[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH 04/13] xen/arm: Add ARCH_WORKAROUND_2 probing
Hi,
On 05/29/2018 10:35 PM, Stefano Stabellini wrote:
On Sat, 26 May 2018, Andrew Cooper wrote:
On 25/05/2018 21:51, Stefano Stabellini wrote:
On Wed, 23 May 2018, Julien Grall wrote:
Hi,
On 05/23/2018 10:57 PM, Stefano Stabellini wrote:
On Tue, 22 May 2018, Julien Grall wrote:
As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery
mechanism for detecting the SSBD mitigation.
A new capability is also allocated for that purpose, and a config
option.
This is part of XSA-263.
Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
---
xen/arch/arm/Kconfig | 10 ++++++++++
xen/arch/arm/cpuerrata.c | 39
+++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/cpuerrata.h | 21 +++++++++++++++++++++
xen/include/asm-arm/cpufeature.h | 3 ++-
xen/include/asm-arm/smccc.h | 6 ++++++
5 files changed, 78 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 8174c0c635..0e2d027060 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -73,6 +73,16 @@ config SBSA_VUART_CONSOLE
Allows a guest to use SBSA Generic UART as a console. The
SBSA Generic UART implements a subset of ARM PL011 UART.
+config ARM_SSBD
+ bool "Speculative Store Bypass Disable" if EXPERT = "y"
+ depends on HAS_ALTERNATIVE
+ default y
+ help
+ This enables mitigation of bypassing of previous stores by
speculative
+ loads.
I would add a reference to spectre v4. What do you think of:
This enables the mitigation of Spectre v4 attacks based on bypassing
of previous memory stores by speculative loads.
Well, the real name is SSBD (Speculative Store Bypass Disable). AFAIK, Spectre
only refers to variant 1 and 2 so far. This one has no fancy name and the
specifications is using SSBD.
Googling for Spectre Variant 4 returns twice as many results as Googling
for Speculative Store Bypass Disable. It doesn't matter what is the
official name for the security issue, I think we need to include a
reference to the most common name for it.
"Speculative Store Bypass" is the agreed vendor-neutral name for the
issue. This is why all the mitigation is SSBD, where the D on the end
is Disable.
Google SP4 is a common name (but only covers one reporter of the issue),
whereas Spectre has nothing to do with this issue, and is definitely
wrong to use.
If in doubt, use SSB(D).
I think we should definitely call it SSBD, I was just saying that it
might be helpful to include also "Variant 4" in the description, such
as:
This is also known as Variant 4.
to help users find the right results on Google.
There are enough hit with "Speculative Store Bypass Disable" for a user
to find what's going on.
Anyway, given that you
are certainly better informed than me about it, I won't insist on this
point, I am OK without mentioning "Variant 4".
I would prefer to not mention it in the Kconfig.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
