[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 3/4] x86: limit issuing of IBPB during context switch

  • To: Andrew Cooper <amc96@xxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 27 Jan 2023 08:51:55 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YRlnGW8yKLIHOKMPsol8u8OLrFS2lIjE0G+Q353odtc=; b=Og/fVgWh96Ad3bagvNY8LFvdKWAyFRS7zceuQWGdFCMptpBhqhfKYkGUhT7675HqVZAWZdjU5eTAjM9CX7Ge6gvidAL5xa0xQqzVDZvfzt7GY3U7GSXMbto20Eo/hUgjH1aErcb64nTO1cHtJKw99TmhBPFOcr2DEU26MUxqaoJz+mN8CB04nE5YtRL6wRC3g/3Cor2fYnXRhv9/roK3U1uI7JqnwNjEhExtOoOU9lhcB4Ui2+oZA8+CdSRwgGScUYa/Irpfh//ME7CRFn6s54Izs6t7ivuZg0UMhgwSNBbIUNXgAkZfO5vjJ22pHqRvt8BOGet9OzxaNY99x+bm0g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GXu/0IEsS8MdLKeLqGOA4j64nbbil7oGf/YXuPBoHKhgQdPQ3s577Aa+Ejkr0HLCzeL3i5sTQOop3P0nOTldUNA86LkP7a0D/PlOLx7HKC0cK0+811rcnY6fnVwVB2M/sCn5Sc6J3p04vSPY4XYlqglwtMJB+nR3wExxq/h+7B9j8dl63M7xr9JNUMqPyaQ7FxAEaqdluolVLhPF8txC+NphIv+8ukNe1hDogI5LHyslhJyWAUDkZtszi+qh46izpfR8zTeaV237Ykk44BIBC4pyZwfMjlA4fU3h1kwtZir5EOsFJ6scWe0dt4RmowA0i98/Bmnb9oDNHiHM7I6bsw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 27 Jan 2023 07:52:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26.01.2023 21:49, Andrew Cooper wrote:
> On 25/01/2023 3:26 pm, Jan Beulich wrote:
>> --- a/xen/arch/x86/domain.c
>> +++ b/xen/arch/x86/domain.c
>> @@ -2015,7 +2015,8 @@ void context_switch(struct vcpu *prev, s
>>  
>>          ctxt_switch_levelling(next);
>>  
>> -        if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) )
>> +        if ( opt_ibpb_ctxt_switch && !is_idle_domain(nextd) &&
>> +             !(prevd->arch.spec_ctrl_flags & SCF_entry_ibpb) )
>>          {
>>              static DEFINE_PER_CPU(unsigned int, last);
>>              unsigned int *last_id = &this_cpu(last);
>>
>>
> 
> The aforementioned naming change makes the (marginal) security hole here
> more obvious.
> 
> When we use entry-IBPB to protect Xen, we only care about the branch
> types in the BTB.  We don't flush the RSB when using the SMEP optimisation.
> 
> Therefore, entry-IBPB is not something which lets us safely skip
> exit-new-pred-context.

Yet what's to be my takeaway? You may be suggesting to drop the patch,
or you may be suggesting to tighten the condition. (My guess would be
the former.)

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.