[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH for-4.17?] x86: support data operand independent timing mode


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Henry Wang <Henry.Wang@xxxxxxx>
  • Date: Fri, 16 Sep 2022 01:28:18 +0000
  • Accept-language: zh-CN, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pGJBZmrYN4//JR3hztF/NkGFo7HtMvqGf3BpixGCW4U=; b=mb1oGlRBfGFSBYamUQajfzurzuW9cDbIn1wo9whyJrrkekncbuJg6Yoal69A7afk46gHsmm7KIvjltqQa0+Og9Osj8W+KI0Nap/abOgV0r5RKHGVCJXmEmBkrrfB55nHThKa3naVKlpyVkY+V+a9kHn/TK+CE4icppvjcd0t4ekbZ96o6pl0pzpwLZwTMuUbqTKv/iwOTd7d7fF1tOOPLEnSx9cvHMzaNsNDLeLzAbZG/gDYaZd03siY2T45wrQT/GUFMeAH6mBTVhNlN4D/IpvwRnEwp+53STjftfp+ScpBjppj9MLDVpnRMC1sXv8ahbKfMY/NglzTTchRG4/Q4w==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pGJBZmrYN4//JR3hztF/NkGFo7HtMvqGf3BpixGCW4U=; b=ZrkfrVdc+hICdIEh/uF8cU11Wm1aS4Vr0wiiu8a09dP/KJfKXf87Xo5aNUfavmzcaDRZKDsvIfwbqr/fpeAEPKTq/yPsqu8ZuL9ZShpXe89JoGE3vrqsOpVVO04+p5Jzep22vhT7pqCeX94RZb2zQEpAe1Tv9wU4ZdEErd9h6cDN4AsvlMk8mBWpULAMV5243XjR9tHvjpna1QJwTZLUcugMIeDAGhYJ+fCnFyt1FEE8Y4ddC4XSbL0r2XPJ/OapVkOKUACOKwv95gQau953MLKCfBLTiK+IRRySzTdjN12otEkP4LNzYv2k5UxAcTmvs5a+9uzBy4hwyFV7fwOTxg==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=jsn57Vd0d5YqaKTE4os6tefSH4p0zjUu+Fgu5K3/b4V03INmxHCYz9JEdcviCuMJ63yGPeLso4rELsLI7teTQan3wClY4/9uam6Zr/iCkxlJtELa+AX35fqr/Zl7LwooGXZ5TZM55Yj4fgjeA2qNiGO6ePl6W6Rk5NwEYdEViAAN8QojilBG4ABjl3M8cqhqSeT+5jtRpawBGZuGUEUxhuurDck8F1k1l1iV2dozJnoBXdKTNhGdz2tXl1/Aevmqu7Nv+iPFhD+qtPiaYc0Ujt4UDigA92JPhzRyg4PbZKHCjCT3fUofsOagPFU2L0jTbvAtdWFXBwlEvfZtFwXUOA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eWTXWv4FeIb+poS2WZb5Pf7V0BszDTgw+pi2Fld0GLOST7nlshy+6Z5wI16vNiLVjYh/2qDsnqK53OuC+XE+aTnd8tEtK5q8q2X4Spd1JCszmjff023rSD2F7U2gXmOMYw+2OP4T5pBJPBJoat/kClJ4F/h3yqe1KB6hX/3ti+Rqisn52e6kTyRmfrMm8jX7vjj4ZCA4QNNmHASIu28l0BMla/dsguvMlzdB8Djtkw0tEaKxiBcJjNE7BkEuVzdZzOVrxu5BYCWLyTjq7EWIDqo65Q/kmQuseGRxqOD7+cZ28q6xsWjRh+yUb8/HjJr5nsemb9Eh9aPnS86T+JdUcA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 16 Sep 2022 01:28:34 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYyOqob1u+YVxpCE2QK+LaZq4Qxa3hRDCA
  • Thread-topic: [PATCH for-4.17?] x86: support data operand independent timing mode

Hi Jan,

> -----Original Message-----
> Subject: [PATCH for-4.17?] x86: support data operand independent timing
> mode
> 
> [1] specifies a long list of instructions which are intended to exhibit
> timing behavior independent of the data they operate on. On certain
> hardware this independence is optional, controlled by a bit in a new
> MSR. Provide a command line option to control the mode Xen and its
> guests are to operate in, with a build time control over the default.
> Longer term we may want to allow guests to control this.
> 
> Since Arm64 supposedly also has such a control, put command line option
> and Kconfig control in common files.
> 
> [1]
> https://www.intel.com/content/www/us/en/developer/articles/technical/so
> ftware-security-guidance/best-practices/data-operand-independent-timing-
> isa-guidance.html
> 
> Requested-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> This may be viewed as a new feature, and hence be too late for 4.17. It
> may, however, also be viewed as security relevant, which is why I'd like
> to propose to at least consider it.

Based on the discussion in this thread so far, I think people would view
this patch as a security relevant patch, so I guess without strong
objection to merge this in 4.17, it is fine to add this in the release (with
proper review, of course).

Kind regards,
Henry


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.