Xen project Mailing List

[Xen-devel] [PATCH v3 3/7] xen/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_BRANCH

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 23 Oct 2019 14:58:08 +0100

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Juergen Gross <jgross@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 23 Oct 2019 13:58:50 +0000

Ironport-sdr: Oqg7ArGFovo4VN3zwplE5kHzvNxilR4s3Iki7cNFojzHlzsKnU8Uz8Wgl9nsw4o/6RFANKVjp2 8FM+ulurQ+Q+4HcA2D9YjH5SoaP12zBzvjDparzADqzBgVEQNhwVCQtPXX60gYd0iGNh63PZ1M 05e7syCUyo0HZDB2bEX5iTbCP6jlpxSbsT323tQIJFxzSEVrpwk+cxuBt/YehSK/xgvz+5zVWt 30OBSR1vEI844AljV55N2tARmRJJEDKVgfW+tpAdVVtmPxnxCBoFUuFMEWWLYFLUtyB0f0IHon 9KE=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Just as with CONFIG_SPECULATIVE_HARDEN_ARRAY, branch hardening should be configurable at compile time. The previous CONFIG_HVM was a consequence of what could be discussed publicly at the time the patches were submitted, and wasn't actually correct. Later patches will make further corrections. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Wei Liu <wl@xxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Juergen Gross <jgross@xxxxxxxx> v3: * Reduce to just the Kconfig option. Split other changes out into separate patches. v2: * Expand the commit message to describe how the generated code is broken. * Rename to CONFIG_SPECULATIVE_HARDEN_BRANCH * Switch alternative() to asm() * Fix a comment typo --- xen/common/Kconfig | 23 +++++++++++++++++++++++ xen/include/asm-x86/nospec.h | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 7b5dd9d495..c9e671869e 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -102,6 +102,29 @@ config SPECULATIVE_HARDEN_ARRAY If unsure, say Y. +config SPECULATIVE_HARDEN_BRANCH + bool "Speculative Branch Hardening" + default y + depends on X86 + ---help--- + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of misbehaviour is by executing the wrong basic block + following a conditional jump. + + When enabled, specific conditions which have been deemed liable to + be speculatively abused will be hardened to avoid entering the wrong + basic block. + + This is a best-effort mitigation. There are no guarantees that all + areas of code open to abuse have been hardened, nor that + optimisations in the compiler haven't subverted the attempts to + harden. + + If unsure, say Y. + endmenu config KEXEC diff --git a/xen/include/asm-x86/nospec.h b/xen/include/asm-x86/nospec.h index 427b5ff9df..154e92aed8 100644 --- a/xen/include/asm-x86/nospec.h +++ b/xen/include/asm-x86/nospec.h @@ -9,7 +9,7 @@ /* Allow to insert a read memory barrier into conditionals */ static always_inline bool barrier_nospec_true(void) { -#ifdef CONFIG_HVM +#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH alternative("", "lfence", X86_FEATURE_SC_L1TF_VULN); #endif return true; -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.