On 23/01/2019 15:59, Andrew Cooper wrote: > The progression of multi-vcpu support in Xen (originally a single pointer, > then an embedded d->vcpu[] array, then a dynamically allocated array) has > resulted in a large quantity of ad-hoc code for looking a vcpu up by id, and a > large number of ways that the toolstack can cause Xen to trip over a NULL > pointer. Some of this has been addressed in Xen 4.12, and work is ongoing. > > Another property of looking a vcpu up by id is frequently done in unprivileged > hypercall context, making it an attractive target for speculative sidechannel > attacks. > > Introduce a helper to do the lookup correctly, and without speculative > interference. For performance reasons, it is useful not to have an smp_rmb() > in this helper on ARM, and luckily this is safe to do, because of the > serialisation offered by the global domheap lock. > > As a minor change noticed when checking the safety of this construct, sanity > check during boot that idle->max_vcpus is a suitable upper bound for > idle->vcpu[]. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Release-acked-by: Juergen Gross <jgr...@suse.com> Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
