>>> On 21.02.19 at 09:16, <nmant...@amazon.de> wrote: > The get_page_from_gfn method returns a pointer to a page that belongs > to a gfn. Before returning the pointer, the gfn is checked for being > valid. Under speculation, these checks can be bypassed, so that > the function get_page is still executed partially. Consequently, the > function page_get_owner_and_reference might be executed partially as > well. In this function, the computed pointer is accessed, resulting in > a speculative out-of-bound address load. As the gfn can be controlled by > a guest, this access is problematic. > > To mitigate the root cause, an lfence instruction is added via the > evaluate_nospec macro. To make the protection generic, we do not > introduce the lfence instruction for this single check, but add it to > the mfn_valid function. This way, other potentially problematic accesses > are protected as well. > > This is part of the speculative hardening effort. > > Signed-off-by: Norbert Manthey <nmant...@amazon.de>
Acked-by: Jan Beulich <jbeul...@suse.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel