[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting constant-time mode CPU flag

  • To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 6 Sep 2022 11:52:05 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zLLg6gFadAmdbcUunSG3/Bs98NLHgzdwTmQ+0ku3QMU=; b=d2dBhvmOyhNCYWJy1yCB+iD2iR6C+KTgvDkHLF7JFaQ5nRPEhjGG9n7w2rU0VDiHU0yPpPLwafWz+mPiSkCzsvdDtlYmarbICMQFc55RH55MbfAIhFxoHw4vHu9G8+idYAYWtr/7kZCB/nhiv29VRw775MZnxGjCfscd95JHeZ9/ZfM2rK1SLn7X37awOlq0WaQdQk/G7kZomimL+Njzs5KRokGmjLpD+9ncFTAlwD7k3hNGhaMp1/wDtdExZIMuMQyhZ02lVbgFG6rymD48NClBMRV6YEW1/2jrvAbC1HwqbhXG95pJpbyBn03I9a4oBUk+MgcAosvmGZDrs/8jNQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ztdh6pP11EmKUdhcgZ6sGw8/jTYFbAJReNaRHieS2+kxDlxhXGPqptM7VqPHjqgLIJnWjlhGFidqPGBz6x+r18+4yTveXRVJoLeyVPfbD1LfAdzc06KUnipPImkf8ZdETz47ZdHX7c2M5GNaA1hnWsn3iqZpBKBZb5KSwbbw3EkPZuAu9vWVzzb8sCS4aQXPHmvRv+1Y1azVIDfYue2iKlwtgUdaQDmwkLcq99aTFAPpV4GNBAmWtmm2WDm96nBgJNhWrqVgOiPonlhWWa/l2PcriTyPFc1eHtjfis6SeyDxd3jCpoZlB/R5aJFq4/BZJyCsAzJxbSmcXi8p2PRHsA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 06 Sep 2022 09:52:10 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02.09.2022 04:05, Demi Marie Obenour wrote:
> On Intel chips (Ice Lake and later) and ARM64, a bit needs to be set in
> a CPU register to enforce constant-time execution.  Linux plans to set
> this bit by default; Xen should do the same.  See
> https://lore.kernel.org/lkml/YwgCrqutxmX0W72r@xxxxxxxxx/T/ for details.
> I recommend setting the bit unconditionally and ignoring guest attempts
> to change it.

I don't think we ought to set it by default; I can see reasons why kernels
may want to set it by default (providing a way to turn it off). In Xen
what I think we need is exposure of the bit to be guest-controllable.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.