[Xen-devel] [PATCH v4] Xen missing prompt log when exec-sp=off

Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. At default, xen will tell "VMX: Disabling executable EPT suerpages due to CVE-2018-12207". When user add 'ept=exec-sp=off' on command-line. The prompt is disappeared. This can give users the illusion that the feature is t

Re: [Xen-devel] [PATCH v2] Xen missing prompt log when exec-sp=off

On 16/12/2019 7:00 pm, Jan Beulich wrote: > On 16.12.2019 09:27, Jin Nan Wang wrote: >> Fix a issue when user disable ETP exec-sp, xen missed a prompt >> log in dmesg. > Why "missed" (and why "prompt")? I think the original intention > was to log a mes

[Xen-devel] [PATCH v3] Xen missing prompt log when exec-sp=off

Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. Signed-off-by: James Wang --- xen/arch/x86/hvm/vmx/vmx.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7970ba93e1..9dcb10021

[Xen-devel] [PATCH v2] Xen missing prompt log when exec-sp=off

Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. Signed-off-by: James Wang --- xen/arch/x86/hvm/vmx/vmx.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7970ba93e1..5e86dd078

Re: [Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off

On 16/12/2019 2:17 pm, Tian, Kevin wrote: >> From: Jin Nan Wang >> Sent: Monday, December 16, 2019 1:48 PM >> >> Fix a issue when user disable ETP exec-sp, xen missed a prompt >> log in dmesg. >> >> Signed-off-by: James Wang >> --- >> xen/

[Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off

Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. Signed-off-by: James Wang --- xen/arch/x86/hvm/vmx/vmx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7970ba93e1..9c1f0f645d 100644

Re: [Xen-devel] [PATCH v1] x86/spec-ctrl: Remove EAGER_FPU when PV/HVM is disabled.

On 8/5/19 5:04 PM, Andrew Cooper wrote: > On 05/08/2019 09:54, Jin Nan Wang wrote: >> In commit ac3f9a72141a48d40fabfff561d5a7dc0e1b810d: >> For one, "no-xen" should not imply "no-eager-fpu", as "eager FPU" mode >> is to guard gu

[Xen-devel] [PATCH v1] x86/spec-ctrl: Remove EAGER_FPU when PV/HVM is disabled.

In commit ac3f9a72141a48d40fabfff561d5a7dc0e1b810d: For one, "no-xen" should not imply "no-eager-fpu", as "eager FPU" mode is to guard guests, not Xen itself, which is also expressed so by print_details(). So when spec-ctrl=pv=off,hvm=off; EAGER_FPU shouldn't be display in lines: Curr

[Xen-devel] [PATCH v5] Speculative mitigation facilities report wrong status

Booting with spec-ctrl=0 results in Xen printing "None MD_CLEAR". (XEN) Support for HVM VMs: None MD_CLEAR (XEN) Support for PV VMs: None MD_CLEAR Add a check about X86_FEATURE_MD_CLEAR to avoid to print "None". Signed-off-by: James Wang --- xen/arch/x86/spec_ctrl.c | 2 ++ 1 file changed,

[Xen-devel] [PATCH] Speculative mitigation facilities report wrong status V4

Booting with spec-ctrl=0 results in Xen printing "None MD_CLEAR". (XEN) Support for HVM VMs: None MD_CLEAR (XEN) Support for PV VMs: None MD_CLEAR Add a check about X86_FEATURE_MD_CLEAR to avoid to print "None". Signed-off-by: James Wang --- xen/arch/x86/spec_ctrl.c | 2 ++ 1 file changed,

[Xen-devel] [PATCH] Speculative mitigation facilities report wrong status v3

Add a check about X86_FEATURE_MD_CLEAR to avoid to print "None". Signed-off-by: James Wang --- xen/arch/x86/spec_ctrl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cada9a058e..468a847598 100644 --- a/xen/arch/x86/spec_ctrl.c +++

[Xen-devel] [PATCH] Speculative mitigation facilities report wrong status v2

Add a check about X86_FEATURE_MD_CLEAR to avoid to print "None". --- xen/arch/x86/spec_ctrl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cada9a058e..468a847598 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c

Re: [Xen-devel] [PATCH] Speculative mitigation facilities report wrong status

Hi folks, On 7/31/19 5:44 PM, Andrew Cooper wrote: > The check for reporting MD_CLEAR must stay as X86_FEATURE_MD_CLEAR, > because this is a property in microcode which no controls, and nothing > further to virtualise at Xen's level. There are two solution, which one would you like? solution1: m

Re: [Xen-devel] [PATCH] Speculative mitigation facilities report wrong status

I will improve it soon. thanks James From: Andrew Cooper Sent: Wednesday, July 31, 2019 5:44:50 PM To: xen-devel@lists.xenproject.org ; Jin Nan Wang Cc: roger@citrix.com ; Jan Beulich ; w...@xen.org Subject: Re: [PATCH] Speculative mitigation facilities

[Xen-devel] [PATCH] Speculative mitigation facilities report wrong status

Diff with 'spec-ctrl=no' and without. --- xen.dmesg.5.log 2019-07-31 14:55:38.138173874 +0800 +++ xen.dmesg.6.log 2019-07-31 14:59:50.223516313 +0800 @@ -7,7 +7,7 @@ (XEN) Xen version 4.12.0_14-1 (abu...@suse.de) (gcc (SUSE Linux) 4.8.