From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 228E9C433DF for ; Tue, 16 Jun 2020 23:28:18 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E09F72078D for ; Tue, 16 Jun 2020 23:28:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="sDZiseqC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E09F72078D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlKzo-0003LI-Ja; Tue, 16 Jun 2020 23:28:00 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jlKzm-0003LD-W8 for xen-devel@lists.xenproject.org; Tue, 16 Jun 2020 23:27:59 +0000 X-Inumbo-ID: 0334a2f6-b029-11ea-bb8b-bc764e2007e4 Received: from mail.kernel.org (unknown [198.145.29.99]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 0334a2f6-b029-11ea-bb8b-bc764e2007e4; Tue, 16 Jun 2020 23:27:58 +0000 (UTC) Received: from localhost (c-67-164-102-47.hsd1.ca.comcast.net [67.164.102.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 654442078D; Tue, 16 Jun 2020 23:27:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592350077; bh=keyhVpc8dVr2vcXxFMMrlOclLA7NkXX0gWNtYmIEn/M=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=sDZiseqCPS96EjDjWsp2G+hSdqpLETKG7Wx2kXFeKugC1sJNF9I2FPvsRzgJtSeTD 6wcbD2VMkbbFXi2rlOaI4odC17MBKi/1RHNHwAQK1PmyOshf71u1+0bRgRUIYdknU8 lVl4zOtrKWw7T2Zo/N1R8OOvpXuM/qu5xhq+XQzI= Date: Tue, 16 Jun 2020 16:27:56 -0700 (PDT) From: Stefano Stabellini X-X-Sender: sstabellini@sstabellini-ThinkPad-T480s To: Andrew Cooper Subject: Re: [PATCH 2/2] xen/arm: Mitigate straight-line speculation for SMC call In-Reply-To: <7b21fb8d-915c-7d87-1777-b0ed0febddd2@citrix.com> Message-ID: References: <20200616175913.7368-1-julien@xen.org> <20200616175913.7368-3-julien@xen.org> <7b21fb8d-915c-7d87-1777-b0ed0febddd2@citrix.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323329-206843476-1592350077=:24982" X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Paul Durrant , Andre Przywara , Julien Grall , Bertrand Marquis , "Xen.org security team" , xen-devel , Volodymyr Babchuk , Julien Grall Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-206843476-1592350077=:24982 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Wed, 17 Jun 2020, Andrew Cooper wrote: > On 16/06/2020 22:57, Julien Grall wrote: > > On Tue, 16 Jun 2020 at 22:34, Stefano Stabellini wrote: > >> On Tue, 16 Jun 2020, Julien Grall wrote: > >>> From: Julien Grall > >>> > >>> SMC call will update some of registers (typically only x0) depending on > >> ^a SMC call > > An SMC call. > > >> > >>> the arguments provided. > >>> > >>> Some CPUs can speculate past a SMC instruction and potentially perform > >>> speculative access to emrmoy using the pre-call values before executing > >> ^ memory > >> > >>> the SMC. > >>> > >>> There is no known gadget available after the SMC call today. However > >>> some of the registers may contain values from the guest and are expected > >>> to be updated by the SMC call. > >>> > >>> In order to harden the code, it would be better to prevent straight-line > >>> speculation from an SMC. Architecturally executing the speculation > >> ^ a? any? > > "any" might be better. > > "an SMC" is correct, but "any" is also fine. > > 'a' vs 'an' is based on the sound of the following.  S in "S-M-C" as an > abbreviation starts with an 'e' vowel sound, unlike 's' in secure, so > the correct grammar is "an SMC" and "a secure monitor call". LOL! English sometimes... damn. Anyway, many thanks for the correction :-) --8323329-206843476-1592350077=:24982--