[Xen-devel,RFC,for-4.13,00/10] xen/arm: XSA-201 and XSA-263 fixes

Message ID 20190926183808.11630-1-julien.grall@arm.com
Headers show
Series
  • xen/arm: XSA-201 and XSA-263 fixes
Related show

Message

Julien Grall Sept. 26, 2019, 6:37 p.m.
Hi all,

This patch series aims to fix two bugs in the entry path from the guest:
    1) Make sure that SSBD workaround is enabled before executing any hypervisor code
    2) Avoid guest state corruption when an virtual SError is received

The full series is candidate for Xen 4.13. Without it, the hypervisor would
not be properly protected against SSB vulnerability and the guest state may
get corrupted if an SError is received.

This is in RFC state because the entry code is now quite different and
arm32 changes are not yet implemented. I will modify arm32 once we agreed
on the approach.

Cheers,

Cc: jgross@suse.com

Julien Grall (9):
  xen/arm64: entry: Introduce a macro to generate guest vector and use
    it
  xen/arm64: head: Check if an SError is pending when receiving a
    vSError
  xen/arm: traps: Rework entry/exit from the guest path
  xen/arm: Ensure the SSBD workaround is re-enabled right after exiting
    a guest
  xen/arm: alternative: Remove unused parameter for
    alternative_if_not_cap
  xen/arm: Move ARCH_PATCH_INSN_SIZE out of the header livepatch.h
  xen/arm: Allow insn.h to be called from assembly
  xen/arm: asm: Replace use of ALTERNATIVE with alternative_if
  xen/arm64: entry: Ensure the guest state is synced when receiving a
    vSError

Mark Rutland (1):
  xen/arm: alternative: add auto-nop infrastructure

 xen/arch/arm/alternative.c        |   2 -
 xen/arch/arm/arm32/entry.S        |   9 ++-
 xen/arch/arm/arm64/entry.S        | 121 +++++++++++++++-----------------------
 xen/arch/arm/traps.c              |  81 +++++++++++++------------
 xen/include/asm-arm/alternative.h |  74 ++++++++++++++++-------
 xen/include/asm-arm/insn.h        |  11 ++++
 xen/include/asm-arm/livepatch.h   |   4 +-
 xen/include/asm-arm/macros.h      |   7 +++
 8 files changed, 172 insertions(+), 137 deletions(-)

Comments

Jürgen Groß Sept. 27, 2019, 4:17 a.m. | #1
On 26.09.19 20:37, Julien Grall wrote:
> Hi all,
> 
> This patch series aims to fix two bugs in the entry path from the guest:
>      1) Make sure that SSBD workaround is enabled before executing any hypervisor code
>      2) Avoid guest state corruption when an virtual SError is received
> 
> The full series is candidate for Xen 4.13. Without it, the hypervisor would
> not be properly protected against SSB vulnerability and the guest state may
> get corrupted if an SError is received.
> 
> This is in RFC state because the entry code is now quite different and
> arm32 changes are not yet implemented. I will modify arm32 once we agreed
> on the approach.
> 
> Cheers,
> 
> Cc: jgross@suse.com

I think the explanation of the motivation qualifies the series to be
marked as a blocker for 4.13.


Juergen