On 20/07/18 10:21, Olaf Hering wrote: > On a host that is booted with the following command line, certain cpu flags > disappear in xen-4.9 and later: > > (XEN) Command line: loglvl=all guest_loglvl=all console=com1 com1=57600 > cpuid=ibrsb,stibp,ibpb,ssbd spec-ctrl=ibrs,ibpb,ssbd,bti-thunk=retpoline > xpti=yes > > On my test system the difference in dom0s /proc/cpuinfo is like that: > --- xen-dom0-4.8-spectre.txt > +++ xen-dom0-4.12-spectre.txt > -arat > -arch_perfmon > -dtherm > -epb > -ida > +ss > > The concern is that a domU started on a xen-4.8 or earlier host, which is > then migrated to xen-4.9 or later may miss these cpu flags at runtime. > > Is the loss of cpuflags intentional?
Yes, but they've got nothing to do with Spectre. ARAT pertains to the Local APIC which doesn't exist for PV. ARCH_PERFMON is genuinely unavailable (hidden behind the vpmu Xen cmdline parameter, and off for security reasons). DTHERM/EPB/IDA should be (for backwards compatibility, not correctness) leaked through into the dom0 kernel only, because classic-xen and PVOps Linux makes some false and broken assumptions. None of these bits should be visible even to dom0, because dom0 can't actually use any of the associated MSRs, but hiding them causes dom0 not to try parsing the ACPI tables and feeding data to Xen. SS on the other hand was unilaterally clobbered for reasons I can't work out, and should have always been available to guests. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
