From: Norbert Manthey <nmanthey@amazon.de>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>, Tim Deegan <tim@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Dario Faggioli <dfaggioli@suse.com>,
Martin Pohlack <mpohlack@amazon.de>,
Pawel Wieczorkiewicz <wipawel@amazon.de>,
Julien Grall <julien.grall@arm.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Jan Beulich <jbeulich@suse.com>,
Martin Mazein <amazein@amazon.de>,
Bjoern Doebel <doebel@amazon.de>,
Norbert Manthey <nmanthey@amazon.de>
Subject: [PATCH L1TF v10 3/8] is_control_domain: block speculation
Date: Thu, 14 Mar 2019 13:50:06 +0100 [thread overview]
Message-ID: <1552567811-5301-4-git-send-email-nmanthey@amazon.de> (raw)
In-Reply-To: <1552567811-5301-1-git-send-email-nmanthey@amazon.de>
Checks of domain properties, such as is_hardware_domain or is_hvm_domain,
might be bypassed by speculatively executing these instructions. A reason
for bypassing these checks is that these macros access the domain
structure via a pointer, and check a certain field. Since this memory
access is slow, the CPU assumes a returned value and continues the
execution.
In case an is_control_domain check is bypassed, for example during a
hypercall, data that should only be accessible by the control domain could
be loaded into the cache.
This is part of the speculative hardening effort.
Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
xen/include/xen/sched.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -913,10 +913,10 @@ void watchdog_domain_destroy(struct domain *d);
* (that is, this would not be suitable for a driver domain)
* - There is never a reason to deny the hardware domain access to this
*/
-#define is_hardware_domain(_d) ((_d) == hardware_domain)
+#define is_hardware_domain(_d) evaluate_nospec((_d) == hardware_domain)
/* This check is for functionality specific to a control domain */
-#define is_control_domain(_d) ((_d)->is_privileged)
+#define is_control_domain(_d) evaluate_nospec((_d)->is_privileged)
#define VM_ASSIST(d, t) (test_bit(VMASST_TYPE_ ## t, &(d)->vm_assist))
--
2.7.4
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-03-14 12:53 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-14 12:50 L1TF Patch Series v10 Norbert Manthey
2019-03-14 12:50 ` [PATCH L1TF v10 1/8] spec: add l1tf-barrier Norbert Manthey
2019-03-14 12:50 ` [PATCH L1TF v10 2/8] nospec: introduce evaluate_nospec Norbert Manthey
2019-03-14 13:19 ` Jan Beulich
2019-03-14 13:21 ` Norbert Manthey
2019-03-14 12:50 ` Norbert Manthey [this message]
2019-03-14 12:50 ` [PATCH L1TF v10 4/8] is_hvm/pv_domain: block speculation Norbert Manthey
2019-04-05 15:34 ` Andrew Cooper
2019-04-05 15:34 ` [Xen-devel] " Andrew Cooper
2019-04-05 18:29 ` Norbert Manthey
2019-04-05 18:29 ` [Xen-devel] " Norbert Manthey
2019-04-05 18:38 ` Andrew Cooper
2019-04-05 18:38 ` [Xen-devel] " Andrew Cooper
2019-04-08 9:19 ` Jan Beulich
2019-04-08 9:19 ` [Xen-devel] " Jan Beulich
2019-03-14 12:50 ` [PATCH L1TF v10 5/8] common/memory: block speculative out-of-bound accesses Norbert Manthey
2019-03-14 12:50 ` [PATCH L1TF v10 6/8] x86/hvm: add nospec to hvmop param Norbert Manthey
2019-03-14 12:50 ` [PATCH L1TF v10 7/8] common/grant_table: block speculative out-of-bound accesses Norbert Manthey
2019-03-29 17:11 ` Jan Beulich
2019-05-20 14:27 ` Norbert Manthey
2019-05-20 14:27 ` [Xen-devel] " Norbert Manthey
2019-05-21 9:41 ` Jan Beulich
2019-05-21 9:41 ` [Xen-devel] " Jan Beulich
2019-03-14 12:50 ` [PATCH L1TF v10 8/8] common/domain: " Norbert Manthey
2019-03-14 13:20 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552567811-5301-4-git-send-email-nmanthey@amazon.de \
--to=nmanthey@amazon.de \
--cc=George.Dunlap@eu.citrix.com \
--cc=amazein@amazon.de \
--cc=andrew.cooper3@citrix.com \
--cc=dfaggioli@suse.com \
--cc=doebel@amazon.de \
--cc=dwmw@amazon.co.uk \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=julien.grall@arm.com \
--cc=konrad.wilk@oracle.com \
--cc=mpohlack@amazon.de \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=wipawel@amazon.de \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).