[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH SpectreV1+L1TF v7 7/9] common/memory: block speculative out-of-bound accesses

>>> On 21.02.19 at 09:16, <nmanthey@xxxxxxxxx> wrote:
> The get_page_from_gfn method returns a pointer to a page that belongs
> to a gfn. Before returning the pointer, the gfn is checked for being
> valid. Under speculation, these checks can be bypassed, so that
> the function get_page is still executed partially. Consequently, the
> function page_get_owner_and_reference might be executed partially as
> well. In this function, the computed pointer is accessed, resulting in
> a speculative out-of-bound address load. As the gfn can be controlled by
> a guest, this access is problematic.
> To mitigate the root cause, an lfence instruction is added via the
> evaluate_nospec macro. To make the protection generic, we do not
> introduce the lfence instruction for this single check, but add it to
> the mfn_valid function. This way, other potentially problematic accesses
> are protected as well.
> This is part of the speculative hardening effort.
> Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx>

Acked-by: Jan Beulich <jbeulich@xxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.