[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen staging] xen/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_ARRAY

commit 0b866f69b4ec97283bc357328f1f68866a07a384
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Jan 31 18:01:16 2019 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Oct 4 18:37:41 2019 +0100

    xen/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_ARRAY
    
    There are legitimate circumstance where array hardening is not wanted or
    needed.  Allow it to be turned off.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Release-acked-by: Juergen Gross <jgross@xxxxxxxx>
---
 xen/common/Kconfig       | 24 ++++++++++++++++++++++++
 xen/include/xen/nospec.h |  5 +++++
 2 files changed, 29 insertions(+)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index e9247871a8..7b5dd9d495 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -80,6 +80,30 @@ config HAS_CHECKPOLICY
        string
        option env="XEN_HAS_CHECKPOLICY"
 
+menu "Speculative hardening"
+
+config SPECULATIVE_HARDEN_ARRAY
+       bool "Speculative Array Hardening"
+       default y
+       ---help---
+         Contemporary processors may use speculative execution as a
+         performance optimisation, but this can potentially be abused by an
+         attacker to leak data via speculative sidechannels.
+
+         One source of data leakage is via speculative out-of-bounds array
+         accesses.
+
+         When enabled, specific array accesses which have been deemed liable
+         to be speculatively abused will be hardened to avoid out-of-bounds
+         accesses.
+
+         This is a best-effort mitigation.  There are no guarantees that all
+         areas of code open to abuse have been hardened.
+
+         If unsure, say Y.
+
+endmenu
+
 config KEXEC
        bool "kexec support"
        default y
diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h
index 2ac8feccc2..76255bc46e 100644
--- a/xen/include/xen/nospec.h
+++ b/xen/include/xen/nospec.h
@@ -33,6 +33,7 @@ static inline unsigned long array_index_mask_nospec(unsigned 
long index,
 }
 #endif
 
+#ifdef CONFIG_SPECULATIVE_HARDEN_ARRAY
 /*
  * array_index_nospec - sanitize an array index after a bounds check
  *
@@ -58,6 +59,10 @@ static inline unsigned long array_index_mask_nospec(unsigned 
long index,
                                                                         \
     (typeof(_i)) (_i & _mask);                                          \
 })
+#else
+/* No index hardening. */
+#define array_index_nospec(index, size) ((void)(size), (index))
+#endif /* CONFIG_SPECULATIVE_HARDEN_ARRAY */
 
 /*
  * array_access_nospec - allow nospec access for static size arrays
--
generated by git-patchbot for /home/xen/git/xen.git#staging

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.