[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH SpectreV1+L1TF v5 6/9] is_control_domain: block speculation
Checks of domain properties, such as is_hardware_domain or is_hvm_domain, might be bypassed by speculatively executing these instructions. A reason for bypassing these checks is that these macros access the domain structure via a pointer, and check a certain field. Since this memory access is slow, the CPU assumes a returned value and continues the execution. In case an is_control_domain check is bypassed, for example during a hypercall, data that should only be accessible by the control domain could be loaded into the cache. Signed-off-by: Norbert Manthey <nmanthey@xxxxxxxxx> --- xen/include/xen/sched.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -23,6 +23,7 @@ #include <asm/atomic.h> #include <xen/vpci.h> #include <xen/wait.h> +#include <xen/nospec.h> #include <public/xen.h> #include <public/domctl.h> #include <public/sysctl.h> @@ -908,10 +909,10 @@ void watchdog_domain_destroy(struct domain *d); * (that is, this would not be suitable for a driver domain) * - There is never a reason to deny the hardware domain access to this */ -#define is_hardware_domain(_d) ((_d) == hardware_domain) +#define is_hardware_domain(_d) evaluate_nospec((_d) == hardware_domain) /* This check is for functionality specific to a control domain */ -#define is_control_domain(_d) ((_d)->is_privileged) +#define is_control_domain(_d) evaluate_nospec((_d)->is_privileged) #define VM_ASSIST(d, t) (test_bit(VMASST_TYPE_ ## t, &(d)->vm_assist)) -- 2.7.4 Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich Ust-ID: DE 289 237 879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |