[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Oleksii <oleksii.kurochko@xxxxxxxxx>
Date: Tue, 20 Feb 2024 21:30:22 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Shawn Anastasio <sanastasio@xxxxxxxxxxxxxxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Julien Grall <julien@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 20 Feb 2024 20:30:46 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, 2024-02-19 at 13:18 +0100, Jan Beulich wrote:
> On 19.02.2024 12:59, Oleksii wrote:
> > Hi Julien,
> > 
> > On Sun, 2024-02-18 at 18:30 +0000, Julien Grall wrote:
> > > Hi Oleksii,
> > > 
> > > Title: Typo s/introdure/introduce/
> > > 
> > > On 05/02/2024 15:32, Oleksii Kurochko wrote:
> > > > The <asm/nospec.h> header is similar between Arm, PPC, and
> > > > RISC-V,
> > > > so it has been moved to asm-generic.
> > > 
> > > I am not 100% convinced that moving this header to asm-generic is
> > > a
> > > good 
> > > idea. At least for Arm, those helpers ought to be non-empty, what
> > > about 
> > > RISC-V?
> > For Arm, they are not taking any action, are they? There are no
> > specific fences or other mechanisms inside
> > evaluate_nospec()/block_speculation() to address speculation.
> 
> The question isn't the status quo, but how things should be looking
> like
> if everything was in place that's (in principle) needed.
> 
> > For RISC-V, it can be implemented in a similar manner, at least for
> > now. Since these functions are only used in the grant tables code (
> > for
> > Arm and so for RISC-V ), which is not supported by RISC-V.
> 
> Same here - the question is whether long term, when gnttab is also
> supported, RISC-V would get away without doing anything. Still ...
> 
> > > If the answer is they should be non-empty. Then I would consider
> > > to
> > > keep 
> > > the duplication to make clear that each architecture should take
> > > their 
> > > own decision in term of security.
> > > 
> > > The alternative, is to have a generic implementation that is safe
> > > by 
> > > default (if that's even possible).
> > I am not certain that we can have a generic implementation, as each
> > architecture may have specific speculation issues.
> 
> ... it's theoretically possible that there'd be an arch with no
> speculation issues, maybe simply because of not speculating.

I am not sure that understand your and Julien point.

For example, modern CPU uses speculative execution to reduce the cost
of conditional branch instructions using schemes that predict the
execution path of a program based on the history of branch executions.

Arm CPUs are vulnerable for speculative execution, but if to look at
the code of evaluate_nospec()/block_speculation() functions they are
doing nothing for Arm.

~ Oleksii

Follow-Ups:
- Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
  - From: Jan Beulich

References:
- [PATCH v4 00/30] Enable build of full Xen for RISC-V
  - From: Oleksii Kurochko
- [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
  - From: Oleksii Kurochko
- Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
  - From: Julien Grall
- Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
  - From: Oleksii
- Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
  - From: Jan Beulich

Prev by Date: [xen-unstable-smoke test] 184713: tolerable all pass - PUSHED
Next by Date: Re: [OSSTEST PATCH] ap-common: Switch to Linux 6.1 by default on Arm
Previous by thread: Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
Next by thread: Re: [PATCH v4 07/30] xen/asm-generic: introdure nospec.h
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.