From patchwork Tue Jun 5 15:22:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 137765 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp1099076lji; Tue, 5 Jun 2018 08:26:12 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKQ9bmAIFuoJ5swSkAhdTKwsAB+oiwm6EukRni+S2RpsqUj4SP/nR1VdhmNqu0/ljmrBJ9k X-Received: by 2002:a24:4964:: with SMTP id z97-v6mr19646768ita.44.1528212372595; Tue, 05 Jun 2018 08:26:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528212372; cv=none; d=google.com; s=arc-20160816; b=criZIMJTj/qhWmi6uM7mNqcYCXPEkF2YCgFCqy1MYJn+tEE5JkTDZXSqexQSqYsjkl IwKsPdDDEFijBZkB/+9Z2iP98bnoVoyZ7DBohy9A98TWmQyqfkepBt2E7SFq73hsRKj3 djvBNav+QySHBBmM28f1bMO8yUH/OwAGCCoSUTAYoywbD8K1TkpX7+awvRMF/oL9Dh6I eudrCHKpJ26TRpMVRnKbkoO89xib089/RqhKsj/zhF1Z1aaxVh2f8GFm4nIBPCiTazPf 4mkuBWLVJ/tUE0+3agEkc6GKk0Ua5oFPQFJQQdWpO/BLz+YWyZo2rO7bk/YKbaB1N6f6 HGbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:references:in-reply-to:message-id:date:to:from :arc-authentication-results; bh=oNSdzq47RT2uZmZclj1XrO9iXXCbq4ZtR6h5nF1Csw0=; b=c5A4wlDKQOT8Y3rIIy88MFUlUTh4nL6O9cQhTkyxN0YjQ3mf2b+AOgd4z8OAKEV/d7 Y15ksFZzxQGRiuPrNcssiKRTA80qVX9Clc/U3sC3SuskHc/TWIZ9znaXtXYuJZilydiv xauHAMW22dTqglvqq+dKj79pnDz2DpMTtRVl1PEOBhJEbF4DPiZzGk8cWQWwxWWXy/HW WTMXRs8RfzEn/ByNrCVsJtdkf1E+XfbD/Tmej8Yx4rLYYnRfD1e4VEJoSQ4Wu23em7wS YhaheOdDPrJqZjGO1levdMxD2Xr4LvqFtSkIcWgNNXnOKBotrUmAQSw6fFWdghslHRzr tsQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id v62-v6si1746091itd.113.2018.06.05.08.26.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 05 Jun 2018 08:26:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fQDo0-0005By-9I; Tue, 05 Jun 2018 15:23:28 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1fQDny-0005Bl-TT for xen-devel@lists.xenproject.org; Tue, 05 Jun 2018 15:23:26 +0000 X-Inumbo-ID: 13b379d1-68d4-11e8-9728-bc764e045a96 Received: from foss.arm.com (unknown [217.140.101.70]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTP id 13b379d1-68d4-11e8-9728-bc764e045a96; Tue, 05 Jun 2018 17:21:10 +0200 (CEST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3CEB215AD; Tue, 5 Jun 2018 08:23:25 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5268C3F557; Tue, 5 Jun 2018 08:23:24 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 5 Jun 2018 16:22:56 +0100 Message-Id: <20180605152303.14450-7-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180605152303.14450-1-julien.grall@arm.com> References: <20180605152303.14450-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH v1 06/13] xen/arm: Add ARCH_WORKAROUND_2 support for guests X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andre.przywara@arm.com, Julien Grall , sstabellini@kernel.org MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" In order to offer ARCH_WORKAROUND_2 support to guests, we need to track the state of the workaround per-vCPU. The field 'pad' in cpu_info is now repurposed to store flags easily accessible in assembly. As the hypervisor will always run with the workaround enabled, we may need to enable (on guest exit) or disable (on guest entry) the workaround. A follow-up patch will add fastpath for the workaround for arm64 guests. Note that check_workaround_ssbd() is used instead of ssbd_get_state() because the former is implemented using an alternative. Thefore the code will be shortcut on affected platform. This is part of XSA-263. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- Changes in v2: - Fix the condition in need_ssbd_flip() --- xen/arch/arm/domain.c | 8 ++++++++ xen/arch/arm/traps.c | 20 ++++++++++++++++++++ xen/arch/arm/vsmc.c | 37 +++++++++++++++++++++++++++++++++++++ xen/include/asm-arm/current.h | 6 +++++- 4 files changed, 70 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 5a2a9a6b83..4baecc2447 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -572,6 +573,13 @@ int vcpu_initialise(struct vcpu *v) if ( (rc = vcpu_vtimer_init(v)) != 0 ) goto fail; + /* + * The workaround 2 (i.e SSBD mitigation) is enabled by default if + * supported. + */ + if ( get_ssbd_state() == ARM_SSBD_RUNTIME ) + v->arch.cpu_info->flags |= CPUINFO_WORKAROUND_2_FLAG; + return rc; fail: diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 5c18e918b0..315fc61f77 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -2011,10 +2011,23 @@ inject_abt: inject_iabt_exception(regs, gva, hsr.len); } +static inline bool needs_ssbd_flip(struct vcpu *v) +{ + if ( !check_workaround_ssbd() ) + return false; + + return !(v->arch.cpu_info->flags & CPUINFO_WORKAROUND_2_FLAG) && + cpu_require_ssbd_mitigation(); +} + static void enter_hypervisor_head(struct cpu_user_regs *regs) { if ( guest_mode(regs) ) { + /* If the guest has disabled the workaround, bring it back on. */ + if ( needs_ssbd_flip(current) ) + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 1, NULL); + /* * If we pended a virtual abort, preserve it until it gets cleared. * See ARM ARM DDI 0487A.j D1.14.3 (Virtual Interrupts) for details, @@ -2260,6 +2273,13 @@ void leave_hypervisor_tail(void) */ SYNCHRONIZE_SERROR(SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT); + /* + * The hypervisor runs with the workaround always present. + * If the guest wants it disabled, so be it... + */ + if ( needs_ssbd_flip(current) ) + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 0, NULL); + return; } local_irq_enable(); diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index 40a80d5760..c4ccae6030 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -104,6 +105,23 @@ static bool handle_arch(struct cpu_user_regs *regs) if ( cpus_have_cap(ARM_HARDEN_BRANCH_PREDICTOR) ) ret = 0; break; + case ARM_SMCCC_ARCH_WORKAROUND_2_FID: + switch ( get_ssbd_state() ) + { + case ARM_SSBD_UNKNOWN: + case ARM_SSBD_FORCE_DISABLE: + break; + + case ARM_SSBD_RUNTIME: + ret = ARM_SMCCC_SUCCESS; + break; + + case ARM_SSBD_FORCE_ENABLE: + case ARM_SSBD_MITIGATED: + ret = ARM_SMCCC_NOT_REQUIRED; + break; + } + break; } set_user_reg(regs, 0, ret); @@ -114,6 +132,25 @@ static bool handle_arch(struct cpu_user_regs *regs) case ARM_SMCCC_ARCH_WORKAROUND_1_FID: /* No return value */ return true; + + case ARM_SMCCC_ARCH_WORKAROUND_2_FID: + { + bool enable = (uint32_t)get_user_reg(regs, 1); + + /* + * ARM_WORKAROUND_2_FID should only be called when mitigation + * state can be changed at runtime. + */ + if ( unlikely(get_ssbd_state() != ARM_SSBD_RUNTIME) ) + return true; + + if ( enable ) + get_cpu_info()->flags |= CPUINFO_WORKAROUND_2_FLAG; + else + get_cpu_info()->flags &= ~CPUINFO_WORKAROUND_2_FLAG; + + return true; + } } return false; diff --git a/xen/include/asm-arm/current.h b/xen/include/asm-arm/current.h index 7a0971fdea..f9819b34fc 100644 --- a/xen/include/asm-arm/current.h +++ b/xen/include/asm-arm/current.h @@ -7,6 +7,10 @@ #include #include +/* Tell whether the guest vCPU enabled Workaround 2 (i.e variant 4) */ +#define CPUINFO_WORKAROUND_2_FLAG_SHIFT 0 +#define CPUINFO_WORKAROUND_2_FLAG (_AC(1, U) << CPUINFO_WORKAROUND_2_FLAG_SHIFT) + #ifndef __ASSEMBLY__ struct vcpu; @@ -21,7 +25,7 @@ DECLARE_PER_CPU(struct vcpu *, curr_vcpu); struct cpu_info { struct cpu_user_regs guest_cpu_user_regs; unsigned long elr; - unsigned int pad; + uint32_t flags; }; static inline struct cpu_info *get_cpu_info(void)