On 02/07/2019 16:01, Jan Beulich wrote:
> As to scrubbing - what gets brought into cache is, except for a very
> brief moment, the value the scrubbing routine actually stores. There's
> no knowledge to be gained from that by a guest.
Unless we scrub with instructions which have Direct Write semantics (we
don't), the cacheline gets pulled into L1.
That means its leakable via L1TF for the entire duration between the
first speculative touch of the page (especially as prefetching is liable
to bring the content in in short order) to the retirement of the
instruction.
That said, there is zero difference (from an attackers point of view)
between scrubbing a single page as part of alloc_{dom,xen}heap_page(),
and scrubbing in the idle loop.
The former is strictly required to stay, therefore, don't see
restricting the idle scrubbing as having any impact on security
(although it might very well have an impact on performance).
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
