[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v10 09/11] x86/ctxt: Issue a speculation barrier between vcpu contexts

On Wed, 2018-01-24 at 13:12 +0000, Andrew Cooper wrote:
> +             * Squash the domid and vcpu id together for comparason


> +             * efficiency.  We could in principle stash and compare the 
> struct
> +             * vcpu pointer, but this risks a false alias if a domain has 
> died
> +             * and the same 4k page gets reused for a new vcpu.
> +             */

Isn't that also true if the domain has died and its domain-id gets re-

> +            unsigned int next_id = (((unsigned int)nextd->domain_id << 16) |
> +                                    (uint16_t)next->vcpu_id);

I am loath to suggest *more* tweakables, but given the IBPB cost is
there any merit in having a mode which does it only if the *domain* is
different, regardless of vcpu_id?

If a given domain is running on HT siblings, it ought to be doing its
own mitigation — setting STIBP for userspace if it wants, ensuring its
own kernel is safe by having IBRS set or using retpoline, etc.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Amazon Web Services UK Limited. Registered in England and Wales with registration number 08650665 and which has its registered office at 60 Holborn Viaduct, London EC1A 2FD, United Kingdom.
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.