On 13/05/2025 2:42 pm, Jan Beulich wrote: > On 13.05.2025 14:48, Andrew Cooper wrote: >> In IPU 2025.2 (May 2025), Intel have released an alternative mitigation for a >> prior security issue (SA-00982) on Sappire and Emerald Rapids CPUs. >> >> Intel suggest that certain workloads will benefit from using the alternative >> mode. This can be selected by booting with `spec-ctrl=ibpb-alt`. >> >> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html >> Signed-off-by: Andrew Cooper <[email protected]> > Reviewed-by: Jan Beulich <[email protected]>
Thanks. > with two nits: For one, s/Sappire/Sapphire/ throughout. And then ... > >> --- a/xen/arch/x86/spec_ctrl.c >> +++ b/xen/arch/x86/spec_ctrl.c >> @@ -85,6 +85,8 @@ static int8_t __initdata opt_gds_mit = -1; >> static int8_t __initdata opt_div_scrub = -1; >> bool __ro_after_init opt_bp_spec_reduce = true; >> >> +static __initdata bool opt_ibpb_alt; > ... type and attribute would preferably be swapped here, just like it's > in context above as well as for the statics you add to cpu/intel.c. Oops, both fixed. (The public probably aren't aware, but this patch got lost in a bit of a mad rush of the late breaking changes to XSA-469 yesterday.) ~Andrew
