[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.6] x86: command line option to avoid use of secondary hyper-threads
commit e0981f6087d20ec7c05c2122c804c5a9d73715cd Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Mon Jul 30 14:21:07 2018 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Mon Jul 30 14:21:07 2018 +0200 x86: command line option to avoid use of secondary hyper-threads Shared resources (L1 cache and TLB in particular) present a risk of information leak via side channels. Provide a means to avoid use of hyperthreads in such cases. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> master commit: d8f974f1a646c0200b97ebcabb808324b288fadb master date: 2018-07-19 13:43:33 +0100 --- docs/misc/xen-command-line.markdown | 7 +++++++ xen/arch/x86/platform_hypercall.c | 4 ---- xen/arch/x86/setup.c | 8 +++++++- xen/arch/x86/sysctl.c | 16 +++++++++++++++- xen/include/asm-x86/setup.h | 2 ++ xen/include/asm-x86/smp.h | 3 +++ 6 files changed, 34 insertions(+), 6 deletions(-) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index b742ee4c1d..525271b89e 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1413,6 +1413,13 @@ Flag to enable Supervisor Mode Execution Protection Flag to enable Supervisor Mode Access Prevention +### smt (x86) +> `= <boolean>` + +Default: `true` + +Control bring up of multiple hyper-threads per CPU core. + ### snb\_igd\_quirk > `= <boolean> | cap | <integer>` diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 76262617cf..3ba56e3eec 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -54,10 +54,6 @@ static long cpu_frequency_change_helper(void *data) return cpu_frequency_change(this_cpu(freq)); } -/* from sysctl.c */ -long cpu_up_helper(void *data); -long cpu_down_helper(void *data); - /* from core_parking.c */ long core_parking_helper(void *data); uint32_t get_cur_idle_nums(void); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 58ac554f39..fef3078aa1 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -68,6 +68,9 @@ invbool_param("smep", disable_smep); static bool_t __initdata disable_smap; invbool_param("smap", disable_smap); +int8_t __read_mostly opt_smt = -1; +boolean_param("smt", opt_smt); + /* opt_invpcid: If false, don't use INVPCID instruction even if available. */ static bool_t __initdata opt_invpcid = 1; boolean_param("invpcid", opt_invpcid); @@ -1438,7 +1441,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) int ret = cpu_up(i); if ( ret != 0 ) printk("Failed to bring up CPU %u (error %d)\n", i, ret); - else if ( num_online_cpus() > max_cpus ) + else if ( num_online_cpus() > max_cpus || + (!opt_smt && + cpu_data[i].compute_unit_id == INVALID_CUID && + cpumask_weight(per_cpu(cpu_sibling_mask, i)) > 1) ) { ret = cpu_down(i); if ( !ret ) diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index 38b5dcb3d8..ff4193e6ff 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -24,6 +24,7 @@ #include <asm/hvm/hvm.h> #include <asm/hvm/support.h> #include <asm/processor.h> +#include <asm/setup.h> #include <asm/numa.h> #include <xen/nodemask.h> #include <xen/cpu.h> @@ -49,14 +50,27 @@ static void l3_cache_get(void *arg) long cpu_up_helper(void *data) { - int cpu = (unsigned long)data; + unsigned int cpu = (unsigned long)data; int ret = cpu_up(cpu); + if ( ret == -EBUSY ) { /* On EBUSY, flush RCU work and have one more go. */ rcu_barrier(); ret = cpu_up(cpu); } + + if ( !ret && !opt_smt && + cpu_data[cpu].compute_unit_id == INVALID_CUID && + cpumask_weight(per_cpu(cpu_sibling_mask, cpu)) > 1 ) + { + ret = cpu_down_helper(data); + if ( ret ) + printk("Could not re-offline CPU%u (%d)\n", cpu, ret); + else + ret = -EPERM; + } + return ret; } diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h index 381d9f8048..fcbbcbd5ec 100644 --- a/xen/include/asm-x86/setup.h +++ b/xen/include/asm-x86/setup.h @@ -52,4 +52,6 @@ extern uint8_t kbd_shift_flags; extern unsigned long highmem_start; #endif +extern int8_t opt_smt; + #endif diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index 6977b20639..88792051a2 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -60,6 +60,9 @@ int hard_smp_processor_id(void); void __stop_this_cpu(void); +long cpu_up_helper(void *data); +long cpu_down_helper(void *data); + /* * The value may be greater than the actual socket number in the system and * is required not to change from the initial startup. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.6 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |