On 19.02.2024 12:59, Oleksii wrote: > Hi Julien, > > On Sun, 2024-02-18 at 18:30 +0000, Julien Grall wrote: >> Hi Oleksii, >> >> Title: Typo s/introdure/introduce/ >> >> On 05/02/2024 15:32, Oleksii Kurochko wrote: >>> The <asm/nospec.h> header is similar between Arm, PPC, and RISC-V, >>> so it has been moved to asm-generic. >> >> I am not 100% convinced that moving this header to asm-generic is a >> good >> idea. At least for Arm, those helpers ought to be non-empty, what >> about >> RISC-V? > For Arm, they are not taking any action, are they? There are no > specific fences or other mechanisms inside > evaluate_nospec()/block_speculation() to address speculation.
The question isn't the status quo, but how things should be looking like if everything was in place that's (in principle) needed. > For RISC-V, it can be implemented in a similar manner, at least for > now. Since these functions are only used in the grant tables code ( for > Arm and so for RISC-V ), which is not supported by RISC-V. Same here - the question is whether long term, when gnttab is also supported, RISC-V would get away without doing anything. Still ... >> If the answer is they should be non-empty. Then I would consider to >> keep >> the duplication to make clear that each architecture should take >> their >> own decision in term of security. >> >> The alternative, is to have a generic implementation that is safe by >> default (if that's even possible). > I am not certain that we can have a generic implementation, as each > architecture may have specific speculation issues. ... it's theoretically possible that there'd be an arch with no speculation issues, maybe simply because of not speculating. Jan
