On 23/01/2019 14:59, Andrew Cooper wrote: > The progression of multi-vcpu support in Xen (originally a single pointer, > then an embedded d->vcpu[] array, then a dynamically allocated array) has > resulted in a large quantity of ad-hoc code for looking a vcpu up by id, and a > large number of ways that the toolstack can cause Xen to trip over a NULL > pointer. Some of this has been addressed in Xen 4.12, and work is ongoing. > > Another property of looking a vcpu up by id is frequently done in unprivileged > hypercall context, making it an attractive target for speculative sidechannel > attacks. > > Introduce a helper to do the lookup correctly, and without speculative > interference. For performance reasons, it is useful not to have an smp_rmb() > in this helper on ARM, and luckily this is safe to do, because of the > serialisation offered by the global domheap lock. > > As a minor change noticed when checking the safety of this construct, sanity > check during boot that idle->max_vcpus is a suitable upper bound for > idle->vcpu[]. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > CC: Jan Beulich <jbeul...@suse.com> > CC: Wei Liu <wei.l...@citrix.com> > CC: Roger Pau Monné <roger....@citrix.com> > CC: Stefano Stabellini <sstabell...@kernel.org> > CC: Julien Grall <julien.gr...@arm.com> > CC: Juergen Gross <jgr...@suse.com> > CC: Norbert Manthey <nmant...@amazon.de>
And in my haste, I forgot to tag this as "for 4.12". ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
