From: Wei Liu <wl@xen.org>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>,
"Jan Beulich" <JBeulich@suse.com>, "Wei Liu" <wl@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH] x86/boot: Clean up the trampoline transition into Long mode
Date: Thu, 2 Jan 2020 18:45:36 +0000 [thread overview]
Message-ID: <20200102184536.i25lgkjrps5nq3mh@debian> (raw)
In-Reply-To: <a5883bef-d760-5712-3f76-78e96a018a45@citrix.com>
On Thu, Jan 02, 2020 at 05:20:12PM +0000, Andrew Cooper wrote:
> On 02/01/2020 16:55, Wei Liu wrote:
> > On Thu, Jan 02, 2020 at 02:59:53PM +0000, Andrew Cooper wrote:
> >> The jmp after setting %cr0 is redundant with the following ljmp.
> >>
> >> The CPUID to protect the jump to higher mappings was inserted due to an
> >> abundance of caution/paranoia before Spectre was public. There is not a
> >> matching protection in the S3 resume path, and there is nothing
> >> interesting in memory at this point.
> > What do you mean by "there is nothing interesting in memory" here?
> >
> > As far as I can tell idel page table has been loaded. During AP
> > bring-up it contains runtime data, no?
>
> We haven't even decompressed the dom0 kernel at this point. What data
> are you concerned by?
As the original text implied, CPU hotplug should also be considered.
If that's not relevant now, can you please note that in the commit
message?
Wei.
>
> This protection is only meaningful for virtualised guests, and is
> ultimately incomplete. If another VM can use Spectre v2 against this
> VM, it can also use Spectre v1 and have a far more interesting time.
>
> In the time since writing this code, it has become substantially more
> apparent that VMs must trust their hypervisor to provide adequate
> isolation, because there is literally nothing the VM can do itself.
>
> ~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2020-01-02 18:46 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-02 14:59 [Xen-devel] [PATCH] x86/boot: Clean up the trampoline transition into Long mode Andrew Cooper
2020-01-02 16:55 ` Wei Liu
2020-01-02 17:20 ` Andrew Cooper
2020-01-02 18:45 ` Wei Liu [this message]
2020-01-03 13:36 ` Jan Beulich
2020-01-03 13:44 ` Andrew Cooper
2020-01-03 13:52 ` Jan Beulich
2020-01-03 14:25 ` Andrew Cooper
2020-01-03 14:34 ` Jan Beulich
2020-01-03 18:55 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200102184536.i25lgkjrps5nq3mh@debian \
--to=wl@xen.org \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.