From patchwork Fri Jan 19 13:40:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 125205 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp411398ljf; Fri, 19 Jan 2018 10:17:01 -0800 (PST) X-Google-Smtp-Source: ACJfBotwfSdRkpi3Re04JGxss56mQigovRU2l5pbkVrsO21IIDSDLkCe2h53eiX1oZ/RlWMBL09O X-Received: by 10.107.78.16 with SMTP id c16mr13842942iob.105.1516385821577; Fri, 19 Jan 2018 10:17:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516385821; cv=none; d=google.com; s=arc-20160816; b=Yy80lt//gkTclL9H8aG+ZCkMbOl1hI6vIFhDSCYN5U04q4IMM1kUDXaKJn7iOm8pWE /GPkcJtwS+ClWl6x5QhJxIGNM3Rz6cSiD7U4ZLe4RCcWtuE5cGZIBGd+MxAFK5P+dQg9 VICxsq+AMPK+ZlvgAAwtvL6eBTwsy/9w7B2KwkIxXhsu6y6I/s/H7N4kbnKzcNJVyQg0 mwRcqBJ7+D8mMjr1dhBokB/xMavqjSuR36aZsdK9LFG4esVWmZ7M11Ao7bazztxqYgb5 Iz+9NGiZOeKVcql1hukxc3hhD/qe3D2I2p/Rwb3084btkM/dNDShqolIXfrNdZAKquAE FyhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:message-id:date:to:from:dkim-signature :arc-authentication-results; bh=QV9QcZMIWfaeaqgLCsLQw2Qcozwi3aUQG4viU78WDDg=; b=Mo1D2QiCVAVtdN6o4/gdXyMGnmvpPhX35ix8pyBPGSDr8Z2h8/j6i0B/lc3WOA4IWo JTFt5lLysj68NVKVg7jqKS6hbaxrHey0okvRXVDaI/vuBps3sZo1+373iel7zkr+hzn8 79DQyKyNnYeCd1YSy5YCiV4+vPX9GFaeKZyNGnVjfydEIhFFyNsrHu26JchHSg4gb7EW 1aCxtnZ1L6HWpv/HtMUhpsUzntOudk3UQ73edIxdarT1e7Jq7v1DJdiglvUqZhhjQ659 CKtM4j+KRoPStHpbnDmKOvl53hrILpKoDRR9CWmLTz5xrbN8jn36Hfxfsk/H61KFPwnU RoVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=dT2MN0cI; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id z17si8408723iod.121.2018.01.19.10.17.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jan 2018 10:17:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=dT2MN0cI; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ecbBI-00025E-RO; Fri, 19 Jan 2018 18:14:24 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ecbBG-000258-UE for xen-devel@lists.xen.org; Fri, 19 Jan 2018 18:14:22 +0000 X-Inumbo-ID: ed1a21d8-fd44-11e7-b0d7-9f685aff125f Received: from mail-wm0-f67.google.com (unknown [74.125.82.67]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTPS id ed1a21d8-fd44-11e7-b0d7-9f685aff125f; Fri, 19 Jan 2018 18:16:54 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id f3so5293993wmc.1 for ; Fri, 19 Jan 2018 10:14:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Zqjn/cF0vm14aHxro9r6fPgyS0DKcJDB1dj50aNwLsQ=; b=dT2MN0cIV8bcZ38LM5XguWGOV/tagwAG9lENJ8baEsxKc1OYM4qG1pFv7GLq3Iqd+k /MvupuWKmR+aJ5RuYvJPzjgZ8s3BErBY1VxVKNXjMp03MjHCJERZ5figZ7IWX58vXGwB XIOj3bo002yDYPj5kkiOy1OLZfeurWR2DqbMQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Zqjn/cF0vm14aHxro9r6fPgyS0DKcJDB1dj50aNwLsQ=; b=G/GhFQkzTqTlrJT/zHMmU9ogccks7yGpBtn/TNIhSznfVTuM1D09Bcxeh9n3WwRzS/ qdL61GBNn2Oc7M1J0nCvnRxYZQTAK/brj7vucqIC459B3ZfmcM2G5EymVf+jikdiHDXZ C0uWsn1io2I3DfIZxgg5ifKnqBENi7VGzFRHKifmW+NBBkFlyIskcazhxgiiTE9vMTKz 7aGHg8LlGLDu3IwWuWfG6jDy4q8ATEHME44bOmGHa8aRejSRJv+XSsoRUdQtzj0unYz+ p3GhWHfmtp2cBRKxsCZEgwaR0T+shPsRh8/LHF6mQ7YXChEg79+AVgi60Z+WciDQ5f39 lrvA== X-Gm-Message-State: AKwxyteEFr5lVbaiSCStFsVY78y4eZ83y1xlSEw67TGORA3CrjZPZrrU iC1jSKMXio+mehfjdKBd8Gb+ImdnbSY= X-Received: by 10.28.138.201 with SMTP id m192mr8494526wmd.85.1516369265565; Fri, 19 Jan 2018 05:41:05 -0800 (PST) Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1]) by smtp.gmail.com with ESMTPSA id s44sm5113642wrc.64.2018.01.19.05.41.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jan 2018 05:41:04 -0800 (PST) From: Julien Grall To: xen-devel@lists.xen.org Date: Fri, 19 Jan 2018 13:40:56 +0000 Message-Id: <20180119134103.3390-1-julien.grall@linaro.org> X-Mailer: git-send-email 2.11.0 Cc: sstabellini@kernel.org, andre.przywara@linaro.org Subject: [Xen-devel] [PATCH 0/7] xen/arm32: Branch predictor hardening (XSA-254 variant 2) X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Hi all, This series provides a skeleton for mitigating branch predictor hardening for arm32 on exception entry. It also implements mitigation for Cortex-A12, A15 and A17. SoC vendors with affected CPUs are strongly encouraged to update. For more information about the impact of this issue and the software mitigations for Arm processors, please see http://www.arm.com/security-update. Cheers, Julien Grall (7): xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros xen/arm32: Add missing MIDR values for Cortex-A17 and A12 xen/arm32: entry: Add missing trap_reset entry xen/arm32: Add skeleton to harden branch predictor aliasing attacks xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 xen/arm32: Invalidate icache on guest exist for Cortex-A15 xen/arm32: entry: Document the purpose of r11 in the traps handler xen/arch/arm/Kconfig | 3 + xen/arch/arm/arm32/entry.S | 162 ++++++++++++++++++++++++++++++++++------ xen/arch/arm/arm32/traps.c | 5 ++ xen/arch/arm/cpuerrata.c | 62 +++++++++++++++ xen/include/asm-arm/processor.h | 4 + 5 files changed, 212 insertions(+), 24 deletions(-)