On 2/25/19 16:54, Jan Beulich wrote:
>>>> On 25.02.19 at 14:34, <nmant...@amazon.de> wrote:
>> Since the L1TF vulnerability of Intel CPUs, loading hypervisor data into
>> L1 cache is problematic, because when hyperthreading is used as well, a
>> guest running on the sibling core can leak this potentially secret data.
>>
>> To prevent these speculative accesses, we block speculation after
>> accessing the domain property field by adding lfence instructions. This
>> way, the CPU continues executing and loading data only once the condition
>> is actually evaluated.
>>
>> As the macros are typically used in if statements, the lfence has to come
> There are no macros anymore afaics.
I will rephrase the commit message accordingly.
>
>> --- /dev/null
>> +++ b/xen/include/asm-arm/nospec.h
>> @@ -0,0 +1,25 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/* Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> */
>> +
>> +#ifndef _ASM_ARM_NOSPEC_H
>> +#define _ASM_ARM_NOSPEC_H
>> +
>> +static inline bool evaluate_nospec(bool condition)
>> +{
>> + return condition;
> Insufficient indentation.
Fixed to 4 spaces.
>
>> --- /dev/null
>> +++ b/xen/include/asm-x86/nospec.h
>> @@ -0,0 +1,45 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +/* Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
>> */
>> +
>> +#ifndef _ASM_X86_NOSPEC_H
>> +#define _ASM_X86_NOSPEC_H
>> +
>> +#include <asm/alternative.h>
>> +
>> +/* Allow to insert a read memory barrier into conditionals */
>> +static always_inline bool barrier_nospec_true(void)
>> +{
>> +#ifdef CONFIG_HVM
>> + alternative("", "lfence", X86_FEATURE_SC_L1TF_VULN);
>> +#endif
>> + return true;
>> +}
>> +
>> +/* Allow to protect evaluation of conditionasl with respect to speculation
>> */
>> +static always_inline bool evaluate_nospec(bool condition)
>> +{
>> +#ifdef CONFIG_HVM
>> + return (condition) ? barrier_nospec_true() : !barrier_nospec_true();
> No need for the parentheses anymore. And is the #ifdef really needed
> here?
The #ifdef is not needed here, as the compiler just drops
barrier_nospec_true in case CONFIG_HVM is not specified.
>
>> +#else
>> + return condition;
>> +#endif
>> +
>> +}
> Stray blank line.
Will drop.
>
>> +/* Allow to block speculative execution in generic code */
>> +// #define block_speculation() ((void)barrier_nospec_true())
> Stray leftover line.
Will drop.
>
>> +static always_inline void block_speculation(void)
>> +{
>> + (void)barrier_nospec_true();
> No need for the cast anymore.
Will drop.
Best,
Norbert
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
