|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen staging] is_hvm/pv_domain: block speculation
commit 0111f611a5997a20d087edbd7c05b141ff68ecec
Author: Norbert Manthey <nmanthey@xxxxxxxxx>
AuthorDate: Thu Mar 14 13:56:00 2019 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Apr 5 12:17:03 2019 +0200
is_hvm/pv_domain: block speculation
When checking for being an hvm domain, or PV domain, we have to make
sure that speculation cannot bypass that check, and eventually access
data that should not end up in cache for the current domain type.
This is part of the speculative hardening effort.
Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/include/xen/sched.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 0b8d6d492c..748bb0f2f9 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -920,7 +920,8 @@ void watchdog_domain_destroy(struct domain *d);
static inline bool is_pv_domain(const struct domain *d)
{
- return IS_ENABLED(CONFIG_PV) ? d->guest_type == guest_type_pv : false;
+ return IS_ENABLED(CONFIG_PV)
+ ? evaluate_nospec(d->guest_type == guest_type_pv) : false;
}
static inline bool is_pv_vcpu(const struct vcpu *v)
@@ -951,7 +952,8 @@ static inline bool is_pv_64bit_vcpu(const struct vcpu *v)
#endif
static inline bool is_hvm_domain(const struct domain *d)
{
- return IS_ENABLED(CONFIG_HVM) ? d->guest_type == guest_type_hvm : false;
+ return IS_ENABLED(CONFIG_HVM)
+ ? evaluate_nospec(d->guest_type == guest_type_hvm) : false;
}
static inline bool is_hvm_vcpu(const struct vcpu *v)
--
generated by git-patchbot for /home/xen/git/xen.git#staging
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |