Xen project Mailing List

Re: [PATCH HVM v4 1/1] hvm: refactor set param

To: Norbert Manthey <nmanthey@xxxxxxxxx>

Date: Fri, 19 Feb 2021 14:44:24 +0100

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Fri, 19 Feb 2021 13:44:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 18.02.2021 16:01, Norbert Manthey wrote: > To prevent leaking HVM params via L1TF and similar issues on a > hyperthread pair, let's load values of domains only after performing all > relevant checks, and blocking speculative execution. > > For both get and set, the value of the index is already checked in the > outer calling function. The block_speculation calls in hvmop_get_param > and hvmop_set_param are removed, because is_hvm_domain already blocks > speculation. > > Furthermore, speculative barriers are re-arranged to make sure we do not > allow guests running on co-located VCPUs to leak hvm parameter values of > other domains. > > To improve symmetry between the get and set operations, function > hvmop_set_param is made static. > > This is part of the speculative hardening effort. > > Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx> > Reported-by: Hongyan Xia <hongyxia@xxxxxxxxxxxx> > Release-Acked-by: Ian Jackson <iwj@xxxxxxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.