[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 04/13] xen/arm: Add ARCH_WORKAROUND_2 probing
Hi, On 05/29/2018 10:35 PM, Stefano Stabellini wrote: On Sat, 26 May 2018, Andrew Cooper wrote:On 25/05/2018 21:51, Stefano Stabellini wrote:On Wed, 23 May 2018, Julien Grall wrote:Hi, On 05/23/2018 10:57 PM, Stefano Stabellini wrote:On Tue, 22 May 2018, Julien Grall wrote:As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery mechanism for detecting the SSBD mitigation. A new capability is also allocated for that purpose, and a config option. This is part of XSA-263. Signed-off-by: Julien Grall <julien.grall@xxxxxxx> --- xen/arch/arm/Kconfig | 10 ++++++++++ xen/arch/arm/cpuerrata.c | 39 +++++++++++++++++++++++++++++++++++++++ xen/include/asm-arm/cpuerrata.h | 21 +++++++++++++++++++++ xen/include/asm-arm/cpufeature.h | 3 ++- xen/include/asm-arm/smccc.h | 6 ++++++ 5 files changed, 78 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index 8174c0c635..0e2d027060 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -73,6 +73,16 @@ config SBSA_VUART_CONSOLE Allows a guest to use SBSA Generic UART as a console. The SBSA Generic UART implements a subset of ARM PL011 UART. +config ARM_SSBD + bool "Speculative Store Bypass Disable" if EXPERT = "y" + depends on HAS_ALTERNATIVE + default y + help + This enables mitigation of bypassing of previous stores by speculative + loads.I would add a reference to spectre v4. What do you think of: This enables the mitigation of Spectre v4 attacks based on bypassing of previous memory stores by speculative loads.Well, the real name is SSBD (Speculative Store Bypass Disable). AFAIK, Spectre only refers to variant 1 and 2 so far. This one has no fancy name and the specifications is using SSBD.Googling for Spectre Variant 4 returns twice as many results as Googling for Speculative Store Bypass Disable. It doesn't matter what is the official name for the security issue, I think we need to include a reference to the most common name for it."Speculative Store Bypass" is the agreed vendor-neutral name for the issue. This is why all the mitigation is SSBD, where the D on the end is Disable. Google SP4 is a common name (but only covers one reporter of the issue), whereas Spectre has nothing to do with this issue, and is definitely wrong to use. If in doubt, use SSB(D).I think we should definitely call it SSBD, I was just saying that it might be helpful to include also "Variant 4" in the description, such as: This is also known as Variant 4. to help users find the right results on Google. There are enough hit with "Speculative Store Bypass Disable" for a user to find what's going on. Anyway, given that you are certainly better informed than me about it, I won't insist on this point, I am OK without mentioning "Variant 4". I would prefer to not mention it in the Kconfig. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |