> On 4 Nov 2022, at 05:01, Andrew Cooper <[email protected]> wrote: > > The series claims "This is beneficial to performance and avoids > speculation issues.", c/s 8523851dbc4. > > That half sentence is literally the sum total of justification given for > this being related to speculation.
The cover letter, written on 15 Oct 2021, mentions “avoid[ing] indirect function calls on the hypercall path”. Internal security@ discussions from the time show that we were talking about Spectre-BHB (AKA BHI) and its impact on function pointers, specifically those in the hypercall and exception dispatch. Given that Spectre-BHB wasn’t made public until March 2022, it would have been a violation of the embargo for Jürgen to go into more detail at that time. It appears that your view on whether hypercall function call tables are a vulnerable surface of attack has changed. But given that you once believed they needed protecting, it’s not unreasonable for other people to think that they may need protecting; and given that it’s reasonable to think that they may need protecting, you should at least give a *little bit* of a justification for why yo believe they don’t, rather than simply falling back to, “There’s no evidence”. -George
signature.asc
Description: Message signed with OpenPGP
