From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
Date: Tue, 16 Jan 2018 09:25:14 -0500 [thread overview]
Message-ID: <7a2cb3f0-bd3e-5785-43fb-59bbd4fd446f@oracle.com> (raw)
In-Reply-To: <aea3d46f-2577-eada-efd9-a131518187d8@citrix.com>
On 01/16/2018 09:13 AM, Andrew Cooper wrote:
> On 16/01/18 14:10, Boris Ostrovsky wrote:
>> On 01/12/2018 01:01 PM, Andrew Cooper wrote:
>>>
>>> + if ( boot_cpu_has(X86_FEATURE_IBRSB) )
>>> + {
>>> + /*
>>> + * Even if we've chosen to not have IBRS set in Xen context, we still
>>> + * need the IBRS entry/exit logic to virtualise IBRS support for
>>> + * guests.
>>> + */
>>> + if ( ibrs )
>>> + setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_SET);
>>> + else
>>> + setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_CLEAR);
>>> + }
>>>
>> Are you going to add support for Intel's "Enhanced IBRS" (I think that's
>> what they call the "always on" mode")?
> I'm not going to touch IBRS_ATT mode until I've got an SDP to develop
> against.
>
> Given how many times the IBRS_ATT spec has changed already, I have
> little confidence that it will remain unchanged right to the eventual
> hardware arrives.
I don't know if you are aware of it (I learned about this doc on Sunday) but
https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
(Not part of the SDM but still, an official specification. For a change.)
-boris
-boris
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-16 14:25 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-12 18:00 [PATCH v8 00/17] x86: Mitigations for SP2/CVE-2017-5715/Branch Target Injection Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 01/17] x86: Support compiling with indirect branch thunks Andrew Cooper
2018-01-14 19:48 ` David Woodhouse
2018-01-15 0:00 ` Andrew Cooper
2018-01-15 4:11 ` Konrad Rzeszutek Wilk
2018-01-15 10:14 ` Jan Beulich
2018-01-15 10:40 ` Andrew Cooper
2018-01-15 10:48 ` Jan Beulich
2018-01-12 18:00 ` [PATCH v8 02/17] x86: Support indirect thunks from assembly code Andrew Cooper
2018-01-15 10:28 ` Jan Beulich
2018-01-16 13:55 ` Andrew Cooper
2018-01-16 14:00 ` Jan Beulich
2018-02-04 10:57 ` David Woodhouse
2018-02-05 8:56 ` Jan Beulich
2018-01-12 18:00 ` [PATCH v8 03/17] x86/boot: Report details of speculative mitigations Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 04/17] x86/amd: Try to set lfence as being Dispatch Serialising Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 05/17] x86: Introduce alternative indirect thunks Andrew Cooper
2018-01-15 10:53 ` Jan Beulich
2018-01-12 18:00 ` [PATCH v8 06/17] x86/feature: Definitions for Indirect Branch Controls Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 07/17] x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IBPB Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 08/17] x86/msr: Emulation of MSR_{SPEC_CTRL, PRED_CMD} for guests Andrew Cooper
2018-01-16 11:10 ` David Woodhouse
2018-01-16 16:58 ` Andrew Cooper
2018-01-17 9:11 ` Jan Beulich
2018-01-17 9:39 ` Andrew Cooper
2018-01-12 18:00 ` [PATCH v8 09/17] x86/migrate: Move MSR_SPEC_CTRL on migrate Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 10/17] x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL, PRED_CMD} Andrew Cooper
2018-01-15 11:11 ` Jan Beulich
2018-01-15 16:02 ` Boris Ostrovsky
2018-01-16 0:39 ` Tian, Kevin
2018-01-12 18:01 ` [PATCH v8 11/17] x86: Protect unaware domains from meddling hyperthreads Andrew Cooper
2018-01-15 11:26 ` Jan Beulich
2018-01-16 21:11 ` Andrew Cooper
2018-01-17 8:40 ` Jan Beulich
2018-01-17 8:43 ` Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 12/17] x86/entry: Organise the use of MSR_SPEC_CTRL at each entry/exit point Andrew Cooper
2018-01-15 12:09 ` Jan Beulich
2018-01-16 21:24 ` Andrew Cooper
2018-01-17 8:47 ` Jan Beulich
2018-01-17 9:25 ` Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use Andrew Cooper
2018-01-16 14:10 ` Boris Ostrovsky
2018-01-16 14:13 ` Andrew Cooper
2018-01-16 14:25 ` Boris Ostrovsky [this message]
2018-01-16 15:12 ` Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 14/17] x86/entry: Clobber the Return Stack Buffer/Return Address Stack on entry to Xen Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 15/17] x86/ctxt: Issue a speculation barrier between vcpu contexts Andrew Cooper
2018-01-15 12:54 ` David Woodhouse
2018-01-15 13:02 ` Andrew Cooper
2018-01-15 13:23 ` David Woodhouse
2018-01-15 21:39 ` David Woodhouse
2018-01-17 17:26 ` David Woodhouse
2018-01-18 9:12 ` David Woodhouse
2018-01-12 18:01 ` [PATCH v8 16/17] x86/cpuid: Offer Indirect Branch Controls to guests Andrew Cooper
2018-01-12 18:01 ` [PATCH v8 17/17] x86/idle: Clear SPEC_CTRL while idle Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a2cb3f0-bd3e-5785-43fb-59bbd4fd446f@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).