[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH for-4.13 1/2] xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 30 Sep 2019 19:24:36 +0100
Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
Cc: Juergen Gross <jgross@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 30 Sep 2019 18:24:49 +0000
Ironport-sdr: nXe/XpJHLVinRkvDT26EflYdgPqJ6k4MG41OPO9NrDLP0GIc5wwtj7ksK0MT8z615OaM+bV1gt AAYrt+66X7TPhhJH68xzQocxT+SAEq1cVTp2t73QM6HFNjTUN66k6u0RPT2qJ9S+wMV0jh6Cjy xOaOd9euDd/Kdxvly6k9rqHbf8fQCMZy1YxWAOpLQZuIZe5XEj8KrwIf3lAGA8l3rDiPitgKlQ CRINQ7dQcsMXWWMdFUG1v+3mzROTMt9TVE9BtjFVHLKkLX3RH8/ZDlylzF1MiTdeAcc8n+uRCF txQ=
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

There are legitimate circumstance where array hardening is not wanted or
needed.  Allow it to be turned off.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Juergen Gross <jgross@xxxxxxxx>
---
 xen/common/Kconfig       | 21 +++++++++++++++++++++
 xen/include/xen/nospec.h | 12 ++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 16829f6274..9644cc9911 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -77,6 +77,27 @@ config HAS_CHECKPOLICY
        string
        option env="XEN_HAS_CHECKPOLICY"
 
+menu "Speculative hardening"
+
+config SPECULATIVE_ARRAY_HARDEN
+       bool "Speculative Array Hardening"
+       default y
+       ---help---
+         Contemporary processors may use speculative execution as a
+         performance optimisation, but this can potentially be abused by an
+         attacker to leak data via speculative sidechannels.
+
+         One source of data leakage is via speculative out-of-bounds array
+         accesses.
+
+         When enabled, specific array accesses which have been deemed liable
+         to be speculatively abused will be hardened to avoid out-of-bounds
+         accesses.
+
+         If unsure, say Y.
+
+endmenu
+
 config KEXEC
        bool "kexec support"
        default y
diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h
index 2ac8feccc2..e627a4da52 100644
--- a/xen/include/xen/nospec.h
+++ b/xen/include/xen/nospec.h
@@ -33,6 +33,7 @@ static inline unsigned long array_index_mask_nospec(unsigned 
long index,
 }
 #endif
 
+#ifdef CONFIG_SPECULATIVE_ARRAY_HARDEN
 /*
  * array_index_nospec - sanitize an array index after a bounds check
  *
@@ -58,6 +59,17 @@ static inline unsigned long array_index_mask_nospec(unsigned 
long index,
                                                                         \
     (typeof(_i)) (_i & _mask);                                          \
 })
+#else
+/* No index hardening. */
+#define array_index_nospec(index, size)                                 \
+({                                                                      \
+    typeof(index) _i = (index);                                         \
+    typeof(size) _s = (size);                                           \
+                                                                        \
+    (void)_s;                                                           \
+    _i;                                                                 \
+})
+#endif /* CONFIG_SPECULATIVE_ARRAY_HARDEN */
 
 /*
  * array_access_nospec - allow nospec access for static size arrays
-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options for speculative hardening
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options for speculative hardening
Next by Date: [Xen-devel] [PATCH for-4.13 2/2] xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it
Previous by thread: [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options for speculative hardening
Next by thread: [Xen-devel] [PATCH for-4.13 2/2] xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.