From patchwork Tue Jun 12 11:36:40 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@arm.com>
X-Patchwork-Id: 138328
Delivered-To: patch@linaro.org
Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp5234999lji;
 Tue, 12 Jun 2018 04:39:32 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLaUt13CTBmALSFqATXCiiYRl5GLGq9Iou0DuP4Ul7+GN3oCnNV0olN5188fwXxRHrr7NzB
X-Received: by 2002:a6b:9403:: with SMTP id w3-v6mr20522iod.108.1528803572474; 
 Tue, 12 Jun 2018 04:39:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528803572; cv=none;
 d=google.com; s=arc-20160816;
 b=QDw0wik292L+uivTkTfoLwzCMDmNH7hrHHdwW4F5PD9u8A2Ci/FnwNsdShKW55QsuU
 +b85H8aQvt6rx8CAAbPE8rFqo+vfoAkjlNud5aNBLgVozIcCRlA1Cm4N0TdlRV8HYsSB
 utiCMcfVAOvdT0J8Kezmev3tLoDeaaSVOw2i2wbGE5s2FhW3qjnNNiPBI18Lw55KC/6/
 oicm4rodAekEq6+IOakRCvkz0Ouvs3s8YeA76ac8ewtb+foA9jCzzvgSyx5/wXmoD+BV
 v7UMFxa4e44G7dwCFZTI3QbsGU1o91Ah/UE3QABridO253ZE8uKmSwCyTq+F2rB6V6pk
 4OOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:references:in-reply-to:message-id:date:to:from
 :arc-authentication-results;
 bh=MDhEKpm8SiKDGW68e0hUnfI4WuGChq7a0s9p9rJi/t8=;
 b=hB49vfudifdTjvqYuO4ELM1BJNUkGlUJhZ8POKLi6pt9g7k7nKQhmuAIvKzI8ysRiZ
 V10tGbak2gVID9GzNWlKDg1PWD1s7bMadu+PEE6U8FkBWajQTDRFfa3KGy/yt2OUl68e
 tivoNgaFm/XHLnDFSQqM1ZzFBAS6C9Znaxrcg39gpotZQ8tstlSzmVERWhqav9sO8Oh0
 DTpiFIaIEXOX327C88XzuNWZtWZFIluVndmRYRcSiJsTaMqFrU6UKTuzhCn+THGVq3ok
 bZBYEbM/NRogmDVQWrHZ2kF/MNaVCLnDr7rjJOjPhxhAIgglpm+d4XBxnlIWjLWB+GUe
 WRRw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 g14-v6si661387iog.51.2018.06.12.04.39.32
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 12 Jun 2018 04:39:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.89)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1fShbk-0000tb-4g; Tue, 12 Jun 2018 11:37:04 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57])
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <srs0=bxlg=i6=arm.com=julien.grall@srs-us1.protection.inumbo.net>)
 id 1fShbj-0000rX-0h
 for xen-devel@lists.xenproject.org; Tue, 12 Jun 2018 11:37:03 +0000
X-Inumbo-ID: ef58640b-6e34-11e8-bc1d-65256ead4e3a
Received: from foss.arm.com (unknown [217.140.101.70])
 by us1-amaz-eas1.inumbo.com (Halon) with ESMTP
 id ef58640b-6e34-11e8-bc1d-65256ead4e3a;
 Tue, 12 Jun 2018 11:37:06 +0000 (UTC)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EB73E1435;
 Tue, 12 Jun 2018 04:37:01 -0700 (PDT)
Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com
 [10.1.206.53])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 0D6A73F318; Tue, 12 Jun 2018 04:37:00 -0700 (PDT)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xenproject.org
Date: Tue, 12 Jun 2018 12:36:40 +0100
Message-Id: <20180612113643.32020-11-julien.grall@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180612113643.32020-1-julien.grall@arm.com>
References: <20180612113643.32020-1-julien.grall@arm.com>
Subject: [Xen-devel] [PATCH v3 10/13] xen/arm64: Implement a fast path for
 handling SMCCC_ARCH_WORKAROUND_2
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: andre.przywara@arm.com, Julien Grall <julien.grall@arm.com>,
 sstabellini@kernel.org
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

The function ARM_SMCCC_ARCH_WORKAROUND_2 will be called by the guest for
enabling/disabling the ssbd mitigation. So we want the handling to
be as fast as possible.

The new sequence will forward guest's ARCH_WORKAROUND_2 call to EL3 and
also track the state of the workaround per-vCPU.

Note that since we need to execute branches, this always executes after
the spectre-v2 mitigation.

This code is based on KVM counterpart "arm64: KVM: Handle guest's
ARCH_WORKAROUND_2 requests" written by Marc Zyngier.

This is part of XSA-263.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
    Changes in v3:
        - Add Stefano's reviewed-by

    Changes in v2:
        - Combine the 2 consecutive eor instructions in a single one.
---
 xen/arch/arm/arm64/asm-offsets.c |  2 ++
 xen/arch/arm/arm64/entry.S       | 42 +++++++++++++++++++++++++++++++++++++++-
 xen/arch/arm/cpuerrata.c         | 18 +++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/arm64/asm-offsets.c b/xen/arch/arm/arm64/asm-offsets.c
index ce24e44473..f5c696d092 100644
--- a/xen/arch/arm/arm64/asm-offsets.c
+++ b/xen/arch/arm/arm64/asm-offsets.c
@@ -22,6 +22,7 @@
 void __dummy__(void)
 {
    OFFSET(UREGS_X0, struct cpu_user_regs, x0);
+   OFFSET(UREGS_X1, struct cpu_user_regs, x1);
    OFFSET(UREGS_LR, struct cpu_user_regs, lr);
 
    OFFSET(UREGS_SP, struct cpu_user_regs, sp);
@@ -45,6 +46,7 @@ void __dummy__(void)
    BLANK();
 
    DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info));
+   OFFSET(CPUINFO_flags, struct cpu_info, flags);
 
    OFFSET(VCPU_arch_saved_context, struct vcpu, arch.saved_context);
 
diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S
index e2344e565f..97b05f53ea 100644
--- a/xen/arch/arm/arm64/entry.S
+++ b/xen/arch/arm/arm64/entry.S
@@ -1,4 +1,6 @@
 #include <asm/asm_defns.h>
+#include <asm/current.h>
+#include <asm/macros.h>
 #include <asm/regs.h>
 #include <asm/alternative.h>
 #include <asm/smccc.h>
@@ -241,7 +243,7 @@ guest_sync:
          * be encoded as an immediate for cmp.
          */
         eor     w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID
-        cbnz    w0, guest_sync_slowpath
+        cbnz    w0, check_wa2
 
         /*
          * Clobber both x0 and x1 to prevent leakage. Note that thanks
@@ -250,6 +252,44 @@ guest_sync:
         mov     x1, xzr
         eret
 
+check_wa2:
+        /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */
+        eor     w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID)
+        cbnz    w0, guest_sync_slowpath
+#ifdef CONFIG_ARM_SSBD
+alternative_cb arm_enable_wa2_handling
+        b       wa2_end
+alternative_cb_end
+        /* Sanitize the argument */
+        mov     x0, #-(UREGS_kernel_sizeof - UREGS_X1)  /* x0 := offset of guest's x1 on the stack */
+        ldr     x1, [sp, x0]                            /* Load guest's x1 */
+        cmp     w1, wzr
+        cset    x1, ne
+
+        /*
+         * Update the guest flag. At this stage sp point after the field
+         * guest_cpu_user_regs in cpu_info.
+         */
+        adr_cpu_info x2
+        ldr     x0, [x2, #CPUINFO_flags]
+        bfi     x0, x1, #CPUINFO_WORKAROUND_2_FLAG_SHIFT, #1
+        str     x0, [x2, #CPUINFO_flags]
+
+        /* Check that we actually need to perform the call */
+        ldr_this_cpu x0, ssbd_callback_required, x2
+        cbz     x0, wa2_end
+
+        mov     w0, #ARM_SMCCC_ARCH_WORKAROUND_2_FID
+        smc     #0
+
+wa2_end:
+        /* Don't leak data from the SMC call */
+        mov     x1, xzr
+        mov     x2, xzr
+        mov     x3, xzr
+#endif /* !CONFIG_ARM_SSBD */
+        mov     x0, xzr
+        eret
 guest_sync_slowpath:
         /*
          * x0/x1 may have been scratch by the fast path above, so avoid
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 4292008692..7455f09f26 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -7,6 +7,7 @@
 #include <xen/warning.h>
 #include <asm/cpufeature.h>
 #include <asm/cpuerrata.h>
+#include <asm/insn.h>
 #include <asm/psci.h>
 
 /* Override macros from asm/page.h to make them work with mfn_t */
@@ -272,6 +273,23 @@ static int __init parse_spec_ctrl(const char *s)
 }
 custom_param("spec-ctrl", parse_spec_ctrl);
 
+/* Arm64 only for now as for Arm32 the workaround is currently handled in C. */
+#ifdef CONFIG_ARM_64
+void __init arm_enable_wa2_handling(const struct alt_instr *alt,
+                                    const uint32_t *origptr,
+                                    uint32_t *updptr, int nr_inst)
+{
+    BUG_ON(nr_inst != 1);
+
+    /*
+     * Only allow mitigation on guest ARCH_WORKAROUND_2 if the SSBD
+     * state allow it to be flipped.
+     */
+    if ( get_ssbd_state() == ARM_SSBD_RUNTIME )
+        *updptr = aarch64_insn_gen_nop();
+}
+#endif
+
 /*
  * Assembly code may use the variable directly, so we need to make sure
  * it fits in a register.