On 23/01/2019 14:59, Andrew Cooper wrote: > The progression of multi-vcpu support in Xen (originally a single pointer, > then an embedded d->vcpu[] array, then a dynamically allocated array) has > resulted in a large quantity of ad-hoc code for looking a vcpu up by id, and a > large number of ways that the toolstack can cause Xen to trip over a NULL > pointer. Some of this has been addressed in Xen 4.12, and work is ongoing. > > Another property of looking a vcpu up by id is frequently done in unprivileged > hypercall context, making it an attractive target for speculative sidechannel > attacks. > > Introduce a helper to do the lookup correctly, and without speculative > interference. For performance reasons, it is useful not to have an smp_rmb() > in this helper on ARM, and luckily this is safe to do, because of the > serialisation offered by the global domheap lock. > > As a minor change noticed when checking the safety of this construct, sanity > check during boot that idle->max_vcpus is a suitable upper bound for > idle->vcpu[]. > > Signed-off-by: Andrew Cooper <[email protected]> > --- > CC: Jan Beulich <[email protected]> > CC: Wei Liu <[email protected]> > CC: Roger Pau Monné <[email protected]> > CC: Stefano Stabellini <[email protected]> > CC: Julien Grall <[email protected]> > CC: Juergen Gross <[email protected]> > CC: Norbert Manthey <[email protected]>
And in my haste, I forgot to tag this as "for 4.12". ~Andrew _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
