From patchwork Mon Sep 30 18:24:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11167013 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6FABD15AB for ; Mon, 30 Sep 2019 18:26:10 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 41E3B224D2 for ; Mon, 30 Sep 2019 18:26:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="e53OSFuk" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 41E3B224D2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iF0Lk-0000bY-BL; Mon, 30 Sep 2019 18:24:44 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iF0Lj-0000bT-HL for xen-devel@lists.xenproject.org; Mon, 30 Sep 2019 18:24:43 +0000 X-Inumbo-ID: 9218b4ea-e3af-11e9-97fb-bc764e2007e4 Received: from esa4.hc3370-68.iphmx.com (unknown [216.71.155.144]) by localhost (Halon) with ESMTPS id 9218b4ea-e3af-11e9-97fb-bc764e2007e4; Mon, 30 Sep 2019 18:24:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1569867882; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=PVq5BNQHdiosR3euQFQB4Iz0GinU3E/T98l8+pJjaeM=; b=e53OSFukZw1iZz25fX6+obS6LVxMWvo8wuaZnZ8Nt5VYygu6sxZa+J5h KHeaAOG5ocm2FLLnUCv6GTgRa4ijBon39M+3HALUjI5IAWZ65EDIZ3uuc ya+gqILwkwGh8nsgI0apjJdeOtSe0hpfJpkt9ofhybHmYu0A9N+FEGqM8 o=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa4.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa4.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa4.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: SoTF5NiQaBlJ0uG3+6R6+P3Rtl8ePalBJtpZjynI/S7WAXV5TbpkVyymx+LSL+yJtGbE5KLjez auAZXZ7IXKLxshgmhuzZf1Ri0kMzFhNZRZ1qrWRjbvZzbLWFo3UxhVHqSga4iAnTyT9Haf/608 VlIY9hNW1NuCA9++g5mBc23G8AeI8rsxbuTIBBqB9rpo+MwmN91KcmHxEI6naw2vFRJVzGTbAO VYCL39FUHvEgE7JhQsCbg4RVWW5BYkQdmT5kc4MCAzNV4byzg2rWxLdrW7nW/7V8nydKXPnk4Z WNc= X-SBRS: 2.7 X-MesageID: 6621880 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,568,1559534400"; d="scan'208";a="6621880" From: Andrew Cooper To: Xen-devel Date: Mon, 30 Sep 2019 19:24:35 +0100 Message-ID: <20190930182437.25478-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH for-4.13 0/2] xen/nospec: Add Kconfig options for speculative hardening X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Wei Liu , Andrew Cooper , Norbert Manthey , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The main purpose is patch 2. The "l1tf-barrier" work currently causes a perf hit and gains no safety, and is therefore unfit for inclusion into Xen 4.13 at this time. Andrew Cooper (2): xen/nospec: Introduce CONFIG_SPECULATIVE_ARRAY_HARDEN xen/nospec: Introduce CONFIG_SPECULATIVE_BRANCH_HARDEN and disable it docs/misc/xen-command-line.pandoc | 8 +------- xen/arch/x86/spec_ctrl.c | 17 ++--------------- xen/common/Kconfig | 38 ++++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/cpufeatures.h | 2 +- xen/include/asm-x86/nospec.h | 4 ++-- xen/include/asm-x86/spec_ctrl.h | 1 - xen/include/xen/nospec.h | 12 ++++++++++++ 7 files changed, 56 insertions(+), 26 deletions(-)