[Xen-devel,v2,12/15] xen/arm64: Kill PSCI_GET_VERSION as a variant-2 workaround

Message ID 20180208192203.9556-13-julien.grall@arm.com
State Superseded
Headers show
Series
  • xen/arm: PSCI 1.1 and SMCCC-1.1 support and XSA-254 variant 2 update
Related show

Commit Message

Julien Grall Feb. 8, 2018, 7:22 p.m.
Now that we've standardised on SMCCC v1.1 to perform the branch
prediction invalidation, let's drop the previous band-aid. If vendors
haven't updated their firmware to do SMCCC 1.1, they haven't updated
PSCI either, so we don't loose anything.

This is aligned with the Linux commit 3a0a397ff5ff.

Signed-off-by: Julien Grall <julien.grall@arm.com>

---
    Note that the patch is in arm64/for-next/core and should be merged
    in master soon.

    Changes in v2:
        - Patch added
---
 xen/arch/arm/arm64/bpi.S | 25 ----------------------
 xen/arch/arm/cpuerrata.c | 54 +++++++++++++++++-------------------------------
 2 files changed, 19 insertions(+), 60 deletions(-)

Comments

Volodymyr Babchuk Feb. 13, 2018, 11:59 a.m. | #1
Hi Julien,

On 08.02.18 21:22, Julien Grall wrote:
> Now that we've standardised on SMCCC v1.1 to perform the branch
> prediction invalidation, let's drop the previous band-aid. If vendors
> haven't updated their firmware to do SMCCC 1.1, they haven't updated
> PSCI either, so we don't loose anything.
> 
> This is aligned with the Linux commit 3a0a397ff5ff.
> 
> Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

> 
> ---
>      Note that the patch is in arm64/for-next/core and should be merged
>      in master soon.
> 
>      Changes in v2:
>          - Patch added
> ---
>   xen/arch/arm/arm64/bpi.S | 25 ----------------------
>   xen/arch/arm/cpuerrata.c | 54 +++++++++++++++++-------------------------------
>   2 files changed, 19 insertions(+), 60 deletions(-)
> 
> diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
> index ef237de7bd..6270b10c4f 100644
> --- a/xen/arch/arm/arm64/bpi.S
> +++ b/xen/arch/arm/arm64/bpi.S
> @@ -58,31 +58,6 @@ ENTRY(__bp_harden_hyp_vecs_start)
>       .endr
>   ENTRY(__bp_harden_hyp_vecs_end)
>   
> -ENTRY(__psci_hyp_bp_inval_start)
> -    sub     sp, sp, #(8 * 18)
> -    stp     x16, x17, [sp, #(16 * 0)]
> -    stp     x14, x15, [sp, #(16 * 1)]
> -    stp     x12, x13, [sp, #(16 * 2)]
> -    stp     x10, x11, [sp, #(16 * 3)]
> -    stp     x8, x9, [sp, #(16 * 4)]
> -    stp     x6, x7, [sp, #(16 * 5)]
> -    stp     x4, x5, [sp, #(16 * 6)]
> -    stp     x2, x3, [sp, #(16 * 7)]
> -    stp     x0, x1, [sp, #(16 * 8)]
> -    mov     x0, #0x84000000
> -    smc     #0
> -    ldp     x16, x17, [sp, #(16 * 0)]
> -    ldp     x14, x15, [sp, #(16 * 1)]
> -    ldp     x12, x13, [sp, #(16 * 2)]
> -    ldp     x10, x11, [sp, #(16 * 3)]
> -    ldp     x8, x9, [sp, #(16 * 4)]
> -    ldp     x6, x7, [sp, #(16 * 5)]
> -    ldp     x4, x5, [sp, #(16 * 6)]
> -    ldp     x2, x3, [sp, #(16 * 7)]
> -    ldp     x0, x1, [sp, #(16 * 8)]
> -    add     sp, sp, #(8 * 18)
> -ENTRY(__psci_hyp_bp_inval_end)
> -
>   ENTRY(__smccc_workaround_1_smc_start)
>       sub     sp, sp, #(8 * 4)
>       stp     x2, x3, [sp, #(8 * 0)]
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 6557577bcb..af453710e4 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -149,10 +149,11 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry,
>   
>   extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];
>   
> -static bool
> -check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
> +static int enable_smccc_arch_workaround_1(void *data)
>   {
>       struct arm_smccc_res res;
> +    static bool warned = false;
> +    const struct arm_cpu_capabilities *entry = data;
>   
>       /*
>        * Enable callbacks are called on every CPU based on the
> @@ -160,47 +161,30 @@ check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
>        * entry.
>        */
>       if ( !entry->matches(entry) )
> -        return false;
> +        return 0;
>   
>       if ( smccc_ver < SMCCC_VERSION(1, 1) )
> -        return false;
> +        goto warn;
>   
>       arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
>                         ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res);
>       if ( res.a0 != ARM_SMCCC_SUCCESS )
> -        return false;
> -
> -    return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
> -                                    __smccc_workaround_1_smc_end,
> -                                    "call ARM_SMCCC_ARCH_WORKAROUND_1");
> -}
> +        goto warn;
>   
> -extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
> +    return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
> +                                     __smccc_workaround_1_smc_end,
> +                                     "call ARM_SMCCC_ARCH_WORKAROUND_1");
>   
> -static int enable_psci_bp_hardening(void *data)
> -{
> -    bool ret = true;
> -    static bool warned = false;
> -
> -    if ( check_smccc_arch_workaround_1(data) )
> -        return 0;
> -    /*
> -     * The mitigation is using PSCI version function to invalidate the
> -     * branch predictor. This function is only available with PSCI 0.2
> -     * and later.
> -     */
> -    else if ( psci_ver >= PSCI_VERSION(0, 2) )
> -        ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
> -                                       __psci_hyp_bp_inval_end,
> -                                       "call PSCI get version");
> -    else if ( !warned )
> +warn:
> +    if ( !warned )
>       {
>           ASSERT(system_state < SYS_STATE_active);
> -        warning_add("PSCI 0.2 or later is required for the branch predictor hardening.\n");
> -        warned = true;
> +        warning_add("No support for ARM_SMCCC_ARCH_WORKAROUND_1.\n"
> +                    "Please update your firmware.\n");
> +        warned = false;
>       }
>   
> -    return !ret;
> +    return 0;
>   }
>   
>   #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */
> @@ -316,22 +300,22 @@ static const struct arm_cpu_capabilities arm_errata[] = {
>       {
>           .capability = ARM_HARDEN_BRANCH_PREDICTOR,
>           MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
> -        .enable = enable_psci_bp_hardening,
> +        .enable = enable_smccc_arch_workaround_1,
>       },
>       {
>           .capability = ARM_HARDEN_BRANCH_PREDICTOR,
>           MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
> -        .enable = enable_psci_bp_hardening,
> +        .enable = enable_smccc_arch_workaround_1,
>       },
>       {
>           .capability = ARM_HARDEN_BRANCH_PREDICTOR,
>           MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
> -        .enable = enable_psci_bp_hardening,
> +        .enable = enable_smccc_arch_workaround_1,
>       },
>       {
>           .capability = ARM_HARDEN_BRANCH_PREDICTOR,
>           MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
> -        .enable = enable_psci_bp_hardening,
> +        .enable = enable_smccc_arch_workaround_1,
>       },
>   #endif
>   #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR
>

Patch

diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S
index ef237de7bd..6270b10c4f 100644
--- a/xen/arch/arm/arm64/bpi.S
+++ b/xen/arch/arm/arm64/bpi.S
@@ -58,31 +58,6 @@  ENTRY(__bp_harden_hyp_vecs_start)
     .endr
 ENTRY(__bp_harden_hyp_vecs_end)
 
-ENTRY(__psci_hyp_bp_inval_start)
-    sub     sp, sp, #(8 * 18)
-    stp     x16, x17, [sp, #(16 * 0)]
-    stp     x14, x15, [sp, #(16 * 1)]
-    stp     x12, x13, [sp, #(16 * 2)]
-    stp     x10, x11, [sp, #(16 * 3)]
-    stp     x8, x9, [sp, #(16 * 4)]
-    stp     x6, x7, [sp, #(16 * 5)]
-    stp     x4, x5, [sp, #(16 * 6)]
-    stp     x2, x3, [sp, #(16 * 7)]
-    stp     x0, x1, [sp, #(16 * 8)]
-    mov     x0, #0x84000000
-    smc     #0
-    ldp     x16, x17, [sp, #(16 * 0)]
-    ldp     x14, x15, [sp, #(16 * 1)]
-    ldp     x12, x13, [sp, #(16 * 2)]
-    ldp     x10, x11, [sp, #(16 * 3)]
-    ldp     x8, x9, [sp, #(16 * 4)]
-    ldp     x6, x7, [sp, #(16 * 5)]
-    ldp     x4, x5, [sp, #(16 * 6)]
-    ldp     x2, x3, [sp, #(16 * 7)]
-    ldp     x0, x1, [sp, #(16 * 8)]
-    add     sp, sp, #(8 * 18)
-ENTRY(__psci_hyp_bp_inval_end)
-
 ENTRY(__smccc_workaround_1_smc_start)
     sub     sp, sp, #(8 * 4)
     stp     x2, x3, [sp, #(8 * 0)]
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 6557577bcb..af453710e4 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -149,10 +149,11 @@  install_bp_hardening_vec(const struct arm_cpu_capabilities *entry,
 
 extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[];
 
-static bool
-check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
+static int enable_smccc_arch_workaround_1(void *data)
 {
     struct arm_smccc_res res;
+    static bool warned = false;
+    const struct arm_cpu_capabilities *entry = data;
 
     /*
      * Enable callbacks are called on every CPU based on the
@@ -160,47 +161,30 @@  check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry)
      * entry.
      */
     if ( !entry->matches(entry) )
-        return false;
+        return 0;
 
     if ( smccc_ver < SMCCC_VERSION(1, 1) )
-        return false;
+        goto warn;
 
     arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
                       ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res);
     if ( res.a0 != ARM_SMCCC_SUCCESS )
-        return false;
-
-    return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
-                                    __smccc_workaround_1_smc_end,
-                                    "call ARM_SMCCC_ARCH_WORKAROUND_1");
-}
+        goto warn;
 
-extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[];
+    return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
+                                     __smccc_workaround_1_smc_end,
+                                     "call ARM_SMCCC_ARCH_WORKAROUND_1");
 
-static int enable_psci_bp_hardening(void *data)
-{
-    bool ret = true;
-    static bool warned = false;
-
-    if ( check_smccc_arch_workaround_1(data) )
-        return 0;
-    /*
-     * The mitigation is using PSCI version function to invalidate the
-     * branch predictor. This function is only available with PSCI 0.2
-     * and later.
-     */
-    else if ( psci_ver >= PSCI_VERSION(0, 2) )
-        ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start,
-                                       __psci_hyp_bp_inval_end,
-                                       "call PSCI get version");
-    else if ( !warned )
+warn:
+    if ( !warned )
     {
         ASSERT(system_state < SYS_STATE_active);
-        warning_add("PSCI 0.2 or later is required for the branch predictor hardening.\n");
-        warned = true;
+        warning_add("No support for ARM_SMCCC_ARCH_WORKAROUND_1.\n"
+                    "Please update your firmware.\n");
+        warned = false;
     }
 
-    return !ret;
+    return 0;
 }
 
 #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */
@@ -316,22 +300,22 @@  static const struct arm_cpu_capabilities arm_errata[] = {
     {
         .capability = ARM_HARDEN_BRANCH_PREDICTOR,
         MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
-        .enable = enable_psci_bp_hardening,
+        .enable = enable_smccc_arch_workaround_1,
     },
     {
         .capability = ARM_HARDEN_BRANCH_PREDICTOR,
         MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
-        .enable = enable_psci_bp_hardening,
+        .enable = enable_smccc_arch_workaround_1,
     },
     {
         .capability = ARM_HARDEN_BRANCH_PREDICTOR,
         MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
-        .enable = enable_psci_bp_hardening,
+        .enable = enable_smccc_arch_workaround_1,
     },
     {
         .capability = ARM_HARDEN_BRANCH_PREDICTOR,
         MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
-        .enable = enable_psci_bp_hardening,
+        .enable = enable_smccc_arch_workaround_1,
     },
 #endif
 #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR