From patchwork Tue Jun 12 11:36:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 138333 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp5235064lji; Tue, 12 Jun 2018 04:39:35 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKNSbWePTpvp8bSvyU4Z16MeScW7xGITSwTdjv9AJulhqc2fBQ5Gpoj+6+EMB3rHO/BaUQ0 X-Received: by 2002:a6b:b8d5:: with SMTP id i204-v6mr783iof.284.1528803575603; Tue, 12 Jun 2018 04:39:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528803575; cv=none; d=google.com; s=arc-20160816; b=F4xaLFlRIiGYNUeUSOTaxmMrOtjy7JEbyN+tvbUEAviIXQJBQVcJU83Uv8FJaWgR1n fsSZu9uKDV+IBxVr5L10EBiV6zv+GXSar9KykGD/RqBqL07R+tFo5etCA3K8eW+qWboS m8J+fXAEcEDJCIG8Y1sHCkhdzL1VIIS4IkNr5Mg4/V45naXuXCjq1g7x/imP3qv3MQvg sM6ZIzmW8EGJne2VOezUj0QEK1goMuKsiGYYfCvPsYFh5kAF+ANUI+Dis3keqxqSR3Qt 9R+wnGClVwleXTV36VBNwd3dkVekXNAryOp8Cy6RkK7dvxSwr/q3mfIM7FxnfTA5xHWl 0DgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:message-id:date:to:from :arc-authentication-results; bh=c2L+T0FMbyo1nMwOnJHb1sD5lXhjo56WerjEZ85Svls=; b=Whu8cmI1d3M/AVs7vsDlCrLGgvD8qcbitr1BdGDRPPKZHoP5b2MOuKkkfAJCnT0YyP k6E3MOtbNNc8izWsyC3YkzQ4pNXqU590tyAeukWK2SOl+iKgHFMp7ygH+oOiKd7X9Plr n2E+LZ2jRgawbTelQsB+K/5QVal5wDdMr5OOCx0iAPTrdYwO2IpRsL2xDkjUeHHM4YDY 2fGSDN1x5RqKv/tJwNKFS3bEf1Hv+Z7NJrunWbGRVKbyA+vDXqab0HJhXu+cTOGlopPO miCCc5rPn9Ky2IyItSFfHPQYPuFVaUmGfU1DbSHKx8zJ3Z21rIPN0TpYCoPG7bcANFir IOaA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id w26-v6si666706ioc.190.2018.06.12.04.39.35 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 12 Jun 2018 04:39:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fShbZ-0000oD-9k; Tue, 12 Jun 2018 11:36:53 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fShbX-0000nw-RV for xen-devel@lists.xenproject.org; Tue, 12 Jun 2018 11:36:51 +0000 X-Inumbo-ID: e86d03cc-6e34-11e8-bc1d-65256ead4e3a Received: from foss.arm.com (unknown [217.140.101.70]) by us1-amaz-eas1.inumbo.com (Halon) with ESMTP id e86d03cc-6e34-11e8-bc1d-65256ead4e3a; Tue, 12 Jun 2018 11:36:55 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 087871435; Tue, 12 Jun 2018 04:36:50 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1D4A23F318; Tue, 12 Jun 2018 04:36:48 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 12 Jun 2018 12:36:30 +0100 Message-Id: <20180612113643.32020-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 Subject: [Xen-devel] [PATCH v3 00/13] xen/arm: SSBD (aka Spectre-v4) mitigation (XSA-263) X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andre.przywara@arm.com, Julien Grall , sstabellini@kernel.org MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Hi all, This patch series implement the Xen hypervisor side of the "Spectre-v4" (CVE-2018-3639) mitigation known as "Speculative Store Bypass Disable" (SSBD). More information can be found at: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability For all released Arm Cortex-A that are affected by this issue, then the preferred mitigation is simply to set a chicken bit in the firmware during CPU initialization and therefore no change to Xen is required. Other CPUs may require the chicken bit to be toggled dynamically (for example, when switching between kernel-mode and hypervisor-mode) and this is achieve by calling into EL3 via an SMC which has been published as part of the latest SMCCC specification: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification as well as an ATF update for the released ARM cores affected by SSBD: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 These patches provide the following: 1. Safe probing of firmware to establish which CPUs in the system require calling into EL3 as part of the mitigation 2. A command-line option to force SSBD mitigation to be always on, always off, or dynamically toggled (default) for CPUs that require the EL3 call. 3. An initial implementation of the call via Xen, which exposes the mitigation to the guest via an HVC interface. This patch also provides bug fix and new infrastructure require to implement the mitigation: 1. Zeroed each vCPU stack 2. Provide generic assembly macros 3. Provide alternative callback (RFC) A branch can be found with all the patches at: https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git branch ssbd/v3 Cheers, Julien Grall (13): xen/arm: domain: Zero the per-vCPU cpu_info xen/arm64: entry: Use named label in guest_sync xen/arm: setup: Check errata for boot CPU later on xen/arm: Add ARCH_WORKAROUND_2 probing xen/arm: Add command line option to control SSBD mitigation xen/arm: Add ARCH_WORKAROUND_2 support for guests xen/arm: Simplify alternative patching of non-writable region xen/arm: alternatives: Add dynamic patching feature xen/arm64: Add generic assembly macros xen/arm64: Implement a fast path for handling SMCCC_ARCH_WORKAROUND_2 xen/arm: Kconfig: Move HARDEN_BRANCH_PREDICTOR under "Architecture features" xen/arm: smccc: Fix indentation in ARM_SMCCC_ARCH_WORKAROUND_1_FID xen/arm: Avoid to use current everywhere in enter_hypervisor_head docs/misc/xen-command-line.markdown | 18 +++++ xen/arch/arm/Kconfig | 44 +++++++---- xen/arch/arm/alternative.c | 86 +++++++++++---------- xen/arch/arm/arm64/asm-offsets.c | 2 + xen/arch/arm/arm64/entry.S | 48 +++++++++++- xen/arch/arm/cpuerrata.c | 150 ++++++++++++++++++++++++++++++++++++ xen/arch/arm/domain.c | 9 +++ xen/arch/arm/setup.c | 8 +- xen/arch/arm/traps.c | 32 ++++++-- xen/arch/arm/vsmc.c | 37 +++++++++ xen/include/asm-arm/alternative.h | 44 +++++++++-- xen/include/asm-arm/arm64/macros.h | 25 ++++++ xen/include/asm-arm/cpuerrata.h | 42 ++++++++++ xen/include/asm-arm/cpufeature.h | 3 +- xen/include/asm-arm/current.h | 6 +- xen/include/asm-arm/macros.h | 2 +- xen/include/asm-arm/smccc.h | 13 +++- 17 files changed, 491 insertions(+), 78 deletions(-) create mode 100644 xen/include/asm-arm/arm64/macros.h