Hi Jan, > -----Original Message----- > Subject: [PATCH for-4.17?] x86: support data operand independent timing > mode > > [1] specifies a long list of instructions which are intended to exhibit > timing behavior independent of the data they operate on. On certain > hardware this independence is optional, controlled by a bit in a new > MSR. Provide a command line option to control the mode Xen and its > guests are to operate in, with a build time control over the default. > Longer term we may want to allow guests to control this. > > Since Arm64 supposedly also has such a control, put command line option > and Kconfig control in common files. > > [1] > https://www.intel.com/content/www/us/en/developer/articles/technical/so > ftware-security-guidance/best-practices/data-operand-independent-timing- > isa-guidance.html > > Requested-by: Demi Marie Obenour <[email protected]> > Signed-off-by: Jan Beulich <[email protected]> > --- > This may be viewed as a new feature, and hence be too late for 4.17. It > may, however, also be viewed as security relevant, which is why I'd like > to propose to at least consider it.
Based on the discussion in this thread so far, I think people would view this patch as a security relevant patch, so I guess without strong objection to merge this in 4.17, it is fine to add this in the release (with proper review, of course). Kind regards, Henry
