[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 10/11] x86/hvm/hpet: block speculative out-of-bound accesses
>>> On 23.01.19 at 12:57, <nmanthey@xxxxxxxxx> wrote: > When interacting with hpet, read and write operations can be executed > during instruction emulation, where the guest controls the data that > is used. As it is hard to predict the number of instructions that are > executed speculatively, we prevent out-of-bound accesses by using the > array_index_nospec function for guest specified addresses that should > be used for hpet operations. > > This commit is part of the SpectreV1+L1TF mitigation patch series. > > Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> with one further remark: > @@ -523,7 +526,7 @@ static int hpet_write( > case HPET_Tn_ROUTE(0): > case HPET_Tn_ROUTE(1): > case HPET_Tn_ROUTE(2): > - tn = HPET_TN(ROUTE, addr); > + tn = array_index_nospec(HPET_TN(ROUTE, addr), > ARRAY_SIZE(h->hpet.timers)); > h->hpet.timers[tn].fsb = new_val; > break; This one, unlike the other two in this function, would be a fair candidate for use of array_access_nospec() - tn is used just once here. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |