[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Setting constant-time mode CPU flag

To: Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 1 Sep 2022 22:05:09 -0400
Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Fri, 02 Sep 2022 02:05:27 +0000
Feedback-id: iac594737:Fastmail
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in
a CPU register to enforce constant-time execution.  Linux plans to set
this bit by default; Xen should do the same.  See
https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details.
I recommend setting the bit unconditionally and ignoring guest attempts
to change it.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: Setting constant-time mode CPU flag
  - From: Bertrand Marquis
- Re: Setting constant-time mode CPU flag
  - From: Jan Beulich

Prev by Date: Re: [PATCH v6 5/9] xen/arm: Add additional reference to owner domain when the owner is allocated
Next by Date: Re: [PATCH 0/7] Fix MISRA C 2012 Rule 20.7 violations
Previous by thread: [linux-5.4 test] 172914: regressions - FAIL
Next by thread: Re: Setting constant-time mode CPU flag
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.