From: Norbert Manthey <nmanthey@amazon.de>
To: xen-devel@lists.xenproject.org
Cc: Tim Deegan <tim@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Dario Faggioli <dfaggioli@suse.com>,
Martin Pohlack <mpohlack@amazon.de>,
Julien Grall <julien.grall@arm.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Jan Beulich <jbeulich@suse.com>,
Martin Mazein <amazein@amazon.de>,
Julian Stecklina <jsteckli@amazon.de>,
Bjoern Doebel <doebel@amazon.de>,
Norbert Manthey <nmanthey@amazon.de>
Subject: [PATCH SpectreV1+L1TF v4 07/11] nospec: enable lfence on Intel
Date: Wed, 23 Jan 2019 12:57:31 +0100 [thread overview]
Message-ID: <1548244655-32180-7-git-send-email-nmanthey@amazon.de> (raw)
In-Reply-To: <1548244285-30813-1-git-send-email-nmanthey@amazon.de>
While the lfence instruction was added for all x86 platform in the
beginning, it's useful to not block platforms that are not affected
by the L1TF vulnerability. Therefore, the lfence instruction should
only be introduced, in case the current CPU is an Intel CPU that is
capable of hyper threading. This combination of features is added
to the features that activate the alternative.
This commit is part of the SpectreV1+L1TF mitigation patch series.
Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
---
xen/include/xen/nospec.h | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h
--- a/xen/include/xen/nospec.h
+++ b/xen/include/xen/nospec.h
@@ -7,6 +7,7 @@
#ifndef XEN_NOSPEC_H
#define XEN_NOSPEC_H
+#include <asm/alternative.h>
#include <asm/system.h>
/**
@@ -68,7 +69,10 @@ static inline unsigned long array_index_mask_nospec(unsigned long index,
* allow to insert a read memory barrier into conditionals
*/
#ifdef CONFIG_X86
-static inline bool lfence_true(void) { rmb(); return true; }
+static inline bool lfence_true(void) {
+ alternative("", "lfence", X86_VENDOR_INTEL);
+ return true;
+}
#else
static inline bool lfence_true(void) { return true; }
#endif
@@ -91,7 +95,7 @@ static inline bool lfence_true(void) { return true; }
* allow to block speculative execution in generic code
*/
#ifdef CONFIG_X86
-#define block_speculation() rmb()
+#define block_speculation() alternative("", "lfence", X86_VENDOR_INTEL)
#else
#define block_speculation()
#endif
--
2.7.4
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-01-23 12:00 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-23 11:51 SpectreV1+L1TF Patch Series Norbert Manthey
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 01/11] is_control_domain: block speculation Norbert Manthey
2019-01-23 13:07 ` Jan Beulich
2019-01-23 13:20 ` Julien Grall
2019-01-23 13:40 ` Jan Beulich
2019-01-23 13:20 ` Jan Beulich
2019-01-24 12:07 ` Norbert Manthey
2019-01-24 20:33 ` Andrew Cooper
2019-01-25 9:19 ` Jan Beulich
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 02/11] is_hvm/pv_domain: " Norbert Manthey
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 03/11] config: introduce L1TF_LFENCE option Norbert Manthey
2019-01-23 13:18 ` Jan Beulich
2019-01-24 12:11 ` Norbert Manthey
2019-01-23 13:24 ` Julien Grall
2019-01-23 13:39 ` Jan Beulich
2019-01-23 13:44 ` Julien Grall
2019-01-23 14:45 ` Jan Beulich
2019-01-24 12:21 ` Norbert Manthey
2019-01-24 21:29 ` Andrew Cooper
2019-01-25 10:14 ` Jan Beulich
2019-01-25 10:50 ` Norbert Manthey
2019-01-25 13:09 ` Jan Beulich
2019-01-27 20:28 ` Norbert Manthey
2019-01-28 7:35 ` Jan Beulich
2019-01-28 7:56 ` Norbert Manthey
2019-01-28 8:24 ` Jan Beulich
2019-01-28 10:07 ` Norbert Manthey
2019-01-31 22:39 ` Andrew Cooper
2019-02-01 8:02 ` Jan Beulich
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 04/11] x86/hvm: block speculative out-of-bound accesses Norbert Manthey
2019-01-31 19:31 ` Andrew Cooper
2019-02-01 9:06 ` Jan Beulich
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 05/11] common/grant_table: " Norbert Manthey
2019-01-23 13:37 ` Jan Beulich
2019-01-28 14:45 ` Norbert Manthey
2019-01-28 15:09 ` Jan Beulich
2019-01-29 8:33 ` Norbert Manthey
2019-01-29 9:46 ` Jan Beulich
2019-01-29 13:47 ` Norbert Manthey
2019-01-29 15:11 ` Jan Beulich
2019-01-30 8:06 ` Norbert Manthey
2019-01-30 11:35 ` Jan Beulich
2019-01-23 11:51 ` [PATCH SpectreV1+L1TF v4 06/11] common/memory: " Norbert Manthey
2019-01-23 11:57 ` Norbert Manthey [this message]
2019-01-24 22:29 ` [PATCH SpectreV1+L1TF v4 07/11] nospec: enable lfence on Intel Andrew Cooper
2019-01-27 20:09 ` Norbert Manthey
2019-01-23 11:57 ` [PATCH SpectreV1+L1TF v4 08/11] xen/evtchn: block speculative out-of-bound accesses Norbert Manthey
2019-01-24 16:56 ` Jan Beulich
2019-01-24 19:50 ` Norbert Manthey
2019-01-25 9:23 ` Jan Beulich
2019-01-23 11:57 ` [PATCH SpectreV1+L1TF v4 09/11] x86/vioapic: " Norbert Manthey
2019-01-25 16:34 ` Jan Beulich
2019-01-28 11:03 ` Norbert Manthey
2019-01-28 11:12 ` Jan Beulich
2019-01-28 12:20 ` Norbert Manthey
2019-01-23 11:57 ` [PATCH SpectreV1+L1TF v4 10/11] x86/hvm/hpet: " Norbert Manthey
2019-01-25 16:50 ` Jan Beulich
2019-01-23 11:57 ` [PATCH SpectreV1+L1TF v4 11/11] x86/CPUID: " Norbert Manthey
2019-01-24 21:05 ` SpectreV1+L1TF Patch Series Andrew Cooper
2019-01-28 13:56 ` Norbert Manthey
2019-01-28 8:28 ` Jan Beulich
[not found] ` <5C4EBD1A0200007800211954@suse.com>
2019-01-28 8:47 ` Juergen Gross
2019-01-28 9:56 ` Jan Beulich
[not found] ` <9C03B9BA0200004637554D14@prv1-mh.provo.novell.com>
[not found] ` <00FAA7AF020000F8B1E090C7@prv1-mh.provo.novell.com>
[not found] ` <00FAE7AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-01-31 15:05 ` [PATCH SpectreV1+L1TF v5 1/9] xen/evtchn: block speculative out-of-bound accesses Jan Beulich
2019-02-01 13:45 ` Norbert Manthey
2019-02-01 14:08 ` Jan Beulich
2019-02-05 13:42 ` Norbert Manthey
[not found] ` <00FA27AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-01-31 16:05 ` [PATCH SpectreV1+L1TF v5 2/9] x86/vioapic: " Jan Beulich
2019-02-01 13:54 ` Norbert Manthey
[not found] ` <00F867AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-01-31 16:19 ` [PATCH SpectreV1+L1TF v5 3/9] x86/hvm: " Jan Beulich
2019-01-31 20:02 ` Andrew Cooper
2019-02-01 8:23 ` Jan Beulich
2019-02-01 14:06 ` Norbert Manthey
2019-02-01 14:31 ` Jan Beulich
2019-02-01 14:05 ` Norbert Manthey
[not found] ` <0101A7AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-01-31 16:35 ` [PATCH SpectreV1+L1TF v5 4/9] spec: add l1tf-barrier Jan Beulich
2019-02-05 14:23 ` Norbert Manthey
2019-02-05 14:43 ` Jan Beulich
2019-02-06 13:02 ` Norbert Manthey
2019-02-06 13:20 ` Jan Beulich
[not found] ` <0101E7AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-01-31 17:05 ` [PATCH SpectreV1+L1TF v5 5/9] nospec: introduce evaluate_nospec Jan Beulich
2019-02-05 14:32 ` Norbert Manthey
2019-02-08 13:44 ` SpectreV1+L1TF Patch Series v6 Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 1/9] xen/evtchn: block speculative out-of-bound accesses Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 2/9] x86/vioapic: " Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 3/9] x86/hvm: " Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 4/9] spec: add l1tf-barrier Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 5/9] nospec: introduce evaluate_nospec Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 6/9] is_control_domain: block speculation Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 7/9] is_hvm/pv_domain: " Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 8/9] common/grant_table: block speculative out-of-bound accesses Norbert Manthey
2019-02-08 13:44 ` [PATCH SpectreV1+L1TF v6 9/9] common/memory: " Norbert Manthey
2019-02-08 14:32 ` SpectreV1+L1TF Patch Series v6 Julien Grall
[not found] ` <A18FF6C80200006BB1E090C7@prv1-mh.provo.novell.com>
[not found] ` <01CCAAAF02000039B1E090C7@prv1-mh.provo.novell.com>
[not found] ` <01CCEAAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 13:08 ` [PATCH SpectreV1+L1TF v6 1/9] xen/evtchn: block speculative out-of-bound accesses Jan Beulich
2019-02-14 13:10 ` Norbert Manthey
2019-02-14 13:20 ` Jan Beulich
[not found] ` <01CC2AAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 13:16 ` [PATCH SpectreV1+L1TF v6 2/9] x86/vioapic: " Jan Beulich
2019-02-14 13:16 ` Norbert Manthey
[not found] ` <01CE6AAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 13:25 ` [PATCH SpectreV1+L1TF v6 3/9] x86/hvm: " Jan Beulich
2019-02-12 14:05 ` Norbert Manthey
2019-02-12 14:14 ` Jan Beulich
2019-02-15 8:05 ` Norbert Manthey
2019-02-15 8:55 ` Jan Beulich
2019-02-15 10:50 ` Norbert Manthey
2019-02-15 11:46 ` Jan Beulich
2019-02-18 14:47 ` Norbert Manthey
2019-02-18 15:56 ` Jan Beulich
[not found] ` <01CFAAAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 13:44 ` [PATCH SpectreV1+L1TF v6 4/9] spec: add l1tf-barrier Jan Beulich
2019-02-15 9:13 ` Norbert Manthey
[not found] ` <01CFEAAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 13:50 ` [PATCH SpectreV1+L1TF v6 5/9] nospec: introduce evaluate_nospec Jan Beulich
2019-02-14 13:37 ` Norbert Manthey
2019-02-12 14:12 ` Jan Beulich
2019-02-14 13:42 ` Norbert Manthey
[not found] ` <01CF2AAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 14:11 ` [PATCH SpectreV1+L1TF v6 6/9] is_control_domain: block speculation Jan Beulich
2019-02-14 13:45 ` Norbert Manthey
[not found] ` <23D9419E02000017B1E090C7@prv1-mh.provo.novell.com>
2019-02-12 14:31 ` [PATCH SpectreV1+L1TF v6 9/9] common/memory: block speculative out-of-bound accesses Jan Beulich
2019-02-14 14:04 ` Norbert Manthey
[not found] ` <01CEAAAF02000039B1E090C7@prv1-mh.provo.novell.com>
2019-02-13 11:50 ` [PATCH SpectreV1+L1TF v6 8/9] common/grant_table: " Jan Beulich
2019-02-15 9:55 ` Norbert Manthey
2019-02-15 10:34 ` Jan Beulich
2019-02-18 13:49 ` Norbert Manthey
2019-02-18 16:08 ` Jan Beulich
2019-02-19 21:47 ` Norbert Manthey
[not found] ` <0104A7AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-02-06 14:52 ` [PATCH SpectreV1+L1TF v5 " Jan Beulich
2019-02-06 15:06 ` Norbert Manthey
2019-02-06 15:53 ` Jan Beulich
2019-02-07 9:50 ` Norbert Manthey
2019-02-07 10:20 ` Norbert Manthey
2019-02-07 14:00 ` Jan Beulich
2019-02-07 16:20 ` Norbert Manthey
[not found] ` <010527AF020000F8B1E090C7@prv1-mh.provo.novell.com>
2019-02-06 15:03 ` [PATCH SpectreV1+L1TF v5 6/9] is_control_domain: block speculation Jan Beulich
2019-02-06 15:36 ` Norbert Manthey
2019-02-06 16:01 ` Jan Beulich
2019-02-07 10:02 ` Norbert Manthey
[not found] ` <20F3469E02000096B1E090C7@prv1-mh.provo.novell.com>
2019-02-06 15:25 ` [PATCH SpectreV1+L1TF v5 9/9] common/memory: block speculative out-of-bound accesses Jan Beulich
2019-02-06 15:39 ` Norbert Manthey
2019-02-06 16:08 ` Jan Beulich
2019-02-07 7:20 ` Norbert Manthey
2019-01-28 10:01 SpectreV1+L1TF Patch Series Juergen Gross
2019-01-29 14:43 ` SpectreV1+L1TF Patch Series v5 Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 1/9] xen/evtchn: block speculative out-of-bound accesses Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 2/9] x86/vioapic: " Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 3/9] x86/hvm: " Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 4/9] spec: add l1tf-barrier Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 5/9] nospec: introduce evaluate_nospec Norbert Manthey
2019-02-08 9:20 ` Julien Grall
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 6/9] is_control_domain: block speculation Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 7/9] is_hvm/pv_domain: " Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 8/9] common/grant_table: block speculative out-of-bound accesses Norbert Manthey
2019-01-29 14:43 ` [PATCH SpectreV1+L1TF v5 9/9] common/memory: " Norbert Manthey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1548244655-32180-7-git-send-email-nmanthey@amazon.de \
--to=nmanthey@amazon.de \
--cc=George.Dunlap@eu.citrix.com \
--cc=amazein@amazon.de \
--cc=andrew.cooper3@citrix.com \
--cc=dfaggioli@suse.com \
--cc=doebel@amazon.de \
--cc=dwmw@amazon.co.uk \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jsteckli@amazon.de \
--cc=julien.grall@arm.com \
--cc=konrad.wilk@oracle.com \
--cc=mpohlack@amazon.de \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.