On 03.01.19 19:06, Ralf Ramsauer wrote:
Hi,
this series implements mitigations for CVE 2017-5715 (aka Spectre v2).
The first few patches are minor cleanups and refactorings. Then I completely
moved arch_handle_exit to assembly. Still unrelated to the eventual
mitigations, but required to smooth the way (and it's a nice micro
optimisation).
Like KVM, we will call the mitigation on each exit, before taking the first
branch. The mitigation SMC is seen as a hot path, so I implemented a fast path
that catapults us back to the guest as fast as possible. The whole fast path,
including VMEXIT accounting, fits into the interrupt vector entry, which is
pretty nice.
Those mitigated paths are implemented via a second interrupt vector table that
is conditionally switched on early startup if firmware reports the availability
of the mitigation. The series makes the assumption that a processor is
affected if the mitigation is available. I hope that's correct.
Tested on QEMU ARM64 (w/o firmware support) and on a Jetson TX1, w/ and w/o
firmware support.
The series can be found here:
https://github.com/lfd/jailhouse/tree/arm64-spectre-mitigation-v3
Microbenchmarks to measure the impact of SMC accounting in hot paths are
still missing.
Ralf
since v2:
- Comments on patch 3 were clarified on the ML
- Add comments to patches 4 and 5
- Tested again on a TX1 and TK1
since RFC series:
- rebase to latest next, some patches already went upstream
- address Jan's comments
- refactor smccc_init to smccc_discover
- add panic_printk in case of unhandled SMC arch traps
- remove some debug printks
- move arch_skip_instruction to the end of the handler to avoid instruction
skips in case of unhandled traps
Ralf Ramsauer (13):
arm64: reorder store of registers in exit path
arm64: move vmexit_total increase to assembly
arm64: Don't call vmreturn from arch_handle_exit
arm64: traps: refactor arch_dump_exit to arch_el2_abt
arm64: remove arch_handle_exit
arm64: introduce macro helpers that generate irq vectors
arm, arm64: add stubs for SMC calls
arm64: Initialise SMCCC backend
arm64: Mitigate CVE 2017-5715 (aka Spectre v2)
arm-common: implement SMCCC feature discovery
arm64: implement a fast path for the Spectre v2 workaround
arm-common: crash cell on unhandled SMC traps
arm64: account SMC fast path
.../arch/arm-common/include/asm/percpu.h | 3 +
.../arch/arm-common/include/asm/smccc.h | 9 ++
hypervisor/arch/arm-common/setup.c | 3 +
hypervisor/arch/arm-common/smccc.c | 74 ++++++++--
.../arch/arm/include/asm/percpu_fields.h | 1 +
hypervisor/arch/arm/include/asm/smc.h | 38 +++++
hypervisor/arch/arm64/asm-defines.c | 6 +
hypervisor/arch/arm64/entry.S | 136 ++++++++++++++++--
.../arch/arm64/include/arch/asm/traps.h | 3 +
hypervisor/arch/arm64/include/asm/entry.h | 2 +
.../arch/arm64/include/asm/percpu_fields.h | 1 +
hypervisor/arch/arm64/include/asm/processor.h | 11 +-
hypervisor/arch/arm64/include/asm/smc.h | 36 +++++
hypervisor/arch/arm64/include/asm/sysregs.h | 3 +-
hypervisor/arch/arm64/setup.c | 11 +-
hypervisor/arch/arm64/traps.c | 34 +----
16 files changed, 312 insertions(+), 59 deletions(-)
create mode 100644 hypervisor/arch/arm/include/asm/smc.h
create mode 100644 hypervisor/arch/arm64/include/asm/smc.h
While series merged to next now, just fixing up patch 12.
Thanks,
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
