From patchwork Thu Sep 26 18:38:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 174516 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2438574ill; Thu, 26 Sep 2019 11:39:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqzLfQc2B7RiLnJY6Rjn/gb65AD9Qmo3FWiXFCyrWN1L8KkaznylYsR3xRaFHh1O9kfDG0cQ X-Received: by 2002:a6b:4407:: with SMTP id r7mr4620482ioa.85.1569523197522; Thu, 26 Sep 2019 11:39:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569523197; cv=none; d=google.com; s=arc-20160816; b=SadSp6qDuVWI8kU+HKUG9XHtcx+WSo2NAWDgtCm8UNr9KuVhGnsvbhrVQ1HMekbglu yv86VXXrq/kDsM4LjNL51Tif3Ot/YDHweuFLLscxhe6+mSOm7Yd9+p3mwifg/SIf/FPR f9t9YvbGmpLrNgThBSjw49IowTZvP/sl4NrbvhsgPvDWhkYb2w34pvldQx2ZTR0gRQ6G r9sm9B0z67aKjxlymGjzgQHSCZ+r1gb4nPeI88WL7ZIvJZ2rtFY6/ijdXCH0OdGkxttC L3SdD9tj6XUgnFLLyATMxwRCl/SUIZsThuquMeZ7f5UVY8ixkeSW6WPRulHy1u3AAW7C QchQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from; bh=gf+eBqwuHqYTi+BPzbtgFxCKh5BgA23cWNMUDc5gaYU=; b=i0C2/yIw9kRKxrRqWFcFdKkjOAKWJ/PYHOSCjex0FQ7Vez6/qAIP6f6uTZsA01gjq5 LFemv8xxxEbtoU3nBj0bLn6oBQbH4dbBoqwTLtWSjFpsQ9lQZ4Hsmrm/hX/wtdpBiBrd 2fOmVJfQDtMlaEVvqqaKhDbCBbIk5VKnkonGHr9sjHeJkwFWtPkxxi2cNt7rFiy9dC40 1UKAimsW9UUw8SiH/WREsjQNAHljh/KzCcbSwpCRPJFXxxPmkx67O4thfMd4+GBsybYZ r6y6lZ2SlgfqzaEuitciZq0+4ZJLSS8plDkUMEFPa7MpyjOmjynpNhyBocq5j45O3Li1 vHuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id p21si4012759jah.4.2019.09.26.11.39.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 26 Sep 2019 11:39:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDYep-0002PQ-4r; Thu, 26 Sep 2019 18:38:27 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDYen-0002PG-QK for xen-devel@lists.xenproject.org; Thu, 26 Sep 2019 18:38:25 +0000 X-Inumbo-ID: ce82bf0a-e08c-11e9-97fb-bc764e2007e4 Received: from foss.arm.com (unknown [217.140.110.172]) by localhost (Halon) with ESMTP id ce82bf0a-e08c-11e9-97fb-bc764e2007e4; Thu, 26 Sep 2019 18:38:17 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6E9AB15A2; Thu, 26 Sep 2019 11:38:17 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.196.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8727F3F67D; Thu, 26 Sep 2019 11:38:16 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 26 Sep 2019 19:38:02 +0100 Message-Id: <20190926183808.11630-5-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190926183808.11630-1-julien.grall@arm.com> References: <20190926183808.11630-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH RFC for-4.13 04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrii Anisov , Julien Grall , Stefano Stabellini , Volodymyr Babchuk , andrii.anisov@gmail.com MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" At the moment, SSBD workaround is re-enabled for Xen after interrupts are unmasked. This means we may end up to execute some part of the hypervisor if an interrupt is received before the workaround is re-enabled. As the rest of enter_hypervisor_from_guest() does not require to have interrupts masked, the function is now split in two parts: 1) enter_hypervisor_from_guest_noirq() called with interrupts masked. 2) enter_hypervisor_from_guest() called with interrupts unmasked. Note that while enter_hypervisor_from_guest_noirq() does not use the on-stack context registers, it is still passed as parameter to match the rest of the C functions called from the entry path. Fixes: a7898e4c59 ("xen/arm: Add ARCH_WORKAROUND_2 support for guests") Reported-by: Andrii Anisov Signed-off-by: Julien Grall Reviewed-by: Volodymyr Babchuk --- Note the Arm32 code has not been changed yet. I am also open on turn both enter_hypervisor_from_guest_noirq() and enter_hypervisor_from() to functions not taking any parameters. --- xen/arch/arm/arm64/entry.S | 2 ++ xen/arch/arm/traps.c | 16 +++++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 9eafae516b..458d12f188 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -173,6 +173,8 @@ ALTERNATIVE("bl check_pending_vserror; cbnz x0, 1f", "nop; nop", SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT) + mov x0, sp + bl enter_hypervisor_from_guest_noirq msr daifclr, \iflags mov x0, sp bl enter_hypervisor_from_guest diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 20ba34ec91..5848dd8399 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -2007,16 +2007,26 @@ static inline bool needs_ssbd_flip(struct vcpu *v) } /* - * Actions that needs to be done after exiting the guest and before any - * request from it is handled. + * Actions that needs to be done after exiting the guest and before the + * interrupts are unmasked. */ -void enter_hypervisor_from_guest(struct cpu_user_regs *regs) +void enter_hypervisor_from_guest_noirq(struct cpu_user_regs *regs) { struct vcpu *v = current; /* If the guest has disabled the workaround, bring it back on. */ if ( needs_ssbd_flip(v) ) arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 1, NULL); +} + +/* + * Actions that needs to be done after exiting the guest and before any + * request from it is handled. Depending on the exception trap, this may + * be called with interrupts unmasked. + */ +void enter_hypervisor_from_guest(struct cpu_user_regs *regs) +{ + struct vcpu *v = current; /* * If we pended a virtual abort, preserve it until it gets cleared.