[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 16 Jan 2018 15:12:02 +0000
Delivery-date: Tue, 16 Jan 2018 15:23:14 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16/01/18 14:25, Boris Ostrovsky wrote:
> On 01/16/2018 09:13 AM, Andrew Cooper wrote:
>> On 16/01/18 14:10, Boris Ostrovsky wrote:
>>> On 01/12/2018 01:01 PM, Andrew Cooper wrote:
>>>>  
>>>> +    if ( boot_cpu_has(X86_FEATURE_IBRSB) )
>>>> +    {
>>>> +        /*
>>>> +         * Even if we've chosen to not have IBRS set in Xen context, we 
>>>> still
>>>> +         * need the IBRS entry/exit logic to virtualise IBRS support for
>>>> +         * guests.
>>>> +         */
>>>> +        if ( ibrs )
>>>> +            setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_SET);
>>>> +        else
>>>> +            setup_force_cpu_cap(X86_FEATURE_XEN_IBRS_CLEAR);
>>>> +    }
>>>>
>>> Are you going to add support for Intel's "Enhanced IBRS" (I think that's
>>> what they call the "always on" mode")?
>> I'm not going to touch IBRS_ATT mode until I've got an SDP to develop
>> against.
>>
>> Given how many times the IBRS_ATT spec has changed already, I have
>> little confidence that it will remain unchanged right to the eventual
>> hardware arrives.
> I don't know if you are aware of it (I learned about this doc on Sunday) but
>
> https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
>
> (Not part of the SDM but still, an official specification. For a change.)

Wow - the published 1.0 has far more than the prerelease versions.

Still, ARCH_CAPS is only going to appear in new hardware, which is still
probably years away.  There are more important things to worry about at
the moment.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v8 00/17] x86: Mitigations for SP2/CVE-2017-5715/Branch Target Injection
  - From: Andrew Cooper
- [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
  - From: Boris Ostrovsky
- Re: [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
  - From: Boris Ostrovsky

Prev by Date: [Xen-devel] [PATCH v3 2/2] x86: allow Meltdown band-aid to be disabled
Next by Date: [Xen-devel] [RFC PATCH 00/10] arm64: Mediate access to GICv3 sysregs at EL2
Previous by thread: Re: [Xen-devel] [PATCH v8 13/17] x86/boot: Calculate the most appropriate BTI mitigation to use
Next by thread: [Xen-devel] [PATCH v8 10/17] x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL, PRED_CMD}
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.