[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH V6 1/4] x86/mm: Add array_index_nospec to guest provided index values
- To: George Dunlap <george.dunlap@xxxxxxxxxx>
- From: Jan Beulich <JBeulich@xxxxxxxx>
- Date: Fri, 27 Dec 2019 12:17:52 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5wDG0IYy+7nIYfoeAbT/V9uCWBZKopwFjVn39I8fyU=; b=Ez+Z4kzDof5+MrMQVL/DCxC0+DfqWxNmLJIQQq7M8pYSf0hU+jSnhl8pcdFt1Ha/XOkVo0TxCtNX1NeprlA1eeFLuTyirRHHABtV1CLwKsPEBgvlIQk1sHs3WmbESWNwpdOuYuDXoMCERY6lDg2kiqgwaAYwKiQmuWhyjZKFCWuxtJpna5m/1FFCzvc8R0A5kLHb/gNfVWvbjX0N2msZ++CqcfWNY0xtPfyRiK6ju659bk/mj6C8pg6GlVSrW0q/79bVzByDM8qRAvaKjKNOmn4D6dRe4AbNHcmnkLAuYJTvg850iSMU+FBSEofB4VLzW/q6Npx1imRGhWTiYbJLJw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NXIDXuAgpTRiyCU8yhIUoCl7zhQqLQAOmEeAc2vgGjxI1PXhNCh5zLWu7n7iAWnLMlTE/0PJNMzBIxzRSeCi625fVHD9D7HgZHSSmUTpfT6XkDbMUpQLN2oa2l1/WG1/qO/FnKiPiK14UbEuRJxkF+tRdjW1LdLv4klKs1AfjgqFlBLQT5yF/u3gfdJzT6XE+kf7Ak7Anir2XusUsCWQ5W6hfrAc4oRyc22Ey++VjOXrVVI8xPGt1PYDRcBcI69pjoVnRO/7++Fu++0t1Um9Zb3Zovz3sU3UeoIVrmD8F8NnMZqN2t5Kc444iU6e0BSWsqng6VTcvkHYbi1oae7gvA==
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=JBeulich@xxxxxxxx;
- Cc: Petre Ovidiu PIRCALABU <ppircalabu@xxxxxxxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Razvan COJOCARU <rcojocaru@xxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Alexandru Stefan ISAILA <aisaila@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Fri, 27 Dec 2019 12:23:07 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHVuZnmK7OgfjFiuE29BC4XwHoq4afIBKEAgAWfkACAADAxgIAAF9+A
- Thread-topic: [PATCH V6 1/4] x86/mm: Add array_index_nospec to guest provided index values
On 27.12.2019 11:52, George Dunlap wrote:
> On 12/27/19 7:59 AM, Jan Beulich wrote:
>> On 23.12.2019 19:08, George Dunlap wrote:
>>> What about the attached series of patches (compile-tested only)?
>>
>> This ...
>>
>>> +#define nospec_clip(index, size) \
>>> + ({ \
>>> + bool clipped = (index >= size); \
>>> + index = array_index_nospec(index, size); \
>>> + clipped; \
>>> + })
>>
>> ... in particular may misguide people on its use: If the clipped
>> "index" gets stored in a register, all is going to be fine (afaict),
>> but if it ends up in memory, there's be new (mis-)speculation
>> opportunities.
>
> That makes sense; but in that case code like this:
>
>> + idx = array_index_nospec(idx, MAX_ALTP2M);
>> +
>
> ...could end up stored on the stack and re-read, couldn't it? I mean
> yes, it's *very likely* going to stay in a register, but there's no way
> to actually guarantee it, is there?
Indeed - hence my "Some of the clipping done in the patches is
already not fully safe against this" in the prior response ("the
patches" meaning Alexandru's, not yours, and it would probably
better have been singular).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|