From nobody Tue Nov 11 07:30:06 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1569867960; cv=none; d=zoho.com; s=zohoarc; b=ZLrjEM8GG/o8kOtkzdQJPGm1UBaFndXzdNv1oB0YHceddkEKnGNaFIWvTHex4sqRXAUJPW14jATAfP2D6HMLspEcQtWF0vuJ2M3AzH+GRBd29GAtWIyo8m8JSzuZCVI+Fd6v4RO0LDGcbBOAsakkLNghqE1y199Wm3Y5HUPLrxw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569867960; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=wwQZVkX3zNKw+sUqVEYyr3QndQ+8P3LMIeggxZoI1dA=; b=h5r8ajY1l78DJGU3Y1FgwU5ThAK6taXGVBj8WPNJ4BoI1f8xKqX9GcBkL2ZAZe0jP/XfB1ACy07SUbZBlcApijhb5tG6pSdt124jEQyYLU9ZE/F3gBnmjbG2Ia4rt2wyB18p2l0Lyz+k6qpEZTWR8HtZh5devpPXJnBoTBRE2VE= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1569867960298267.5530489966775; Mon, 30 Sep 2019 11:26:00 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iF0Lp-0000by-Lj; Mon, 30 Sep 2019 18:24:49 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iF0Lo-0000bi-H4 for xen-devel@lists.xenproject.org; Mon, 30 Sep 2019 18:24:48 +0000 Received: from esa4.hc3370-68.iphmx.com (unknown [216.71.155.144]) by localhost (Halon) with ESMTPS id 92e68514-e3af-11e9-97fb-bc764e2007e4; Mon, 30 Sep 2019 18:24:43 +0000 (UTC) X-Inumbo-ID: 92e68514-e3af-11e9-97fb-bc764e2007e4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1569867883; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=XMdyn+lWoVrfKRvIL6B/G/OTZrSTH2mFHxDVJXSSADk=; b=XNbdCtKc0O/z96yLRNC0bYy8PL+gqQVJSanimJz1FAfMNPtaTYg1DJxO mgZpjurobcrL8bjjpeptqNhPaqXLEYvgchN8EEqhDFuksNfGApkzcIwbY a9SUCS6RaOsSJ32/6FNE1B+eYiHxmhpIZHqRDZFgyPhIsgsN7qglAebsL E=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa4.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: nXe/XpJHLVinRkvDT26EflYdgPqJ6k4MG41OPO9NrDLP0GIc5wwtj7ksK0MT8z615OaM+bV1gt AAYrt+66X7TPhhJH68xzQocxT+SAEq1cVTp2t73QM6HFNjTUN66k6u0RPT2qJ9S+wMV0jh6Cjy xOaOd9euDd/Kdxvly6k9rqHbf8fQCMZy1YxWAOpLQZuIZe5XEj8KrwIf3lAGA8l3rDiPitgKlQ CRINQ7dQcsMXWWMdFUG1v+3mzROTMt9TVE9BtjFVHLKkLX3RH8/ZDlylzF1MiTdeAcc8n+uRCF txQ= X-SBRS: 2.7 X-MesageID: 6621883 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,568,1559534400"; d="scan'208";a="6621883" From: Andrew Cooper To: Xen-devel Date: Mon, 30 Sep 2019 19:24:36 +0100 Message-ID: <20190930182437.25478-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190930182437.25478-1-andrew.cooper3@citrix.com> References: <20190930182437.25478-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH for-4.13 1/2] xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Andrew Cooper , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) There are legitimate circumstance where array hardening is not wanted or needed. Allow it to be turned off. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Juergen Gross --- xen/common/Kconfig | 21 +++++++++++++++++++++ xen/include/xen/nospec.h | 12 ++++++++++++ 2 files changed, 33 insertions(+) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 16829f6274..9644cc9911 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -77,6 +77,27 @@ config HAS_CHECKPOLICY string option env=3D"XEN_HAS_CHECKPOLICY" =20 +menu "Speculative hardening" + +config SPECULATIVE_ARRAY_HARDEN + bool "Speculative Array Hardening" + default y + ---help--- + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via speculative out-of-bounds array + accesses. + + When enabled, specific array accesses which have been deemed liable + to be speculatively abused will be hardened to avoid out-of-bounds + accesses. + + If unsure, say Y. + +endmenu + config KEXEC bool "kexec support" default y diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h index 2ac8feccc2..e627a4da52 100644 --- a/xen/include/xen/nospec.h +++ b/xen/include/xen/nospec.h @@ -33,6 +33,7 @@ static inline unsigned long array_index_mask_nospec(unsig= ned long index, } #endif =20 +#ifdef CONFIG_SPECULATIVE_ARRAY_HARDEN /* * array_index_nospec - sanitize an array index after a bounds check * @@ -58,6 +59,17 @@ static inline unsigned long array_index_mask_nospec(unsi= gned long index, \ (typeof(_i)) (_i & _mask); \ }) +#else +/* No index hardening. */ +#define array_index_nospec(index, size) \ +({ \ + typeof(index) _i =3D (index); \ + typeof(size) _s =3D (size); \ + \ + (void)_s; \ + _i; \ +}) +#endif /* CONFIG_SPECULATIVE_ARRAY_HARDEN */ =20 /* * array_access_nospec - allow nospec access for static size arrays --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel