From 3a07eef100625b43bf2b63c34a1c32d823f7764b Mon Sep 17 00:00:00 2001
From: Jan Beulich <JBeulich@suse.com>
Date: Tue, 12 Jun 2012 11:33:42 +0100
Subject: x86-64: detect processors subject to AMD erratum #121 and refuse to
 boot

Processors with this erratum are subject to a DoS attack by unprivileged
guest users.

This is XSA-9 / CVE-2012-2934.

Signed-off-by: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 docs/misc/xen-command-line.markdown | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'docs/misc/xen-command-line.markdown')

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index 1f3faaa6de..7ceaa3b555 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -126,6 +126,16 @@ Override Xen's logic for choosing the APIC driver.  By default, if
 there are more than 8 CPUs, Xen will switch to `bigsmp` over
 `default`.
 
+### allow\_unsafe
+> `= <boolean>`
+
+Force boot on potentially unsafe systems. By default Xen will refuse to boot on
+systems with the following errata:
+
+* AMD Erratum 121. Processors with this erratum are subject to a guest
+  triggerable Denial of Service. Override only if you trust all of your PV
+  guests.
+
 ### apic\_verbosity
 > `= verbose | debug`
 
-- 
cgit v1.2.3