subject:"\[Xen\-devel\] \[PATCH v5 11\/18\] xen\/arm64\: Add ARM_SMCCC_ARCH_WORKAROUND

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

2018-02-26 Thread Andre Przywara

Hi,

On 23/02/18 18:57, Julien Grall wrote:
> Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1.
> 
> Signed-off-by: Julien Grall 

Thanks, that looks good now:

Reviewed-by: Andre Przywara 

Cheers,
Andre.

> ---
> Changes in v5:
> - Fold the fixup! patch which re-order registers into it.
> 
> Changes in v4:
> - Re-order saving/restoring registers in
>   __smccc_workaround_1_smc_start
> 
> Changes in v3:
> - Add the missing call to smc #0.
> 
> Changes in v2:
> - Patch added
> ---
>  xen/arch/arm/arm64/bpi.S| 13 +
>  xen/arch/arm/cpuerrata.c| 32 +++-
>  xen/include/asm-arm/smccc.h |  1 +
>  3 files changed, 45 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
> index 4b7f1dc21f..b59e307b0f 100644
> --- a/xen/arch/arm/arm64/bpi.S
> +++ b/xen/arch/arm/arm64/bpi.S
> @@ -16,6 +16,8 @@
>   * along with this program.  If not, see .
>   */
>  
> +#include 
> +
>  .macro ventry target
>  .rept 31
>  nop
> @@ -81,6 +83,17 @@ ENTRY(__psci_hyp_bp_inval_start)
>  add sp, sp, #(8 * 18)
>  ENTRY(__psci_hyp_bp_inval_end)
>  
> +ENTRY(__smccc_workaround_1_smc_start)
> +sub sp, sp, #(8 * 4)
> +stp x0, x1, [sp, #(8 * 2)]
> +stp x2, x3, [sp, #(8 * 0)]
> +mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID
> +smc #0
> +ldp x2, x3, [sp, #(8 * 0)]
> +ldp x0, x1, [sp, #(8 * 2)]
> +add sp, sp, #(8 * 4)
> +ENTRY(__smccc_workaround_1_smc_end)
> +
>  /*
>   * Local variables:
>   * mode: ASM
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 8d5f8d372a..dec9074422 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -147,6 +147,34 @@ install_bp_hardening_vec(const struct 
> arm_cpu_capabilities *entry,
>  return ret;
>  }
>  
> +extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];
> +
> +static bool
> +check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
> +{
> +struct arm_smccc_res res;
> +
> +/*
> + * Enable callbacks are called on every CPU based on the
> + * capabilities. So double-check whether the CPU matches the
> + * entry.
> + */
> +if ( !entry->matches(entry) )
> +return false;
> +
> +if ( smccc_ver < SMCCC_VERSION(1, 1) )
> +return false;
> +
> +arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
> +  ARM_SMCCC_ARCH_WORKAROUND_1_FID, );
> +if ( res.a0 != ARM_SMCCC_SUCCESS )
> +return false;
> +
> +return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
> +__smccc_workaround_1_smc_end,
> +"call ARM_SMCCC_ARCH_WORKAROUND_1");
> +}
> +
>  extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
>  
>  static int enable_psci_bp_hardening(void *data)
> @@ -154,12 +182,14 @@ static int enable_psci_bp_hardening(void *data)
>  bool ret = true;
>  static bool warned = false;
>  
> +if ( check_smccc_arch_workaround_1(data) )
> +return 0;
>  /*
>   * The mitigation is using PSCI version function to invalidate the
>   * branch predictor. This function is only available with PSCI 0.2
>   * and later.
>   */
> -if ( psci_ver >= PSCI_VERSION(0, 2) )
> +else if ( psci_ver >= PSCI_VERSION(0, 2) )
>  ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
> __psci_hyp_bp_inval_end,
> "call PSCI get version");
> diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h
> index 154772b728..8342cc33fe 100644
> --- a/xen/include/asm-arm/smccc.h
> +++ b/xen/include/asm-arm/smccc.h
> @@ -261,6 +261,7 @@ struct arm_smccc_res {
>  /* SMCCC error codes */
>  #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION  (-1)
>  #define ARM_SMCCC_NOT_SUPPORTED (-1)
> +#define ARM_SMCCC_SUCCESS   (0)
>  
>  /* SMCCC function identifier range which is reserved for existing APIs */
>  #define ARM_SMCCC_RESERVED_RANGE_START  0x0
> 

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

2018-02-23 Thread Stefano Stabellini

On Fri, 23 Feb 2018, Julien Grall wrote:
> Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1.
> 
> Signed-off-by: Julien Grall 

Reviewed-by: Stefano Stabellini 

> ---
> Changes in v5:
> - Fold the fixup! patch which re-order registers into it.
> 
> Changes in v4:
> - Re-order saving/restoring registers in
>   __smccc_workaround_1_smc_start
> 
> Changes in v3:
> - Add the missing call to smc #0.
> 
> Changes in v2:
> - Patch added
> ---
>  xen/arch/arm/arm64/bpi.S| 13 +
>  xen/arch/arm/cpuerrata.c| 32 +++-
>  xen/include/asm-arm/smccc.h |  1 +
>  3 files changed, 45 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
> index 4b7f1dc21f..b59e307b0f 100644
> --- a/xen/arch/arm/arm64/bpi.S
> +++ b/xen/arch/arm/arm64/bpi.S
> @@ -16,6 +16,8 @@
>   * along with this program.  If not, see .
>   */
>  
> +#include 
> +
>  .macro ventry target
>  .rept 31
>  nop
> @@ -81,6 +83,17 @@ ENTRY(__psci_hyp_bp_inval_start)
>  add sp, sp, #(8 * 18)
>  ENTRY(__psci_hyp_bp_inval_end)
>  
> +ENTRY(__smccc_workaround_1_smc_start)
> +sub sp, sp, #(8 * 4)
> +stp x0, x1, [sp, #(8 * 2)]
> +stp x2, x3, [sp, #(8 * 0)]
> +mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID
> +smc #0
> +ldp x2, x3, [sp, #(8 * 0)]
> +ldp x0, x1, [sp, #(8 * 2)]
> +add sp, sp, #(8 * 4)
> +ENTRY(__smccc_workaround_1_smc_end)
> +
>  /*
>   * Local variables:
>   * mode: ASM
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 8d5f8d372a..dec9074422 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -147,6 +147,34 @@ install_bp_hardening_vec(const struct 
> arm_cpu_capabilities *entry,
>  return ret;
>  }
>  
> +extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];
> +
> +static bool
> +check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
> +{
> +struct arm_smccc_res res;
> +
> +/*
> + * Enable callbacks are called on every CPU based on the
> + * capabilities. So double-check whether the CPU matches the
> + * entry.
> + */
> +if ( !entry->matches(entry) )
> +return false;
> +
> +if ( smccc_ver < SMCCC_VERSION(1, 1) )
> +return false;
> +
> +arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
> +  ARM_SMCCC_ARCH_WORKAROUND_1_FID, );
> +if ( res.a0 != ARM_SMCCC_SUCCESS )
> +return false;
> +
> +return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
> +__smccc_workaround_1_smc_end,
> +"call ARM_SMCCC_ARCH_WORKAROUND_1");
> +}
> +
>  extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
>  
>  static int enable_psci_bp_hardening(void *data)
> @@ -154,12 +182,14 @@ static int enable_psci_bp_hardening(void *data)
>  bool ret = true;
>  static bool warned = false;
>  
> +if ( check_smccc_arch_workaround_1(data) )
> +return 0;
>  /*
>   * The mitigation is using PSCI version function to invalidate the
>   * branch predictor. This function is only available with PSCI 0.2
>   * and later.
>   */
> -if ( psci_ver >= PSCI_VERSION(0, 2) )
> +else if ( psci_ver >= PSCI_VERSION(0, 2) )
>  ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
> __psci_hyp_bp_inval_end,
> "call PSCI get version");
> diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h
> index 154772b728..8342cc33fe 100644
> --- a/xen/include/asm-arm/smccc.h
> +++ b/xen/include/asm-arm/smccc.h
> @@ -261,6 +261,7 @@ struct arm_smccc_res {
>  /* SMCCC error codes */
>  #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION  (-1)
>  #define ARM_SMCCC_NOT_SUPPORTED (-1)
> +#define ARM_SMCCC_SUCCESS   (0)
>  
>  /* SMCCC function identifier range which is reserved for existing APIs */
>  #define ARM_SMCCC_RESERVED_RANGE_START  0x0
> -- 
> 2.11.0
> 

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

2018-02-23 Thread Volodymyr Babchuk


Julien,

Looks good now

On 23.02.18 20:57, Julien Grall wrote:

Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1.

Signed-off-by: Julien Grall 

Reviewed-by: Volodymyr Babchuk 


---
 Changes in v5:
 - Fold the fixup! patch which re-order registers into it.

 Changes in v4:
 - Re-order saving/restoring registers in
   __smccc_workaround_1_smc_start

 Changes in v3:
 - Add the missing call to smc #0.

 Changes in v2:
 - Patch added
---
  xen/arch/arm/arm64/bpi.S| 13 +
  xen/arch/arm/cpuerrata.c| 32 +++-
  xen/include/asm-arm/smccc.h |  1 +
  3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
index 4b7f1dc21f..b59e307b0f 100644
--- a/xen/arch/arm/arm64/bpi.S
+++ b/xen/arch/arm/arm64/bpi.S
@@ -16,6 +16,8 @@
   * along with this program.  If not, see .
   */
  
+#include 

+
  .macro ventry target
  .rept 31
  nop
@@ -81,6 +83,17 @@ ENTRY(__psci_hyp_bp_inval_start)
  add sp, sp, #(8 * 18)
  ENTRY(__psci_hyp_bp_inval_end)
  
+ENTRY(__smccc_workaround_1_smc_start)

+sub sp, sp, #(8 * 4)
+stp x0, x1, [sp, #(8 * 2)]
+stp x2, x3, [sp, #(8 * 0)]
+mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID
+smc #0
+ldp x2, x3, [sp, #(8 * 0)]
+ldp x0, x1, [sp, #(8 * 2)]
+add sp, sp, #(8 * 4)
+ENTRY(__smccc_workaround_1_smc_end)
+
  /*
   * Local variables:
   * mode: ASM
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 8d5f8d372a..dec9074422 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -147,6 +147,34 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities 
*entry,
  return ret;
  }
  
+extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];

+
+static bool
+check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
+{
+struct arm_smccc_res res;
+
+/*
+ * Enable callbacks are called on every CPU based on the
+ * capabilities. So double-check whether the CPU matches the
+ * entry.
+ */
+if ( !entry->matches(entry) )
+return false;
+
+if ( smccc_ver < SMCCC_VERSION(1, 1) )
+return false;
+
+arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
+  ARM_SMCCC_ARCH_WORKAROUND_1_FID, );
+if ( res.a0 != ARM_SMCCC_SUCCESS )
+return false;
+
+return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
+__smccc_workaround_1_smc_end,
+"call ARM_SMCCC_ARCH_WORKAROUND_1");
+}
+
  extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
  
  static int enable_psci_bp_hardening(void *data)

@@ -154,12 +182,14 @@ static int enable_psci_bp_hardening(void *data)
  bool ret = true;
  static bool warned = false;
  
+if ( check_smccc_arch_workaround_1(data) )

+return 0;
  /*
   * The mitigation is using PSCI version function to invalidate the
   * branch predictor. This function is only available with PSCI 0.2
   * and later.
   */
-if ( psci_ver >= PSCI_VERSION(0, 2) )
+else if ( psci_ver >= PSCI_VERSION(0, 2) )
  ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
 __psci_hyp_bp_inval_end,
 "call PSCI get version");
diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h
index 154772b728..8342cc33fe 100644
--- a/xen/include/asm-arm/smccc.h
+++ b/xen/include/asm-arm/smccc.h
@@ -261,6 +261,7 @@ struct arm_smccc_res {
  /* SMCCC error codes */
  #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION  (-1)
  #define ARM_SMCCC_NOT_SUPPORTED (-1)
+#define ARM_SMCCC_SUCCESS   (0)
  
  /* SMCCC function identifier range which is reserved for existing APIs */

  #define ARM_SMCCC_RESERVED_RANGE_START  0x0



--
Volodymyr Babchuk

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

2018-02-23 Thread Julien Grall

Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1.

Signed-off-by: Julien Grall 

---
Changes in v5:
- Fold the fixup! patch which re-order registers into it.

Changes in v4:
- Re-order saving/restoring registers in
  __smccc_workaround_1_smc_start

Changes in v3:
- Add the missing call to smc #0.

Changes in v2:
- Patch added
---
 xen/arch/arm/arm64/bpi.S| 13 +
 xen/arch/arm/cpuerrata.c| 32 +++-
 xen/include/asm-arm/smccc.h |  1 +
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
index 4b7f1dc21f..b59e307b0f 100644
--- a/xen/arch/arm/arm64/bpi.S
+++ b/xen/arch/arm/arm64/bpi.S
@@ -16,6 +16,8 @@
  * along with this program.  If not, see .
  */
 
+#include 
+
 .macro ventry target
 .rept 31
 nop
@@ -81,6 +83,17 @@ ENTRY(__psci_hyp_bp_inval_start)
 add sp, sp, #(8 * 18)
 ENTRY(__psci_hyp_bp_inval_end)
 
+ENTRY(__smccc_workaround_1_smc_start)
+sub sp, sp, #(8 * 4)
+stp x0, x1, [sp, #(8 * 2)]
+stp x2, x3, [sp, #(8 * 0)]
+mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID
+smc #0
+ldp x2, x3, [sp, #(8 * 0)]
+ldp x0, x1, [sp, #(8 * 2)]
+add sp, sp, #(8 * 4)
+ENTRY(__smccc_workaround_1_smc_end)
+
 /*
  * Local variables:
  * mode: ASM
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 8d5f8d372a..dec9074422 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -147,6 +147,34 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities 
*entry,
 return ret;
 }
 
+extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];
+
+static bool
+check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
+{
+struct arm_smccc_res res;
+
+/*
+ * Enable callbacks are called on every CPU based on the
+ * capabilities. So double-check whether the CPU matches the
+ * entry.
+ */
+if ( !entry->matches(entry) )
+return false;
+
+if ( smccc_ver < SMCCC_VERSION(1, 1) )
+return false;
+
+arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
+  ARM_SMCCC_ARCH_WORKAROUND_1_FID, );
+if ( res.a0 != ARM_SMCCC_SUCCESS )
+return false;
+
+return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
+__smccc_workaround_1_smc_end,
+"call ARM_SMCCC_ARCH_WORKAROUND_1");
+}
+
 extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
 
 static int enable_psci_bp_hardening(void *data)
@@ -154,12 +182,14 @@ static int enable_psci_bp_hardening(void *data)
 bool ret = true;
 static bool warned = false;
 
+if ( check_smccc_arch_workaround_1(data) )
+return 0;
 /*
  * The mitigation is using PSCI version function to invalidate the
  * branch predictor. This function is only available with PSCI 0.2
  * and later.
  */
-if ( psci_ver >= PSCI_VERSION(0, 2) )
+else if ( psci_ver >= PSCI_VERSION(0, 2) )
 ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
__psci_hyp_bp_inval_end,
"call PSCI get version");
diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h
index 154772b728..8342cc33fe 100644
--- a/xen/include/asm-arm/smccc.h
+++ b/xen/include/asm-arm/smccc.h
@@ -261,6 +261,7 @@ struct arm_smccc_res {
 /* SMCCC error codes */
 #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION  (-1)
 #define ARM_SMCCC_NOT_SUPPORTED (-1)
+#define ARM_SMCCC_SUCCESS   (0)
 
 /* SMCCC function identifier range which is reserved for existing APIs */
 #define ARM_SMCCC_RESERVED_RANGE_START  0x0
-- 
2.11.0


___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

Re: [Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

[Xen-devel] [PATCH v5 11/18] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support

4 matches

Site Navigation

Mail list logo

Footer information