[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] SpectreV1+L1TF Patch Series

To: "Juergen Gross" <jgross@xxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 28 Jan 2019 02:56:36 -0700
Cc: Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, nmanthey@xxxxxxxxx, "Martin Mazein\(amazein\)" <amazein@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julian Stecklina <jsteckli@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>
Delivery-date: Mon, 28 Jan 2019 09:56:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 28.01.19 at 09:47, <jgross@xxxxxxxx> wrote:
> On 28/01/2019 09:28, Jan Beulich wrote:
>>>>> On 23.01.19 at 12:51, <nmanthey@xxxxxxxxx> wrote:
>>> This patch series attempts to mitigate the issue that have been raised in 
>>> the
>>> XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html). To block 
>>> speculative
>>> execution on Intel hardware, an lfence instruction is required to make sure
>>> that selected checks are not bypassed. Speculative out-of-bound accesses can
>>> be prevented by using the array_index_nospec macro.
>>>
>>> The lfence instruction should be added on x86 platforms only. To not affect
>>> platforms that are not affected by the L1TF vulnerability, the lfence
>>> instruction is patched in via alternative patching on Intel CPUs only.
>>> Furthermore, the compile time configuration allows to choose how to protect 
>>> the
>>> evaluation of conditions with the lfence instruction.
>> 
>> I've noticed only now that you weren't Cc-ed on this series. It
>> clearly is something to at least be considered for 4.12. May I
>> ask what your view on this is? Perhaps in particular whether
>> you would want to set some boundary in time until which pieces
>> of it (as they become ready, which looks to be the case for
>> patches 10 and 11 at this point in time) may go in?
> 
> I'd say until RC3 they are fine to go in when ready. After that I'd like
> to decide on a case-by-case basis.

May I interpret this as a release ack for patches 10 and 11 of
v4 then, and perhaps even generally as such an ack for other
parts of the series (with the RC3 boundary in mind)?

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] SpectreV1+L1TF Patch Series
  - From: Norbert Manthey
- Re: [Xen-devel] SpectreV1+L1TF Patch Series
  - From: Juergen Gross

Prev by Date: [Xen-devel] [PATCH v3] x86/AMD: flush TLB after ucode update
Next by Date: Re: [Xen-devel] [PATCH 2/6] x86: save GUEST_BNDCFGS on context switch...
Previous by thread: Re: [Xen-devel] SpectreV1+L1TF Patch Series
Next by thread: Re: [Xen-devel] [PATCH SpectreV1+L1TF v5 1/9] xen/evtchn: block speculative out-of-bound accesses
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.