diff options
| author | Andrew Cooper <andrew.cooper3@citrix.com> | 2021-10-04 21:39:03 +0100 |
|---|---|---|
| committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2021-10-08 18:52:22 +0100 |
| commit | b11380f6cd58ce40422473262b2b4c2b210447a1 (patch) | |
| tree | 504cbe4092907880c65bb00575b75814a5ea8073 /xen/include | |
| parent | 1d345539c0e3654025fc00187bf633fda6ea9a43 (diff) | |
x86/spec-ctrl: Build with BRANCH_HARDEN lfences by default
Branch Harden is enabled by default at compile and boot time. Invert the
logic to compile with lfence by default and nop out in the non-default case.
This has several advantages. It removes 3829 patch points (in the random
build of Xen I have to hand) by default on boot, 70% (!) of the
.altinstr_replacement section. For builds of Xen with a non-nops capable tool
chain, the code after `spec-ctrl=no-branch-harden` is better because Xen can
write long nops.
Most importantly however, it means the disassembly actually matches what runs
in the common case, with the ability to distinguish the lfences from other
uses of nops.
Finally, make opt_branch_harden local to spec_ctrl.c and __initdata. It has
never been used externally, even at it's introduction in c/s 3860d5534df4
"spec: add l1tf-barrier".
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'xen/include')
| -rw-r--r-- | xen/include/asm-x86/cpufeatures.h | 2 | ||||
| -rw-r--r-- | xen/include/asm-x86/nospec.h | 2 | ||||
| -rw-r--r-- | xen/include/asm-x86/spec_ctrl.h | 1 |
3 files changed, 2 insertions, 3 deletions
diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 72beb7babc..b10154fc44 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -27,7 +27,7 @@ XEN_CPUFEATURE(XEN_SMAP, X86_SYNTH(11)) /* SMAP gets used by Xen itself /* Bit 12 - unused. */ XEN_CPUFEATURE(IND_THUNK_LFENCE, X86_SYNTH(13)) /* Use IND_THUNK_LFENCE */ XEN_CPUFEATURE(IND_THUNK_JMP, X86_SYNTH(14)) /* Use IND_THUNK_JMP */ -XEN_CPUFEATURE(SC_BRANCH_HARDEN, X86_SYNTH(15)) /* Conditional Branch Hardening */ +XEN_CPUFEATURE(SC_NO_BRANCH_HARDEN, X86_SYNTH(15)) /* (Disable) Conditional branch hardening */ XEN_CPUFEATURE(SC_MSR_PV, X86_SYNTH(16)) /* MSR_SPEC_CTRL used by Xen for PV */ XEN_CPUFEATURE(SC_MSR_HVM, X86_SYNTH(17)) /* MSR_SPEC_CTRL used by Xen for HVM */ XEN_CPUFEATURE(SC_RSB_PV, X86_SYNTH(18)) /* RSB overwrite needed for PV */ diff --git a/xen/include/asm-x86/nospec.h b/xen/include/asm-x86/nospec.h index f6eb84eee5..5312ae4c6f 100644 --- a/xen/include/asm-x86/nospec.h +++ b/xen/include/asm-x86/nospec.h @@ -10,7 +10,7 @@ static always_inline bool barrier_nospec_true(void) { #ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH - alternative("", "lfence", X86_FEATURE_SC_BRANCH_HARDEN); + alternative("lfence", "", X86_FEATURE_SC_NO_BRANCH_HARDEN); #endif return true; } diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index e671b6fd8d..a803d16f90 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -37,7 +37,6 @@ extern bool opt_ibpb; extern bool opt_ssbd; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -extern bool opt_branch_harden; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; |