All of lore.kernel.org
 help / color / mirror / Atom feed
From: Norbert Manthey <nmanthey@amazon.de>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>, Tim Deegan <tim@xen.org>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>,
	Dario Faggioli <dfaggioli@suse.com>,
	Martin Pohlack <mpohlack@amazon.de>,
	Pawel Wieczorkiewicz <wipawel@amazon.de>,
	Julien Grall <julien.grall@arm.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	Jan Beulich <jbeulich@suse.com>,
	Martin Mazein <amazein@amazon.de>,
	Julian Stecklina <jsteckli@amazon.de>,
	Bjoern Doebel <doebel@amazon.de>,
	Norbert Manthey <nmanthey@amazon.de>
Subject: SpectreV1+L1TF Patch Series v7
Date: Thu, 21 Feb 2019 09:16:34 +0100	[thread overview]
Message-ID: <1550737003-25779-1-git-send-email-nmanthey@amazon.de> (raw)

Dear all,

This patch series attempts to mitigate the issue that have been raised in the
XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html), namely to avoid
touching memory from the hypervisor speculatively that would not be touched
without speculation. To block speculative execution on Intel hardware, an
lfence instruction is required to make sure that selected checks are not
bypassed. Speculative out-of-bound accesses can be prevented by using the
array_index_nospec macro.

The major changes between v6 and v7 of this series are preferring the lfence
instruction to block speculation over updating variables. Furthermore, when
patching in the lfence instruction automatically, the setting of smt and l1d
flushing are taken into account.

Best,
Norbert




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

             reply	other threads:[~2019-02-21  8:19 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-21  8:16 Norbert Manthey [this message]
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 1/9] xen/evtchn: block speculative out-of-bound accesses Norbert Manthey
2019-02-22 13:00   ` Jan Beulich
2019-02-25 12:45     ` Norbert Manthey
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 2/9] x86/vioapic: " Norbert Manthey
2019-02-22 13:02   ` Jan Beulich
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 3/9] spec: add l1tf-barrier Norbert Manthey
2019-02-22 13:13   ` Jan Beulich
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 4/9] nospec: introduce evaluate_nospec Norbert Manthey
2019-02-21  9:47   ` Julien Grall
2019-02-22 13:17   ` Jan Beulich
2019-02-25  8:18     ` Norbert Manthey
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 5/9] is_control_domain: block speculation Norbert Manthey
2019-02-22 13:19   ` Jan Beulich
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 6/9] is_hvm/pv_domain: " Norbert Manthey
2019-02-22 13:20   ` Jan Beulich
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 7/9] common/memory: block speculative out-of-bound accesses Norbert Manthey
2019-02-22 12:55   ` Jan Beulich
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 8/9] x86/hvm: add nospec to hvmop param Norbert Manthey
2019-02-22 14:39   ` Jan Beulich
2019-02-25  8:13     ` Norbert Manthey
2019-02-21  8:16 ` [PATCH SpectreV1+L1TF v7 9/9] common/grant_table: block speculative out-of-bound accesses Norbert Manthey
2019-02-22 15:08   ` Jan Beulich
2019-02-25  9:58     ` Norbert Manthey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1550737003-25779-1-git-send-email-nmanthey@amazon.de \
    --to=nmanthey@amazon.de \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=amazein@amazon.de \
    --cc=andrew.cooper3@citrix.com \
    --cc=dfaggioli@suse.com \
    --cc=doebel@amazon.de \
    --cc=dwmw@amazon.co.uk \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=jsteckli@amazon.de \
    --cc=julien.grall@arm.com \
    --cc=konrad.wilk@oracle.com \
    --cc=mpohlack@amazon.de \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=wipawel@amazon.de \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.