From patchwork Thu Oct 31 15:09:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 178185 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp2979959ill; Thu, 31 Oct 2019 08:11:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqxKk71+OqS7qfTrG0dlL5X7fZ4BWonc51fOTUka4aJPMtePyneKGWg29gLDhj+vfAChEjRQ X-Received: by 2002:a5d:8d8f:: with SMTP id b15mr5581953ioj.296.1572534669244; Thu, 31 Oct 2019 08:11:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572534669; cv=none; d=google.com; s=arc-20160816; b=QZmsXVuo8pQnGPAGG0CtjH0iaLskgVJKAJQnaWiQaPCAdPkgz1tVjCZ6EKKTbDgjcz KTYqkixhOBGwDkmiU/G4LMBrQiigMSjGQ583kgORbSC99yZ6uDEjpTRUGBcHd2PN/a+t SMxIGf6NvnYLKPYN/Riwc7hrMmkiXa5VwBSLLkZ1Wf1z9DvMgUxaYGBz3ZKqphg4HAvI p0Bbr52KVca/Tf4NUesgw7t0i6UkAQ1mw/BgrLBkSQy+Ic7t5hcfAdzYQZSDxhXQ0Nuh MR3zUT9D6NVRO0x2DTITSITSZ0VX19haRLHfWbSm//rLlRGryLaibgndS9Eg1xN06iBV WQ7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from; bh=canYzUswTxCqzX7IzItdxlbAqFqYQ/Z/KFNdEZJYz14=; b=te770h6CY3stMeRw5W1BBoU0o6lkZbBDaKx5mn2bbuEE6RMCcFb8HzdWPh0dHNyDkH 1xtYJZZJoRpxqKoquah4a964sn+YGtYOw4JMVOPZd66KQZ9b89MECrG6H6v787KeGLfz K0XDDegayyeZB5WQ1ZuCBplY57XEeOu2ot1vWDKpUsDgI3FJYKILUVEd18zzXHuNlUS6 DmftDr73iC0sqgWp0CWGwyKe7rT7InVv0kgpjYLK/xcHOSvxfkm0fCOkNAEl2qmMFGxv kvoM+U6nQ2VRCPa1AICR5GMAkZ6vGTCjyCLZE7SjkZUWPQs72icxHGbks61eJxfaezW+ xtJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id z3si8077642ilq.18.2019.10.31.08.11.08 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 31 Oct 2019 08:11:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iQC5P-00075m-6f; Thu, 31 Oct 2019 15:10:07 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iQC5N-0006wm-BW for xen-devel@lists.xenproject.org; Thu, 31 Oct 2019 15:10:05 +0000 X-Inumbo-ID: 7a01744c-fbf0-11e9-954c-12813bfff9fa Received: from foss.arm.com (unknown [217.140.110.172]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 7a01744c-fbf0-11e9-954c-12813bfff9fa; Thu, 31 Oct 2019 15:09:46 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C8C5068D; Thu, 31 Oct 2019 08:09:46 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (unknown [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C13723F71E; Thu, 31 Oct 2019 08:09:45 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 31 Oct 2019 15:09:14 +0000 Message-Id: <20191031150922.22938-12-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20191031150922.22938-1-julien.grall@arm.com> References: <20191031150922.22938-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH for-4.13 v4 11/19] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: jgross@suse.com, Stefano Stabellini , Julien Grall , Julien Grall , Andrii Anisov , Volodymyr Babchuk MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" At the moment, SSBD workaround is re-enabled for Xen after interrupts are unmasked. This means we may end up to execute some part of the hypervisor if an interrupt is received before the workaround is re-enabled. Each trap may require to unmask different interrupts. As the rest of enter_hypervisor_from_guest() does not require to have interrupts masked, the function is now split in two parts: 1) enter_hypervisor_from_guest_preirq() called with interrupts masked. 2) enter_hypervisor_from_guest() called with interrupts unmasked. Note that while it might be possible to avoid spliting the function in two parts, it requires a bit more work than I can currently invest to avoid using indirect branch. Furthermore, the function name is rather generic as there might be more work to dob before interrupts are unmasked in the future. Fixes: a7898e4c59 ("xen/arm: Add ARCH_WORKAROUND_2 support for guests") Reported-by: Andrii Anisov Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v4: - Remove spurious line Changes in v3: - Rework the arm32 part Changes in v2: - Add Arm32 code - Rename enter_hypervisor_from_guest_noirq() to enter_hypervisor_from_guest_preirq() - Update the commit message to explain the choice of splitting the code. --- xen/arch/arm/arm32/entry.S | 2 +- xen/arch/arm/arm64/entry.S | 1 + xen/arch/arm/traps.c | 14 ++++++++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index cea4e0e302..0a9c248ee2 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -118,7 +118,7 @@ abort_guest_exit_end: bne return_from_trap skip_check: - mov pc, lr + b enter_hypervisor_from_guest_preirq ENDPROC(arch_enter_hypervisor_from_guest_preirq) /* diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 97dc60210d..d4fb5fdc1c 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -191,6 +191,7 @@ ALTERNATIVE("bl check_pending_vserror; cbnz x0, 1f", "nop; nop", SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT) + bl enter_hypervisor_from_guest_preirq msr daifclr, \iflags bl enter_hypervisor_from_guest mov x0, sp diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index adbedc2d15..cb4e3b627b 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1986,15 +1986,25 @@ static inline bool needs_ssbd_flip(struct vcpu *v) /* * Actions that needs to be done after entering the hypervisor from the - * guest and before we handle any request. + * guest and before the interrupts are unmasked. */ -void enter_hypervisor_from_guest(void) +void enter_hypervisor_from_guest_preirq(void) { struct vcpu *v = current; /* If the guest has disabled the workaround, bring it back on. */ if ( needs_ssbd_flip(v) ) arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 1, NULL); +} + +/* + * Actions that needs to be done after entering the hypervisor from the + * guest and before we handle any request. Depending on the exception trap, + * this may be called with interrupts unmasked. + */ +void enter_hypervisor_from_guest(void) +{ + struct vcpu *v = current; /* * If we pended a virtual abort, preserve it until it gets cleared.