libxl/libxl_domain.c +@@ -795,6 +795,9 @@ int libxl__domain_pvcontrol(libxl__egc * if (rc < 0) return rc; @@ -32,12 +25,3 @@ shutdown_path = libxl__domain_pvcontrol_xspath(gc, domid); if (!shutdown_path) return ERROR_FAIL; - - rc = libxl__xs_printf(gc, XBT_NULL, shutdown_path, "%s", cmd); - if (rc) - return rc; - - pvcontrol->path = shutdown_path; - pvcontrol->what = GCSPRINTF("guest acknowledgement of %s request", cmd); - pvcontrol->timeout_ms = 60 * 1000; - rc = libxl__xswait_start(gc, pvcontrol); ++++++ libxl.max_event_channels.patch ++++++ References: bsc#1167608 unbound limits for max_event_channels 1023 is too low for a three digit value of vcpus it is difficult to make the value depend on the number of vcpus adding devices at runtime also needs event channels --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -224,7 +224,7 @@ int libxl__domain_build_info_setdefault( b_info->iomem[i].gfn = b_info->iomem[i].start; if (!b_info->event_channels) - b_info->event_channels = 1023; + b_info->event_channels = -1U; libxl__arch_domain_build_info_setdefault(gc, b_info); libxl_defbool_setdefault(&b_info->dm_restrict, false); ++++++ xen-4.13.0-testing-src.tar.bz2 -> xen-4.13.1-testing-src.tar.bz2 ++++++ ++++ 4421 lines of diff (skipped) ++++++ xen.bug1026236.suse_vtsc_tolerance.patch ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:59.316373692 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:59.316373692 +0200 @@ -8,8 +8,10 @@ the hostadmin to decide how much tolerance all running domUs can actually handle. The default is zero tolerance. ---- a/xen/arch/x86/time.c -+++ b/xen/arch/x86/time.c +Index: xen-4.13.1-testing/xen/arch/x86/time.c +=================================================================== +--- xen-4.13.1-testing.orig/xen/arch/x86/time.c ++++ xen-4.13.1-testing/xen/arch/x86/time.c @@ -43,6 +43,9 @@ static char __initdata opt_clocksource[10]; string_param("clocksource", opt_clocksource); @@ -20,7 +22,7 @@ unsigned long __read_mostly cpu_khz; /* CPU clock frequency in kHz. */ DEFINE_SPINLOCK(rtc_lock); unsigned long pit0_ticks; -@@ -2229,6 +2232,7 @@ int tsc_set_info(struct domain *d, +@@ -2230,6 +2233,7 @@ int tsc_set_info(struct domain *d, switch ( tsc_mode ) { @@ -28,7 +30,7 @@ case TSC_MODE_DEFAULT: case TSC_MODE_ALWAYS_EMULATE: d->arch.vtsc_offset = get_s_time() - elapsed_nsec; -@@ -2242,8 +2246,26 @@ int tsc_set_info(struct domain *d, +@@ -2243,8 +2247,26 @@ int tsc_set_info(struct domain *d, * When a guest is created, gtsc_khz is passed in as zero, making * d->arch.tsc_khz == cpu_khz. Thus no need to check incarnation. */ ++++++ xen.build-compare.doc_html.patch ++++++ --- /var/tmp/diff_new_pack.95wpSb/_old 2020-06-10 16:49:59.328373727 +0200 +++ /var/tmp/diff_new_pack.95wpSb/_new 2020-06-10 16:49:59.328373727 +0200 @@ -5,11 +5,11 @@ docs/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -Index: xen-4.13.0-testing/docs/Makefile +Index: xen-4.13.1-testing/docs/Makefile =================================================================== ---- xen-4.13.0-testing.orig/docs/Makefile -+++ xen-4.13.0-testing/docs/Makefile -@@ -188,7 +188,7 @@ uninstall: uninstall-man-pages uninstall +--- xen-4.13.1-testing.orig/docs/Makefile ++++ xen-4.13.1-testing/docs/Makefile +@@ -191,7 +191,7 @@ uninstall: uninstall-man-pages uninstall # Individual file build targets html/index.html: $(DOC_HTML) $(CURDIR)/gen-html-index INDEX @@ -18,7 +18,7 @@ html/%.txt: %.txt @$(INSTALL_DIR) $(@D) -@@ -203,8 +203,8 @@ html/hypercall/%/index.html: $(CURDIR)/x +@@ -206,8 +206,8 @@ html/hypercall/%/index.html: $(CURDIR)/x $(INSTALL_DIR) $(@D) $(PERL) -w $(CURDIR)/xen-headers -O $(@D) \ -T 'arch-$* - Xen public headers' \ ++++++ xsa320-1.patch ++++++ x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Acked-by: Wei Liu <[email protected]> --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -483,10 +483,10 @@ accounting for hardware capabilities as Currently accepted: -The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, -`l1d-flush` and `ssbd` are used by default if available and applicable. They can -be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and -won't offer them to guests. +The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, +`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +use them itself, and won't offer them to guests. ### cpuid_mask_cpu > `= fam_0f_rev_[cdefg] | fam_10_rev_[bc] | fam_11_rev_b` --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -213,6 +213,7 @@ int libxl_cpuid_parse_config(libxl_cpuid {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, + {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1}, {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1}, {"cet-ibt", 0x00000007, 0, CPUID_REG_EDX, 20, 1}, {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1}, --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -157,6 +157,7 @@ static const char *const str_7d0[32] = [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", [ 4] = "fsrm", + /* 8 */ [ 9] = "srbds-ctrl", [10] = "md-clear", /* 12 */ [13] = "tsx-force-abort", --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -134,6 +134,7 @@ int guest_rdmsr(struct vcpu *v, uint32_t /* Write-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: case MSR_U_CET: case MSR_S_CET: case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: @@ -288,6 +289,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t /* Read-only */ case MSR_TSX_FORCE_ABORT: case MSR_TSX_CTRL: + case MSR_MCU_OPT_CTRL: case MSR_U_CET: case MSR_S_CET: case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -312,12 +312,13 @@ static void __init print_details(enum in printk("Speculative mitigation facilities:\n"); /* Hardware features which pertain to speculative mitigations. */ - printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -179,6 +179,9 @@ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_MCU_OPT_CTRL 0x00000123 +#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) + #define MSR_U_CET 0x000006a0 #define MSR_S_CET 0x000006a2 #define MSR_PL0_SSP 0x000006a4 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -252,6 +252,7 @@ XEN_CPUFEATURE(IBPB, 8*32+12) / /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ +XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(CET_IBT, 9*32+20) /* CET - Indirect Branch Tracking */ ++++++ xsa320-2.patch ++++++ x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel See patch documentation and comments. This is part of XSA-320 / CVE-2020-0543 Signed-off-by: Andrew Cooper <[email protected]> Reviewed-by: Jan Beulich <[email protected]> --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1991,7 +1991,7 @@ By default SSBD will be mitigated at run ### spec-ctrl (x86) > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, -> l1d-flush,branch-harden}=<bool> ]` +> l1d-flush,branch-harden,srb-lock}=<bool> ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2068,6 +2068,12 @@ If Xen is compiled with `CONFIG_SPECULAT speculation barriers to protect selected conditional branches. By default, Xen will enable this mitigation. +On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force +or prevent Xen from protect the Special Register Buffer from leaking stale +data. By default, Xen will enable this mitigation, except on parts where MDS +is fixed and TAA is fixed/mitigated (in which case, there is believed to be no +way for an attacker to obtain the stale data). + ### sync_console > `= <boolean>` --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -295,6 +295,9 @@ static int enter_state(u32 state) ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); spec_ctrl_exit_idle(ci); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + done: spin_debug_enable(); local_irq_restore(flags); --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -361,12 +361,14 @@ void start_secondary(void *unused) microcode_update_one(false); /* - * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard - * any firmware settings. Note: MSR_SPEC_CTRL may only become available - * after loading microcode. + * If any speculative control MSRs are available, apply Xen's default + * settings. Note: These MSRs may only become available after loading + * microcode. */ if ( boot_cpu_has(X86_FEATURE_IBRSB) ) wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -65,6 +65,9 @@ static unsigned int __initdata l1d_maxph static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ +static int8_t __initdata opt_srb_lock = -1; +uint64_t __read_mostly default_xen_mcu_opt_ctrl; + static int __init parse_spec_ctrl(const char *s) { const char *ss; @@ -112,6 +115,7 @@ static int __init parse_spec_ctrl(const opt_ssbd = false; opt_l1d_flush = 0; opt_branch_harden = false; + opt_srb_lock = 0; } else if ( val > 0 ) rc = -EINVAL; @@ -178,6 +182,8 @@ static int __init parse_spec_ctrl(const opt_l1d_flush = val; else if ( (val = parse_boolean("branch-harden", s, ss)) >= 0 ) opt_branch_harden = val; + else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) + opt_srb_lock = val; else rc = -EINVAL; @@ -341,7 +347,7 @@ static void __init print_details(enum in "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -352,6 +358,8 @@ static void __init print_details(enum in (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", + !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : + opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", opt_ibpb ? " IBPB" : "", opt_l1d_flush ? " L1D_FLUSH" : "", opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : "", @@ -1149,6 +1157,34 @@ void __init init_speculation_mitigations tsx_init(); } + /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + { + uint64_t val; + + rdmsrl(MSR_MCU_OPT_CTRL, val); + + /* + * On some SRBDS-affected hardware, it may be safe to relax srb-lock + * by default. + * + * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way + * to access the Fill Buffer. If TSX isn't available (inc. SKU + * reasons on some models), or TSX is explicitly disabled, then there + * is no need for the extra overhead to protect RDRAND/RDSEED. + */ + if ( opt_srb_lock == -1 && + (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && + (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) + opt_srb_lock = 0; + + val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; + if ( !opt_srb_lock ) + val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; + + default_xen_mcu_opt_ctrl = val; + } + print_details(thunk, caps); /* @@ -1180,6 +1216,9 @@ void __init init_speculation_mitigations wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); } + + if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) + wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); } static void __init __maybe_unused build_assertions(void) --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -54,6 +54,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_ */ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; +extern uint64_t default_xen_mcu_opt_ctrl; + static inline void init_shadow_spec_ctrl_state(void) { struct cpu_info *info = get_cpu_info();
