lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Jun 2019 12:12:28 +0200
From:   Juergen Gross <jgross@...e.com>
To:     xen-devel@...ts.xenproject.org, x86@...nel.org,
        linux-kernel@...r.kernel.org
Cc:     Juergen Gross <jgross@...e.com>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Stefano Stabellini <sstabellini@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH] x86/xen: disable nosmt in Xen guests

When running as a Xen guest selecting "nosmt" either via command line
or implicitly via default settings makes no sense, as the guest has no
clue about the real system topology it is running on. With Xen it is
the hypervisor's job to ensure the proper bug mitigations are active
regarding smt settings.

So when running as a Xen guest set cpu_smt_control to "not supported"
in order to avoid disabling random vcpus.

Signed-off-by: Juergen Gross <jgross@...e.com>
---
 arch/x86/xen/enlighten.c     | 8 ++++++++
 arch/x86/xen/enlighten_hvm.c | 2 ++
 arch/x86/xen/enlighten_pv.c  | 2 ++
 arch/x86/xen/xen-ops.h       | 2 ++
 4 files changed, 14 insertions(+)

diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 750f46ad018a..312b73698d0c 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -345,3 +345,11 @@ void xen_arch_unregister_cpu(int num)
 }
 EXPORT_SYMBOL(xen_arch_unregister_cpu);
 #endif
+
+void __init xen_disable_nosmt(void)
+{
+#ifdef CONFIG_HOTPLUG_SMT
+	/* Don't allow SMT disabling in Xen guests. */
+	cpu_smt_control = CPU_SMT_NOT_SUPPORTED;
+#endif
+}
diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
index 0e75642d42a3..7c62662cd2ca 100644
--- a/arch/x86/xen/enlighten_hvm.c
+++ b/arch/x86/xen/enlighten_hvm.c
@@ -116,6 +116,8 @@ static void __init init_hvm_pv_info(void)
 		this_cpu_write(xen_vcpu_id, ebx);
 	else
 		this_cpu_write(xen_vcpu_id, smp_processor_id());
+
+	xen_disable_nosmt();
 }
 
 #ifdef CONFIG_KEXEC_CORE
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 4722ba2966ac..dcfec65bca60 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -131,6 +131,8 @@ static void __init xen_pv_init_platform(void)
 
 	/* pvclock is in shared info area */
 	xen_init_time_ops();
+
+	xen_disable_nosmt();
 }
 
 static void __init xen_pv_guest_late_init(void)
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 2f111f47ba98..63a31b9d7217 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -161,4 +161,6 @@ void xen_hvm_post_suspend(int suspend_cancelled);
 static inline void xen_hvm_post_suspend(int suspend_cancelled) {}
 #endif
 
+void __init xen_disable_nosmt(void);
+
 #endif /* XEN_OPS_H */
-- 
2.16.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ