On 10/25/19 17:40, Jan Beulich wrote: > On 25.10.2019 17:27, Andrew Cooper wrote: >> On 25/10/2019 13:34, Jan Beulich wrote: >>> On 25.10.2019 14:10, Andrew Cooper wrote: >>>> The two choices to unblock 4.13 are this patch, or the previous version >>>> which made CONFIG_HARDEN_BRANCH depend on BROKEN, which was even more >>>> disliked. >>> Option 3 is to have just the config option, for people to turn this >>> off if they feel like doing so. >> Yes, but no. A facade of security is worse than no security, and I >> don't consider doing that an acceptable solution in this case. > But I thought we all agree that this is something that's presumably > going to remain incomplete (as in not provably complete) altogether > anyway. It's just that without the change here it's far more > incomplete then with it. > > In any event I think we should (also) have an opinion from the people > who had originally contributed this logic. You didn't Cc anyone of > them; I've added at least Norbert now.
Thanks for adding me. I had a quick look into the discussion. Only making adding lfence statements around conditionals depending on config BROKEN does not help, as it would still need to be always_inline to work as expected, correct? Hence, in my opinion, this patch does the right thing to benefit from the lfences that are placed after evaluation conditionals. From a "is this lfence required" point of view, we have been able to trigger loads where the lfence has not been present, and could not reproduce any more once we added the lfence statements on both branches after the conditional jump. Best, Norbert > > Jan Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
