On 9/26/18 12:05 AM, Ralf Ramsauer wrote: > Hi Lokesh, > > On 7/16/18 11:48 AM, 'Lokesh Vutla' via Jailhouse wrote: >> This series adds initial support for the new SMCCC 1.1 and PSCI v1.1 >> that is support by ARM Trusted Firmware. For now the >> SMCCC_ARCH_WORKAROUND_1 and SMCCC_ARCH_WORKAROUND_2 and reported as >> not implemented. Once the mitigations are properly applied the actual >> status can be reported. > > I'm currently trying to get a better understating for > SMCCC_ARCH_WORKAROUND_* and checked the code path of Jailhouse. > > On SMCCC feature discovery, Jailhouse will report that there are no > features available. That's correct, because we don't handle those calls > atm. So everything is safe for non-root cells. > > But... If the root cell discovered during its initial boot (w/o > Jailhouse) that those features are available on the platform, it will > take the WORKAROUND_* path from then on for branch prediction hardening > (if vulnerable). > > AFAICT, there's no feature rediscovery after we enable Jailhouse on > Linux side, so the Root cell will still think that those features are > available and keep on calling SMCCC_ARCH_WORKAROUND_* (right?). As the > specification [1] says that those SMCCC_ARCH_WORKAROUNDs have no return > code, the root cell won't even notice that those calls have silently failed. > > In fact, we return ARM_SMCCC_NOT_SUPPORTED, while the spec says "no > return value". > > This is just a wild guess, unfortunately I don't have a platform where I > can test this behavior, maybe you can shed some light on this.
Ok, it's not a wild guess any longer. I was able to verify this on my Jetson TX1, where I was able to build latest upstream ATF/U-Boot/Kernel that supports SMCCC 1.1. Every now and then, I can observe unhandled 0x80008000 SMC Traps (SMCCC_ARCH_WORKAROUND_1) where the kernel wants to execute Spectre Mitigations and thinks they were successful, though Jailhouse returns NOT_SUPPORTED. This is rather a note to ourselves than a bug report -- we intentionally do not handle those requests atm but keep it in mind. In the midterm, we should probably implement this properly. Ralf > > Thanks > Ralf > > [1] > https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/firmware-interfaces-for-mitigating-cache-speculation-vulnerabilities > >> >> This series will allow to use jailhouse with Latest kernel and ATF. >> >> Changes since RFC: >> - Updated Copyright statements. >> - Fixed SMCCC 1.1 version value >> - Fixed comments from Jan. >> >> Lokesh Vutla (3): >> arm-common: Rework handling of SMC >> arm-common: Add support for PSCI 1.1 >> arm-common: Add support for SMCCC 1.1 >> >> hypervisor/arch/arm-common/Kbuild | 2 +- >> hypervisor/arch/arm-common/include/asm/psci.h | 6 +- >> hypervisor/arch/arm-common/include/asm/sip.h | 15 ----- >> .../arch/arm-common/include/asm/smccc.h | 34 +++++++++++ >> hypervisor/arch/arm-common/psci.c | 29 +++++++++- >> hypervisor/arch/arm-common/smccc.c | 57 +++++++++++++++++++ >> hypervisor/arch/arm/traps.c | 12 ++-- >> hypervisor/arch/arm64/traps.c | 20 +------ >> 8 files changed, 130 insertions(+), 45 deletions(-) >> delete mode 100644 hypervisor/arch/arm-common/include/asm/sip.h >> create mode 100644 hypervisor/arch/arm-common/include/asm/smccc.h >> create mode 100644 hypervisor/arch/arm-common/smccc.c >> > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
