Re: [Xen-devel] [PATCH v2 10/10] xen/arm: Call check_local_cpu_errata for secondary CPU only on boot

On 25/04/18 16:13, Mirela Simonovic wrote: Hi Julien, Hi Mirela, On Mon, Apr 23, 2018 at 1:46 PM, Julien Grall <julien.gr...@arm.com> wrote: Hi, On 20/04/18 13:25, Mirela Simonovic wrote: Checking CPU errata should be done only when a CPU is initially booted. It is assumed that t

Re: [Xen-devel] [PATCH] xen/efi: Avoid EFI stub using absolute symbols

referred way too. But at the moment, I can't see how to avoid leave the array unchanged. Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RFC v2] xen/arm: Suspend to RAM Support in Xen for ARM

happy to provide more insights here. Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ

(apologies for the formatting) Hi Lars, Thank you for putting together an FAQ. Few comments below around Arm. On 5 Jan 2018 13:37, "Lars Kurth" wrote: Hi all, this is a repost of https://blog.xenproject.org/ 2018/01/04/xen-project-spectremeltdown-faq/ for

Re: [Xen-devel] [PATCH v4 02/39] arm/p2m: Add first altp2m HVMOP stubs

On 10/01/18 17:16, Sergej Proskurin wrote: Hi Julien, Hi, On 10/09/2017 06:43 PM, Julien Grall wrote: Hi Sergej, On 30/08/17 19:32, Sergej Proskurin wrote: This commit copies and extends the altp2m-related code from x86 to ARM. Functions that are no yet supported notify the caller

Re: [Xen-devel] [PATCH] ocaml: fix arm build

Hi Wei, On 17/01/18 16:43, Wei Liu wrote: ARM doesn't have emulation_flags in the arch_domainconfig. Signed-off-by: Wei Liu <wei.l...@citrix.com> Reviewed-by: Julien Grall <julien.gr...@linaro.org> Cheers, --- Cc: Ian Jackson <ian.jack...@eu.citrix.com> Cc: Julie

Re: [Xen-devel] Ping: [PATCH v2 1/2] x86/PoD: correctly handle non-order-0 decrease-reservation requests

a) Stefano, Julien? Sorry, it fell through the cracks. Acked-by: Julien Grall <julien.gr...@linaro.org> Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RFC PATCH] arm64: vgic-v3: Add ITS doorbell region in Dom0 stage-2

return ret; else d->arch.vgic.has_its = true; + +vgic_map_translation_space(d, hw_its->addr); Your new function may return an error. Therefore you should test it. } } Cheers, -- Julien Grall __

Re: [Xen-devel] [RFC PATCH] arm64: vgic-v3: Add ITS doorbell region in Dom0 stage-2

Hi, On 18/01/18 17:25, Manish Jaggi wrote: On 01/18/2018 10:22 PM, Julien Grall wrote: Hi Manish, Hi Julien, On 18/01/18 06:15, mja...@caviumnetworks.com wrote: From: Manish Jaggi <mja...@caviumnetworks.com> This patch introduces a function vgic_map_translation_space for mapping I

Re: [Xen-devel] [RFC 07/11] Add kernel helper functions

ARGS__) + +/* Alias to Xen allocation helpers */ +#define kfree xfree +#define kmalloc(size, flags)_xmalloc(size, sizeof(void *)) +#define kzalloc(size, flags)_xzalloc(size, sizeof(void *)) + /* * min()/max() macros that also do * strict type-checking.. See the

Re: [Xen-devel] [RFC 08/11] Add ACPI_IORT config

above? However, I don't think it is necessary to have a separate patch just for adding the Kconfig. You can fold into the patch that is first using it. BTW, I would have expected this to be patch #1 and used to gate compilation for any of those file. + config NUMA

Re: [Xen-devel] [RFC 03/11] acpi: arm: Code to generate Hardware Domains IORT

ate_iort_size(size_t *iort_size); +int prepare_iort(struct acpi_table_iort *hwdom_iort, unsigned int *iort_size); #endif diff --git a/xen/include/asm-arm/acpi.h b/xen/include/asm-arm/acpi.h index c183b6bb6e..f8b5254621 100644 --- a/xen/include/asm-arm/acpi.h +++ b/xen/include/asm

Re: [Xen-devel] [RFC 09/11] Xen IORT Changes

answer on my first comment in that e-mail. Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RFC 11/11] Add to_pci_dev macro

why you need that. }; +#define to_pci_dev(p) container_of(p, struct pci_dev, dev) +#define pci_domain_nr(dev) dev->seg #define for_each_pdev(domain, pdev) \ list_for_each_entry(pdev, &(domain->arch.pdev_list), domain_list) Ch

Re: [Xen-devel] [PATCH] remove dead code in allocate_memory

Hi Stefano, On 01/13/2018 12:29 AM, Stefano Stabellini wrote: lowmem is unchanged until after this loop, there is no point in testing for its value. Moreover, Coverity complains about dead code. Remove the lowmem test in the first loop. While I understand Coverity complains about dead code,

Re: [Xen-devel] [RFC v4 6/8] xen/iommu: smmu-v3: Add Xen specific code to enable the ported driver

On 01/03/2018 05:47 AM, Manish Jaggi wrote: Hi Sameer, Hi Manish, + +/* Xen: Type definitions for iommu_domain */ +#define IOMMU_DOMAIN_UNMANAGED 0 +#define IOMMU_DOMAIN_DMA 1 +#define IOMMU_DOMAIN_IDENTITY 2 + +/* Xen: Dummy iommu_domain */ +struct iommu_domain { +    /* Runtime SMMU

Re: [Xen-devel] [RFC v4 8/8] drivers/passthrough/arm: Refactor code for arm smmu drivers

Hi Manish, On 16/01/18 13:27, Manish Jaggi wrote: On 01/16/2018 06:44 PM, Julien Grall wrote: On 16/01/18 12:40, Manish Jaggi wrote: Hi Julien, Hi, On 01/16/2018 02:11 AM, Julien Grall wrote: On 01/03/2018 05:34 AM, Manish Jaggi wrote: Hi Sameer, Hi Manish, +    unsigned int

Re: [Xen-devel] [PATCH] xen/efi: Avoid EFI stub using absolute symbols

re, but an error path is being taken every now and then, and I personally have seen errors coming back (mostly after having made mistakes elsewhere). And I guess the binary will never be loaded at the same as virtual address as Xen would be meant to run? Cheers,

Re: [Xen-devel] [RFC 00/11] acpi: arm: IORT Support for Xen

de/xen/fwnode.h -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RFC 01/11] acpi: arm: Public API for populating and query based on requesterid

acpi_iort_node *pcirc_node, +u16 rid, u32 *deviceid); + +void init_ridmaps(void); + +#endif + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH 6/7] xen/arm32: Invalidate icache on guest exist for Cortex-A15

from the kpti branch in [1]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git Signed-off-by: Marc Zyngier <marc.zyng...@arm.com> Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/arm32/entry.S | 21 + xen/arch/arm/cpuerr

[Xen-devel] [PATCH 7/7] xen/arm32: entry: Document the purpose of r11 in the traps handler

will still contain the original stack pointer. Add some documentation in the code to point the 2 sides to each other. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/arm32/entry.S | 8 1 file changed, 8 insertions(+) diff --git a/xen/arch/arm/arm32/entry.S

[Xen-devel] [PATCH 0/7] xen/arm32: Branch predictor hardening (XSA-254 variant 2)

and the software mitigations for Arm processors, please see http://www.arm.com/security-update. Cheers, Julien Grall (7): xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros xen/arm32: Add missing MIDR values for Cortex-A17 and A12 xen/arm32: entry: Add missing trap_reset entry xen/arm32

[Xen-devel] [PATCH 1/7] xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros

The only difference between all the DEFINE_TRAP_ENTRY_* macros are the interrupts (Asynchronous Abort, IRQ, FIQ) unmasked. Rather than duplicating the code, introduce __DEFINE_TRAP_ENTRY macro that will take the list of interrupts to unmask. This is part of XSA-254. Signed-off-by: Julien Grall

[Xen-devel] [PATCH 3/7] xen/arm32: entry: Add missing trap_reset entry

-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/arm32/entry.S | 1 + xen/arch/arm/arm32/traps.c | 5 + 2 files changed, 6 insertions(+) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index c6490d2847..c2fad5fe9b 100644 --- a/xen/arch/arm

Re: [Xen-devel] [PATCH v2 1/3] replace vCPU's dirty CPU mask by numeric ID

if no dirty state exists. Signed-off-by: Jan Beulich <jbeul...@suse.com> Reviewed-by: Julien Grall <julien.gr...@linaro.org> Cheers, --- ARM adjustments compile tested only. --- v2: Introduce VCPU_CPU_CLEAN and vcpu_cpu_dirty(). Re-word comments. Re-base. --- a/xen/arch/arm/domain

Re: [Xen-devel] [RFC v4 4/8] passthrough/arm: Modify SMMU driver to use generic device definition

Hi Sameer, On 19/12/17 03:16, Sameer Goel wrote: Modify the SMMU code to use generic device instead of dt_device_node for functions that can be used for ACPI based systems too. Signed-off-by: Sameer Goel <sameer.g...@linaro.org> Acked-by: Julien Grall <julien.gr...@linaro.org

Re: [Xen-devel] [RFC v4 2/8] xen/bitops: Rename LOG_2 to ilog2

xactly on caller of LOG_2. So what is the benefits to provide 2 names? More that I would expect ilog2 to be used in any code coming from Linux. Cheers, Roger. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject

Re: [Xen-devel] [PATCH v2 3/3] drop "domain_" prefix from struct domain's dirty CPU mask

-by: Andrew Cooper <andrew.coop...@citrix.com> Acked-by: Julien Grall <julien.gr...@linaro.org> Cheers, --- v2: White space changes (consolidate split line statements into single line ones). Re-base. --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -470,7 +470,7 @@ v

Re: [Xen-devel] [RFC v4 1/8] Port WARN_ON_ONCE() from Linux

can you make this code follow Xen coding style? FWIW with the coding style change: Acked-by: Julien Grall <julien.gr...@linaro.org> This will also require an ack from "THE REST" maintainers as this is common code. Cheers, +__warned = true;

Re: [Xen-devel] [RFC v4 2/8] xen/bitops: Rename LOG_2 to ilog2

(((_x) & 0xff00) ? ( 8 + __L8( (_x)>> 8)) : __L8( _x)) -#define LOG_2(_x) (((_x) & 0x) ? (16 + __L16((_x)>>16)) : __L16(_x)) +#define ilog2(_x) (((_x) & 0x) ? (16 + __L16((_x)>>16)) : __L16(_x)) /** * for_each_set_bit - iterate

Re: [Xen-devel] [RFC v4 2/8] xen/bitops: Rename LOG_2 to ilog2

Hi Roger, On 23/01/18 12:10, Roger Pau Monné wrote: On Tue, Jan 23, 2018 at 11:44:30AM +, Julien Grall wrote: Hi Roger, On 23/01/18 11:39, Roger Pau Monné wrote: On Mon, Dec 18, 2017 at 08:16:57PM -0700, Sameer Goel wrote: diff --git a/xen/include/xen/bitops.h b/xen/include/xen/bitops.h

[Xen-devel] [PATCH v2 0/2] xen/arm: GICv3: Only initialize ITS when LPIs are available

with it. So I think Xen should also cope with such DT. Cheers, Julien Grall (2): xen/arm: GICv3: Parse ITS information from the firmware tables later on xen/arm: GICv3: Only initialize ITS when the distributor supports LPIs. xen/arch/arm/gic-v3-its.c| 47

[Xen-devel] [PATCH v2 1/2] xen/arm: GICv3: Parse ITS information from the firmware tables later on

firmware tables later on. Note that gicv3_its_init() has been moved at the end of the file to avoid forward declaration. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- I can move the code movement in a separate patch if necessary. It was small enough that I thought it

[Xen-devel] [PATCH v2 2/2] xen/arm: GICv3: Only initialize ITS when the distributor supports LPIs.

in the distributor. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/gic-v3.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index 9f9cf59f82..730450e34b 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xe

[Xen-devel] [PATCH 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

functions. Therefore move PSCI dispatching in two new functions do_psci_0_1_call and do_psci_0_2_call. The former will handle PSCI 0.1 call while the latter 0.2 or later call. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/vpsci.c

[Xen-devel] [PATCH 0/3] xen/arm: SMCCC fixes and PSCI clean-up

Hi all, This small patch series contains SMCCC fixes (see #2) and PSCI clean-up. Cheers, Julien Grall (3): xen/arm: vpsci: Removing dummy MIGRATE and MIGRATE_INFO_UP_CPU xen/arm: vsmc: Don't implement function ID that doesn't exist xen/arm: vpsci: Move PSCI function dispatching from

[Xen-devel] [PATCH 2/3] xen/arm: vsmc: Don't implement function ID that doesn't exist

in order to avoid potential clash with later revision. Therefore rework the vsmc code to use the whole function identifier rather than only the function number. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- This should be backported to Xen 4.10 as we should not implement fun

[Xen-devel] [PATCH 1/3] xen/arm: vpsci: Removing dummy MIGRATE and MIGRATE_INFO_UP_CPU

. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/vpsci.c | 10 -- xen/arch/arm/vsmc.c | 14 -- xen/include/asm-arm/perfc_defn.h | 2 -- xen/include/asm-arm/psci.h | 2 -- 4 files changed, 28 deletions(-) diff --git

Re: [Xen-devel] [PATCH 1/2] xen/arm: GICv3: Parse ITS information from the firmware tables later on

Hi, On 22/01/18 18:22, Julien Grall wrote: There are Device Tree (e.g for the Foundation Model) out that describes the ITS but LPIs is not supported by the platform. Booting with such DT will result to an early Data Abort. The same DT is booting fine with a baremetal Linux because ITS

Re: [Xen-devel] [PATCH 5/7] xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12

On 24 January 2018 at 22:22, Konrad Rzeszutek Wilk <konrad.w...@oracle.com> wrote: > On Fri, Jan 19, 2018 at 01:41:01PM +0000, Julien Grall wrote: >> In order to avoid aliasing attackes agains the branch predictor, let's >> invalidate the BTB on guest exist. This is made co

Re: [Xen-devel] XSA-254 SP2 for ARM (was Re: [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU)

Hi Stefano, On 24 January 2018 at 22:14, Stefano Stabellini <sstabell...@kernel.org> wrote: > On Thu, 18 Jan 2018, Julien Grall wrote: >> (+ Security team) >> >> Hi Stefano, >> >> On 17/01/18 21:47, Stefano Stabellini wrote: >> > On Wed, 17 Jan 2

Re: [Xen-devel] [RFC v2] xen/arm: Suspend to RAM Support in Xen for ARM

...) would be greatly appreciated. Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RFC v2] xen/arm: Suspend to RAM Support in Xen for ARM

On 24/01/18 17:55, Mirela Simonovic wrote: Hi Julien, Stefano, Hi Mirela, Thank you very much for the feedback! On 01/11/2018 03:00 PM, Julien Grall wrote: Hi Mirela, Thank you for the sending the design document. The general design looks good to me. I have some comments below

Re: [Xen-devel] [PATCH 1/3] xen/arm: vpsci: Removing dummy MIGRATE and MIGRATE_INFO_UP_CPU

Hi, On 24/01/18 18:34, Julien Grall wrote: The PSCI call MIGRATE and MIGRATE_INFO_UP_CPU are optional and implemented as just returning PSCI_NOT_SUPPORTED (aka UNKNOWN_FUNCTION for SMCCC). The new SMCCC framework is able to deal with unimplemented function and return the proper error code. So

Re: [Xen-devel] [PATCH 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

Hi, On 26/01/18 18:09, Volodymyr Babchuk wrote: On 24.01.18 20:34, Julien Grall wrote: -    case PSCI_0_2_FN32(AFFINITY_INFO): -    case PSCI_0_2_FN64(AFFINITY_INFO): +    switch ( fid )   { -    register_t taff = PSCI_ARG(regs, 1); -    uint32_t laff = PSCI_ARG32(regs, 2

Re: [Xen-devel] [PATCH 2/3] xen/arm: vsmc: Don't implement function ID that doesn't exist

Hi, On 26/01/18 18:12, Volodymyr Babchuk wrote: On 26.01.18 20:07, Julien Grall wrote: On 26/01/18 18:03, Volodymyr Babchuk wrote: diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index f543dea0bb..303517459f 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include

Re: [Xen-devel] [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU

Hi Stefano, On 16/01/18 23:55, Stefano Stabellini wrote: On Tue, 16 Jan 2018, Julien Grall wrote: Once Xen knows what features/workarounds present on the platform, it might be necessary to configure each online CPU. Introduce a new callback "enable" that will be called on each

[Xen-devel] xl: Unable to boot Xen Arm guest when using latest staging

sk= "/root/initramfs" extra= "console=hvc0" vcpus= 1 Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH 4/5] xen/arm64: Add skeleton to harden the branch predictor aliasing attacks

tables. They will be re-used and patch with the mitigations on-demand. This is based on the work done in Linux (see [1]). This is part of XSA-254. [1] git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git branch ktpi Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/ar

Re: [Xen-devel] [RFC v4 6/8] xen/iommu: smmu-v3: Add Xen specific code to enable the ported driver

Hi, On 16/01/18 12:37, Manish Jaggi wrote: On 01/16/2018 02:04 AM, Julien Grall wrote: On 01/03/2018 05:47 AM, Manish Jaggi wrote: +int devm_request_threaded_irq(struct device *dev, unsigned int irq, irq_handler_t handler, +  irq_handler_t thread_fn, unsigned long irqflags

[Xen-devel] [PATCH 0/5] xen/arm64: Branch predictor hardening (XSA-254 variant 2)

itigations for Arm processors, please see http://www.arm.com/security-update. [1] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 Julien Grall (5): xen/arm: Introduce enable callback to enable a capabilities on each online CPU xen/arm64: A

[Xen-devel] [PATCH 5/5] xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs

entries from affection other victim contexts. Ported from Linux git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git branch kpti. Signed-off-by: Marc Zyngier <marc.zyng...@arm.com> Signed-off-by: Will Deacon <will.dea...@arm.com> This is part of XSA-254. Signed-off-by:

[Xen-devel] [PATCH 3/5] xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS

Introduce a new macro MIDR_ALL_VERSIONS to match all variant/revision of a given CPU model. This is part of XSA-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/arch/arm/cpuerrata.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/xen/arch/arm/cpuerrata.c b/xe

[Xen-devel] [PATCH 2/5] xen/arm64: Add missing MIDR values for Cortex-A72, A73 and A75

Cortex-A72, A73 and A75 MIDR will be used to a follow-up for hardening the branch predictor. This is part of XSA-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- xen/include/asm-arm/processor.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/xen/include/a

Re: [Xen-devel] [PATCH] don't pass r12/x16 as reference

Hi Stefano, On 01/13/2018 12:07 AM, Stefano Stabellini wrote: r12 and x16 are of different sizes; when passing r12 as a reference to do_trap_hypercall on arm64, we end up dereferencing it as a pointer to a 64bit value, but actually it isn't. Instead, pass r12/x16 as values and explicitly

Re: [Xen-devel] [PATCH 03/10] arm64: Add ICV_BPR1_EL1 handler

e is you use Xen coding style. The rest is pretty much use Xen name for access register and adding missing define. I think it would be beneficial for Xen to re-use Linux code. The compatibility layer should be very limited. Stefano any opinions? Cheers,

Re: [Xen-devel] [PATCH 06/10] Expose gicv3_ich_read/write_lr

index 00..544aad5932 --- /dev/null +++ b/xen/include/asm-arm/gic_v3.h @@ -0,0 +1,7 @@ +#ifndef GICV3_H +#define GICV3_H + +uint64_t __gicv3_ich_read_lr(int lr); +void __gicv3_ich_write_lr(int lr, uint64_t val); + +#endif Cheers, -- Julien Grall _

Re: [Xen-devel] [PATCH 10/10] Enable Trapping of Group1 registers which is controlled by command line

_HCR_VGRP1EIE (1 << 6) #define GICH_HCR_VGRP1DIE (1 << 7) +#define GICH_HCR_TALL1(1 << 12) #define GICH_MISR_EOI (1 << 0) #define GICH_MISR_U (1 << 1) > Cheers, -- Julien Grall ___ Xen-devel mailing list Xe

Re: [Xen-devel] [RFC PATCH 02/10] arm64: Add hook to handle guest GICv3 sysreg accesses

reg(struct cpu_user_regs *regs, const union hsr hsr); +int do_fixup_vgic_errata(struct cpu_user_regs *regs, + const union hsr hsr); #endif /* __ASM_ARM64_TRAPS__ */ /* -- Julien Grall ___ Xen-devel mailing list

Re: [Xen-devel] [PATCH 4/7] xen/arm32: Add skeleton to harden branch predictor aliasing attacks

Hi, On 25/01/18 18:45, Stefano Stabellini wrote: On Thu, 25 Jan 2018, Julien Grall wrote: Hi Stefano, On 24/01/18 23:54, Stefano Stabellini wrote: On Fri, 19 Jan 2018, Julien Grall wrote: Aliasing attacked against CPU branch predictors can allow an attacker to redirect speculative control

Re: [Xen-devel] [PATCH 3/7] xen/arm32: entry: Add missing trap_reset entry

Hi Stefano, On 24/01/18 23:14, Stefano Stabellini wrote: On Fri, 19 Jan 2018, Julien Grall wrote: At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0, r0). This is rather unintuitive and will result to execute the trap undefined. Instead introduce trap helpers for reset

Re: [Xen-devel] [PATCH 4/7] xen/arm32: Add skeleton to harden branch predictor aliasing attacks

Hi Stefano, On 24/01/18 23:54, Stefano Stabellini wrote: On Fri, 19 Jan 2018, Julien Grall wrote: Aliasing attacked against CPU branch predictors can allow an attacker to redirect speculative control flow on some CPUs and potentially divulge information from one context to another. This patch

Re: [Xen-devel] [PATCH 5/7] xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12

Hi Stefano, On 25/01/18 01:02, Stefano Stabellini wrote: On Fri, 19 Jan 2018, Julien Grall wrote: In order to avoid aliasing attackes agains the branch predictor, let's invalidate the BTB on guest exist. This is made complicated by the fact that we cannot take a branch invalidating the BTB

Re: [Xen-devel] XSA-254 SP2 for ARM (was Re: [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU)

Hi, On 24/01/18 22:43, Stefano Stabellini wrote: On Wed, 24 Jan 2018, Julien Grall wrote: Hi Stefano, On 24 January 2018 at 22:14, Stefano Stabellini <sstabell...@kernel.org> wrote: On Thu, 18 Jan 2018, Julien Grall wrote: (+ Security team) Hi Stefano, On 17/01/18 21:47, S

Re: [Xen-devel] [Minios-devel] [MirageOS-devel] Preparing for GSoC and Outreachy : getting Outreach Program Projects into good shape

devel mailing list minios-de...@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/minios-devel -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH 3/7] ARM: GICv3: emit optional DT property only when necessary

res = fdt_property_cell(fdt, "#redistributor-regions", +d->arch.vgic.nr_regions); +if ( res ) +return res; +} len = dt_cells_to_size(dt_n_addr_cells(gic) + dt_n_size_cells(gic)); /* -- Julien Grall _

Re: [Xen-devel] [PATCH 1/7] tools: ARM: vGICv3: avoid inserting optional DT properties

Hi Andre, On 24/01/18 16:35, Andre Przywara wrote: On 24/01/18 16:08, Julien Grall wrote: (+ Tools maintainers) Hi Andre, On 24/01/18 14:35, Andre Przywara wrote: When creating a GICv3 devicetree node, we currently insert the redistributor-stride and #redistributor-regions properties

Re: [Xen-devel] [PATCH 4/7] ARM: GICv3: use hardware GICv3 redistributor regions for Dom0

d long gicv3_get_hwdom_extra_madt_size(const struct domain *d) { unsigned long size; -size = sizeof(struct acpi_madt_generic_redistributor) - * d->arch.vgic.nr_regions; +size = sizeof(struct acpi_madt_generic_redistributor) * gicv3.rdist_count; size += sizeof(st

Re: [Xen-devel] [PATCH 7/7] ARM: vGICv3: remove rdist_stride from VGIC structure

that, instead simply always use the architected value. Signed-off-by: Andre Przywara <andre.przyw...@linaro.org> Acked-by: Julien Grall <julien.gr...@linaro.org> Cheers, --- xen/arch/arm/gic-v3.c | 3 +-- xen/arch/arm/vgic-v3.c| 14 -- xen/inc

Re: [Xen-devel] [PATCH 6/7] ARM: vGICv3: always use architected redist stride

and also remove the code that tried to reuse the hardware value for Dom0's GICv3 emulation. Signed-off-by: Andre Przywara <andre.przyw...@linaro.org> In any case: Acked-by: Julien Grall <julien.gr...@linaro.org> Cheers, -- Julien Grall _

Re: [Xen-devel] Backport request for Arm

On 01/11/2018 08:38 PM, Stefano Stabellini wrote: Backports done, I skipped 43208a9cb4c3decce67b653539c1b860121fbb5e I am happy with that. Thank you for the backporting! Cheers, On Mon, 18 Dec 2017, Julien Grall wrote: Hi, Below a list of potential backport patches for Xen 4.{10,9,8,7

[Xen-devel] Xen_Project_Release_Features page update?

any plan for this? Cheers, [1] https://wiki.xenproject.org/wiki/Xen_Project_4.10_Release_Notes [2] https://wiki.xenproject.org/wiki/Xen_Project_4.10_Release_Notes -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https

Re: [Xen-devel] [PATCH] fix potential null dereference

(CC the REST maintainers) On 01/12/2018 11:40 PM, Stefano Stabellini wrote: handles can theoretically be NULL, check for it explicitly before dereferencing it. I doubt handles could be NULL if LocateHandle succeed. This seems to be confirmed by the spec (Page 208 in UEFI spec 2.7). So I am

Re: [Xen-devel] [xen-unstable test] 118441: regressions - trouble: blocked/broken/fail/pass

<george.dun...@citrix.com> Ian Jackson <ian.jack...@eu.citrix.com> Jan Beulich <jbeul...@suse.com> Jon Ludlam <jonathan.lud...@citrix.com> Jonathan Ludlam <jonathan.lud...@citrix.com> Juergen Gross <jgr...@suse.com> Julien Grall <julien.gr...

[Xen-devel] [PATCH 1/3] xen/arm: io: Distinguish unhandled IO from aborted one

, it is considered that an IO belonging to an emulated range could either be handled or inject an abort. This could be revisit in the future if overlapped region exist (or we want to try another way to resolve the abort). Signed-off-by: Julien Grall <julien.gr...@arm.com> --- xen/arch/arm/io.c

[Xen-devel] [PATCH 2/3] xen/arm: Don't crash domain on bad MMIO emulation

Now the MMIO emulation is able to distinguish unhandled IO from aborted one, there are no need to crash the domain when the region is access with a bad width. Instead let Xen inject a data abort to the guest and decide what to do. Signed-off-by: Julien Grall <julien.gr...@arm.com> --- xe

[Xen-devel] [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it

, Julien Grall (3): xen/arm: io: Distinguish unhandled IO from aborted one xen/arm: Don't crash domain on bad MMIO emulation xen/arm: Don't crash the domain on invalid HVC immediate xen/arch/arm/io.c | 24 +-- xen/arch/arm/traps.c | 47

[Xen-devel] [PATCH 3/3] xen/arm: Don't crash the domain on invalid HVC immediate

domain_crash_synchronous() should only be used when something went wrong in Xen. It is better to inject to the guest as it will be in better position to provide helpful information (stack trace...). Signed-off-by: Julien Grall <julien.gr...@arm.com> --- We potentially want to ret

Re: [Xen-devel] [PATCH v3 8/8] ARM: make nr_irqs a constant

Hi Andre, On 24/01/18 18:10, Andre Przywara wrote: On ARM the maximum number of IRQs is a constant, but we share it being a variable to match x86. Since we are not supposed to alter it, let's mark it as "const" to avoid accidental change. Suggested-by: Julien Grall <julien.gr.

Re: [Xen-devel] [PATCH 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

On 30/01/18 18:28, Volodymyr Babchuk wrote: Hi Julien, On 30.01.18 20:01, Julien Grall wrote: On 26/01/18 18:27, Volodymyr Babchuk wrote: Hi, Hi Volodymyr, On 26.01.18 20:15, Julien Grall wrote: Hi, On 26/01/18 18:09, Volodymyr Babchuk wrote: On 24.01.18 20:34, Julien Grall wrote

Re: [Xen-devel] [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it

On 30/01/18 16:38, Andrew Cooper wrote: On 30/01/18 16:14, Julien Grall wrote: Hi all, This small series replaces all call to domain_crash_synchronous by injecting an exception to the guest. This will result to a nicer trace from the guest (no need to manually walk the stack) and give

[Xen-devel] [PATCH] xen/arm: Park CPUs with a MIDR different from the boot CPU.

] https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00826.html Signed-off-by: Julien Grall <julien.gr...@arm.com> --- We probably want to backport this as part of XSA-254. Using big.LITTLE on Xen has never been supported but we didn't make it clearly. This is becoming more ap

Re: [Xen-devel] [PATCH 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

On 26/01/18 18:27, Volodymyr Babchuk wrote: Hi, Hi Volodymyr, On 26.01.18 20:15, Julien Grall wrote: Hi, On 26/01/18 18:09, Volodymyr Babchuk wrote: On 24.01.18 20:34, Julien Grall wrote: -    case PSCI_0_2_FN32(AFFINITY_INFO): -    case PSCI_0_2_FN64(AFFINITY_INFO): +    switch ( fid

Re: [Xen-devel] [PATCH 1/3] xen/arm: io: Distinguish unhandled IO from aborted one

Hi Stefano, On 30/01/18 18:14, Stefano Stabellini wrote: On Tue, 30 Jan 2018, Julien Grall wrote: Currently, Xen is considering that an IO could either be handled or unhandled. When unhandled, the stage-2 abort function will try another way to resolve the abort. However, the MMIO emulation

Re: [Xen-devel] [PATCH v3 5/8] ARM: VGIC: factor out vgic_connect_hw_irq()

nsigned int virq, +struct irq_desc *desc); extern int domain_vgic_register(struct domain *d, int *mmio_count); extern int vcpu_vgic_free(struct vcpu *v); Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

On 30 January 2018 at 19:35, Volodymyr Babchuk <volodymyr_babc...@epam.com> wrote: > > > On 30.01.18 20:44, Julien Grall wrote: >> >> >> >> On 30/01/18 18:28, Volodymyr Babchuk wrote: >>> >>> Hi Julien, >>> >>> On 30.01.18

Re: [Xen-devel] [PATCH v2 3/3] xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c

Hi, On 02/02/18 14:23, Volodymyr Babchuk wrote: On 02.02.18 13:41, Julien Grall wrote: At the moment PSCI function dispatching is done in vsmc.c and the function implementation in vpsci.c. Some bits of the implementation is even done in vsmc.c (see PSCI_SYSTEM_RESET). This means

Re: [Xen-devel] [PATCH v3 4/4] xen/arm: Don't crash the domain on invalid HVC immediate

On 02/02/18 14:37, Andre Przywara wrote: Hi, Hi, On 02/02/18 10:14, Julien Grall wrote: domain_crash_synchronous() should only be used when something went wrong in Xen. It is better to inject to the guest as it will be in a better position to provide helpful information (stack trace

Re: [Xen-devel] [PATCH v3 2/4] xen/arm: io: Distinguish unhandled IO from aborted one

On 02/02/18 14:34, Andre Przywara wrote: Hi, Hi, On 02/02/18 10:14, Julien Grall wrote: Currently, Xen is considering that an IO could either be handled or unhandled. When unhandled, the stage-2 abort function will try another way to resolve the abort. However, the MMIO emulation may

[Xen-devel] [PATCH v4 0/7] xen/arm32: Branch predictor hardening (XSA-254 variant 2)

and the software mitigations for Arm processors, please see http://www.arm.com/security-update. Cheers, Julien Grall (7): xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros xen/arm32: Add missing MIDR values for Cortex-A17 and A12 xen/arm32: entry: Add missing trap_reset entry xen/arm32

[Xen-devel] [PATCH v4 3/7] xen/arm32: entry: Add missing trap_reset entry

-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- Changes in v2: - Replace .word 0 by trap_reset --- xen/arch/arm/arm32/entry.S | 3 ++- xen/arch/arm/arm32/traps.c | 5 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/arm32/entry.S

Re: [Xen-devel] [PATCH v3 1/4] xen/arm: traps: Merge try_handle_mmio() and handle_mmio()

On 02/02/18 14:34, Andre Przywara wrote: Hi, Hi, On 02/02/18 10:14, Julien Grall wrote: At the moment, try_handle_mmio() will do check on the HSR and bail out if one check fail. This means that another method will be tried to handle the fault even for bad access on emulated region. While

[Xen-devel] [PATCH v4 2/7] xen/arm32: Add missing MIDR values for Cortex-A17 and A12

Cortex-A17 and A12 MIDR will be used in a follow-up patch for hardening the branch predictor. This is part of XSA-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> Reviewed-by: Stefano Stabellini <sstabell...@kernel.org> --- Changes in v2: - Add Stefan

[Xen-devel] [PATCH v4 4/7] xen/arm32: Add skeleton to harden branch predictor aliasing attacks

have been used, but older Xen (4.8 or earlier) doesn't have support. So avoid using alternative to ease backporting. This is part of XSA-254. Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- Changes in v2: - Clarify the commit message --- xen/arch/arm/Kconfig

[Xen-devel] [PATCH v4 5/7] xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12

]). This is part of XSA-254. [1] https://www.spinics.net/lists/arm-kernel/msg632062.html Signed-off-by: Marc Zyngier <marc.zyng...@arm.com> Signed-off-by: Julien Grall <julien.gr...@linaro.org> --- Changes in v3: - Drop Stefano's reviewed-by - Use the latest version of the

[Xen-devel] [PATCH v4 6/7] xen/arm32: Invalidate icache on guest exist for Cortex-A15

from the kpti branch in [1]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git Signed-off-by: Marc Zyngier <marc.zyng...@arm.com> Signed-off-by: Julien Grall <julien.gr...@linaro.org> Reviewed-by: Stefano Stabellini <sstabell...@kernel.org> --- Changes in v2:

[Xen-devel] [PATCH v4 7/7] xen/arm32: entry: Document the purpose of r11 in the traps handler

will still contain the original stack pointer. Add some documentation in the code to point the 2 sides to each other. Signed-off-by: Julien Grall <julien.gr...@linaro.org> Reviewed-by: Stefano Stabellini <sstabell...@kernel.org> --- Changes in v2: - Add Stefano's reviewed

Re: [Xen-devel] [PATCH 1/3] xen/arm: io: Distinguish unhandled IO from aborted one

Hi Stefano, On 30/01/18 19:09, Stefano Stabellini wrote: On Tue, 30 Jan 2018, Julien Grall wrote: diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index c8534d6cff..843adf4959 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1864,10 +1864,10 @@ static inline bool

Re: [Xen-devel] [PATCH 0/3] xen/arm: Inject an exception to the guest rather than crashing it

Hi Stefano, On 30/01/18 19:21, Stefano Stabellini wrote: On Tue, 30 Jan 2018, Julien Grall wrote: Hi, On 30/01/18 18:29, Andrew Cooper wrote: On 30/01/18 17:00, Julien Grall wrote: On 30/01/18 16:38, Andrew Cooper wrote: On 30/01/18 16:14, Julien Grall wrote: Hi all, This small series

<    1   2   3   4   5   6   7   8   9   10   >