[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting constant-time mode CPU flag

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 6 Sep 2022 10:01:00 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YY/6obn/oZCyp1UymDaXYf+htUl6d+AT8k5qFf412T0=; b=Zo831SaqRQG/svZo2KUJ3CGRR5qUe5YumsyfcasHUhHYSsEFpb3o273bK81lyxscTcT5dFI7+QAwwZ9zD3uqQh6g4DdhCcjRKlM1LwMjv5c/BUgeM1OEo34tRYr/t/KpId3qLvZhkl1EVuUQ0zHRJDc/d6AIvFAmdyIYiwGoSl3iFFS+vHELjYYqLXQOmFlZOBQ7BPKcOQcci6QpN3D1haHqze7BeC9w6TzusCQ5AEtYjmFrE9ukA0G+mKQJdejMSsIEe0XRJu2dyDchQFaDxrmZSxZPworsBr4xCqe4WPW9umAKEy3nplMRE3/72OU1BnDuUQxeuVnquEY3X6WPhg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RbNMt1NUVAIYSyZbOyeXvjSDBJkmo4uktvvsjiD2bxkocKrDf0Q0ehFduniCRMzeRU8oPHRqLLSBzNqJclB77MS0CiYJTwxN8vleI4bsk560w6TGOX/pUYcsh8CufdMf5GYVeZGEiXaKyggr6njKPz0b/m4cv7ekmoLWBD2OYEov4K2SYOJ0nk2GCeJhjGAPSXeJHvlVthGOJxiZRT7D7Ap+mgfm9kWUf/PT2F5U1FowML53wTmPiotoi+Jb/Z6tGSpoiX+kxXpnqvK/QD3wTOn3wz+E2F2suLB2PLzWAkwlC0B1zZkV+84avcDYr/edY0frSZH6oVGU6pIeK6lGCg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 06 Sep 2022 21:50:42 +0000
  • Ironport-data: A9a23:n/0RGazVOzkECeXagU56t+fexyrEfRIJ4+MujC+fZmUNrF6WrkVUn GIWXGvSO/3eMWH1eosgYYXloU4PsZSEmNZnSQo5/iAxQypGp/SeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv676yEUOZigHtLUEPTDNj16WThqQSIgjQMLs+Mii8tjjMPR7zml4 LsemOWCfg7+s9JIGjhMsfjb+Usx5K2aVA4w5TTSW9ga5DcyqFFNZH4vDfnZB2f1RIBSAtm7S 47rpF1u1jqEl/uFIorNfofTKiXmcJaLVeS9oiM+t5yZqgpDvkQPPpMTb5LwX6v1ZwKhxLidw P0V3XC5pJxA0qfkwIzxWDEAe81y0DEvFBYq7hFTvOTKp3AqfUcAzN0tCGo3AKc/5t9zLmNWt qVCcxEibUiM0rfeLLKTEoGAh+wFBeyzZsYknCglyjvUS/E7XZrEXqPGo8dC2ys9jdxPGvCYY NcFbT1ob1LLZBgn1lU/Ucpi2rv3wCSgNWEJwL6WjfNfD2z75Qp9yrXydvHSfcSHX559lUeEv GPWuW/+B3n2MfTPk2HYqCry2ocjmwvUBJM7RLSRy8d6p2Sr1EA9ViIGUwOC9KzRZkmWHog3x 1Yv0igkoLU29UerZsLgRBD+q3mB1jYQVt9RO+w89gCWy6DQ7hqZB24LVTpIYpots8pebTkjz FqAhd7qLT1prryOSHiZ+6uUrDW9IiwcJykJYipsZRAE5t7liIA1kBPUT9xnHbK1j9v6AjX5y XaBqy1Wr6Uei4sH2ru2+XjDgimwvd7ZQwgt/ALVU2m5qARja+aYi5eA7FHa6bNbKt+QSFCE5 CIAg5LGsLFICoyRniuQRulLBKuu+/uOLDzbhxhoAoUl8DOuvXWkeOi8/Q1DGaugCe5cEReBX aMZkVo5CEN7VJdyUZJKXg==
  • Ironport-hdrordr: A9a23:7d7LNap4kYpiOcs5s6YD4zUaV5rUeYIsimQD101hICG9Ffbo7v xG/c566faaskd1ZJhNo7+90cq7MBDhHPxOkO0s1N6ZNWGM0gbFEGgF1+XfKlbbakrDH4BmtJ uIC5IOauEYdmIK6/rS0U2ACNAnz8CA8Ke0wcnj71oFd3ARV4hQqz5jDACVC0t3QxQDI6EYOt 6z2uprzgDQAkj+SKyAdwU4tiz41qD2vaOjXx8HGhJiwDWyrFqTmcbHLyQ=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYvnB5EClBFIJhzEiMDRLhBKntOK3SL8OAgAACfIA=
  • Thread-topic: Setting constant-time mode CPU flag
On 06/09/2022 10:52, Jan Beulich wrote:
> On 02.09.2022 04:05, Demi Marie Obenour wrote:
>> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in
>> a CPU register to enforce constant-time execution.  Linux plans to set
>> this bit by default; Xen should do the same.  See
>> https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details.
>> I recommend setting the bit unconditionally and ignoring guest attempts
>> to change it.
> I don't think we ought to set it by default; I can see reasons why kernels
> may want to set it by default (providing a way to turn it off). In Xen
> what I think we need is exposure of the bit to be guest-controllable.

We absolutely should not have it set by default.  It's a substantial
overhead for something that is only applicable to code which otherwise
crafted to be constant-time.

As for why Xen doesn't enumerate/virtualise it, that's because
virtualising MSR_ARCH_CAPS for guests is still not working yet, so the
feature can't be enumerated yet even if we did support context switching it.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.