On Sat, 27 Feb 2021 10:42:01 +0000
Alexandru Elisei <[email protected]> wrote:
> From an architectural point of view, the PE can speculate instruction
> fetches and data reads at any time when the MMU is enabled using the
> translation tables from TTBR0_EL1 and TTBR1_EL1. kvm-unit-tests uses an
> identity map, and as such it only programs TTBR0_EL1 with a valid table and
> leaves TTBR1_EL1 unchanged. The reset value for TTBR1_EL1 is UNKNOWN, which
> means it is possible for the PE to perform reads from memory locations
> where accesses can cause side effects (like memory-mapped devices) as part
> of the speculated translation table walk.
>
> So far, this hasn't been a problem, because KVM resets TTBR{0,1}_EL1 to
> zero, and that address is used for emulation for both qemu and kvmtool and
> it doesn't point to a real device. However, kvm-unit-tests shouldn't rely
> on a particular combination of hypervisor and userspace for correctness.
> Another situation where we can't rely on these assumptions being true is
> when kvm-unit-tests is run as an EFI app.
>
> To prevent reads from arbitrary addresses, set the TCR_EL1.EPD1 bit to
> disable speculative translation table walks using TTBR1_EL1.
>
> This is similar to EDK2 commit fafb7e9c110e ("ArmPkg: correct TTBR1_EL1
> settings in TCR_EL1"). Also mentioned in that commit is the Cortex-A57
> erratum 822227 which impacts the hypervisor, but kvm-unit-tests is
> protected against it because asm_mmu_enable sets both the TCR_EL1.TG0 and
> TCR_EL1.TG1 bits when programming the register.
>
> Suggested-by: Mark Rutland <[email protected]>
> Signed-off-by: Alexandru Elisei <[email protected]>
That sounds like a good idea. Verified the bit against the ARM ARM.
Reviewed-by: Andre Przywara <[email protected]>
Cheers,
Andre
> ---
> lib/arm64/asm/pgtable-hwdef.h | 1 +
> arm/cstart64.S | 3 ++-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/lib/arm64/asm/pgtable-hwdef.h b/lib/arm64/asm/pgtable-hwdef.h
> index 48a1d1ab1ac2..8c41fe123fb3 100644
> --- a/lib/arm64/asm/pgtable-hwdef.h
> +++ b/lib/arm64/asm/pgtable-hwdef.h
> @@ -136,6 +136,7 @@
> #define TCR_ORGN_WBnWA ((UL(3) << 10) | (UL(3) << 26))
> #define TCR_ORGN_MASK ((UL(3) << 10) | (UL(3) << 26))
> #define TCR_SHARED ((UL(3) << 12) | (UL(3) << 28))
> +#define TCR_EPD1 (UL(1) << 23)
> #define TCR_TG0_4K (UL(0) << 14)
> #define TCR_TG0_64K (UL(1) << 14)
> #define TCR_TG0_16K (UL(2) << 14)
> diff --git a/arm/cstart64.S b/arm/cstart64.S
> index 42a838ff4c38..3d359c8387c9 100644
> --- a/arm/cstart64.S
> +++ b/arm/cstart64.S
> @@ -181,7 +181,8 @@ asm_mmu_enable:
> ldr x1, =TCR_TxSZ(VA_BITS) | \
> TCR_TG_FLAGS | \
> TCR_IRGN_WBWA | TCR_ORGN_WBWA | \
> - TCR_SHARED
> + TCR_SHARED | \
> + TCR_EPD1
> mrs x2, id_aa64mmfr0_el1
> bfi x1, x2, #32, #3
> msr tcr_el1, x1
_______________________________________________
kvmarm mailing list
[email protected]
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
