[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] x86: command line option to avoid use of secondary hyper-threads



commit e0981f6087d20ec7c05c2122c804c5a9d73715cd
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Jul 30 14:21:07 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Jul 30 14:21:07 2018 +0200

    x86: command line option to avoid use of secondary hyper-threads
    
    Shared resources (L1 cache and TLB in particular) present a risk of
    information leak via side channels. Provide a means to avoid use of
    hyperthreads in such cases.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: d8f974f1a646c0200b97ebcabb808324b288fadb
    master date: 2018-07-19 13:43:33 +0100
---
 docs/misc/xen-command-line.markdown |  7 +++++++
 xen/arch/x86/platform_hypercall.c   |  4 ----
 xen/arch/x86/setup.c                |  8 +++++++-
 xen/arch/x86/sysctl.c               | 16 +++++++++++++++-
 xen/include/asm-x86/setup.h         |  2 ++
 xen/include/asm-x86/smp.h           |  3 +++
 6 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown 
b/docs/misc/xen-command-line.markdown
index b742ee4c1d..525271b89e 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -1413,6 +1413,13 @@ Flag to enable Supervisor Mode Execution Protection
 
 Flag to enable Supervisor Mode Access Prevention
 
+### smt (x86)
+> `= <boolean>`
+
+Default: `true`
+
+Control bring up of multiple hyper-threads per CPU core.
+
 ### snb\_igd\_quirk
 > `= <boolean> | cap | <integer>`
 
diff --git a/xen/arch/x86/platform_hypercall.c 
b/xen/arch/x86/platform_hypercall.c
index 76262617cf..3ba56e3eec 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -54,10 +54,6 @@ static long cpu_frequency_change_helper(void *data)
     return cpu_frequency_change(this_cpu(freq));
 }
 
-/* from sysctl.c */
-long cpu_up_helper(void *data);
-long cpu_down_helper(void *data);
-
 /* from core_parking.c */
 long core_parking_helper(void *data);
 uint32_t get_cur_idle_nums(void);
diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 58ac554f39..fef3078aa1 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -68,6 +68,9 @@ invbool_param("smep", disable_smep);
 static bool_t __initdata disable_smap;
 invbool_param("smap", disable_smap);
 
+int8_t __read_mostly opt_smt = -1;
+boolean_param("smt", opt_smt);
+
 /* opt_invpcid: If false, don't use INVPCID instruction even if available. */
 static bool_t __initdata opt_invpcid = 1;
 boolean_param("invpcid", opt_invpcid);
@@ -1438,7 +1441,10 @@ void __init noreturn __start_xen(unsigned long mbi_p)
             int ret = cpu_up(i);
             if ( ret != 0 )
                 printk("Failed to bring up CPU %u (error %d)\n", i, ret);
-            else if ( num_online_cpus() > max_cpus )
+            else if ( num_online_cpus() > max_cpus ||
+                      (!opt_smt &&
+                       cpu_data[i].compute_unit_id == INVALID_CUID &&
+                       cpumask_weight(per_cpu(cpu_sibling_mask, i)) > 1) )
             {
                 ret = cpu_down(i);
                 if ( !ret )
diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c
index 38b5dcb3d8..ff4193e6ff 100644
--- a/xen/arch/x86/sysctl.c
+++ b/xen/arch/x86/sysctl.c
@@ -24,6 +24,7 @@
 #include <asm/hvm/hvm.h>
 #include <asm/hvm/support.h>
 #include <asm/processor.h>
+#include <asm/setup.h>
 #include <asm/numa.h>
 #include <xen/nodemask.h>
 #include <xen/cpu.h>
@@ -49,14 +50,27 @@ static void l3_cache_get(void *arg)
 
 long cpu_up_helper(void *data)
 {
-    int cpu = (unsigned long)data;
+    unsigned int cpu = (unsigned long)data;
     int ret = cpu_up(cpu);
+
     if ( ret == -EBUSY )
     {
         /* On EBUSY, flush RCU work and have one more go. */
         rcu_barrier();
         ret = cpu_up(cpu);
     }
+
+    if ( !ret && !opt_smt &&
+         cpu_data[cpu].compute_unit_id == INVALID_CUID &&
+         cpumask_weight(per_cpu(cpu_sibling_mask, cpu)) > 1 )
+    {
+        ret = cpu_down_helper(data);
+        if ( ret )
+            printk("Could not re-offline CPU%u (%d)\n", cpu, ret);
+        else
+            ret = -EPERM;
+    }
+
     return ret;
 }
 
diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h
index 381d9f8048..fcbbcbd5ec 100644
--- a/xen/include/asm-x86/setup.h
+++ b/xen/include/asm-x86/setup.h
@@ -52,4 +52,6 @@ extern uint8_t kbd_shift_flags;
 extern unsigned long highmem_start;
 #endif
 
+extern int8_t opt_smt;
+
 #endif
diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h
index 6977b20639..88792051a2 100644
--- a/xen/include/asm-x86/smp.h
+++ b/xen/include/asm-x86/smp.h
@@ -60,6 +60,9 @@ int hard_smp_processor_id(void);
 
 void __stop_this_cpu(void);
 
+long cpu_up_helper(void *data);
+long cpu_down_helper(void *data);
+
 /*
  * The value may be greater than the actual socket number in the system and
  * is required not to change from the initial startup.
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.