Hi Jan, > On Sep 11, 2023, at 23:01, Jan Beulich <[email protected]> wrote: > > [1] specifies a long list of instructions which are intended to exhibit > timing behavior independent of the data they operate on. On certain > hardware this independence is optional, controlled by a bit in a new > MSR. Provide a command line option to control the mode Xen and its > guests are to operate in, with a build time control over the default. > Longer term we may want to allow guests to control this. > > Since Arm64 supposedly also has such a control, put command line option > and Kconfig control in common files. > > [1] > https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html > > Requested-by: Demi Marie Obenour <[email protected]> > Signed-off-by: Jan Beulich <[email protected]> > --- > This may be viewed as a new feature, and hence be too late for 4.18. It > may, however, also be viewed as security relevant, which is why I'd like > to propose to at least consider it.
Fine with me if this patch can be properly reviewed on time, because of the security relevance. > > Slightly RFC, in particular for whether the Kconfig option should > default to Y or N. > > I would have wanted to invoke setup_doitm() from cpu_init(), but that > works only on the BSP. On APs cpu_init() runs before ucode loading. > Plus recheck_cpu_features() invoking identify_cpu() takes care of the > BSP during S3 resume. > --- > v2: Introduce and use cpu_has_doitm. Add comment "borrowed" from the > XenServer patch queue patch providing similar functionality. > Re-base. > > --- a/docs/misc/xen-command-line.pandoc > +++ b/docs/misc/xen-command-line.pandoc > @@ -788,6 +788,14 @@ Specify the size of the console debug tr > additionally a trace buffer of the specified size is allocated per cpu. > The debug trace feature is only enabled in debugging builds of Xen. > > +### dit (x86) > +> `= <boolean>` > + > +> Default: `CONFIG_DIT_DEFAULT` > + > +Specify whether Xen and guests should operate in Data Independent Timing > +mode. > + Since a new cmdline interface is added, I am wondering would such addtion deserves a CHANGELOG entry? Kind regards, Henry
