From patchwork Tue Jul 30 13:15:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Norbert Manthey X-Patchwork-Id: 11065759 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0D4CE13A0 for ; Tue, 30 Jul 2019 13:17:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F0839287C9 for ; Tue, 30 Jul 2019 13:17:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E2EDD287DC; Tue, 30 Jul 2019 13:17:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 178CC287C9 for ; Tue, 30 Jul 2019 13:17:25 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hsRyb-0001eW-0W; Tue, 30 Jul 2019 13:15:37 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hsRya-0001eR-66 for xen-devel@lists.xenproject.org; Tue, 30 Jul 2019 13:15:36 +0000 X-Inumbo-ID: 1cb84168-b2cc-11e9-8980-bc764e045a96 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 1cb84168-b2cc-11e9-8980-bc764e045a96; Tue, 30 Jul 2019 13:15:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1564492534; x=1596028534; h=from:to:cc:subject:date:message-id:mime-version; bh=7pb+lnkoEm4CyIvlMOOJm8ACBE0wTcF2Pmgs2qdkcjU=; b=Ox8e3FyNorjKxHONyhGKhuFgK5LTSRTZgapYFdkzqkY3FuAkXs3AyQeT PU0PE4AsdzbN/c2Vbm3fb6qQBewLWUnVpjqlAxsmsJrje9Pg5STgF1J5Y ubQyPovSEFCI6Ctdx4TZT9iXjeFpQsd5ntG06FOoYy/JPtkyrVpM1Lvaa Q=; X-IronPort-AV: E=Sophos;i="5.64,326,1559520000"; d="scan'208";a="814923610" Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-1d-f273de60.us-east-1.amazon.com) ([10.47.22.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 30 Jul 2019 13:15:30 +0000 Received: from EX13MTAUEB001.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-1d-f273de60.us-east-1.amazon.com (Postfix) with ESMTPS id 871E7A069D; Tue, 30 Jul 2019 13:15:26 +0000 (UTC) Received: from EX13D08UEB003.ant.amazon.com (10.43.60.11) by EX13MTAUEB001.ant.amazon.com (10.43.60.129) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 30 Jul 2019 13:15:26 +0000 Received: from EX13MTAUWC001.ant.amazon.com (10.43.162.135) by EX13D08UEB003.ant.amazon.com (10.43.60.11) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 30 Jul 2019 13:15:25 +0000 Received: from uc1a35a69ae4659.ant.amazon.com (10.109.93.13) by mail-relay.amazon.com (10.43.162.232) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Tue, 30 Jul 2019 13:15:21 +0000 From: Norbert Manthey To: Date: Tue, 30 Jul 2019 15:15:01 +0200 Message-ID: <1564492503-22716-1-git-send-email-nmanthey@amazon.de> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH L1TF MDS GT v4 0/2] grant table protection X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Tim Deegan , Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Dario Faggioli , Martin Pohlack , Pawel Wieczorkiewicz , Julien Grall , David Woodhouse , Jan Beulich , Martin Mazein , Bjoern Doebel , Norbert Manthey Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Dear all, This patch series attempts to mitigate the issue that have been raised in the XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html). To block speculative execution on Intel hardware, an lfence instruction is required to make sure that selected checks are not bypassed. Speculative out-of-bound accesses can be prevented by using the array_index_nospec macro. This series picks up the last remaining commit of my previous L1TF series, and splits it into several commits to help targetting the discussion better. The actual change is to protect grant-table code. This is part of the speculative hardening effort. Best, Norbert Norbert Manthey (2): common/grant_table: harden bound accesses common/grant_table: harden version dependent accesses xen/common/grant_table.c | 107 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 75 insertions(+), 32 deletions(-)