[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] L1TF Patch Series v8

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Norbert Manthey <nmanthey@xxxxxxxxx>
Date: Wed, 27 Feb 2019 17:13:33 +0100
Cc: Juergen Gross <jgross@xxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Martin Mazein <amazein@xxxxxxxxx>, Julian Stecklina <jsteckli@xxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>, Norbert Manthey <nmanthey@xxxxxxxxx>
Delivery-date: Wed, 27 Feb 2019 16:14:24 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This patch series attempts to mitigate the issue that have been raised in the
XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html). To block speculative
execution on Intel hardware, an lfence instruction is required to make sure
that selected checks are not bypassed. Speculative out-of-bound accesses can
be prevented by using the array_index_nospec macro.

The major change compared to version 8 is in grant_table handling, protecting
a few more version comparisons.

Best,
Norbert



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH L1TF v9 7/7] common/grant_table: block speculative out-of-bound accesses
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 6/7] x86/hvm: add nospec to hvmop param
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 5/7] common/memory: block speculative out-of-bound accesses
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 4/7] is_hvm/pv_domain: block speculation
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 3/7] is_control_domain: block speculation
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 2/7] nospec: introduce evaluate_nospec
  - From: Norbert Manthey
- [Xen-devel] [PATCH L1TF v9 1/7] spec: add l1tf-barrier
  - From: Norbert Manthey

Prev by Date: Re: [Xen-devel] [PATCH v4.1 4/6] xen/x86: Allow stubdom access to irq created for msi.
Next by Date: [Xen-devel] [PATCH L1TF v9 1/7] spec: add l1tf-barrier
Previous by thread: [Xen-devel] [freebsd-master test] 133455: all pass - PUSHED
Next by thread: [Xen-devel] [PATCH L1TF v9 1/7] spec: add l1tf-barrier
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.