On 28.09.18 17:13, Ralf Ramsauer wrote:
On 9/26/18 12:05 AM, Ralf Ramsauer wrote:
Hi Lokesh,
On 7/16/18 11:48 AM, 'Lokesh Vutla' via Jailhouse wrote:
This series adds initial support for the new SMCCC 1.1 and PSCI v1.1
that is support by ARM Trusted Firmware. For now the
SMCCC_ARCH_WORKAROUND_1 and SMCCC_ARCH_WORKAROUND_2 and reported as
not implemented. Once the mitigations are properly applied the actual
status can be reported.
I'm currently trying to get a better understating for
SMCCC_ARCH_WORKAROUND_* and checked the code path of Jailhouse.
On SMCCC feature discovery, Jailhouse will report that there are no
features available. That's correct, because we don't handle those calls
atm. So everything is safe for non-root cells.
But... If the root cell discovered during its initial boot (w/o
Jailhouse) that those features are available on the platform, it will
take the WORKAROUND_* path from then on for branch prediction hardening
(if vulnerable).
AFAICT, there's no feature rediscovery after we enable Jailhouse on
Linux side, so the Root cell will still think that those features are
available and keep on calling SMCCC_ARCH_WORKAROUND_* (right?). As the
specification [1] says that those SMCCC_ARCH_WORKAROUNDs have no return
code, the root cell won't even notice that those calls have silently failed.
In fact, we return ARM_SMCCC_NOT_SUPPORTED, while the spec says "no
return value".
This is just a wild guess, unfortunately I don't have a platform where I
can test this behavior, maybe you can shed some light on this.
Ok, it's not a wild guess any longer.
I was able to verify this on my Jetson TX1, where I was able to build
latest upstream ATF/U-Boot/Kernel that supports SMCCC 1.1.
Every now and then, I can observe unhandled 0x80008000 SMC Traps
(SMCCC_ARCH_WORKAROUND_1) where the kernel wants to execute Spectre
Mitigations and thinks they were successful, though Jailhouse returns
NOT_SUPPORTED.
This is rather a note to ourselves than a bug report -- we intentionally
do not handle those requests atm but keep it in mind. In the midterm, we
should probably implement this properly.
Rather looks like it should be implemented soon. It should also be rather simple
because there are no side effects expected on other PEs (at least my
interpretation), and the call is simple as well - just run it on behalf of the
guest, I would say. And properly report it as supported, of course.
Jan
Ralf
Thanks
Ralf
[1]
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/firmware-interfaces-for-mitigating-cache-speculation-vulnerabilities
This series will allow to use jailhouse with Latest kernel and ATF.
Changes since RFC:
- Updated Copyright statements.
- Fixed SMCCC 1.1 version value
- Fixed comments from Jan.
Lokesh Vutla (3):
arm-common: Rework handling of SMC
arm-common: Add support for PSCI 1.1
arm-common: Add support for SMCCC 1.1
hypervisor/arch/arm-common/Kbuild | 2 +-
hypervisor/arch/arm-common/include/asm/psci.h | 6 +-
hypervisor/arch/arm-common/include/asm/sip.h | 15 -----
.../arch/arm-common/include/asm/smccc.h | 34 +++++++++++
hypervisor/arch/arm-common/psci.c | 29 +++++++++-
hypervisor/arch/arm-common/smccc.c | 57 +++++++++++++++++++
hypervisor/arch/arm/traps.c | 12 ++--
hypervisor/arch/arm64/traps.c | 20 +------
8 files changed, 130 insertions(+), 45 deletions(-)
delete mode 100644 hypervisor/arch/arm-common/include/asm/sip.h
create mode 100644 hypervisor/arch/arm-common/include/asm/smccc.h
create mode 100644 hypervisor/arch/arm-common/smccc.c
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
