From patchwork Wed Feb 14 14:17:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 128351 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp659491ljc; Wed, 14 Feb 2018 06:20:47 -0800 (PST) X-Google-Smtp-Source: AH8x224QrD42Wn/drKlCvm7J/97Dmwqu0Irgky5wW+4DqguePoANufCYGe6/OdI5d1xh+RwZb27q X-Received: by 10.107.103.4 with SMTP id b4mr5441689ioc.302.1518618047236; Wed, 14 Feb 2018 06:20:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518618047; cv=none; d=google.com; s=arc-20160816; b=DyY6WKksSyZtq0vJf0bDC39zblrSj1fJmJ5kxKtU2OP1r97THY71fXZ/GUOWZL+jJS gP7RKVeUxcLy4sRsdPmEpSTXgjCm0oaAU+3+U9Cvq3Tbu1VNSBY4+YaIXvFdHmSGs5tq IjUVo5DXuc1Nqf+7lwwgBOckIx5UBUH3spfmVhtbtuSrL//DRHv51W2r+Y8N+DmFOrDG mpWqsAUzooWdZy8nLAZpfJXwKTOd3tj5OlbnU83Ixs6xydWpFkss1h6h75KkXLpCL6RN O1cB/0WMM0vrBirvpdDcpOaqKGVLUnEBG3nSxAZOQRKqfLeMT9q4jOYoXvGkjQ24xhtE JgxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:message-id:date:to:from :arc-authentication-results; bh=qJpJ6HSB4i6KiK5kkodptl0GPdyNoMykWYA5TMZguwg=; b=FXVtYRZUZU1fpB4Hdzdnyt07Sz+I7dzaX2nlMFFUgNUiw8xIFXywa3N+p8leZI2gsB Ux4ehWYpyVvlYqBCAXSODhY8Ks7wbHGhY9LWXwyonIInwHg5gyIDXNllBXEXr91IGSoe 90fgg9/T1Qa699Pi8s2BdgrnsAkULO79b+EZEXcoKO7zoRjUcc6eJKQFQJ48Yrzcy3R/ c2wgQXd++XRY0QtPivm9jNhNVZ7QHicHRI7+LBp8Dj1DqS8I25GL192fJc7JkzF0dAJK ea1nhJzkNXPNs43f1v5yGr0nmHw/0/JxxGr67d9AeJ5U9IdmAVErowah9BMSNada5xQq LcVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id a3si2615856iog.43.2018.02.14.06.20.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Feb 2018 06:20:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1elxt0-0002fr-62; Wed, 14 Feb 2018 14:18:14 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1elxsy-0002ff-QZ for xen-devel@lists.xen.org; Wed, 14 Feb 2018 14:18:12 +0000 X-Inumbo-ID: ccfaf594-1191-11e8-ba59-bc764e045a96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTP id ccfaf594-1191-11e8-ba59-bc764e045a96; Wed, 14 Feb 2018 15:17:34 +0100 (CET) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A5DFB80D; Wed, 14 Feb 2018 06:18:09 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B49D43F41F; Wed, 14 Feb 2018 06:18:07 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Wed, 14 Feb 2018 14:17:59 +0000 Message-Id: <20180214141759.7573-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 Cc: sstabellini@kernel.org, wei.liu2@citrix.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, andre.przywara@linaro.org, tim@xen.org, Julien Grall , jbeulich@suse.com Subject: [Xen-devel] [PATCH v2] xen/arm: Park CPUs with a MIDR different from the boot CPU. X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Xen does not properly support big.LITTLE platform. All vCPUs of a guest will always have the MIDR of the boot CPU (see arch_domain_create). At best the guest may see unreliable performance (vCPU switching between big and LITTLE), at worst the guest will become unreliable or insecure. This is becoming more apparent with branch predictor hardening in Linux because they target a specific kind of CPUs and may not work on other CPUs. For the time being, park any CPUs with a MDIR different from the boot CPU. This will be revisited in the future once Xen gains understanding of big.LITTLE. [1] https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00826.html Signed-off-by: Julien Grall Reviewed-by: Oleksandr Tyshchenko Acked-by: Jan Beulich --- We probably want to backport this as part of XSA-254. Using big.LITTLE on Xen has never been supported but we didn't make it clearly. This is becoming more apparent with code targeting specific CPUs. Changes in v2: - Add a command line option to override the default behavior. --- docs/misc/xen-command-line.markdown | 10 ++++++++++ xen/arch/arm/smpboot.c | 26 ++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 79feba6bcd..cf5997b8db 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1000,6 +1000,16 @@ supported only when compiled with XSM on x86. Control Xens use of the APEI Hardware Error Source Table, should one be found. +### hmp_unsafe (arm) +> `= ` + +> Default : `false` + +Say yes at your own risk if you want to enable heterogenous computing +(such as big.LITTLE). This may result to an unstable and insecure +platform. When the option is disabled (default), CPUs that are not +identical to the boot CPU will be parked and not used by Xen. + ### hpetbroadcast > `= ` diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index 1255185a9c..5c05cadb0a 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -69,6 +70,13 @@ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_sibling_mask); /* representing HT and core siblings of each logical CPU */ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_mask); +/* + * By default non-boot CPUs not identical to the boot CPU will be + * parked. + */ +static bool __read_mostly opt_hmp_unsafe = false; +boolean_param("hmp_unsafe", opt_hmp_unsafe); + static void setup_cpu_sibling_map(int cpu) { if ( !zalloc_cpumask_var(&per_cpu(cpu_sibling_mask, cpu)) || @@ -255,6 +263,9 @@ void __init smp_init_cpus(void) else acpi_smp_init_cpus(); + if ( opt_hmp_unsafe ) + warning_add("WARNING: HMP COMPUTING HAS BEEN ENABLED.\n" + "It has implications on the security and stability of the system.\n"); } int __init @@ -292,6 +303,21 @@ void start_secondary(unsigned long boot_phys_offset, init_traps(); + /* + * Currently Xen assumes the platform has only one kind of CPUs. + * This assumption does not hold on big.LITTLE platform and may + * result to instability and insecure platform. Better to park them + * for now. + */ + if ( !opt_hmp_unsafe && + current_cpu_data.midr.bits != boot_cpu_data.midr.bits ) + { + printk(XENLOG_ERR "CPU%u MIDR (0x%x) does not match boot CPU MIDR (0x%x).\n", + smp_processor_id(), current_cpu_data.midr.bits, + boot_cpu_data.midr.bits); + stop_cpu(); + } + mmu_init_secondary_cpu(); gic_init_secondary_cpu();