From patchwork Fri Jul 12 08:51:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Norbert Manthey X-Patchwork-Id: 11041895 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B0F36112C for ; Fri, 12 Jul 2019 08:53:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F77A28B93 for ; Fri, 12 Jul 2019 08:53:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 937B828BA0; Fri, 12 Jul 2019 08:53:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_ADSP_ALL, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4A30728B93 for ; Fri, 12 Jul 2019 08:53:53 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hlrHV-0007AX-DI; Fri, 12 Jul 2019 08:51:53 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hlrHT-0007AS-Rz for xen-devel@lists.xenproject.org; Fri, 12 Jul 2019 08:51:52 +0000 X-Inumbo-ID: 4979d536-a482-11e9-8980-bc764e045a96 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 4979d536-a482-11e9-8980-bc764e045a96; Fri, 12 Jul 2019 08:51:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1562921510; x=1594457510; h=from:to:cc:subject:date:message-id:mime-version; bh=7pb+lnkoEm4CyIvlMOOJm8ACBE0wTcF2Pmgs2qdkcjU=; b=EG7nAto2nw+Vv28QgOl4YKbFhYlYKJeM0pM+fCpfHfBLjnTNBM1dbpNx jvQDqnjD/Jq47gGKb97WHLgrbfXIX8aB7yvn7cKra524Waj7DXx8Z3tVV YaxxjWQuGkAYG23+Syx48ljLpqQDML0jZxkBXqK7pEh2bPHLVtM58B71q Y=; X-IronPort-AV: E=Sophos;i="5.62,481,1554768000"; d="scan'208";a="810819081" Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-2b-8cc5d68b.us-west-2.amazon.com) ([10.47.22.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 12 Jul 2019 08:51:48 +0000 Received: from EX13MTAUEB001.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2b-8cc5d68b.us-west-2.amazon.com (Postfix) with ESMTPS id 6127CA18EF; Fri, 12 Jul 2019 08:51:47 +0000 (UTC) Received: from EX13D08UEB003.ant.amazon.com (10.43.60.11) by EX13MTAUEB001.ant.amazon.com (10.43.60.96) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 12 Jul 2019 08:51:46 +0000 Received: from EX13MTAUEA001.ant.amazon.com (10.43.61.82) by EX13D08UEB003.ant.amazon.com (10.43.60.11) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 12 Jul 2019 08:51:46 +0000 Received: from uc1a35a69ae4659.ant.amazon.com (10.28.85.50) by mail-relay.amazon.com (10.43.61.243) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Fri, 12 Jul 2019 08:51:44 +0000 From: Norbert Manthey To: Date: Fri, 12 Jul 2019 10:51:40 +0200 Message-ID: <1562921502-20137-1-git-send-email-nmanthey@amazon.de> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH L1TF MDS GT v3 0/2] grant table protection X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Tim Deegan , Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Dario Faggioli , Martin Pohlack , Pawel Wieczorkiewicz , Julien Grall , David Woodhouse , Jan Beulich , Martin Mazein , Bjoern Doebel , Norbert Manthey Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Dear all, This patch series attempts to mitigate the issue that have been raised in the XSA-289 (https://xenbits.xen.org/xsa/advisory-289.html). To block speculative execution on Intel hardware, an lfence instruction is required to make sure that selected checks are not bypassed. Speculative out-of-bound accesses can be prevented by using the array_index_nospec macro. This series picks up the last remaining commit of my previous L1TF series, and splits it into several commits to help targetting the discussion better. The actual change is to protect grant-table code. This is part of the speculative hardening effort. Best, Norbert Norbert Manthey (2): common/grant_table: harden bound accesses common/grant_table: harden version dependent accesses xen/common/grant_table.c | 107 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 75 insertions(+), 32 deletions(-)