From patchwork Tue May 22 17:42:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 136595
Delivered-To: patch@linaro.org
Received: by 2002:a2e:9706:0:0:0:0:0 with SMTP id r6-v6csp1929549lji;
 Tue, 22 May 2018 10:45:49 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpeBoxJajVjxuBHP+wIhOIxPY1dhVnGjnLUEEyAW3vghCA3TE85o8qaTvM0lpPqh2vns+bp
X-Received: by 2002:a6b:ce15:: with SMTP id
 p21-v6mr13079208iob.257.1527011149052; 
 Tue, 22 May 2018 10:45:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527011149; cv=none;
 d=google.com; s=arc-20160816;
 b=ytZAgxEIQEQT7+PhGVwOHjJOvZFu0kk0BChqn+JIgfOAaIERctmXOp9y9WYnuvHnhq
 fyM0vrfP2fbvuKjsEg9JPlB+FQ4gOyCdaOLpVzfO3YV5IrcRYaFDefMVdnmsW1RlIlzg
 jz7xhTjIxBVEI4As9nJvbiZHacVTEfyL2ochne0Re/VeB2811rH/3la13lG4AElyg9mo
 F+R22cXH9RpL9rlgvm98+EEra24o9A28qk7Zq0Be2sOB8REJAtWojGrKsWM9AcyK2Jew
 FLnFtV5p3MWWKNLIlVFDPrur3VDMTcvgZV9rR1KCfXMpNcTbeSK4tZ59rvGrUZHZ+o47
 1uug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:references:in-reply-to:message-id:date:to:from
 :arc-authentication-results;
 bh=TXvJl0VMMh5D9wESzAkbcrebP7SpbCsnVs4bQAqLGh4=;
 b=vWpPdXLkqIJaJXD1ailsGlO62GpOCun6l/5rUNabunN9fj/mEtqGBN6A73PiIRDTuJ
 I1vvbHpxH2S+k5GGTe9MygyNpN5OO560JD8RN35/u7193YOBpzHLL8MMAqk9xoAniqLL
 ij8IrZC5DzLahNSMaKMLg3s782AQweimR56xLm7FNyiyPREc5Ww2tgCQcTfBkoPnaJPP
 t/kpcYKtj3WM65r7HMX6iGsPE7YXaPaNxCIqUL3DMwcMaVnfTuAsCTO8eC4tJLIZ2fvq
 5c/Eq4Ih0/hRF1jsGZWnkBtk2ToBb5UhnObM8y5GvSjtsfr5QypzTG1FIzoPA89oBQSv
 6Usg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 136-v6si15255652ion.232.2018.05.22.10.45.48
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 22 May 2018 10:45:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.89)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1fLBJX-0002AJ-JI; Tue, 22 May 2018 17:43:11 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <srs0=m9vh=ij=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1fLBJV-00029x-Rp
 for xen-devel@lists.xenproject.org; Tue, 22 May 2018 17:43:09 +0000
X-Inumbo-ID: 53b1c679-5de7-11e8-9728-bc764e045a96
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTP
 id 53b1c679-5de7-11e8-9728-bc764e045a96;
 Tue, 22 May 2018 19:41:15 +0200 (CEST)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7F9131435;
 Tue, 22 May 2018 10:43:08 -0700 (PDT)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 951E23F589; Tue, 22 May 2018 10:43:07 -0700 (PDT)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xenproject.org
Date: Tue, 22 May 2018 18:42:45 +0100
Message-Id: <20180522174254.27551-5-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180522174254.27551-1-julien.grall@arm.com>
References: <20180522174254.27551-1-julien.grall@arm.com>
Subject: [Xen-devel] [PATCH 04/13] xen/arm: Add ARCH_WORKAROUND_2 probing
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: andre.przywara@arm.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery
mechanism for detecting the SSBD mitigation.

A new capability is also allocated for that purpose, and a config
option.

This is part of XSA-263.

Signed-off-by: Julien Grall <julien.grall@arm.com>
---
 xen/arch/arm/Kconfig             | 10 ++++++++++
 xen/arch/arm/cpuerrata.c         | 39 +++++++++++++++++++++++++++++++++++++++
 xen/include/asm-arm/cpuerrata.h  | 21 +++++++++++++++++++++
 xen/include/asm-arm/cpufeature.h |  3 ++-
 xen/include/asm-arm/smccc.h      |  6 ++++++
 5 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 8174c0c635..0e2d027060 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -73,6 +73,16 @@ config SBSA_VUART_CONSOLE
 	  Allows a guest to use SBSA Generic UART as a console. The
 	  SBSA Generic UART implements a subset of ARM PL011 UART.
 
+config ARM_SSBD
+	bool "Speculative Store Bypass Disable" if EXPERT = "y"
+	depends on HAS_ALTERNATIVE
+	default y
+	help
+	  This enables mitigation of bypassing of previous stores by speculative
+	  loads.
+
+	  If unsure, say Y.
+
 endmenu
 
 menu "ARM errata workaround via the alternative framework"
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 1baa20654b..bcea2eb6e5 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -235,6 +235,39 @@ static int enable_ic_inv_hardening(void *data)
 
 #endif
 
+#ifdef CONFIG_ARM_SSBD
+
+/*
+ * Assembly code may use the variable directly, so we need to make sure
+ * it fits in a register.
+ */
+DEFINE_PER_CPU_READ_MOSTLY(register_t, ssbd_callback_required);
+
+static bool has_ssbd_mitigation(const struct arm_cpu_capabilities *entry)
+{
+    struct arm_smccc_res res;
+    bool supported = true;
+
+    if ( smccc_ver < SMCCC_VERSION(1, 1) )
+        return false;
+
+    /*
+     * The probe function return value is either negative (unsupported
+     * or mitigated), positive (unaffected), or zero (requires
+     * mitigation). We only need to do anything in the last case.
+     */
+    arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
+                      ARM_SMCCC_ARCH_WORKAROUND_2_FID, &res);
+    if ( (int)res.a0 != 0 )
+        supported = false;
+
+    if ( supported )
+        this_cpu(ssbd_callback_required) = 1;
+
+    return supported;
+}
+#endif
+
 #define MIDR_RANGE(model, min, max)     \
     .matches = is_affected_midr_range,  \
     .midr_model = model,                \
@@ -336,6 +369,12 @@ static const struct arm_cpu_capabilities arm_errata[] = {
         .enable = enable_ic_inv_hardening,
     },
 #endif
+#ifdef CONFIG_ARM_SSBD
+    {
+        .capability = ARM_SSBD,
+        .matches = has_ssbd_mitigation,
+    },
+#endif
     {},
 };
 
diff --git a/xen/include/asm-arm/cpuerrata.h b/xen/include/asm-arm/cpuerrata.h
index 4e45b237c8..e628d3ff56 100644
--- a/xen/include/asm-arm/cpuerrata.h
+++ b/xen/include/asm-arm/cpuerrata.h
@@ -27,9 +27,30 @@ static inline bool check_workaround_##erratum(void)             \
 
 CHECK_WORKAROUND_HELPER(766422, ARM32_WORKAROUND_766422, CONFIG_ARM_32)
 CHECK_WORKAROUND_HELPER(834220, ARM64_WORKAROUND_834220, CONFIG_ARM_64)
+CHECK_WORKAROUND_HELPER(ssbd, ARM_SSBD, CONFIG_ARM_SSBD)
 
 #undef CHECK_WORKAROUND_HELPER
 
+#ifdef CONFIG_ARM_SSBD
+
+#include <asm/current.h>
+
+DECLARE_PER_CPU(register_t, ssbd_callback_required);
+
+static inline bool cpu_require_ssbd_mitigation(void)
+{
+    return this_cpu(ssbd_callback_required);
+}
+
+#else
+
+static inline bool cpu_require_ssbd_mitigation(void)
+{
+    return false;
+}
+
+#endif
+
 #endif /* __ARM_CPUERRATA_H__ */
 /*
  * Local variables:
diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h
index e557a095af..2a5c075d3b 100644
--- a/xen/include/asm-arm/cpufeature.h
+++ b/xen/include/asm-arm/cpufeature.h
@@ -43,8 +43,9 @@
 #define SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT 5
 #define SKIP_CTXT_SWITCH_SERROR_SYNC 6
 #define ARM_HARDEN_BRANCH_PREDICTOR 7
+#define ARM_SSBD 8
 
-#define ARM_NCAPS           8
+#define ARM_NCAPS           9
 
 #ifndef __ASSEMBLY__
 
diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h
index 8342cc33fe..650744d28b 100644
--- a/xen/include/asm-arm/smccc.h
+++ b/xen/include/asm-arm/smccc.h
@@ -258,6 +258,12 @@ struct arm_smccc_res {
                       ARM_SMCCC_OWNER_ARCH,         \
                       0x8000)
 
+#define ARM_SMCCC_ARCH_WORKAROUND_2_FID             \
+    ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,         \
+                       ARM_SMCCC_CONV_32,           \
+                       ARM_SMCCC_OWNER_ARCH,        \
+                       0x7FFF)
+
 /* SMCCC error codes */
 #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION  (-1)
 #define ARM_SMCCC_NOT_SUPPORTED         (-1)