Xen project Mailing List

Re: Setting constant-time mode CPU flag

To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 13 Sep 2022 16:47:24 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JieG0+yjczxZII7mkixQScW6qARtcfxGwTOvp1NNMqU=; b=lRCo6iF4hQ1lz5vXzhc6i2W12fBzUth0w9+ondaKpSsBTWgBRk8xuI2YgPky4nN+KaNqP5Tpk3U6FmGTReh3q2GP8I/4ejVGccoPHYgAeKQlyg+374vkgwfrF58AJ0AGJ4DoFht2RDuAF77DfEKAYS2YYebTIes40CB3KvKE/eer03WfzAZhf0kPZ6Qf4U36gTfhdSe5C0zhrC4FqNH1Ax7xlvfwl4+r7XEAIYG8axp95cozY+mWPIkYtNVhWHC2D3EF5oELXMxzgMvaln/Uxf7bLNf/VPuTeCBdYqK5EjqMeRfA2YdcPJ6dhSumJU8+vLHdEI1PovxJMMN1Nr5Avg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OLb4FRFVjkm3VUH2JaTV4yzZzEwCWUpwjEu/k60dg7kCJmRQtm6Wg41Vnd2UOWp92EpD1ywrZF/3CVmCW2oAH/r+2aOFybuNti5yx1tVR1T81AGI/zTa14tCbs+zZEF8YxxMj+9QmYfU0VCZJa37SNQvKclaQP9tN1O4flEvgQ+IvID42eHlDF43PHG+xTV3BWh8mzpJsZKk72V4HyQQaE4TSlAwSppkw30cwNu+3ukGtMLWCmhntroRhNk8JpGspv5umOuLPqMw49VqdJvx1uicCsx5ZUWt2gWIFfljJ7rru3ttJvejPiCAD0n650wVgo/RVWI5OHQUzGcOQu/Eog==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Delivery-date: Tue, 13 Sep 2022 14:47:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.09.2022 16:22, Demi Marie Obenour wrote: > On Tue, Sep 06, 2022 at 10:01:00AM +0000, Andrew Cooper wrote: >> On 06/09/2022 10:52, Jan Beulich wrote: >>> On 02.09.2022 04:05, Demi Marie Obenour wrote: >>>> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in >>>> a CPU register to enforce constant-time execution. Linux plans to set >>>> this bit by default; Xen should do the same. See >>>> https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details. >>>> I recommend setting the bit unconditionally and ignoring guest attempts >>>> to change it. >>> I don't think we ought to set it by default; I can see reasons why kernels >>> may want to set it by default (providing a way to turn it off). In Xen >>> what I think we need is exposure of the bit to be guest-controllable. >> >> We absolutely should not have it set by default. It's a substantial >> overhead for something that is only applicable to code which otherwise >> crafted to be constant-time. > > Either Xen needs to set the bit by default, or guests need to both know > the bit needs to be set and be able set it. Otherwise code that *is* > intended to be constant-time has no way to protect itself. > >> As for why Xen doesn't enumerate/virtualise it, that's because >> virtualising MSR_ARCH_CAPS for guests is still not working yet, so the >> feature can't be enumerated yet even if we did support context switching it. > > Intel and ARM64 guarantee that CPUs that do not enumerate this flag > behave as if it is set unconditionally. I'm not qualified to talk about the Arm side, but may I ask what you've derived this statement from for Intel? The doc page referenced by the link you did provide (still in context above) specifically further links to a page listing instruction with data operand independent timing. All other instructions, as I conclude, have variable timing unless the bit in ARCH_CAPS enumerates DOITM and then the new MSR bit (of the same name) is set. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.