[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.18?] x86: support data operand independent timing mode

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Henry Wang <Henry.Wang@xxxxxxx>
  • Date: Tue, 12 Sep 2023 00:48:34 +0000
  • Accept-language: zh-CN, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hHpZ/syfh4Ns3ZjteQlBPWifu7e4GBdbj8lhGAmfTfI=; b=Che0J+ZKEo6t5gLHB1TEOpWppVFvYR6kjYTQu8fBzPeerCONcOKkWdjQf5XBC/569fHwRshrM/0IBeVzoiOpcoXGO6JO6VCibWEFJ7qwVcldTPYlYOKNZueRLsro5a7h1EetAUlV9YtdGwxJzRJHDp+SWVrohzUUBHIkeeaixEWCDKCdIa2wm3pGHTGhTYAIohYGcuNI72hLpfoEtge0AMPh4RcY0fIDRK/fLRLXZZQZP1jGg+FsZN68Z3fg28GifScHSCHOapXK67mycbF7V4ZGeWV2Zg8OSgOke4icLDlRSQybEOke/Yf0J3+OgQke+voulVzk6zfaQKMhxy8zEQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GMbq8UiJF9NJAWo3zMgvqs3WPpJt/pbLVZEZaejf5zzutnWQ+lf9eRleLH6vF2z+RGYRwmOovyvsbenXmO2N+XZVa5n9Sdul6bfMgD1Brhd7LZj+dYXjmeTJPOe+LWIJ8Ta4uo1eR73DB9SFAk97zE9I5N0OkRa67uZf4QjCEOoFhBxwyceJaZp3Im/7Rml2BtN1FpeoMlkZtluLoBigtuKunc4/pRGvAGC12IRjHfHLFFqibkCeQjzr049hudMW/0eEHhs7xJ8pBAyby1CjbUefxN5c1DsFjDdAM5uWLPUA6vF11/s16JeEIyxdmu6yURtTGkWzR7iDwJpLEZHTUw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 12 Sep 2023 00:48:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHZ5MDnZ00SVLfzmUmuQZLkdMd2orAWXCkA
  • Thread-topic: [PATCH v2 for-4.18?] x86: support data operand independent timing mode
Hi Jan,

> On Sep 11, 2023, at 23:01, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> [1] specifies a long list of instructions which are intended to exhibit
> timing behavior independent of the data they operate on. On certain
> hardware this independence is optional, controlled by a bit in a new
> MSR. Provide a command line option to control the mode Xen and its
> guests are to operate in, with a build time control over the default.
> Longer term we may want to allow guests to control this.
> 
> Since Arm64 supposedly also has such a control, put command line option
> and Kconfig control in common files.
> 
> [1] 
> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html
> 
> Requested-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> This may be viewed as a new feature, and hence be too late for 4.18. It
> may, however, also be viewed as security relevant, which is why I'd like
> to propose to at least consider it.

Fine with me if this patch can be properly reviewed on time, because of
the security relevance. 

> 
> Slightly RFC, in particular for whether the Kconfig option should
> default to Y or N.
> 
> I would have wanted to invoke setup_doitm() from cpu_init(), but that
> works only on the BSP. On APs cpu_init() runs before ucode loading.
> Plus recheck_cpu_features() invoking identify_cpu() takes care of the
> BSP during S3 resume.
> ---
> v2: Introduce and use cpu_has_doitm. Add comment "borrowed" from the
>    XenServer patch queue patch providing similar functionality.
>    Re-base.
> 
> --- a/docs/misc/xen-command-line.pandoc
> +++ b/docs/misc/xen-command-line.pandoc
> @@ -788,6 +788,14 @@ Specify the size of the console debug tr
> additionally a trace buffer of the specified size is allocated per cpu.
> The debug trace feature is only enabled in debugging builds of Xen.
> 
> +### dit (x86)
> +> `= <boolean>`
> +
> +> Default: `CONFIG_DIT_DEFAULT`
> +
> +Specify whether Xen and guests should operate in Data Independent Timing
> +mode.
> +

Since a new cmdline interface is added, I am wondering would such
addtion deserves a CHANGELOG entry?

Kind regards,
Henry

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.