[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] SpectreV1+L1TF Patch Series v7



Dear all,

This patch series attempts to mitigate the issue that have been raised in the
XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html), namely to avoid
touching memory from the hypervisor speculatively that would not be touched
without speculation. To block speculative execution on Intel hardware, an
lfence instruction is required to make sure that selected checks are not
bypassed. Speculative out-of-bound accesses can be prevented by using the
array_index_nospec macro.

The major changes between v6 and v7 of this series are preferring the lfence
instruction to block speculation over updating variables. Furthermore, when
patching in the lfence instruction automatically, the setting of smt and l1d
flushing are taken into account.

Best,
Norbert




Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.