[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_BRANCH



commit 2d6f36daa08640ebb0b658abffaede3a0ae50a20
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Sep 30 18:25:21 2019 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Oct 30 13:07:25 2019 +0000

    x86/nospec: Introduce CONFIG_SPECULATIVE_HARDEN_BRANCH
    
    Just as with CONFIG_SPECULATIVE_HARDEN_ARRAY, branch hardening should be
    configurable at compile time.
    
    The previous CONFIG_HVM was a consequence of what could be discussed 
publicly
    at the time the patches were submitted, and wasn't actually correct.  Later
    patches will make further corrections.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Release-acked-by: Juergen Gross <jgross@xxxxxxxx>
---
 xen/common/Kconfig           | 23 +++++++++++++++++++++++
 xen/include/asm-x86/nospec.h |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 7fe538b027..fddb6c1707 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -102,6 +102,29 @@ config SPECULATIVE_HARDEN_ARRAY
 
          If unsure, say Y.
 
+config SPECULATIVE_HARDEN_BRANCH
+       bool "Speculative Branch Hardening"
+       default y
+       depends on X86
+        ---help---
+         Contemporary processors may use speculative execution as a
+         performance optimisation, but this can potentially be abused by an
+         attacker to leak data via speculative sidechannels.
+
+         One source of misbehaviour is by executing the wrong basic block
+         following a conditional jump.
+
+         When enabled, specific conditions which have been deemed liable to
+         be speculatively abused will be hardened to avoid entering the wrong
+         basic block.
+
+         This is a best-effort mitigation.  There are no guarantees that all
+         areas of code open to abuse have been hardened, nor that
+         optimisations in the compiler haven't subverted the attempts to
+         harden.
+
+         If unsure, say Y.
+
 endmenu
 
 config KEXEC
diff --git a/xen/include/asm-x86/nospec.h b/xen/include/asm-x86/nospec.h
index 427b5ff9df..154e92aed8 100644
--- a/xen/include/asm-x86/nospec.h
+++ b/xen/include/asm-x86/nospec.h
@@ -9,7 +9,7 @@
 /* Allow to insert a read memory barrier into conditionals */
 static always_inline bool barrier_nospec_true(void)
 {
-#ifdef CONFIG_HVM
+#ifdef CONFIG_SPECULATIVE_HARDEN_BRANCH
     alternative("", "lfence", X86_FEATURE_SC_L1TF_VULN);
 #endif
     return true;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.