From patchwork Fri Feb  2 14:19:18 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126710
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687156ljc;
 Fri, 2 Feb 2018 06:21:48 -0800 (PST)
X-Google-Smtp-Source: AH8x225LDc0gshqFNY4WijcZOW9koto8FdR3U+eobjF1TA4vjlvvP9RcsSCFlYsT49cDts9Dr/aD
X-Received: by 10.107.232.4 with SMTP id f4mr29343225ioh.171.1517581308327; 
 Fri, 02 Feb 2018 06:21:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581308; cv=none;
 d=google.com; s=arc-20160816;
 b=G3NBBIhP/RtWxvIs1+nqTqqabl2LM/wUS6gc0jRWhLeSB82yTlPfCUHlQAPS5ovIck
 JsNwrLZq2f26p2TUvHzncxZ4+IcXT8rI1k73GoM4UlQCaHhZ8XOL9iq+nzBt6Mrs7KGz
 5wvP7JkRDiveh1tFo+euNk2z5hIzMs8INcWX8aYCHMY/3lhei2Gbk15LCYrZOWxMQ9br
 NG1vC+Z5S8mHreqTFKmuOlxCWuxHoixIck7VMh2Wqv1uNatjnI7/Vg8oqNsoGq9hEsWF
 vKUZlgA7zZ8Ms3R9gzcOl/J5Cy7QHXJbRtrQWVxaKWQfhVlI2kFk6CW/Q9FoOpZEyhea
 gisA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:message-id:date:to:from:dkim-signature
 :arc-authentication-results;
 bh=M6J1gq4QuF97Cm+xvYVLq3WW0ObTCMEjMt+D8mapxbo=;
 b=c0G+fKk/K1COYPCiKPDefk4ssq12cJB2WQCJwzPlu0tcJNaw0CM182yV+8pQX+coEk
 sjuUi1R+i8Y4nsjSjRaDDCJOwYLhLHDY+xgP/5wWVVsR/nKutrNf3zth5grIwtkuMF+J
 DQi9I6pxcPwxg1cTZwlYOVxKJbPNl/aiIEPpooqLQnDqs3mRGrZqDT6atAgEgNSCxse8
 9UJDjrH74OV04zXNUkAzm9Kc1CR524drvPmYQrtX0i+wuCwTwKoLZFmL+nXfduhjAmpW
 whPCna9cu2qHMnTBOTbzAA3QAxpgjZc2FUqVY+aJpITJ3mAC9p5Omfr3BLOaC1SRd5m2
 hBHA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=fo9HjlXq; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id y6si1620714itd.86.2018.02.02.06.21.48
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=fo9HjlXq; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBf-00084N-86; Fri, 02 Feb 2018 14:19:31 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBe-00084H-7F
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:30 +0000
X-Inumbo-ID: 09b97256-0824-11e8-ba59-bc764e045a96
Received: from mail-wm0-x242.google.com (unknown [2a00:1450:400c:c09::242])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 09b97256-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:11 +0100 (CET)
Received: by mail-wm0-x242.google.com with SMTP id 141so12658075wme.3
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=FtHj8En5qn7Y1hCs+0xsn4CSD/xdBa5eJ31ULz1iLZo=;
 b=fo9HjlXqT2zS10XvFpGzwLm8M7xdywGFrzkl3gNItdMNv2/FCRD6y8misbjZd2urnV
 xs6xsZXRruxDp5WrANbmvhs/HIyhi7jnxVlDkg11CbH1HfVUsGHqo6Jmf4ewDVm5+077
 X+B/VJkVbRuOlexVbeb+WfAoIcp6HmCTHIWoE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=FtHj8En5qn7Y1hCs+0xsn4CSD/xdBa5eJ31ULz1iLZo=;
 b=IyshRn2pQ9ZHktsI7QcO/OEiPEQCfQZjtHtxpdJHqvrAKiEke/LqOWbOCXCjNGX8ns
 VkLL+wf8npXyUccL5Xfhg8r1g2EicpJYijnSxvMj4kHkbgfsCwX4IHP3v6RjWSq0CXF7
 gT9KljhmS6bk1UMkriD3CO3KxIJVtYQPFouvCs7hEn3Ci8loHTvVg6hHzmbiYg/aMPGu
 zfco+2kj1ahuh/tga1sLuRpEKitR3VtyF5FhHI9iz/eRmZMcAOtyWB73NFLsvdRXXEam
 MLn7Sk9Py4zAFsJbI6e1/m1F/iwFPkUHo4NKl0+DNIyR+idkn4nRtWj7PaEOeK7g5Iqm
 FoVA==
X-Gm-Message-State: AKwxytcaUMz1OpEO5mMfDB26P1I/SX8BOQrIaE/o4H2c+ruQZhPSvvBR
 g5VngLcN5TncgRM4uUX87g5sLvsg6HM=
X-Received: by 10.28.88.129 with SMTP id m123mr29342832wmb.64.1517581167533; 
 Fri, 02 Feb 2018 06:19:27 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.26
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:26 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:18 +0000
Message-Id: <20180202141925.19387-1-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 0/7] xen/arm32: Branch predictor hardening
 (XSA-254 variant 2)
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Hi all,

This series provides a skeleton for mitigating branch predictor hardening for
arm32 on exception entry.

It also implements mitigation for Cortex-A12, A15 and A17. SoC vendors with
affected CPUs are strongly encouraged to update.

For more information about the impact of this issue and the software mitigations
for Arm processors, please see http://www.arm.com/security-update.

Cheers,

Julien Grall (7):
  xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros
  xen/arm32: Add missing MIDR values for Cortex-A17 and A12
  xen/arm32: entry: Add missing trap_reset entry
  xen/arm32: Add skeleton to harden branch predictor aliasing attacks
  xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12
  xen/arm32: Invalidate icache on guest exist for Cortex-A15
  xen/arm32: entry: Document the purpose of r11 in the traps handler

 xen/arch/arm/Kconfig            |   3 +
 xen/arch/arm/arm32/entry.S      | 147 +++++++++++++++++++++++++++++++++-------
 xen/arch/arm/arm32/traps.c      |   5 ++
 xen/arch/arm/cpuerrata.c        |  62 +++++++++++++++++
 xen/include/asm-arm/processor.h |   4 ++
 5 files changed, 196 insertions(+), 25 deletions(-)