[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Wed, 1 Jul 2020 14:26:49 +0200
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 01 Jul 2020 12:26:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01.07.2020 13:58, Andrew Cooper wrote:
> Some x86 CPUs speculatively execute beyond indirect CALL/JMP instructions.
> 
> With CONFIG_INDIRECT_THUNK / Retpolines, indirect CALL/JMP instructions are
> converted to direct CALL/JMP's to __x86_indirect_thunk_REG(), leaving just a
> handful of indirect JMPs implementing those stubs.
> 
> There is no architectrual execution beyond an indirect JMP, so use INT3 as
> recommended by vendors to halt speculative execution.  This is shorter than
> LFENCE (which would also work fine), but also shows up in logs if we do
> unexpected execute them.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Follow-Ups:
- RE: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation
  - From: Paul Durrant

References:
- [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation
  - From: Andrew Cooper

Prev by Date: Re: [PATCH 2/2] xen: cleanup unrealized flash devices
Next by Date: Re: [PATCH 2/2] xen: cleanup unrealized flash devices
Previous by thread: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation
Next by thread: RE: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP straight-line speculation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.