From patchwork Thu Feb 15 15:14:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 128479 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp1858982ljc; Thu, 15 Feb 2018 07:16:52 -0800 (PST) X-Google-Smtp-Source: AH8x227vV3QDdI2yhg2GXQqALOlyf2waKhmq+wqFyujw9jWrqOIrCgupkCtn5Aoda0bL6fCwrPuL X-Received: by 10.107.134.95 with SMTP id i92mr3897254iod.210.1518707811987; Thu, 15 Feb 2018 07:16:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518707811; cv=none; d=google.com; s=arc-20160816; b=w1bqq8WzzcpNWmeC9WhU2XBcyRpAszTF9B4HL2haeSUsK1XwNIn3bd88J/B3TlAZ0q gdGvNy/nwK2z6LItgKmuIHCkCU3vWA8LwAH6AoL0dxazhugCjEMHu0kW5eY79H0MDJ5C 1PArKhtqx8vrwtWWgIPiYUVzVVkZ8hBV+z8LaIA81KC31QqJcIYBCo/0yeJ/7qrPhCWd 2QePurr5W9OAPDI9Rni9xwNUiU1OI3yMjxL5T6IF69k3TJnfsO5wzI4+4UJ530CB/zSJ QMFiNeMhnhIKUsrWGFk9rm8fjRfvunoMy2k30rXyd4+4WNaMbwf0pFzG88WT1oXDkN55 llwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:message-id:date:to:from :arc-authentication-results; bh=07BYTA7g91uo2qBrDSW5COZwRQSK+pfPVm00aGjV9Fw=; b=SsHRZEGHCIkSMGobz0CUWcuzXNI4ErUTctCqhgIh0n3b9SiW/1DnBszW2CpRibzqW3 91AoKCmcAkjjvEeG0NOwnzO2tohnPfrb1ylLNFy6HC/J5Aa9KuN/TCHR39/GBuUYI3bE kxEaBHZYT2ES99qZrsp5vdn26BM0ldcIU4+RACntim0e6Fvk8jnHWryhcV4Vsu3NzQfX XHdHPAWb9g9t+Z5wEopG9hSsJ0pUDeFU5ZoJaEDYpSYo9jgC9/wnQHQ1rJ4cStv8y9JR 8luWiWaQt8SRkNAwXxGxx0r7q8ZSo4A27QCq7rg0GCF2N0aJNi+MvTBBZNHUglnyE8u5 2PhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id b11si8136113iob.148.2018.02.15.07.16.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Feb 2018 07:16:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emLFD-000557-GW; Thu, 15 Feb 2018 15:14:43 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1emLFC-00054k-7H for xen-devel@lists.xen.org; Thu, 15 Feb 2018 15:14:42 +0000 X-Inumbo-ID: 1c9b9cee-1263-11e8-b9b1-635ca7ef6cff Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTP id 1c9b9cee-1263-11e8-b9b1-635ca7ef6cff; Thu, 15 Feb 2018 15:15:52 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DA6101435; Thu, 15 Feb 2018 07:14:34 -0800 (PST) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E82B13F24D; Thu, 15 Feb 2018 07:14:32 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 15 Feb 2018 15:14:26 +0000 Message-Id: <20180215151426.998-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 Cc: sstabellini@kernel.org, wei.liu2@citrix.com, George.Dunlap@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, andre.przywara@linaro.org, tim@xen.org, Julien Grall , jbeulich@suse.com Subject: [Xen-devel] [PATCH v3] xen/arm: Park CPUs with a MIDR different from the boot CPU. X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Xen does not properly support big.LITTLE platform. All vCPUs of a guest will always have the MIDR of the boot CPU (see arch_domain_create). At best the guest may see unreliable performance (vCPU switching between big and LITTLE), at worst the guest will become unreliable or insecure. This is becoming more apparent with branch predictor hardening in Linux because they target a specific kind of CPUs and may not work on other CPUs. For the time being, park any CPUs with a MDIR different from the boot CPU. This will be revisited in the future once Xen gains understanding of big.LITTLE. [1] https://lists.xenproject.org/archives/html/xen-devel/2016-12/msg00826.html Signed-off-by: Julien Grall Reviewed-by: Oleksandr Tyshchenkko Acked-by: Jan Beulich --- We probably want to backport this as part of XSA-254. Using big.LITTLE on Xen has never been supported but we didn't make it clearly. This is becoming more apparent with code targeting specific CPUs. Oleksandr, FIY, I've kept your reviewed-by despite changing the command line option. Changes in v3: - Rename hmp_unsafe to hmp-unsafe. - Add Jan's acked-by - Add Oleksandr's reviewed-by Changes in v2: - Add a command line option to override the default behavior. --- docs/misc/xen-command-line.markdown | 10 ++++++++++ xen/arch/arm/smpboot.c | 26 ++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index 79feba6bcd..7bd009f858 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -1000,6 +1000,16 @@ supported only when compiled with XSM on x86. Control Xens use of the APEI Hardware Error Source Table, should one be found. +### hmp-unsafe (arm) +> `= ` + +> Default : `false` + +Say yes at your own risk if you want to enable heterogenous computing +(such as big.LITTLE). This may result to an unstable and insecure +platform. When the option is disabled (default), CPUs that are not +identical to the boot CPU will be parked and not used by Xen. + ### hpetbroadcast > `= ` diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index 1255185a9c..7ea4e41866 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -69,6 +70,13 @@ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_sibling_mask); /* representing HT and core siblings of each logical CPU */ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_mask); +/* + * By default non-boot CPUs not identical to the boot CPU will be + * parked. + */ +static bool __read_mostly opt_hmp_unsafe = false; +boolean_param("hmp-unsafe", opt_hmp_unsafe); + static void setup_cpu_sibling_map(int cpu) { if ( !zalloc_cpumask_var(&per_cpu(cpu_sibling_mask, cpu)) || @@ -255,6 +263,9 @@ void __init smp_init_cpus(void) else acpi_smp_init_cpus(); + if ( opt_hmp_unsafe ) + warning_add("WARNING: HMP COMPUTING HAS BEEN ENABLED.\n" + "It has implications on the security and stability of the system.\n"); } int __init @@ -292,6 +303,21 @@ void start_secondary(unsigned long boot_phys_offset, init_traps(); + /* + * Currently Xen assumes the platform has only one kind of CPUs. + * This assumption does not hold on big.LITTLE platform and may + * result to instability and insecure platform. Better to park them + * for now. + */ + if ( !opt_hmp_unsafe && + current_cpu_data.midr.bits != boot_cpu_data.midr.bits ) + { + printk(XENLOG_ERR "CPU%u MIDR (0x%x) does not match boot CPU MIDR (0x%x).\n", + smp_processor_id(), current_cpu_data.midr.bits, + boot_cpu_data.midr.bits); + stop_cpu(); + } + mmu_init_secondary_cpu(); gic_init_secondary_cpu();