[Xen-devel,RFC,for-4.13,00/10] xen/arm: XSA-201 and XSA-263 fixes

Message ID	20190926183808.11630-1-julien.grall@arm.com
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of xen-devel-bounces@lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; From: Julien Grall <julien.grall@arm.com> To: xen-devel@lists.xenproject.org Date: Thu, 26 Sep 2019 19:37:58 +0100 Message-Id: <20190926183808.11630-1-julien.grall@arm.com> Subject: [Xen-devel] [PATCH RFC for-4.13 00/10] xen/arm: XSA-201 and XSA-263 fixes Precedence: list Cc: jgross@suse.com, Stefano Stabellini <sstabellini@kernel.org>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, andrii.anisov@gmail.com, Ross Lagerwall <ross.lagerwall@citrix.com>, Julien Grall <julien.grall@arm.com>, Volodymyr Babchuk <Volodymyr_Babchuk@epam.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	xen/arm: XSA-201 and XSA-263 fixes \| expand [Xen-devel,RFC,for-4.13,00/10] xen/arm: XSA-201 and XSA-263 fixes [Xen-devel,RFC,for-4.13,01/10] xen/arm64: entry: Introduce a macro to generate guest vector and u... [Xen-devel,RFC,for-4.13,02/10] xen/arm64: head: Check if an SError is pending when receiving a vS... [Xen-devel,RFC,for-4.13,03/10] xen/arm: traps: Rework entry/exit from the guest path [Xen-devel,RFC,for-4.13,04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exit... [Xen-devel,RFC,for-4.13,05/10] xen/arm: alternative: Remove unused parameter for alternative_if_n... [Xen-devel,RFC,for-4.13,06/10] xen/arm: Move ARCH_PATCH_INSN_SIZE out of the header livepatch.h [Xen-devel,RFC,for-4.13,07/10] xen/arm: Allow insn.h to be called from assembly [Xen-devel,RFC,for-4.13,08/10] xen/arm: alternative: add auto-nop infrastructure [Xen-devel,RFC,for-4.13,09/10] xen/arm: asm: Replace use of ALTERNATIVE with alternative_if [Xen-devel,RFC,for-4.13,10/10] xen/arm64: entry: Ensure the guest state is synced when receiving ...

Message ID

20190926183808.11630-1-julien.grall@arm.com

Headers

Received-SPF: pass (google.com: best guess record for domain of
	xen-devel-bounces@lists.xenproject.org designates
	192.237.175.120 as permitted sender)
	client-ip=192.237.175.120; 
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xenproject.org
Date: Thu, 26 Sep 2019 19:37:58 +0100
Message-Id: <20190926183808.11630-1-julien.grall@arm.com>
Subject: [Xen-devel] [PATCH RFC for-4.13 00/10] xen/arm: XSA-201 and XSA-263
	fixes
Precedence: list
Cc: jgross@suse.com, Stefano Stabellini <sstabellini@kernel.org>,
	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, andrii.anisov@gmail.com, 
	Ross Lagerwall <ross.lagerwall@citrix.com>,
	Julien Grall <julien.grall@arm.com>,
	Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

xen/arm: XSA-201 and XSA-263 fixes | expand

Message

Julien Grall Sept. 26, 2019, 6:37 p.m. UTC

Hi all,

This patch series aims to fix two bugs in the entry path from the guest:
    1) Make sure that SSBD workaround is enabled before executing any hypervisor code
    2) Avoid guest state corruption when an virtual SError is received

The full series is candidate for Xen 4.13. Without it, the hypervisor would
not be properly protected against SSB vulnerability and the guest state may
get corrupted if an SError is received.

This is in RFC state because the entry code is now quite different and
arm32 changes are not yet implemented. I will modify arm32 once we agreed
on the approach.

Cheers,

Cc: jgross@suse.com

Julien Grall (9):
  xen/arm64: entry: Introduce a macro to generate guest vector and use
    it
  xen/arm64: head: Check if an SError is pending when receiving a
    vSError
  xen/arm: traps: Rework entry/exit from the guest path
  xen/arm: Ensure the SSBD workaround is re-enabled right after exiting
    a guest
  xen/arm: alternative: Remove unused parameter for
    alternative_if_not_cap
  xen/arm: Move ARCH_PATCH_INSN_SIZE out of the header livepatch.h
  xen/arm: Allow insn.h to be called from assembly
  xen/arm: asm: Replace use of ALTERNATIVE with alternative_if
  xen/arm64: entry: Ensure the guest state is synced when receiving a
    vSError

Mark Rutland (1):
  xen/arm: alternative: add auto-nop infrastructure

 xen/arch/arm/alternative.c        |   2 -
 xen/arch/arm/arm32/entry.S        |   9 ++-
 xen/arch/arm/arm64/entry.S        | 121 +++++++++++++++-----------------------
 xen/arch/arm/traps.c              |  81 +++++++++++++------------
 xen/include/asm-arm/alternative.h |  74 ++++++++++++++++-------
 xen/include/asm-arm/insn.h        |  11 ++++
 xen/include/asm-arm/livepatch.h   |   4 +-
 xen/include/asm-arm/macros.h      |   7 +++
 8 files changed, 172 insertions(+), 137 deletions(-)

Comments

Juergen Gross Sept. 27, 2019, 4:17 a.m. UTC | #1

On 26.09.19 20:37, Julien Grall wrote:
> Hi all,
> 
> This patch series aims to fix two bugs in the entry path from the guest:
>      1) Make sure that SSBD workaround is enabled before executing any hypervisor code
>      2) Avoid guest state corruption when an virtual SError is received
> 
> The full series is candidate for Xen 4.13. Without it, the hypervisor would
> not be properly protected against SSB vulnerability and the guest state may
> get corrupted if an SError is received.
> 
> This is in RFC state because the entry code is now quite different and
> arm32 changes are not yet implemented. I will modify arm32 once we agreed
> on the approach.
> 
> Cheers,
> 
> Cc: jgross@suse.com

I think the explanation of the motivation qualifies the series to be
marked as a blocker for 4.13.


Juergen