From patchwork Wed Jan 31 16:53:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126369 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906062ljc; Wed, 31 Jan 2018 08:56:01 -0800 (PST) X-Google-Smtp-Source: AH8x225BJ5zPI1D9hPmvNvOYaj905q1hKTpTkzofTVcWmnEfRLhZjVRcscn2LRtYNjssWvdNiKkR X-Received: by 10.36.20.145 with SMTP id 139mr35927219itg.15.1517417761335; Wed, 31 Jan 2018 08:56:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417761; cv=none; d=google.com; s=arc-20160816; b=Zsd0bkmPdjhb8Z8MDyy6cITX29ewvGyUD+kP94vdv5wKpLNM6uc8fPoULkT16auZsO KLcNXtEnM51LtJG5Scj9nN3234nr3bI1Cf67Gq4jHzU/Pb+/6D2E2UPwSiEzySQ14kNa l6EkSSSY+JcYb7+E/4iVQwPL0NMSUJndU+Mpxu4U336RZWwrfa9ZWoJfgr70wl0F8e3p sylsE/V5hDRe6LP+95yLuq+VOL2uIsQr+AOB9E6IIx3kwp+/45aS1Dw/fqJwk0zPQESD WOStomn2x9pgpA3isZT2oCxkKcaAQZjdZEKMhfJexPHfrGinO+dtfI7XqGj4s1ZaxyTD h+qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=9y2KBumOSDGNt172UGYeNLn2GDOJdX3V60ufRqLRJtk=; b=H6d/VEKtCHu1m+zKtGK5vlDxwlQlaKpJqdWXo/kNu2XMa2ESx1US0re537X7T5bpfE LYS4+/15OdS26rz3pyyGulTsBSnQ08X02axO5WzYxj+TyU++Ew2bjmoxzSUcvsKxyQFw YZsh5YQqotpdrkSAEE/2b/UMsoxAsVciJ64H5EmDvbrhWCNaB+cKXrsnNZi+EztYWBoE TWQ97enVKBRqcQMCAxU6KoBocv0sQ+D+blslmav/JWeehK2uUAJfnpSf5AfICt+pJI6n hsxrRx4LVRYo7h73iPQXCpcIJoCThfsRn7UIx5R3b+L3r3WXKfODMcDpyAtaHgi6tWdl PuXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=PHHLuLcr; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id z3si79907ite.166.2018.01.31.08.56.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:56:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=PHHLuLcr; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdn-00041A-Bs; Wed, 31 Jan 2018 16:53:43 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdm-00040r-IH for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:42 +0000 X-Inumbo-ID: 4192ea13-06a7-11e8-ba59-bc764e045a96 Received: from mail-wr0-x241.google.com (unknown [2a00:1450:400c:c0c::241]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 4192ea13-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:27 +0100 (CET) Received: by mail-wr0-x241.google.com with SMTP id f6so14114395wra.6 for ; Wed, 31 Jan 2018 08:53:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BGqGk+EjkrOkZthPFwTXa3D+SAXF6gXGIlHoIxQ/6xo=; b=PHHLuLcrjzG5t9XRXXJN0Wtbz44PIifIuR85N8iO0bIb0YWN0FN3mMMv+39gipFORK 7y90X9CzPeJYx/2jT6fkORCKIdb8jiQZYeK8jiQTSNXwYtn4HPT55ef6rC7jbruGRsmO jnu7JhXzXYBiON2UNYTE7o+xcCuqu6LFQ/bKA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BGqGk+EjkrOkZthPFwTXa3D+SAXF6gXGIlHoIxQ/6xo=; b=kFIApxCx1U65GLOuZ8JGtdpEQQ/PiT/D1DiJX3ZKyN9YDPvEJF6DV3XD1kh/9n3Tbd WnaSSMAOSbzwqGgnVJDt0Htt6mLK/qKmc/yatqrNNHwkbtvFdLNPhN6aJ5u5YTMm4kvB vL+XHqk2VonHHUMBcKGg8p0u5Gg047gGJJ7ZSZ9MEPG/nXUxt2KMI8miKkHq8slZjDGl hT4rSYae9Xa0F5g3FRqBum4tdSfRTo1RVNd3C3jR/DFmbdXBZhQvzolPQMOZ/KnfStFy VGOQMWj/qyWb8C9JSBYfSeNIalegr7LOC/AuETeDl/Hd8cUP1wQjjLVkBHUzNdQEccYV wpaw== X-Gm-Message-State: AKwxytcAk6cVUMH3VnUE9OLcN5ajttO2CUFKWqcH2MlaZAxMovV8zGBQ dceYcMBDfaCrxOZShkLcFA3Jaz27nAM= X-Received: by 10.223.182.4 with SMTP id f4mr5093021wre.11.1517417620121; Wed, 31 Jan 2018 08:53:40 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:39 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:28 +0000 Message-Id: <20180131165334.23175-2-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 1/7] xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall The only difference between all the DEFINE_TRAP_ENTRY_* macros are the interrupts (Asynchronous Abort, IRQ, FIQ) unmasked. Rather than duplicating the code, introduce __DEFINE_TRAP_ENTRY macro that will take the list of interrupts to unmask. This is part of XSA-254. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Add Stefano's reviewed-by --- xen/arch/arm/arm32/entry.S | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index 120922e64e..c6490d2847 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -111,39 +111,29 @@ abort_guest_exit_end: skip_check: mov pc, lr -#define DEFINE_TRAP_ENTRY(trap) \ +/* + * Macro to define trap entry. The iflags corresponds to the list of + * interrupts (Asynchronous Abort, IRQ, FIQ) to unmask. + */ +#define __DEFINE_TRAP_ENTRY(trap, iflags) \ ALIGN; \ trap_##trap: \ SAVE_ALL; \ - cpsie i; /* local_irq_enable */ \ - cpsie a; /* asynchronous abort enable */ \ + cpsie iflags; \ adr lr, return_from_trap; \ mov r0, sp; \ mov r11, sp; \ bic sp, #7; /* Align the stack pointer (noop on guest trap) */ \ b do_trap_##trap -#define DEFINE_TRAP_ENTRY_NOIRQ(trap) \ - ALIGN; \ -trap_##trap: \ - SAVE_ALL; \ - cpsie a; /* asynchronous abort enable */ \ - adr lr, return_from_trap; \ - mov r0, sp; \ - mov r11, sp; \ - bic sp, #7; /* Align the stack pointer (noop on guest trap) */ \ - b do_trap_##trap +/* Trap handler which unmask IRQ/Abort, keep FIQ masked */ +#define DEFINE_TRAP_ENTRY(trap) __DEFINE_TRAP_ENTRY(trap, ai) -#define DEFINE_TRAP_ENTRY_NOABORT(trap) \ - ALIGN; \ -trap_##trap: \ - SAVE_ALL; \ - cpsie i; /* local_irq_enable */ \ - adr lr, return_from_trap; \ - mov r0, sp; \ - mov r11, sp; \ - bic sp, #7; /* Align the stack pointer (noop on guest trap) */ \ - b do_trap_##trap +/* Trap handler which unmask Abort, keep IRQ/FIQ masked */ +#define DEFINE_TRAP_ENTRY_NOIRQ(trap) __DEFINE_TRAP_ENTRY(trap, a) + +/* Trap handler which unmask IRQ, keep Abort/FIQ masked */ +#define DEFINE_TRAP_ENTRY_NOABORT(trap) __DEFINE_TRAP_ENTRY(trap, i) .align 5 GLOBAL(hyp_traps_vector) From patchwork Wed Jan 31 16:53:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126368 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906044ljc; Wed, 31 Jan 2018 08:55:59 -0800 (PST) X-Google-Smtp-Source: AH8x226iO/0lOciKHPgREbzBQZx0kc8R+G1S4N9cdweG6hTKCcqeXhRsk6Fz+VNJfXEcaRfb2D3d X-Received: by 10.36.41.198 with SMTP id p189mr23898296itp.40.1517417759743; Wed, 31 Jan 2018 08:55:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417759; cv=none; d=google.com; s=arc-20160816; b=dhExIhWxu0CcS7w1Rx3fqPAncVLsDp7B2L1JrXf8lbMaUaaZdRpYfhhsp04iDxcTNt Vqm0ZazEav5NOs6BcO4SwXgL+6O5XxaOfRtQAWkp+RVVL1X8THYR7xZDbv97wyEI7tNt iEdr9+ce7f5HFBeIO7aJ1tF1RfApGHb2xJ/xTZVXrAWBmNz4j+sVInP79hTzV5LthQeS SvnhGT5X5cqds67YL9yXpAXR7Jf3PVql3Og06XZuUHqDczgVGiD2IapC3PHo95lFVPxt P4IydAuduv+ktl/TYxE9TMI7B94DWiDsGTBM6riTHWMFBUthGYpO1nb33f+dLRwlNfRv 3cvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=tA1MCCJiWHYPdQaQFyu9xZO1UzAOPdG5yClULaeaSWg=; b=ky0I/PXyHRsHYd6rXrjwQdbaQLd7GJXZFcwKpmlq13udeAsFbTGx/OJ3tUOb2ze7vH JZGGfM9TEBZw6pyFtgfRhQi/uQeHV1ym4akNopYsrBFRZ2CK7unb8tq5jThLegau2eJO mmPv9w875y4g7taf4bVICGboa39Ud44X+pFReb78YS39skt7w3XsPaAkYwCWv+0cPDwK GepWSK1tnbpyC+Bz+NCqRe4zO0j67ILypezCoKTDvm4oxrp9WEh29/ISRQRudVL/jNxd 0Flgfj0BCH3qpSg/+fxLH905Lce8dxp31Gn7+DAystXZEzZcRbtqJHUYMO8DdGIeRbQh z0nQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=N50jYn6N; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id w69si98220ith.131.2018.01.31.08.55.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:55:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=N50jYn6N; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdo-00041k-MI; Wed, 31 Jan 2018 16:53:44 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdn-00041b-PQ for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:43 +0000 X-Inumbo-ID: 420d5c23-06a7-11e8-ba59-bc764e045a96 Received: from mail-wr0-x243.google.com (unknown [2a00:1450:400c:c0c::243]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 420d5c23-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:28 +0100 (CET) Received: by mail-wr0-x243.google.com with SMTP id h9so2738773wre.12 for ; Wed, 31 Jan 2018 08:53:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=vlZuztuqXFHwOF9vWd8kU2lGJYgXgGOt/WpDlhU7dPU=; b=N50jYn6NZrTNODs2ceRNyU7hzjUKeUFy6f4ZsQOhFA0IhFsTkG0gO0PpbY15hqdnKm r9yeGQHER9o5mre3no0pea2+W+AjhcSEg700PoLAHbqu0fu2YCgZlO42d6mg2bPLt5nT riyh9JYuWDRoraXApmPsKXshoTPmBEWoBx3uM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vlZuztuqXFHwOF9vWd8kU2lGJYgXgGOt/WpDlhU7dPU=; b=N3CxRrgT8I9omNiqY/9EMSQcfI8Xr9Z0Orh6Je0Op2nHjyxB4no4+Do/xb9PH3OfIz 7DSVqxQmUcKCvdjnS1Hl9kUHjsM2QalSHL2fgbu3yYyGLcIfXp9lftBs0+YR8MWsXTvr zwXmsK5HMmFTq6gWtgCV9SJ+lNMtvQYdasdFJyFL8WOFkODQkX9VfZD7S29QvG21gpDo Z8//gCzJJcGkXNMumfFVcWATWrxr5x2D3GdRyLQv/iHUqB0fxbPZAcECHsD2cxZtFIaO B0m0ZtClOD1L8hFlAUd6N1mvZVKoWbOuUs2Ez84+3+EBHWpxtBMv/wgTBfGUXUjI9oub DAJQ== X-Gm-Message-State: AKwxytd0xAjPDcyJipibXJ34ZnPqv2AcuMtazGPgCQTAa+18y2xunEL/ F1GFx/ff+uAT9OUWwz3PS8BeJnojZd4= X-Received: by 10.223.129.67 with SMTP id 61mr26473152wrm.271.1517417620962; Wed, 31 Jan 2018 08:53:40 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:40 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:29 +0000 Message-Id: <20180131165334.23175-3-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 2/7] xen/arm32: Add missing MIDR values for Cortex-A17 and A12 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall Cortex-A17 and A12 MIDR will be used in a follow-up patch for hardening the branch predictor. This is part of XSA-254. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Add Stefano's reviewed-by --- xen/include/asm-arm/processor.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 466da5da86..c0f79d0093 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -44,6 +44,8 @@ #define ARM_CPU_IMP_ARM 0x41 +#define ARM_CPU_PART_CORTEX_A12 0xC0D +#define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 #define ARM_CPU_PART_CORTEX_A57 0xD07 @@ -51,6 +53,8 @@ #define ARM_CPU_PART_CORTEX_A73 0xD09 #define ARM_CPU_PART_CORTEX_A75 0xD0A +#define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) +#define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) From patchwork Wed Jan 31 16:53:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126374 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906255ljc; Wed, 31 Jan 2018 08:56:17 -0800 (PST) X-Google-Smtp-Source: AH8x225qUVQy/dAmQ+B25qSgmKhTosr7h5P1RQRQh9tSQn7UJljWZKey9h0wFPaSsStRQ+SnRH6K X-Received: by 10.36.189.15 with SMTP id x15mr13776022ite.6.1517417777461; Wed, 31 Jan 2018 08:56:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417777; cv=none; d=google.com; s=arc-20160816; b=Ji4RaKNpIUaoY2Opbquc52NU0WwyEFK8/4R+ROoZgItIQ4cksAioAOAbhlf7NXkxpT srp4xI0o8C6OHQuJ1vc7PTQNxl2w65FDlzQZr2Vu+GvR1GCAIg1zq1E4+IWxj8xgzvIQ ODXXaaq/u0zUD5qvrOGwxWK0dbAVOLsrIsuRDcR2VWCIXQzYOtRSzq3SxifNbzDTMWY8 vr0AjmkZjt2mSWKX8YUhcxIpqd0A0mmDAbGmHoACJhtMxq840SZNXWwQ1mF2QTf+Kgcs sqdfWNT6lqsQaTu+k+HFhT7MIggWmidrWuugXgu0OCwkzu5rGsryWeBJZ9s82jpHgrFJ An4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=sPLSRkNjdIhFoSWCfk9OtqE8y9CiPg7VdUFmxoi6b3s=; b=myUP39bul5j4Zgpctl5LcQPnM/Keo8E3/xwCTI7n3IO0mF4IsQfjNYXwhDtC2pjpiF iM1ZqWjznb9Rih4A+HkT8ZDM+JSRnmgjKXXBSSnDqSb753UUrRKkAVhCXr4THdEIy6Rz jycR2Be9aQ6uWulekeswuLcKkiqX+Y3SafivkEvpaCJPsnwYUrsxznXPQPPsej6au7FG MNBv+Y8ganiCl3tY7uiu8022NZInFEH1/YFh7QDBcYl6UXJSkMCnpNIfzcRa6cV8/4tl /PZxY1vzbE+Mlb8AVsmocpiJvfCDilYHpvAqAAUu9GaRgwVG6guIDw6G+eIpBIxBkona lWJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=VHyQ/HB6; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id 16si91661itw.142.2018.01.31.08.56.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:56:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=VHyQ/HB6; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdq-00042Y-T6; Wed, 31 Jan 2018 16:53:46 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdp-00041y-4u for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:45 +0000 X-Inumbo-ID: 42c3e152-06a7-11e8-ba59-bc764e045a96 Received: from mail-wm0-x241.google.com (unknown [2a00:1450:400c:c09::241]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 42c3e152-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:29 +0100 (CET) Received: by mail-wm0-x241.google.com with SMTP id j21so9319365wmh.1 for ; Wed, 31 Jan 2018 08:53:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bh/6mSgwEGAYt2ZhvNGW17XpxXkL+MIvvqEdQRHyL0I=; b=VHyQ/HB6tBjEEpin/DL0C57nPqvYObMtoSMHuH7QX2UK2ChsZnCFVtFGbRUlzemEi5 ds3oGzoq/2PHbao8+BBXmAPp4I8MXu62NKHEMzDIfMJSszGUBlrmDhfj2F5Mjscad4ln 8b/ln0xlHA8680shXU103hdckPanIpNT4uLfs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bh/6mSgwEGAYt2ZhvNGW17XpxXkL+MIvvqEdQRHyL0I=; b=VpLSjWOlxv87rDitseZBBYjbDCPtyfzQ6V4TKKZOgtp2CjjDjCSLHEoGL/YPQxQrSQ /qED8TFR2eBxVj1j+NWkk7AqBPuqyuTTHqTmfaKUNwIjELw3uD+wN8rpND/4Zlf+vMPf 3tvr/oTtzLt8ztlToVOoaHzneoEMws2JEsEe7DuV1UUaqa6eNM9w4l4BQoVTcFnXXFe/ viPg5qSU/IZM3AFszG330OGf2sm5nv7jZFMLeMn2Fyk8hzmwjeRxaTjnUXE/cybmWPG5 mw/aJWHurhi3oH6usd8kTs6mWHMbGRT2DKKVcizCxeZl3HIFOSJj9V93Ojozy2uFP1Xt o1wA== X-Gm-Message-State: AKwxytcTteA2a9qyeE7DxJKrqjpZtBZf8VE0BwYpSVerkeGCD9YPO5PT TB1QIKsfwttd13+aDxrkUBwb7a6h6JQ= X-Received: by 10.28.139.66 with SMTP id n63mr24506911wmd.101.1517417622111; Wed, 31 Jan 2018 08:53:42 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:41 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:30 +0000 Message-Id: <20180131165334.23175-4-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 3/7] xen/arm32: entry: Add missing trap_reset entry X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0, r0). This is rather unintuitive and will result to execute the trap undefined. Instead introduce trap helpers for reset and will generate an error message in the unlikely case that reset will be called. This is part of XSA-254. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Replace .word 0 by trap_reset --- xen/arch/arm/arm32/entry.S | 3 ++- xen/arch/arm/arm32/traps.c | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index c6490d2847..64876c1184 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -137,7 +137,7 @@ trap_##trap: \ .align 5 GLOBAL(hyp_traps_vector) - .word 0 /* 0x00 - Reset */ + b trap_reset /* 0x00 - Reset */ b trap_undefined_instruction /* 0x04 - Undefined Instruction */ b trap_hypervisor_call /* 0x08 - Hypervisor Call */ b trap_prefetch_abort /* 0x0c - Prefetch Abort */ @@ -146,6 +146,7 @@ GLOBAL(hyp_traps_vector) b trap_irq /* 0x18 - IRQ */ b trap_fiq /* 0x1c - FIQ */ +DEFINE_TRAP_ENTRY(reset) DEFINE_TRAP_ENTRY(undefined_instruction) DEFINE_TRAP_ENTRY(hypervisor_call) DEFINE_TRAP_ENTRY(prefetch_abort) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 705255883e..4f27543dec 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -23,6 +23,11 @@ #include +void do_trap_reset(struct cpu_user_regs *regs) +{ + do_unexpected_trap("Reset", regs); +} + void do_trap_undefined_instruction(struct cpu_user_regs *regs) { uint32_t pc = regs->pc; From patchwork Wed Jan 31 16:53:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126373 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906127ljc; Wed, 31 Jan 2018 08:56:05 -0800 (PST) X-Google-Smtp-Source: AH8x226gsYn46g3d2gU0zpwZcvzKvDI5CfUOuK+nXNPYaEHK4tDR+MuhqgZ1wmeSIIMMde+/Rsnd X-Received: by 10.36.142.7 with SMTP id h7mr17936766ite.14.1517417765582; Wed, 31 Jan 2018 08:56:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417765; cv=none; d=google.com; s=arc-20160816; b=eJAzsW0imQel+y+CpHqzzkFwtYFziONwyuLm04VWD12q7S05FqKfn7moUmN+9ZCuN9 kz7Bx3NfRSY6CQo4HUr/vGLp85WanqBMJ1U4oYCcYLPB4vCeqIkvwqhTUOBL50bV6imd SiDgZXPgnrwcB8O63mJhwV9aVOPBqMyGxc+Ds5KBnJpR2viJ2GXh65Vqr/SEb/0pMYKo ryjUoOWVZitsLTz9kS9e+ViK+XB7+cjl5BcRRVopknJfI1eh7u2d5FSGO0QsK+n4zpZd k5lIngoBvc+4bzBobzC+JDUGfOy+/86o4jd6MZETKOGQ++ze1XP/Fr/HOAQ1BCg8mdEG MAKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=JjUN8zz5ih2/MCEUQfIvB3eidrWdjtcb0wOBkp62zWY=; b=D5Mxy3CxDMxVFEQgKZccRhmY7MlmZNDvSxWszjCt7A4T+aCTGWtXxabLtl6QxeYEYF tocjsTCn2YkKtgIdskvxU++SFvw6MCIOS0NQdLKGWcZYe05VrUGhemgu52tVvRPi+mRQ tEh3fUBu6+QsFIVtOSZDQ9J9jDyM3r1JFte2bvvHzT8qlFmMyNm9pnensAb+QKChhs7C e0gGJWSFlkm7kQRgl/5Z8cHN9Lh8d76Vjli9BIvsN8X7izw8uKvftfF6WiqM98CMvAbH ymMTZUjUqdyQ3K+D5FkNQPXo8ALlJ3VoFAwae/AXIUYk01cl5nsOYlpOCA9gbghOrQev grUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=RI5pZJgi; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id o130si110500ith.68.2018.01.31.08.56.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:56:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=RI5pZJgi; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdr-00042q-3p; Wed, 31 Jan 2018 16:53:47 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdp-000427-EN for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:45 +0000 X-Inumbo-ID: 435a8ef1-06a7-11e8-ba59-bc764e045a96 Received: from mail-wm0-x243.google.com (unknown [2a00:1450:400c:c09::243]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 435a8ef1-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:30 +0100 (CET) Received: by mail-wm0-x243.google.com with SMTP id v123so307773wmd.5 for ; Wed, 31 Jan 2018 08:53:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Cub161RLdKHZHHDZ93E4AXR8p3rYsl29M8+ULXfv41M=; b=RI5pZJgiJ8IAZXzvV5YHN8vChGcaSsHYmjf78ZKJUCdQF6ZhOmE1wJS6PaH6Fd28Nd U+wy22/eSoLmMF++C26bsp7h/WEZaHD0sUv64IKKJNDthnaLiMeL2fft6T5ScEBwReYx KTk1XeJGOQZkMlG4tHEb/JrN07KR1tDrr90yo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Cub161RLdKHZHHDZ93E4AXR8p3rYsl29M8+ULXfv41M=; b=XurgJ+H60Jkj17nOlKgUo3ONTDRzv7nUoiQ0lnmY0BuIVmsUR7R3PHKMg+gpId7TBF OE1BVkxvaDlB9TYl/CVrf/laHt6DI1jGrhyU/vGISBfFiEzHs7F7Vawy0nfcY2L5wH9p F4dhspIXu2nnQlZ5DY6teq+boirVaLQKio8IovYSQybzILbBuxbrCTlJmNFxGpjSRZrU t5q8j4WvldNOB1N+v2Q5g+PTCsDjuuGZ42HMELxYn6a+Rr+fWJhYlhXdFXHJhZut3SqE oJINIHxBROlO2aMdeDTBNlCdR+UFbHq44+5sjmSwLkVf4iyP0+AWQjmFb+j9qI9vSTxa FUSw== X-Gm-Message-State: AKwxyteuZu4TEdTORsPrnJBfmRqc0lLIGFCVD1RfvTKI1dD7UgksKmAm DYc2rjiUssfMDlsfCvQg63+XnnBDrdk= X-Received: by 10.28.53.138 with SMTP id c132mr22242818wma.108.1517417622988; Wed, 31 Jan 2018 08:53:42 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:42 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:31 +0000 Message-Id: <20180131165334.23175-5-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 4/7] xen/arm32: Add skeleton to harden branch predictor aliasing attacks X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall Aliasing attacked against CPU branch predictors can allow an attacker to redirect speculative control flow on some CPUs and potentially divulge information from one context to another. This patch adds initiatial skeleton code behind a new Kconfig option to enable implementation-specific mitigations against these attacks for CPUs that are affected. Most of mitigations will have to be applied when entering to the hypervisor from the guest context. Because the attack is against branch predictor, it is not possible to safely use branch instruction before the mitigation is applied. Therefore this has to be done in the vector entry before jump to the helper handling a given exception. However, on arm32, each vector contain a single instruction. This means that the hardened vector tables may rely on the state of registers that does not hold when in the hypervisor (e.g SP is 8 bytes aligned). Therefore hypervisor code running with guest vectors table should be minimized and always have IRQs and SErrors masked to reduce the risk to use them. This patch provides an infrastructure to switch vector tables before entering to the guest and when leaving it. Note that alternative could have been used, but older Xen (4.8 or earlier) doesn't have support. So avoid using alternative to ease backporting. This is part of XSA-254. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Clarify the commit message --- xen/arch/arm/Kconfig | 3 +++ xen/arch/arm/arm32/entry.S | 41 ++++++++++++++++++++++++++++++++++++++++- xen/arch/arm/cpuerrata.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index 06fd85cc77..2782ee6589 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -191,6 +191,9 @@ config HARDEN_BRANCH_PREDICTOR config ARM64_HARDEN_BRANCH_PREDICTOR def_bool y if ARM_64 && HARDEN_BRANCH_PREDICTOR +config ARM32_HARDEN_BRANCH_PREDICTOR + def_bool y if ARM_32 && HARDEN_BRANCH_PREDICTOR + source "common/Kconfig" source "drivers/Kconfig" diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index 64876c1184..828e52c25c 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -34,6 +34,20 @@ blne save_guest_regs save_guest_regs: +#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR + /* + * Restore vectors table to the default as it may have been + * changed when returning to the guest (see + * return_to_hypervisor). We need to do that early (e.g before + * any interrupts are unmasked) because hardened vectors requires + * SP to be 8 bytes aligned. This does not hold when running in + * the hypervisor. + */ + ldr r1, =hyp_traps_vector + mcr p15, 4, r1, c12, c0, 0 + isb +#endif + ldr r11, =0xffffffff /* Clobber SP which is only valid for hypervisor frames. */ str r11, [sp, #UREGS_sp] SAVE_ONE_BANKED(SP_usr) @@ -179,12 +193,37 @@ return_to_guest: RESTORE_ONE_BANKED(R11_fiq); RESTORE_ONE_BANKED(R12_fiq); /* Fall thru */ return_to_hypervisor: - cpsid i + cpsid ai ldr lr, [sp, #UREGS_lr] ldr r11, [sp, #UREGS_pc] msr ELR_hyp, r11 ldr r11, [sp, #UREGS_cpsr] msr SPSR_hyp, r11 +#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR + /* + * Hardening branch predictor may require to setup a different + * vector tables before returning to the guests. Those vectors + * may rely on the state of registers that does not hold when + * running in the hypervisor (e.g SP is 8 bytes aligned). So setup + * HVBAR very late. + * + * Default vectors table will be restored on exit (see + * save_guest_regs). + */ + mov r9, #0 /* vector tables = NULL */ + /* + * Load vector tables pointer from the per-cpu bp_harden_vecs + * when returning to the guest only. + */ + and r11, #PSR_MODE_MASK + cmp r11, #PSR_MODE_HYP + ldrne r11, =per_cpu__bp_harden_vecs + mrcne p15, 4, r10, c13, c0, 2 /* r10 = per-cpu offset (HTPIDR) */ + addne r11, r11, r10 /* r11 = offset of the vector tables */ + ldrne r9, [r11] /* r9 = vector tables */ + cmp r9, #0 /* Only update HVBAR when the vector */ + mcrne p15, 4, r9, c12, c0, 0 /* tables is not NULL. */ +#endif pop {r0-r12} add sp, #(UREGS_SP_usr - UREGS_sp); /* SP, LR, SPSR, PC */ clrex diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index f1ea7f3c5b..0a138fa735 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -170,6 +170,36 @@ static int enable_psci_bp_hardening(void *data) #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ +/* Hardening Branch predictor code for Arm32 */ +#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR + +/* + * Per-CPU vector tables to use when returning to the guests. They will + * only be used on platform requiring to harden the branch predictor. + */ +DEFINE_PER_CPU_READ_MOSTLY(const char *, bp_harden_vecs); + +extern char hyp_traps_vector_bp_inv[]; + +static void __maybe_unused +install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry, + const char *hyp_vecs, const char *desc) +{ + /* + * Enable callbacks are called on every CPU based on the + * capabilities. So double-check whether the CPU matches the + * entry. + */ + if ( !entry->matches(entry) ) + return; + + printk(XENLOG_INFO "CPU%u will %s on guest exit\n", + smp_processor_id(), desc); + this_cpu(bp_harden_vecs) = hyp_vecs; +} + +#endif + #define MIDR_RANGE(model, min, max) \ .matches = is_affected_midr_range, \ .midr_model = model, \ From patchwork Wed Jan 31 16:53:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126367 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906029ljc; Wed, 31 Jan 2018 08:55:58 -0800 (PST) X-Google-Smtp-Source: AH8x2249IvO0rVqLUpcCcDDmq1FbonycGZItF+Md4CZMEREIIrNb36tmnBEoglzKcEGXK+vej3cD X-Received: by 10.107.142.147 with SMTP id q141mr33566062iod.15.1517417758692; Wed, 31 Jan 2018 08:55:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417758; cv=none; d=google.com; s=arc-20160816; b=erTmtcPEp4aFEj4thp2XrNEvOPSA0cD4iOoZL9bZmJZnAcZGrVr/srWE54FsOz8j18 MQU/bFtHQHxg5RNiAXz4sghiIosjsHl6nTVFe70hxozEKHRfikcO7bPe+y4J/u2ojCSf ND9WN6scXthNTU7CulBl5eNJ/H4VU0uQ9iQ+U240ZuQn7zMoqhWS5OwuBXd9fWnaHhB0 kRvykkfiulvgoW6fzH+jif6lP8tnQpi//ogJOrQnNWVTxzjcni/dsj2dN85KJS3/uMqz tlYuZMsmEUuCFBK7OYr6ZXvTJV9ASfXPqNm42Yu6dQCmd7ucO63DAI69EnpyEXrXZTUc PkRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=/oArc4DdpIidO10Tdt23ElagAKlB1hsOGNzW9F3sEiA=; b=vNwL8kR7Dmp+u2AYzgzUEsFP7uOpEHQCsLY4d0LUxDp6GxjVyURR1POc2yFsvdjFBy 7X4mZm0A/YWSQc07sTeYqzbu4j0jCLdqI/ExVpF6dPP4YSxRIA2Cn5JgrXhkE2kogW0J apR+3Kku8sDFXyQan0rt2d1qEFuN+zpcNzGrH2OTZRK0/6vJKdd5ldbLOpZcvAfEMPNS bqRDmC6nYqaWKEFKTq2IsjYMXkHB8xptzFR9j+ynDkwFJvWbAqIfrkmdtKXOO2UPpUcK IZEwiRp6MHtO+12c2oFj8HnbpIliLDIHMMFYO4f4R5gvRhHdWnfbZhDiZyHV4hhObuL4 CJ8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bkgMHhEA; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id t1si93360itg.140.2018.01.31.08.55.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:55:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=bkgMHhEA; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdr-000437-Ak; Wed, 31 Jan 2018 16:53:47 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdq-00042Q-NV for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:46 +0000 X-Inumbo-ID: 43d74af6-06a7-11e8-ba59-bc764e045a96 Received: from mail-wm0-x242.google.com (unknown [2a00:1450:400c:c09::242]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 43d74af6-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:31 +0100 (CET) Received: by mail-wm0-x242.google.com with SMTP id r71so401381wmd.1 for ; Wed, 31 Jan 2018 08:53:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SRRi4MYELI0at24H5HCmENu0qnc/LikNUcYduXU3NMs=; b=bkgMHhEAA98ehfH/aH5vI0GQi//E6eCf70d8AgIDlgAmr5APfr00r8LFReHWILpG77 PPTBuT8CqZOHj5nwZmkAmH7QNciGjRQ0EC9tFGLzVrFV1PWeFuf14nJ7+GokWVErantW KDB924aHfNswwNP4KhGEAF5BMlF3RlVyETfL8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SRRi4MYELI0at24H5HCmENu0qnc/LikNUcYduXU3NMs=; b=jhCV8tVpH2q03g5gSYHB001uziug372jV+w40O+YagIGqrjXVlRf+mdrYXIVW6ScLl TEXZkf5nbP0pbgpMHxN5fwclBJFD9R5E2lW9of0e0EbMDoVoc8bj9B04f3ykzv0QiSDv EttiaB8ir+oGcbhQ5p5SnXCZjdQOVNXSAKJFoKSV2EtkZI2rytpbXliMv0pzZNVb4i9S V6YxEaxZ9IozTJSfwJM0ROxMN2yzzNKEwTqHL7BIzTlPtgoXKl9KVt8FI5e/TAEVQzCR JquuSZA5QFFVTPYkdXU4ycwGB9qX3OWGN5Csu/rRSu4QW+1CtAr04dHMQJ9hbisMhONW sCtg== X-Gm-Message-State: AKwxytfK1+aGfZPp4mgmZdLYTTAUcwQ7kFZknloyYu9pvFxHOzqaXvXM 2tYvnIM0alYHeUnnYFtaaYIGKRQbQD0= X-Received: by 10.28.225.133 with SMTP id y127mr22664753wmg.55.1517417623884; Wed, 31 Jan 2018 08:53:43 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:43 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:32 +0000 Message-Id: <20180131165334.23175-6-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: Marc Zyngier , sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 5/7] xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall In order to avoid aliasing attackes agains the branch predictor, let's invalidate the BTB on guest exist. This is made complicated by the fact that we cannot take a branch invalidating the BTB. This is based on the first version posrted by Marc Zyngier on Linux-arm mailing list (see [1]). This is part of XSA-254. Signed-off-by: Marc Zyngier Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini [1] https://www.spinics.net/lists/arm-kernel/msg627032.html --- Changes in v2: - Add Stefano's reviewed-by --- xen/arch/arm/arm32/entry.S | 55 ++++++++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/cpuerrata.c | 19 ++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index 828e52c25c..a295f3ad67 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -160,6 +160,61 @@ GLOBAL(hyp_traps_vector) b trap_irq /* 0x18 - IRQ */ b trap_fiq /* 0x1c - FIQ */ + .align 5 +GLOBAL(hyp_traps_vector_bp_inv) + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + add sp, sp, #1 /* Reset 7 */ + add sp, sp, #1 /* Undef 6 */ + add sp, sp, #1 /* Hypervisor Call 5 */ + add sp, sp, #1 /* Prefetch abort 4 */ + add sp, sp, #1 /* Data abort 3 */ + add sp, sp, #1 /* Hypervisor 2 */ + add sp, sp, #1 /* IRQ 1 */ + nop /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ + isb + + /* + * As we cannot use any temporary registers and cannot + * clobber SP, we can decode the exception entry using + * an unrolled binary search. + */ + tst sp, #4 + bne 1f + + tst sp, #2 + bne 3f + + tst sp, #1 + bic sp, sp, #0x7 + bne trap_irq + b trap_fiq + +1: + tst sp, #2 + bne 2f + + tst sp, #1 + bic sp, sp, #0x7 + bne trap_hypervisor_call + b trap_prefetch_abort + +2: + tst sp, #1 + bic sp, sp, #0x7 + bne trap_reset + b trap_undefined_instruction + +3: + tst sp, #1 + bic sp, sp, #0x7 + bne trap_data_abort + b trap_guest_sync + DEFINE_TRAP_ENTRY(reset) DEFINE_TRAP_ENTRY(undefined_instruction) DEFINE_TRAP_ENTRY(hypervisor_call) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 0a138fa735..c79e6d65d3 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -198,6 +198,13 @@ install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry, this_cpu(bp_harden_vecs) = hyp_vecs; } +static int enable_bp_inv_hardening(void *data) +{ + install_bp_hardening_vecs(data, hyp_traps_vector_bp_inv, + "execute BPIALL"); + return 0; +} + #endif #define MIDR_RANGE(model, min, max) \ @@ -284,6 +291,18 @@ static const struct arm_cpu_capabilities arm_errata[] = { .enable = enable_psci_bp_hardening, }, #endif +#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR + { + .capability = ARM_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A12), + .enable = enable_bp_inv_hardening, + }, + { + .capability = ARM_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A17), + .enable = enable_bp_inv_hardening, + }, +#endif {}, }; From patchwork Wed Jan 31 16:53:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126370 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906076ljc; Wed, 31 Jan 2018 08:56:02 -0800 (PST) X-Google-Smtp-Source: AH8x226BUePIcyW0VuZoVklI0AbSGQotLrnihzXsY741VRNHcMeDLUZNOrH7Bln4CYxH9lH/F2pb X-Received: by 10.36.19.5 with SMTP id 5mr36690962itz.38.1517417762193; Wed, 31 Jan 2018 08:56:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417762; cv=none; d=google.com; s=arc-20160816; b=eLH8iuzFJ7ZHM/7UmOvIRz8HGN65KuoHD4cAtTAB904ItZIbZkLSi1d9Wd5r0g2re4 VKJffPwmkfXTkTuJ1zkwWw/bLWAqPc23naHKw9a5IVd3mTQQXJFTWIOJ4dhTKqi/KB7P DGRgp88ZOBhNeluEk+hXu3QA9bYxBN5dcPze1VBUSFlzr2n+yeCdPt7btD6R/vYG5BG5 zqLwv9QZOX7+IRKXhUEG8RJi1px/dZ5difwI9gzrw0y2NwMmKi9SjOOL9ox956MVy7tw 8t3HmOzXNmPVeWTOtE3lHxJCI/k++OSW3Qiwe7quUiu56wTBasXkCu3f86wOumS4DYav n7vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=W4BruILfgicHeUjSLsH+c6hnWTwYkt42shzGUth9dtY=; b=oPsqtumVpwDUB8zMf/Q1AubsQCZPlyQ9C+Uvq/HpUi0mgailbkrVXGVcE24bZ8aFt5 gnGEOffdpt8oHqrczbxrm8R22TeRQ84m2sTFGkrDFOcfRAw0xq83gomKrMBQ9WOWaKhf GcDPH6PYVI7tOGAcoHXgxjOBntJ0GetQD7uSGRaEaKrs2+qe88D41vt7nzlU7Tc4LwJI 47lxUtwGDSbmwCuBwBUzSVsbYc/4R86VV2UixTfGPiiuXvOqG3sEwKHs/QRDS/H64EkM XCccEHM2wGOZedNi50XfoBK+5FWU5BV2L85Fla3THkYzO3QbJ/xNHx2sb0+kzmmW6YUJ QfAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=BJLBuXzA; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id d193si4270830iog.44.2018.01.31.08.56.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:56:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=BJLBuXzA; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdr-00043O-IL; Wed, 31 Jan 2018 16:53:47 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdq-00042X-Um for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:46 +0000 X-Inumbo-ID: 4460a1b4-06a7-11e8-ba59-bc764e045a96 Received: from mail-wm0-x244.google.com (unknown [2a00:1450:400c:c09::244]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 4460a1b4-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:31 +0100 (CET) Received: by mail-wm0-x244.google.com with SMTP id 141so333486wme.3 for ; Wed, 31 Jan 2018 08:53:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lrTWqKEW6gP537ohAywj+4yXa6QFJXwL9vsnOYS1skM=; b=BJLBuXzArzdt2XMLQZqk0OgPE8tAN1eo0BQIb0Re/nSYDL5Wkvea4X4JusrrpYVcxT VcUcMCj0m+InE4MmH4qKtwluJ5mVCMNq9783QTiQ4uW24Jnq23w3I6VvFFgP8+WhShoy abORy6nONhLO2IYD52AFsS0PuEkBCiLRupRK4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lrTWqKEW6gP537ohAywj+4yXa6QFJXwL9vsnOYS1skM=; b=hk5WWNgztdUdDg4aN4AKr6fzIMFIOgUJkpD4ijOBRqmw9Q8zQTLUOUz5xaw1J0K1of oVChka+M9VZNdwwiouzv92RIx/9DDEX0Q7G7Vde0OAE3IVDFO/+pME5iiNLRlvz/HC+6 /iRly50A2LOKOlVfYJW7tPUgRZ6FQ6lerHOqBem8wQIxHHoZVdkyiHSmOO1Oj1Ikjb1v zklcItPcckHvFxzfI0peVaZjpfgap6zQGxqvAhEO7QHQCQTobKsAIfFL4/cXSqDomEtM ZTyacwBX3czC9O+oGo1uirGwmaYuFQfUt3jqm2sIJ94U8t+1g/8cFUrSl/B7lNAE7RC3 KJHQ== X-Gm-Message-State: AKwxytep8AMwR/7tecBDekByLcJr5RdpH+j8C/YWPBEI9kOR9R0MEwDu rfWpFEzhYXUoEdQP3AH93yUqRp6+y1s= X-Received: by 10.28.4.206 with SMTP id 197mr22491745wme.42.1517417624798; Wed, 31 Jan 2018 08:53:44 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:44 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:33 +0000 Message-Id: <20180131165334.23175-7-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: Marc Zyngier , sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 6/7] xen/arm32: Invalidate icache on guest exist for Cortex-A15 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall In order to avoid aliasing attacks against the branch predictor on Cortex A-15, let's invalidate the BTB on guest exit, which can only be done by invalidating the icache (with ACTLR[0] being set). We use the same hack as for A12/A17 to perform the vector decoding. This is based on Linux patch from the kpti branch in [1]. [1] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git Signed-off-by: Marc Zyngier Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Add Stefano's reviewed-by --- xen/arch/arm/arm32/entry.S | 21 +++++++++++++++++++++ xen/arch/arm/cpuerrata.c | 13 +++++++++++++ 2 files changed, 34 insertions(+) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index a295f3ad67..837f64d20d 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -161,6 +161,26 @@ GLOBAL(hyp_traps_vector) b trap_fiq /* 0x1c - FIQ */ .align 5 +GLOBAL(hyp_traps_vector_ic_inv) + /* + * We encode the exception entry in the bottom 3 bits of + * SP, and we have to guarantee to be 8 bytes aligned. + */ + add sp, sp, #1 /* Reset 7 */ + add sp, sp, #1 /* Undef 6 */ + add sp, sp, #1 /* Hypervisor call 5 */ + add sp, sp, #1 /* Prefetch abort 4 */ + add sp, sp, #1 /* Data abort 3 */ + add sp, sp, #1 /* Hypervisor 2 */ + add sp, sp, #1 /* IRQ 1 */ + nop /* FIQ 0 */ + + mcr p15, 0, r0, c7, c5, 0 /* ICIALLU */ + isb + + b decode_vectors + + .align 5 GLOBAL(hyp_traps_vector_bp_inv) /* * We encode the exception entry in the bottom 3 bits of @@ -178,6 +198,7 @@ GLOBAL(hyp_traps_vector_bp_inv) mcr p15, 0, r0, c7, c5, 6 /* BPIALL */ isb +decode_vectors: /* * As we cannot use any temporary registers and cannot * clobber SP, we can decode the exception entry using diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index c79e6d65d3..9c7458ef06 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -180,6 +180,7 @@ static int enable_psci_bp_hardening(void *data) DEFINE_PER_CPU_READ_MOSTLY(const char *, bp_harden_vecs); extern char hyp_traps_vector_bp_inv[]; +extern char hyp_traps_vector_ic_inv[]; static void __maybe_unused install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry, @@ -205,6 +206,13 @@ static int enable_bp_inv_hardening(void *data) return 0; } +static int enable_ic_inv_hardening(void *data) +{ + install_bp_hardening_vecs(data, hyp_traps_vector_ic_inv, + "execute ICIALLU"); + return 0; +} + #endif #define MIDR_RANGE(model, min, max) \ @@ -302,6 +310,11 @@ static const struct arm_cpu_capabilities arm_errata[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_A17), .enable = enable_bp_inv_hardening, }, + { + .capability = ARM_HARDEN_BRANCH_PREDICTOR, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A15), + .enable = enable_ic_inv_hardening, + }, #endif {}, }; From patchwork Wed Jan 31 16:53:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 126371 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp906102ljc; Wed, 31 Jan 2018 08:56:04 -0800 (PST) X-Google-Smtp-Source: AH8x226V6mvEBu0hXq9VAkTPuNdcrLJacfG7JCUmih56H8LlJIujcGZbyGFrdLZEK0jODeelqK3+ X-Received: by 10.36.78.136 with SMTP id r130mr3116516ita.7.1517417764540; Wed, 31 Jan 2018 08:56:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517417764; cv=none; d=google.com; s=arc-20160816; b=KjHgKy4ixt0W5gNE3MOO+X6yMD1Nv1BK1eyB6YnmaeLrPBj+ic/6LZpnPPlaV+C4Pz UjEr7lvDFpcIrDRDWVsj/DxYzddlouPhgG91z+IHru7MCEyrQwG0VnhEeAhVRHvQF5gt ujkVqodj0BiZRvwi6cUQijb4GM51fwwb5lnFREDY6VCGPO5yQ3vDvMpBThwQbfKlss88 GJ1g9cYuiXNY+rNJTd+ru9lg8hYSVzDc84rHx7XdxBOXTytqtM4WgszkZvsu2IYu1IOh 8n8z1/0hJonUwE5TJOLSwxMTDT3YERGHCcJF2V/X9tcrx4OLYlo+2KpWo2ImxxDf/Yyr NoxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:references:in-reply-to:message-id:date:to :from:dkim-signature:arc-authentication-results; bh=Kse+5rNi/0YQl1iMfGG93CQckULyjkJpve0QDGOpv4Q=; b=bf/HT/pkBhHyT1aU6JaK0KBkZUlzWRAf8P3/ZY9Fc/hBhayn13zmngJLtNHheKH1j4 0/5/qrs7ydcYHp6Ab181MolfDk51XkciLUE6UrxBNvTHOshiMW9o+nV0BUVms4EEYmKm QKlGvcug+eaWM+HLpBOVcDCOS2njCXBPYu/rwbAQWwLZoTyEp19/DhTN3kfo8xvVNU14 aEEJwlMVzP+XpyaGr6hIksaBqP/ekt0upCz4oIfwfpzxkCCtSKhFhgbbeQB1+Ajk3vj8 taFg/n5TLHcrCihYaqStw2utavz1FHT8VurYv3KxDpU+5aWGSEnZjWnGkUSfsiWQn8yM PdQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hytLztMP; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id o133si93037itd.110.2018.01.31.08.56.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:56:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hytLztMP; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvdt-00046G-St; Wed, 31 Jan 2018 16:53:49 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egvds-00043x-9i for xen-devel@lists.xen.org; Wed, 31 Jan 2018 16:53:48 +0000 X-Inumbo-ID: 45084269-06a7-11e8-ba59-bc764e045a96 Received: from mail-wm0-x242.google.com (unknown [2a00:1450:400c:c09::242]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 45084269-06a7-11e8-ba59-bc764e045a96; Wed, 31 Jan 2018 17:53:33 +0100 (CET) Received: by mail-wm0-x242.google.com with SMTP id r78so373416wme.0 for ; Wed, 31 Jan 2018 08:53:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KoqbpoQQBCRj75zpMkQ4+B8W9gHe3Bk3kL/qOXtYd04=; b=hytLztMPwD8Cc39fzudtRPZdo6hhH8cSWEa/QANi+wkfm8nbCJD755nGZ9YagoKle3 3Pl3r880Gi7hr2aa3FXTO4v280z4/AcsA/qpNfe/FJ51A5leZ1A5Qu4h0fBJyM/uXeHQ 51WhDbw2tZsbwCC0IZ5zh/0jQ0rC1jgo+TyZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KoqbpoQQBCRj75zpMkQ4+B8W9gHe3Bk3kL/qOXtYd04=; b=dI3maeLdiAbZVeU8AEfi3A+5moBT/41hUvRh+Uu8cphl0VAGBOtS+QJ+GpM6K7wUOA 3nRc8i8AWulMB4RV1omRxn/6NO1hXD2mzOW8rHXdLpupFcvmqFKwdotjBlqjJjmp/HLn Mpo4ZDFJOBaB05wRHM/WTf8hHuRn69zNSJgDWE4CrY+WdVcA2hGqiHLEQwVZEUNBBO5h tw+yQUNLQyozIoWBICfXRyQPuqTiqCSvx93GC4FSIm/htDCnAwskZEYdPI3MsEdeKR7p UgSlQCJ6DyHryGSNUtgvKSl8d5TBioh8ucMituxYAJ7zYR0o1x30Q/VExZIaonHvQjLc odBA== X-Gm-Message-State: AKwxyteW9Fy6ON5qE/qBgogiUonpnFP+weAczESyAYx5JUDZLCkG3YJR qpG8cUfa+RuG0SUTIFBVVtCjeXKC8+k= X-Received: by 10.28.217.213 with SMTP id q204mr18271455wmg.154.1517417625950; Wed, 31 Jan 2018 08:53:45 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id h194sm223745wma.8.2018.01.31.08.53.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2018 08:53:45 -0800 (PST) From: Julien Grall X-Google-Original-From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 31 Jan 2018 16:53:34 +0000 Message-Id: <20180131165334.23175-8-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180131165334.23175-1-julien.grall@arm.com> References: <20180131165334.23175-1-julien.grall@arm.com> Cc: sstabellini@kernel.org, Julien Grall , andre.przywara@linaro.org Subject: [Xen-devel] [PATCH v2 7/7] xen/arm32: entry: Document the purpose of r11 in the traps handler X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Julien Grall It took me a bit of time to understand why __DEFINE_TRAP_ENTRY is storing the original stack pointer in r11. It is working in pair with return_traps_entry where sp will be restored from r11. This is fine because per the AAPCS r11 must be preserved by the subroutine. So in return_from_trap, r11 will still contain the original stack pointer. Add some documentation in the code to point the 2 sides to each other. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Add Stefano's reviewed-by --- xen/arch/arm/arm32/entry.S | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S index 837f64d20d..9f68da0b98 100644 --- a/xen/arch/arm/arm32/entry.S +++ b/xen/arch/arm/arm32/entry.S @@ -136,6 +136,10 @@ trap_##trap: \ cpsie iflags; \ adr lr, return_from_trap; \ mov r0, sp; \ + /* \ + * Save the stack pointer in r11. It will be restored after the \ + * trap has been handled (see return_from_trap). \ + */ \ mov r11, sp; \ bic sp, #7; /* Align the stack pointer (noop on guest trap) */ \ b do_trap_##trap @@ -246,6 +250,10 @@ DEFINE_TRAP_ENTRY_NOIRQ(fiq) DEFINE_TRAP_ENTRY_NOABORT(data_abort) return_from_trap: + /* + * Restore the stack pointer from r11. It was saved on exception + * entry (see __DEFINE_TRAP_ENTRY). + */ mov sp, r11 ENTRY(return_to_new_vcpu32) ldr r11, [sp, #UREGS_cpsr]