From nobody Mon Feb 9 23:01:40 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1571839192; cv=none; d=zoho.com; s=zohoarc; b=GFEovMiUEi/phtiuAVhB7tF2seQA4SuZ9YgiWCWqUA3lolYnuq40/QGrOzMqwkpSIB6tvxP6HsQjd1m8EiUfvKIlmsX6LFcpR50hjn5V7SSU6KyLzmTnujCFYi1yqGGiGjuzyNGwESCGLYfda+qpJbKwTxGJEVwCT9tw4XY+XIg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1571839192; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Cy0JgbZXtYGg4i5t1X1KEBcbVZfes/PKPJYiQ5jcDrY=; b=KfCEjdad+LVhqpmP1SbIH5RbzL2kCaNew/e2eqS8U9RxxJ1afjd1Axv1vIBdslU5md99owDi/ak/dGO0rtQMzlufKCyocIHXeWMETtGrag1VEU0HFOVnkB4wmS7kmh9DE9JQVNNUeEmWgL97499LpR080Mh2h0rjZUjUNySYbQg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1571839192058657.687343700412; Wed, 23 Oct 2019 06:59:52 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iNHA2-0004xW-OM; Wed, 23 Oct 2019 13:58:50 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iNHA1-0004wW-OJ for xen-devel@lists.xenproject.org; Wed, 23 Oct 2019 13:58:49 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 337549d0-f59d-11e9-947f-12813bfff9fa; Wed, 23 Oct 2019 13:58:33 +0000 (UTC) X-Inumbo-ID: 337549d0-f59d-11e9-947f-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1571839114; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PO96FHxwZQffDGMSm7nUzZRMEcvgaDQH+GKPeqSlkL8=; b=PTGr+3ttiGH86vGMCcAQGhlsKA1HD1kspgdSo92+IfgrFCcH9Ezacx+g a47ThmzVd/MWBfHnfoJixAhKs+gKk3vO8anZlTyra0O6rZCjzjRMxUK8W pwVXoyK6g7S+cwdIa4oFnmmsY8XDqbjo0s2xExLbo6+JHa+QvjD01PFgy 0=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: Oqg7ArGFovo4VN3zwplE5kHzvNxilR4s3Iki7cNFojzHlzsKnU8Uz8Wgl9nsw4o/6RFANKVjp2 8FM+ulurQ+Q+4HcA2D9YjH5SoaP12zBzvjDparzADqzBgVEQNhwVCQtPXX60gYd0iGNh63PZ1M 05e7syCUyo0HZDB2bEX5iTbCP6jlpxSbsT323tQIJFxzSEVrpwk+cxuBt/YehSK/xgvz+5zVWt 30OBSR1vEI844AljV55N2tARmRJJEDKVgfW+tpAdVVtmPxnxCBoFUuFMEWWLYFLUtyB0f0IHon 9KE= X-SBRS: 2.7 X-MesageID: 7415854 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.68,221,1569297600"; d="scan'208";a="7415854" From: Andrew Cooper To: Xen-devel Date: Wed, 23 Oct 2019 14:58:08 +0100 Message-ID: <20191023135812.21348-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191023135812.21348-1-andrew.cooper3@citrix.com> References: <20191023135812.21348-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v3 3/7] xen/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_BRANCH X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Andrew Cooper , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Just as with CONFIG_SPECULATIVE_HARDEN_ARRAY, branch hardening should be configurable at compile time. The previous CONFIG_HVM was a consequence of what could be discussed public= ly at the time the patches were submitted, and wasn't actually correct. Later patches will make further corrections. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Juergen Gross v3: * Reduce to just the Kconfig option. Split other changes out into separate patches. v2: * Expand the commit message to describe how the generated code is broken. * Rename to CONFIG_SPECULATIVE_HARDEN_BRANCH * Switch alternative() to asm() * Fix a comment typo --- xen/common/Kconfig | 23 +++++++++++++++++++++++ xen/include/asm-x86/nospec.h | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 7b5dd9d495..c9e671869e 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -102,6 +102,29 @@ config SPECULATIVE_HARDEN_ARRAY =20 If unsure, say Y. =20 +config SPECULATIVE_HARDEN_BRANCH + bool "Speculative Branch Hardening" + default y + depends on X86 + ---help--- + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of misbehaviour is by executing the wrong basic block + following a conditional jump. + + When enabled, specific conditions which have been deemed liable to + be speculatively abused will be hardened to avoid entering the wrong + basic block. + + This is a best-effort mitigation. There are no guarantees that all + areas of code open to abuse have been hardened, nor that + optimisations in the compiler haven't subverted the attempts to + harden. + + If unsure, say Y. + endmenu =20 config KEXEC diff --git a/xen/include/asm-x86/nospec.h b/xen/include/asm-x86/nospec.h index 427b5ff9df..154e92aed8 100644 --- a/xen/include/asm-x86/nospec.h +++ b/xen/include/asm-x86/nospec.h @@ -9,7 +9,7 @@ /* Allow to insert a read memory barrier into conditionals */ static always_inline bool barrier_nospec_true(void) { -#ifdef CONFIG_HVM +#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH alternative("", "lfence", X86_FEATURE_SC_L1TF_VULN); #endif return true; --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel