On 02.09.2022 04:05, Demi Marie Obenour wrote: > On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in > a CPU register to enforce constant-time execution. Linux plans to set > this bit by default; Xen should do the same. See > https://lore.kernel.org/lkml/ywgcrqutxmx0w...@gmail.com/T/ for details. > I recommend setting the bit unconditionally and ignoring guest attempts > to change it.
I don't think we ought to set it by default; I can see reasons why kernels may want to set it by default (providing a way to turn it off). In Xen what I think we need is exposure of the bit to be guest-controllable. Jan
