| Message ID | 20180522174254.27551-1-julien.grall@arm.com |
|---|---|
| Headers | show |
| Series | xen/arm: SSBD (aka Spectre-v4) mitigation (XSA-263) | expand |
I forgot to CC Juergen as RM. This series is candidate for Xen 4.11 as part of XSA-263. Cheers, On 22/05/18 18:42, Julien Grall wrote: > Hi all, > > This patch series implement the Xen hypervisor side of the "Spectre-v4" > (CVE-2018-3639) mitigation known as "Speculative Store Bypass Disable" > (SSBD). > > More information can be found at: > https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 > https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability > > For all released Arm Cortex-A that are affected by this issue, then the > preferred mitigation is simply to set a chicken bit in the firmware during > CPU initialization and therefore no change to Xen is required. Other CPUs > may require the chicken bit to be toggled dynamically (for example, when > switching between kernel-mode and hypervisor-mode) and this is achieve by > calling into EL3 via an SMC which has been published as part of the latest > SMCCC specification: > https://developer.arm.com/cache-speculation-vulnerability-firmware-specification > > as well as an ATF update for the released ARM cores affected by SSBD: > https://github.com/ARM-software/arm-trusted-firmware/pull/1392 > > These patches provide the following: > 1. Safe probing of firmware to establish which CPUs in the system > require calling into EL3 as part of the mitigation > 2. A command-line option to force SSBD mitigation to be always on, > always off, or dynamically toggled (default) for CPUs that require > the EL3 call. > 3. An initial implementation of the call via Xen, which exposes the > mitigation to the guest via an HVC interface. > > This patch also provides bug fix and new infrastructure require to implement > the mitigation: > 1. Zeroed each vCPU stack > 2. Provide generic assembly macros > 3. Provide alternative callback (RFC) > > A branch can be found with all the patches at: > https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git > branch ssbd/v1 > > Cheers, > > Julien Grall (13): > xen/arm: domain: Zeroed the vCPU stack > xen/arm64: entry: Use named label in guest_sync > xen/arm: setup: Check errata for boot CPU later on > xen/arm: Add ARCH_WORKAROUND_2 probing > xen/arm: Add command line option to control SSBD mitigation > xen/arm: Add ARCH_WORKAROUND_2 support for guests > xen/arm: Simplify alternative patching > xen/arm: alternatives: Add dynamic patching feature > xen/arm64: Add generic assembly macros > xen/arm64: Implement a fast path for handling SMCCC_ARCH_WORKAROUND_2 > xen/arm: Kconfig: Move HARDEN_BRANCH_PREDICTOR under "Architecture > features" > xen/arm: smccc: Fix indentation in ARM_SMCCC_ARCH_WORKAROUND_1_FID > xen/arm: Avoid to use current everywhere in enter_hypervisor_head > > docs/misc/xen-command-line.markdown | 18 +++++ > xen/arch/arm/Kconfig | 44 +++++++---- > xen/arch/arm/alternative.c | 79 +++++++++++-------- > xen/arch/arm/arm64/asm-offsets.c | 2 + > xen/arch/arm/arm64/entry.S | 49 +++++++++++- > xen/arch/arm/cpuerrata.c | 150 ++++++++++++++++++++++++++++++++++++ > xen/arch/arm/domain.c | 12 +++ > xen/arch/arm/setup.c | 8 +- > xen/arch/arm/traps.c | 32 ++++++-- > xen/arch/arm/vsmc.c | 37 +++++++++ > xen/include/asm-arm/alternative.h | 44 +++++++++-- > xen/include/asm-arm/arm64/macros.h | 25 ++++++ > xen/include/asm-arm/cpuerrata.h | 42 ++++++++++ > xen/include/asm-arm/cpufeature.h | 3 +- > xen/include/asm-arm/current.h | 6 +- > xen/include/asm-arm/macros.h | 2 +- > xen/include/asm-arm/smccc.h | 13 +++- > 17 files changed, 495 insertions(+), 71 deletions(-) > create mode 100644 xen/include/asm-arm/arm64/macros.h >
On 22/05/18 19:46, Julien Grall wrote: > I forgot to CC Juergen as RM. This series is candidate for Xen 4.11 as > part of XSA-263. For XSA patches I don't think you need it, but you can have my Release-acked-by: Juergen Gross <jgross@suse.com> for the series, of course. Juergen
Hi all, This patch series implement the Xen hypervisor side of the "Spectre-v4" (CVE-2018-3639) mitigation known as "Speculative Store Bypass Disable" (SSBD). More information can be found at: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability For all released Arm Cortex-A that are affected by this issue, then the preferred mitigation is simply to set a chicken bit in the firmware during CPU initialization and therefore no change to Xen is required. Other CPUs may require the chicken bit to be toggled dynamically (for example, when switching between kernel-mode and hypervisor-mode) and this is achieve by calling into EL3 via an SMC which has been published as part of the latest SMCCC specification: https://developer.arm.com/cache-speculation-vulnerability-firmware-specification as well as an ATF update for the released ARM cores affected by SSBD: https://github.com/ARM-software/arm-trusted-firmware/pull/1392 These patches provide the following: 1. Safe probing of firmware to establish which CPUs in the system require calling into EL3 as part of the mitigation 2. A command-line option to force SSBD mitigation to be always on, always off, or dynamically toggled (default) for CPUs that require the EL3 call. 3. An initial implementation of the call via Xen, which exposes the mitigation to the guest via an HVC interface. This patch also provides bug fix and new infrastructure require to implement the mitigation: 1. Zeroed each vCPU stack 2. Provide generic assembly macros 3. Provide alternative callback (RFC) A branch can be found with all the patches at: https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git branch ssbd/v1 Cheers, Julien Grall (13): xen/arm: domain: Zeroed the vCPU stack xen/arm64: entry: Use named label in guest_sync xen/arm: setup: Check errata for boot CPU later on xen/arm: Add ARCH_WORKAROUND_2 probing xen/arm: Add command line option to control SSBD mitigation xen/arm: Add ARCH_WORKAROUND_2 support for guests xen/arm: Simplify alternative patching xen/arm: alternatives: Add dynamic patching feature xen/arm64: Add generic assembly macros xen/arm64: Implement a fast path for handling SMCCC_ARCH_WORKAROUND_2 xen/arm: Kconfig: Move HARDEN_BRANCH_PREDICTOR under "Architecture features" xen/arm: smccc: Fix indentation in ARM_SMCCC_ARCH_WORKAROUND_1_FID xen/arm: Avoid to use current everywhere in enter_hypervisor_head docs/misc/xen-command-line.markdown | 18 +++++ xen/arch/arm/Kconfig | 44 +++++++---- xen/arch/arm/alternative.c | 79 +++++++++++-------- xen/arch/arm/arm64/asm-offsets.c | 2 + xen/arch/arm/arm64/entry.S | 49 +++++++++++- xen/arch/arm/cpuerrata.c | 150 ++++++++++++++++++++++++++++++++++++ xen/arch/arm/domain.c | 12 +++ xen/arch/arm/setup.c | 8 +- xen/arch/arm/traps.c | 32 ++++++-- xen/arch/arm/vsmc.c | 37 +++++++++ xen/include/asm-arm/alternative.h | 44 +++++++++-- xen/include/asm-arm/arm64/macros.h | 25 ++++++ xen/include/asm-arm/cpuerrata.h | 42 ++++++++++ xen/include/asm-arm/cpufeature.h | 3 +- xen/include/asm-arm/current.h | 6 +- xen/include/asm-arm/macros.h | 2 +- xen/include/asm-arm/smccc.h | 13 +++- 17 files changed, 495 insertions(+), 71 deletions(-) create mode 100644 xen/include/asm-arm/arm64/macros.h