[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH SpectreV1+L1TF v6 6/9] is_control_domain: block speculation



>>> On 08.02.19 at 14:44, <nmanthey@xxxxxxxxx> wrote:
> Checks of domain properties, such as is_hardware_domain or is_hvm_domain,
> might be bypassed by speculatively executing these instructions. A reason
> for bypassing these checks is that these macros access the domain
> structure via a pointer, and check a certain field. Since this memory
> access is slow, the CPU assumes a returned value and continues the
> execution.
> 
> In case an is_control_domain check is bypassed, for example during a
> hypercall, data that should only be accessible by the control domain could
> be loaded into the cache.
> 
> Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx>
> 
> ---
> 
> Notes:
>   v6: Drop nospec.h include

And this was because of what? I think it is good practice to include
other headers which added definitions rely on, even if in practice
_right now_ that header gets included already by other means. If
there's some recursion in header dependencies, then it would have
been nice if you had pointed out the actual issue.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.