All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Juergen Gross" <jgross@suse.com>,
	Xen-devel <xen-devel@lists.xenproject.org>,
	"Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH v3 4/7] x86/nospec: Rename and rework l1tf-barrier as branch-harden
Date: Tue, 29 Oct 2019 17:00:12 +0000	[thread overview]
Message-ID: <b8fcf5ae-a97f-0f1e-c983-5b54908483bc@citrix.com> (raw)
In-Reply-To: <dcbb5848-cb9a-8e38-1f6d-9e4d28d88daf@suse.com>

On 25/10/2019 13:09, Jan Beulich wrote:
> On 23.10.2019 15:58, Andrew Cooper wrote:
>> l1tf-barrier is an inappropriate name, and came about because of restrictions
>> on could be discussed publicly when the patches were proposed.
>>
>> In practice, it is for general Spectre v1 mitigations, and is necessary in all
>> cases.  An adversary which can control speculation in Xen can leak data in
>> cross-core (BCBS, etc) or remote (NetSpectre) scenarios - the problem is not
>> limited to just L1TF with HT active.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
>
>> In principle it should be tristate and being disabled by default on parts
>> which don't speculate, but it is too late in 4.13 to organise this.
> And the fundamental issue is correctly compiling the conditions under which
> to default to true and false respectively?

Yes.

> I ask because if it was not this
> then I wouldn't see what hindering factor there is to make this tristate
> right away.

Linux's NO_SPECULATION list is a start (if there is actually an
intersection with 64bit capable CPUs), but there are mitigating factors
on some later CPUs as well.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2019-10-29 17:00 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-23 13:58 [Xen-devel] [PATCH for-4.13 v3 0/7] Unbreak evaluate_nospec() and livepatching Andrew Cooper
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 1/7] x86/nospec: Two trivial fixes Andrew Cooper
2019-10-23 14:03   ` Jan Beulich
2019-10-23 14:43   ` Jürgen Groß
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 2/7] xen/nospec: Use always_inline to fix code gen for evaluate_nospec Andrew Cooper
2019-10-23 14:44   ` Jürgen Groß
2019-10-25 12:03   ` Jan Beulich
2019-10-25 12:10     ` Andrew Cooper
2019-10-25 12:34       ` Jan Beulich
2019-10-25 15:27         ` Andrew Cooper
2019-10-25 15:40           ` Jan Beulich
2019-10-25 21:56             ` Norbert Manthey
2019-10-28 17:05               ` Andrew Cooper
2019-10-29  8:25                 ` Norbert Manthey
2019-10-29 13:46                   ` Andrew Cooper
2019-10-29 14:03                     ` Jan Beulich
2019-10-29 14:16                       ` Andrew Cooper
2019-10-29 14:33                         ` Norbert Manthey
2019-10-29 16:53     ` Andrew Cooper
2019-10-30  8:33       ` Jan Beulich
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 3/7] xen/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_BRANCH Andrew Cooper
2019-10-23 14:45   ` Jürgen Groß
2019-10-25 12:04   ` Jan Beulich
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 4/7] x86/nospec: Rename and rework l1tf-barrier as branch-harden Andrew Cooper
2019-10-23 14:43   ` Jürgen Groß
2019-10-25 12:09   ` Jan Beulich
2019-10-29 17:00     ` Andrew Cooper [this message]
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 5/7] x86/livepatch: Fail the build if duplicate symbols exist Andrew Cooper
2019-10-23 14:46   ` Jürgen Groß
2019-10-23 16:14     ` Konrad Rzeszutek Wilk
2019-10-23 16:37   ` Ross Lagerwall
2019-10-24 12:03   ` Jan Beulich
2019-10-29 17:06     ` Andrew Cooper
2019-10-30  8:41       ` Jan Beulich
2019-10-30 10:37         ` Andrew Cooper
2019-10-30 11:21           ` Jan Beulich
2019-10-23 13:58 ` [Xen-devel] [PATCH for-next v3 6/7] x86/nospec: Move array_index_mask_nospec() into nospec.h Andrew Cooper
2019-10-25 12:10   ` Jan Beulich
2019-10-23 13:58 ` [Xen-devel] [PATCH v3 7/7] x86/nospec: Optimise array_index_mask_nospec() for power-of-2 arrays Andrew Cooper
2019-10-25 12:24   ` Jan Beulich
2019-10-25 12:58     ` Andrew Cooper
2019-10-25 13:25       ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b8fcf5ae-a97f-0f1e-c983-5b54908483bc@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=roger.pau@citrix.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.