[for-4.13,0/2] xen/nospec: Add Kconfig options for speculative hardening

Message ID	20190930182437.25478-1-andrew.cooper3@citrix.com (mailing list archive)
Headers	show Return-Path: <SRS0=D6zB=XZ=lists.xenproject.org=xen-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 41E3B224D2 Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa4.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: SoTF5NiQaBlJ0uG3+6R6+P3Rtl8ePalBJtpZjynI/S7WAXV5TbpkVyymx+LSL+yJtGbE5KLjez auAZXZ7IXKLxshgmhuzZf1Ri0kMzFhNZRZ1qrWRjbvZzbLWFo3UxhVHqSga4iAnTyT9Haf/608 VlIY9hNW1NuCA9++g5mBc23G8AeI8rsxbuTIBBqB9rpo+MwmN91KcmHxEI6naw2vFRJVzGTbAO VYCL39FUHvEgE7JhQsCbg4RVWW5BYkQdmT5kc4MCAzNV4byzg2rWxLdrW7nW/7V8nydKXPnk4Z WNc= From: Andrew Cooper <andrew.cooper3@citrix.com> To: Xen-devel <xen-devel@lists.xenproject.org> Date: Mon, 30 Sep 2019 19:24:35 +0100 Message-ID: <20190930182437.25478-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Subject: [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options for speculative hardening Precedence: list Cc: Juergen Gross <jgross@suse.com>, Wei Liu <wl@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>, Norbert Manthey <nmanthey@amazon.de>, Jan Beulich <JBeulich@suse.com>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	xen/nospec: Add Kconfig options for speculative hardening \| expand [for-4.13,0/2] xen/nospec: Add Kconfig options for speculative hardening [for-4.13,1/2] xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN [for-4.13,2/2] xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it

Message ID

20190930182437.25478-1-andrew.cooper3@citrix.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 41E3B224D2
Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 andrew.cooper3@citrix.com) identity=pra;
 client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="andrew.cooper3@citrix.com";
 x-conformance=sidf_compatible
Received-SPF: Pass (esa4.hc3370-68.iphmx.com: domain of
 Andrew.Cooper3@citrix.com designates 162.221.158.21 as
 permitted sender) identity=mailfrom;
 client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="Andrew.Cooper3@citrix.com";
 x-conformance=sidf_compatible; x-record-type="v=spf1";
 x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133
 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4
 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88
 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all"
Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender
 authenticity information available from domain of
 postmaster@mail.citrix.com) identity=helo;
 client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com;
 envelope-from="Andrew.Cooper3@citrix.com";
 x-sender="postmaster@mail.citrix.com";
 x-conformance=sidf_compatible
IronPort-SDR: 
 SoTF5NiQaBlJ0uG3+6R6+P3Rtl8ePalBJtpZjynI/S7WAXV5TbpkVyymx+LSL+yJtGbE5KLjez
 auAZXZ7IXKLxshgmhuzZf1Ri0kMzFhNZRZ1qrWRjbvZzbLWFo3UxhVHqSga4iAnTyT9Haf/608
 VlIY9hNW1NuCA9++g5mBc23G8AeI8rsxbuTIBBqB9rpo+MwmN91KcmHxEI6naw2vFRJVzGTbAO
 VYCL39FUHvEgE7JhQsCbg4RVWW5BYkQdmT5kc4MCAzNV4byzg2rWxLdrW7nW/7V8nydKXPnk4Z
 WNc=
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Date: Mon, 30 Sep 2019 19:24:35 +0100
Message-ID: <20190930182437.25478-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Subject: [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options
 for speculative hardening
Precedence: list
Cc: Juergen Gross <jgross@suse.com>, Wei Liu <wl@xen.org>,
 Andrew Cooper <andrew.cooper3@citrix.com>,
 Norbert Manthey <nmanthey@amazon.de>, Jan Beulich <JBeulich@suse.com>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

xen/nospec: Add Kconfig options for speculative hardening | expand

Message

Andrew Cooper Sept. 30, 2019, 6:24 p.m. UTC

The main purpose is patch 2.  The "l1tf-barrier" work currently causes a perf
hit and gains no safety, and is therefore unfit for inclusion into Xen 4.13 at
this time.

Andrew Cooper (2):
  xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN
  xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it

 docs/misc/xen-command-line.pandoc |  8 +-------
 xen/arch/x86/spec_ctrl.c          | 17 ++---------------
 xen/common/Kconfig                | 38 ++++++++++++++++++++++++++++++++++++++
 xen/include/asm-x86/cpufeatures.h |  2 +-
 xen/include/asm-x86/nospec.h      |  4 ++--
 xen/include/asm-x86/spec_ctrl.h   |  1 -
 xen/include/xen/nospec.h          | 12 ++++++++++++
 7 files changed, 56 insertions(+), 26 deletions(-)

Comments

Jürgen Groß Oct. 1, 2019, 6:35 a.m. UTC | #1

On 30.09.19 20:24, Andrew Cooper wrote:
> The main purpose is patch 2.  The "l1tf-barrier" work currently causes a perf
> hit and gains no safety, and is therefore unfit for inclusion into Xen 4.13 at
> this time.
> 
> Andrew Cooper (2):
>    xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN
>    xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it
> 
>   docs/misc/xen-command-line.pandoc |  8 +-------
>   xen/arch/x86/spec_ctrl.c          | 17 ++---------------
>   xen/common/Kconfig                | 38 ++++++++++++++++++++++++++++++++++++++
>   xen/include/asm-x86/cpufeatures.h |  2 +-
>   xen/include/asm-x86/nospec.h      |  4 ++--
>   xen/include/asm-x86/spec_ctrl.h   |  1 -
>   xen/include/xen/nospec.h          | 12 ++++++++++++
>   7 files changed, 56 insertions(+), 26 deletions(-)
> 

For the series:

Release-acked-by: Juergen Gross <jgross@suse.com>


Juergen