From patchwork Fri Feb  2 14:19:19 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126716
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687263ljc;
 Fri, 2 Feb 2018 06:21:56 -0800 (PST)
X-Google-Smtp-Source: AH8x225LPsTk3qI8MJHa3sTl0PIjqy0FeKKA9GYYhaQpxfRNVTQFzxFbAzOQlvpZIL9v9UExHff1
X-Received: by 10.107.51.149 with SMTP id z143mr43188071ioz.287.1517581315886; 
 Fri, 02 Feb 2018 06:21:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581315; cv=none;
 d=google.com; s=arc-20160816;
 b=uMHnk0WNO/G2EMhMjQK1H1UrqYh0tXVBGocJ7ZoCi6otUZlUF3jkmw9slp4+h5iTB7
 j5dAM026V8N9lfYGkpYAZBrCGafyKl65YkXXk4i8Ts4FKLTnVXROuPakaH9g0U2q39tr
 Z+gV6mf3DwIyccLe4IP6fhLxGyMIAVSa2LKgoXQ7VI5u77YyYxGbUa9vi1qa9dyH8jz6
 fQfDsHj0UlxKRnvU7ugrGmlxzNvayllZT5MYu5bR8EoH5CvmkqwziT3AHoko9z0gQcmK
 k0jIHkJbpvvtiYXu+tNAAcjHCKmxGJUyMZRmR8InqjlPA3oPDmrh1ib26Btea6FgFgKa
 rFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=rHQUnbifTuF7Pn7usM6MJgvor6xVpZTk9DtEbWxJE7M=;
 b=dtgUqVFpR6Wf59obmVzD0+3cMZje9XxHtO88Ymh/CF5DqkQZOnqEMvy9MbuOQVk5ts
 YQaDDGT+pcbzWyTAAZ4mi8S941zvpLpZ/Nj7hMvjaNTKsLNx7ePMPpp7C8iVUFeq1uFM
 Nz2ADDcP43yW8LcLDGLQ5+XREaKnrQmUZTmSPKQxsNz5VaowLx7XmRGyiE/09uoWwJlC
 Gn7HcKeg0+QedpGo+tysAK+02B6UGALrWWXJpkGTzsPmSmzh2E7agCIvxrJCe8FUs4uD
 Ivuhvxx7SyvhlcxRT3o2gl8TJRMrWHd2j8DkPZZ2mqaGt8ugBdJtF5VRnsZf4WmiNrWe
 nBKg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=XIXdi2IS; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 j63si1821939ioo.127.2018.02.02.06.21.55
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=XIXdi2IS; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBg-00084l-Ev; Fri, 02 Feb 2018 14:19:32 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBf-00084U-Hl
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:31 +0000
X-Inumbo-ID: 0a2edf52-0824-11e8-ba59-bc764e045a96
Received: from mail-wm0-x241.google.com (unknown [2a00:1450:400c:c09::241])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0a2edf52-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:12 +0100 (CET)
Received: by mail-wm0-x241.google.com with SMTP id f3so12739959wmc.1
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=P/xlNr0sL12gck5AzLgDJU5rzE0bHrECiy+jMPKtdJE=;
 b=XIXdi2ISv+/dkqIcupi4GTugJ+HxHqRnCqgmY7YEyIbudo1jynYiqQz2R5cfz9qGMY
 hRRaEGA9Rs66fgbmQa30Yxc2/dRmSreEQL1htVezhTJKlRXVx1A98+GuiuMLC2UlY0H4
 b4Us9BmDPv5+Wnm6QBcrORtRxe8lYgiuPklcw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=P/xlNr0sL12gck5AzLgDJU5rzE0bHrECiy+jMPKtdJE=;
 b=IB05bx2JAsoVyI0xyy+m1rNXH1P47eObKxWFiJMPcJFQjaH84BOWvqTC/8h5oVddyi
 IRiPiDGWDjzq7CQrb63cxWiDcA9CtG7NUH7w19jXxuPJHqiuMEK3yNy5K+W8xt8FLhtV
 kl8nceEamS9zTDt6df6WuLw9nk5osbT0IFagK39XBcWDqanElJRpT78/PYpx1P2vUxSe
 UUx1jCwFnyxe0AReaxnHgSkEG8SI5bSpi9aqaCULoKMCMIc+NWxvMRd2p6/x9LzJD7LY
 oubESvjkR63+b9wsVlMuvkbliKr1U7/Ktb1KcNnB+n8J02jtIs0FeR/QFJMfB4QyysxC
 7Oyg==
X-Gm-Message-State: AKwxytcweKlTlho978Ln8A/ptAHv0U2Obxi5H9FZaJXRi/NeFVZSr/yr
 MsOAlFNalPx7WzUmaEZvG928i/xB4b4=
X-Received: by 10.28.86.131 with SMTP id k125mr29876869wmb.83.1517581168394; 
 Fri, 02 Feb 2018 06:19:28 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.27
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:27 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:19 +0000
Message-Id: <20180202141925.19387-2-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 1/7] xen/arm32: entry: Consolidate
 DEFINE_TRAP_ENTRY_* macros
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

The only difference between all the DEFINE_TRAP_ENTRY_* macros  are the
interrupts (Asynchronous Abort, IRQ, FIQ) unmasked.

Rather than duplicating the code, introduce __DEFINE_TRAP_ENTRY macro
that will take the list of interrupts to unmask.

This is part of XSA-254.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
    Changes in v2:
        - Add Stefano's reviewed-by
---
 xen/arch/arm/arm32/entry.S | 36 +++++++++++++-----------------------
 1 file changed, 13 insertions(+), 23 deletions(-)

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 120922e64e..c6490d2847 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -111,39 +111,29 @@ abort_guest_exit_end:
 skip_check:
         mov pc, lr
 
-#define DEFINE_TRAP_ENTRY(trap)                                         \
+/*
+ * Macro to define trap entry. The iflags corresponds to the list of
+ * interrupts (Asynchronous Abort, IRQ, FIQ) to unmask.
+ */
+#define __DEFINE_TRAP_ENTRY(trap, iflags)                               \
         ALIGN;                                                          \
 trap_##trap:                                                            \
         SAVE_ALL;                                                       \
-        cpsie i;        /* local_irq_enable */                          \
-        cpsie a;        /* asynchronous abort enable */                 \
+        cpsie iflags;                                                   \
         adr lr, return_from_trap;                                       \
         mov r0, sp;                                                     \
         mov r11, sp;                                                    \
         bic sp, #7; /* Align the stack pointer (noop on guest trap) */  \
         b do_trap_##trap
 
-#define DEFINE_TRAP_ENTRY_NOIRQ(trap)                                   \
-        ALIGN;                                                          \
-trap_##trap:                                                            \
-        SAVE_ALL;                                                       \
-        cpsie a;        /* asynchronous abort enable */                 \
-        adr lr, return_from_trap;                                       \
-        mov r0, sp;                                                     \
-        mov r11, sp;                                                    \
-        bic sp, #7; /* Align the stack pointer (noop on guest trap) */  \
-        b do_trap_##trap
+/* Trap handler which unmask IRQ/Abort, keep FIQ masked */
+#define DEFINE_TRAP_ENTRY(trap) __DEFINE_TRAP_ENTRY(trap, ai)
 
-#define DEFINE_TRAP_ENTRY_NOABORT(trap)                                 \
-        ALIGN;                                                          \
-trap_##trap:                                                            \
-        SAVE_ALL;                                                       \
-        cpsie i;        /* local_irq_enable */                          \
-        adr lr, return_from_trap;                                       \
-        mov r0, sp;                                                     \
-        mov r11, sp;                                                    \
-        bic sp, #7; /* Align the stack pointer (noop on guest trap) */  \
-        b do_trap_##trap
+/* Trap handler which unmask Abort, keep IRQ/FIQ masked */
+#define DEFINE_TRAP_ENTRY_NOIRQ(trap) __DEFINE_TRAP_ENTRY(trap, a)
+
+/* Trap handler which unmask IRQ, keep Abort/FIQ masked */
+#define DEFINE_TRAP_ENTRY_NOABORT(trap) __DEFINE_TRAP_ENTRY(trap, i)
 
         .align 5
 GLOBAL(hyp_traps_vector)

From patchwork Fri Feb  2 14:19:20 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126711
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687196ljc;
 Fri, 2 Feb 2018 06:21:52 -0800 (PST)
X-Google-Smtp-Source: AH8x225/CYkGM8N6jLEH/8bHRxuk4Sxu3J6lFxwnQvG01GfXf5M8iY+xyTRxoMhmTCEwOVu1ppnL
X-Received: by 10.36.31.5 with SMTP id d5mr3340374itd.136.1517581312146;
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581312; cv=none;
 d=google.com; s=arc-20160816;
 b=kBbWihKVGdEzlxgs8tjUDovTEzFzQjNWpyUh9RxA3wr4zd3HIAzSp842np93KLe0yK
 lGh6Ccq4vkP9b4ztvLyZXj0Z0fWtimS4f5tQXoVhewtboLrG55pGaB0eSvAE7/9vSN1p
 YuUoEEcgjfMKsTUq8VoX0hZmAAQCstPc+C3TaRrUgExpq9np0BYxmyvjnuMJmkn6uud6
 eyTCtu2znjGF1Q+H/7Ee4hFQP4nqx96L4tBYTmnd67oeZqZvc+6U+LuNLekKO1W/9nGj
 8NVq2cwPZCJgHax0A9WoMjS7RPDfIorteyFonQCvx9SCs91dwsPGsJqYAIYH+n+0uSne
 uHKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=geBQuKeQsBcwRWEVMYOVH8Xq9Ekl9tt2JWOZdyW6CVM=;
 b=PsIUL1fXewZgzLWVRrhpVb3lbjBUz9Xyc/EUyKO/CK6WUjsXLrR/4abI4vudjQuT6f
 DCWBeeFzSRkM2HeKQcBxipjavepzzhP2sb8V8T3CvYWo8aSzj6bvjJm9eN4ZQqnY9YyG
 e92DuEREAYiT2wzy/yHURXctoGdEgLT1AisE+iUUMdpP0uwlqIlU/FjhJ7u3qesiZU0b
 Uof5Ctp2Oz9jCStp6zVRnNrWcXg7jsvZuIsXHXDXknAEgQ4z+LYdct0Ai3LK+QICNEI7
 /cM9coL0wZZEP1eNY2fMzeVYmCULjZFFfwfQLPkJYctnmrWe3bQudHFXkJFQeITg4JDp
 5Jzw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gMIxAu0c; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id 6si1770032iob.240.2018.02.02.06.21.51
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gMIxAu0c; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBh-00085C-Lh; Fri, 02 Feb 2018 14:19:33 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBf-00084f-RO
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:31 +0000
X-Inumbo-ID: 0ad158b7-0824-11e8-ba59-bc764e045a96
Received: from mail-wm0-x243.google.com (unknown [2a00:1450:400c:c09::243])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0ad158b7-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:13 +0100 (CET)
Received: by mail-wm0-x243.google.com with SMTP id j21-v6so2811056wmh.1
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=/bIAb0tmbXs5lKUzW8ga62dax57uVS3tbVmOakqWBLM=;
 b=gMIxAu0czxdtF85NuNoxUNXdrPTJ9EZu2EwLrabCb6V1IrkOlVVjGbis9zqC4YLZ48
 hFw7QjSy/h8fCcWoEyozOHI9qyNfafR8lydqLop7nC7qCXHO/fud/Pl8IaJV7ToCGMAz
 GH1+mRHdShPts5FVi9ND//zxhgmOqipQ+STRE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=/bIAb0tmbXs5lKUzW8ga62dax57uVS3tbVmOakqWBLM=;
 b=HbI7jwxgW0a9i7A7Y3rWYgMk7nBZBlAx4CzRtsCF1YRwZEKh7ySuep88bLU2ZO0knR
 tniHr8RBlteYVhhfjCsFVitOH61kJ7awerpY3uk5FIeBNlHErKzBy45lPFhMCy2OjYFM
 a2ml/QkW55p4E2vGEvOiDa8ZN2dllXM2dHVg82TiqvavhH8/y0+jXCDZUhReifviMoVc
 QA7Z0f9s/wtcU/eQSLpUYK6HXJ/qR3+8PwIz81FsNjFxZZ1hZ/eN5LoX55bGstzGn8cw
 /vInucf1p5L4MOkbm88HOyUH3SFvO2cyhJkHMVqDyVtUiPl9O8seMqGn8DiRqzOMQrFU
 1yYw==
X-Gm-Message-State: AKwxyteHSbEsJYOy5dGdNgiFljxApgkAClPfMfiN2UvXa70xL93Lg6im
 FJuzI8R0c3mdyDBeReKzVPATUk3B9X8=
X-Received: by 10.28.232.82 with SMTP id f79mr2161702wmh.72.1517581169425;
 Fri, 02 Feb 2018 06:19:29 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.28
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:28 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:20 +0000
Message-Id: <20180202141925.19387-3-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 2/7] xen/arm32: Add missing MIDR values for
 Cortex-A17 and A12
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Cortex-A17 and A12 MIDR will be used in a follow-up patch for hardening
the branch predictor.

This is part of XSA-254.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
    Changes in v2:
        - Add Stefano's reviewed-by
---
 xen/include/asm-arm/processor.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h
index 466da5da86..c0f79d0093 100644
--- a/xen/include/asm-arm/processor.h
+++ b/xen/include/asm-arm/processor.h
@@ -44,6 +44,8 @@
 
 #define ARM_CPU_IMP_ARM             0x41
 
+#define ARM_CPU_PART_CORTEX_A12     0xC0D
+#define ARM_CPU_PART_CORTEX_A17     0xC0E
 #define ARM_CPU_PART_CORTEX_A15     0xC0F
 #define ARM_CPU_PART_CORTEX_A53     0xD03
 #define ARM_CPU_PART_CORTEX_A57     0xD07
@@ -51,6 +53,8 @@
 #define ARM_CPU_PART_CORTEX_A73     0xD09
 #define ARM_CPU_PART_CORTEX_A75     0xD0A
 
+#define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12)
+#define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17)
 #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15)
 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53)
 #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)

From patchwork Fri Feb  2 14:19:21 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126714
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687225ljc;
 Fri, 2 Feb 2018 06:21:53 -0800 (PST)
X-Google-Smtp-Source: AH8x224l9Lx3dNss4Dc75BfRRL2qD0/oEYFwJk39kwwGuwUCLBTHFFXHxxl85DUV8w1++dSl2HlH
X-Received: by 10.36.120.80 with SMTP id p77mr14356127itc.115.1517581313551; 
 Fri, 02 Feb 2018 06:21:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581313; cv=none;
 d=google.com; s=arc-20160816;
 b=NFcb8fm6hmdnQQFCeFlPTJjx6j9W2OFwPnQB5o+AYhCKB9wh6I1oBgj3CFTZ+hC1JU
 +QJKAD79QbdB95tEAcvh3+MnGvjSmTxoh410u4g/uice4UotGF0gFJR/cbhhpebQgFuB
 m28p7hMuSJFb6OFyvQg9V12YC06tCJMIsoEJ/XjEGCtJbGm1MFGmsX3FytIUI7OvXRqS
 JWNdd2fF8ERELKHR8jnaWNepe+kUWsJkQiGZCafH2Y/yLr/iPA4xNAv2m2WF6Mmw8ogQ
 Up8zzww+Kp+8Qcpt8Bt9tVrzJoI2qmMePdeWbhKSS/KtoJ2u6rHlnfsP28n4+WRYN7G/
 co0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=wX19GdT5yZ6x/Tl34Zc4GmO1rsHtgC6kwsiFHAFNoqg=;
 b=Wx91Zn4vlk2iws+2bkZtbkt9lUe4ty97hplDaWTldgKqQzZsihaaelm7uqjZ3Oxccw
 qhuCeurbQj+ElYecrDF+zttDZPKTgqgd7REsFcUcEE2FgP9GN3PTNsGv3YPr4kzCzY70
 OXkS24XjCndRgtoYqug15sZbMo+/zJrvlyi+kcWPDHunfyVxTXKR0Nxqz6tcOrOpZih2
 d2vT+Y5POIAYAsHo/iCCCeZRB0l7/DIYfoz0h0qXjzBWdxoC2Yv2gljPnA93S4IBPxyh
 lzQFOX4+7NZMno5BtEMkGqDa/CtHEzbfdwR3QLVurx438hmg89tAEFNF0PjH7mGk9lnz
 7/HQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=TIJ1ujJg; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id 72si1823114ioc.86.2018.02.02.06.21.53
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:53 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=TIJ1ujJg; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBi-00085g-04; Fri, 02 Feb 2018 14:19:34 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBh-000852-4V
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:33 +0000
X-Inumbo-ID: 0b55f11d-0824-11e8-ba59-bc764e045a96
Received: from mail-wr0-x242.google.com (unknown [2a00:1450:400c:c0c::242])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0b55f11d-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:14 +0100 (CET)
Received: by mail-wr0-x242.google.com with SMTP id f6so21065153wra.6
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=r1HGC9nH4wEeJ1OqtZl/cBav7TLlzg7REtDMZ9Vj//E=;
 b=TIJ1ujJgcxqOWa2XoqmVj9/6Pg0lSfXjJXD0fZZktnURKEwwtB6gzk7TxwjnwKxt2+
 6pawXd2LuIsnMuZQNXDq3a1BX33L1F4gXI4Yeh4e6222meV6ww9fTjmGpB0EitjF2g5r
 VO0lRkd8Q39g3TzPOp9EMmbvzsz2TZnca6Cj8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=r1HGC9nH4wEeJ1OqtZl/cBav7TLlzg7REtDMZ9Vj//E=;
 b=JgtfzhzKBtl6OpIZTv4usceMO8skJiI+tC96qVZH4W1PgQR13n1LhVokl44gIFVuy8
 AFeltQf/hGb1LSV3repWWr3XT9qqLnyVExAk6hutEuaqwZUCjDaoRq2lSZMab3KWJicl
 8dz2qWJMVaDF+khqnbh45UJfiajcVLVRXUemo7JxWWYcm4Z+OvWpEtvKFsUrbmLMTlF0
 DioR/ndCiIj6oIlynkn/ReMMiN5Or+zdW4bzDmHZJgAiPgS6HkM1TxusC5ZyxcRHgXpi
 n23D7lFhWW0AX/2F9lluClI15l7xH5rMWIcGadXObbJKvXLBHcDPmAwAXaE3KbYHfqO+
 3BAw==
X-Gm-Message-State: AKwxytfZg5QJvw7n7/lICeSJz7FliATseT8+W2WADveiaMAqW8QDU8Hi
 gcLIgqkBNw8MtnjmLeA7eBN8axYO1/8=
X-Received: by 10.223.201.3 with SMTP id m3mr14889149wrh.117.1517581170290; 
 Fri, 02 Feb 2018 06:19:30 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.29
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:29 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:21 +0000
Message-Id: <20180202141925.19387-4-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 3/7] xen/arm32: entry: Add missing trap_reset
 entry
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

At the moment, the reset vector is defined as .word 0 (e.g andeq r0, r0,
r0).

This is rather unintuitive and will result to execute the trap
undefined. Instead introduce trap helpers for reset and will generate an
error message in the unlikely case that reset will be called.

This is part of XSA-254.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
    Changes in v2:
        - Replace .word 0 by trap_reset
---
 xen/arch/arm/arm32/entry.S | 3 ++-
 xen/arch/arm/arm32/traps.c | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index c6490d2847..64876c1184 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -137,7 +137,7 @@ trap_##trap:                                                            \
 
         .align 5
 GLOBAL(hyp_traps_vector)
-        .word 0                         /* 0x00 - Reset */
+        b trap_reset                    /* 0x00 - Reset */
         b trap_undefined_instruction    /* 0x04 - Undefined Instruction */
         b trap_hypervisor_call          /* 0x08 - Hypervisor Call */
         b trap_prefetch_abort           /* 0x0c - Prefetch Abort */
@@ -146,6 +146,7 @@ GLOBAL(hyp_traps_vector)
         b trap_irq                      /* 0x18 - IRQ */
         b trap_fiq                      /* 0x1c - FIQ */
 
+DEFINE_TRAP_ENTRY(reset)
 DEFINE_TRAP_ENTRY(undefined_instruction)
 DEFINE_TRAP_ENTRY(hypervisor_call)
 DEFINE_TRAP_ENTRY(prefetch_abort)
diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
index 705255883e..4f27543dec 100644
--- a/xen/arch/arm/arm32/traps.c
+++ b/xen/arch/arm/arm32/traps.c
@@ -23,6 +23,11 @@
 
 #include <asm/processor.h>
 
+void do_trap_reset(struct cpu_user_regs *regs)
+{
+    do_unexpected_trap("Reset", regs);
+}
+
 void do_trap_undefined_instruction(struct cpu_user_regs *regs)
 {
     uint32_t pc = regs->pc;

From patchwork Fri Feb  2 14:19:22 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126713
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687214ljc;
 Fri, 2 Feb 2018 06:21:52 -0800 (PST)
X-Google-Smtp-Source: AH8x2275O48b9Jw3UwmPkMzBbGYCVBtbb8DxNMFTXnqYXStQbl+yp1m4gfpRkfP8TaWmWBGuQyAf
X-Received: by 10.36.74.194 with SMTP id k185mr43131304itb.23.1517581312793; 
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581312; cv=none;
 d=google.com; s=arc-20160816;
 b=K8rpv4tSK/oz3ziv7KpxgwNx4iUhEXf4/aR5/hqWYlGjAIHfsFpxqih3yNYvH6LOrD
 XOkj5Fwtf6IL3k+pdjI42Zhr6uo3rUHisfeHFLnS1WzTFwxuNEbyXl0Y0btu6S5MyDha
 sn1UFZTNwD/xjRwn6kfUvwvgvu2uOXWUPcLqD8q3sMnPLiPARogwdSUF+na/RBJT+Ucy
 hTDxThHIN9Yysvk7y31LsEb+ZAp4ez5zPujLowwgkLdu7rCv79qItlikwKXOM6MwDZGS
 i22Wp2tB64bjdyBl5b5QLgwhQYCvmcfKlVCOoS7XknXwCyw1JgY8Gx9jBGFya8CtB2UB
 wspQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=vf1loLQGDj5eepuk/oLF+JRefU8LybUUiB5iq8voKxI=;
 b=ICSGSC0HMEOZ1uhSVPNgWLtGtDtKnB2XSLu1SJNqR5ythA+4qJaUTzxf209aM+Q1NN
 6dTz48D3XO514x3PlEDx0d5ohALQTIfxNRrQTYEilBjx2WtYl8laBV9hPonCcjDONXVP
 DWJb1RRpTE7pWVDEgd3K8dj6d9Zcx/B1hdModQnLyhYMC2nG/1nKPmC/+b77eBfgncSy
 G6geQu+IuR5poWWL/GUMDFMtO28S+3OuENmv27iZR72vX8O10vvJmhz7XI64qHDp8k3y
 u/sbfYunoU4CDHq03y/DEigMzFAeaLfQd6e2jigDAbBsnvhx5wFsPe+HK5/8LiggqNUM
 KntA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=eroJAb74; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 m65si1617993itg.145.2018.02.02.06.21.52
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=eroJAb74; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBj-00086B-7Z; Fri, 02 Feb 2018 14:19:35 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBi-00085v-D5
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:34 +0000
X-Inumbo-ID: 0be03bcc-0824-11e8-ba59-bc764e045a96
Received: from mail-wr0-x244.google.com (unknown [2a00:1450:400c:c0c::244])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0be03bcc-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:15 +0100 (CET)
Received: by mail-wr0-x244.google.com with SMTP id w50so22726508wrc.2
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=PGaUt4vGU0nTKsdwYdN2EUn3sR8D/oH0Xplfrtp4Nic=;
 b=eroJAb74P5rY770zJ2BwZCp9FqoH1OQ/eR3ngMRc1B2miL5lbivlf6Fr2VtMG4fjUV
 AlR+n3i6Dm3mFZKIT/Wxymtwoyp3272V2xS045yNgQKKXVaZANanr6I3Yt2amU3LGLmI
 r+xsQTAGuYJewIw2DrYUlRcdrsBoWog9TYqRQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=PGaUt4vGU0nTKsdwYdN2EUn3sR8D/oH0Xplfrtp4Nic=;
 b=m2zNVmO06nAjMY6aRqi6nvbw2Y+jTNAtuiTLiQMtUSJIbk/1f5F0VxhOjI8ITDjKIW
 0Wk/uevOhnyviKFfPZaCU+Kwo++zeYZZsVE7gk0SjU24L7nN3gOWNe/8E/pnelrrJHOt
 EtMwaxxNFszqNknHyKlDVPWv3Xx66gmmNiW6mhdppl2mDPc1zthKMJ1lX8QseZhGWe8z
 Zs9FB69+1Emr8wS/qXnq27FTzOrRXGEIIIWTGT6kBbdjlShUP9hbjtuzZfdrjs0m1aQ6
 XY0WiISMhoQFkzc8krYGY2uMtvm8+684t2dFLthZFNPcsydjAoB1yF5FBQPzs2IPNT/G
 jX/g==
X-Gm-Message-State: AKwxyteHT7xGoQkxV1tSbC0tguBgdUUjI/D20tx8SAzLJLvSSzU+wvra
 d0ovTJkH+7c3Fv8WjUtGvAsrHHvI5oM=
X-Received: by 10.223.151.207 with SMTP id t15mr11155040wrb.223.1517581171139; 
 Fri, 02 Feb 2018 06:19:31 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.30
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:30 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:22 +0000
Message-Id: <20180202141925.19387-5-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 4/7] xen/arm32: Add skeleton to harden branch
 predictor aliasing attacks
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Aliasing attacked against CPU branch predictors can allow an attacker to
redirect speculative control flow on some CPUs and potentially divulge
information from one context to another.

This patch adds initiatial skeleton code behind a new Kconfig option
to enable implementation-specific mitigations against these attacks
for CPUs that are affected.

Most of mitigations will have to be applied when entering to the
hypervisor from the guest context.

Because the attack is against branch predictor, it is not possible to
safely use branch instruction before the mitigation is applied.
Therefore this has to be done in the vector entry before jump to the
helper handling a given exception.

However, on arm32, each vector contain a single instruction. This means
that the hardened vector tables may rely on the state of registers that
does not hold when in the hypervisor (e.g SP is 8 bytes aligned).
Therefore hypervisor code running with guest vectors table should be
minimized and always have IRQs and SErrors masked to reduce the risk to
use them.

This patch provides an infrastructure to switch vector tables before
entering to the guest and when leaving it.

Note that alternative could have been used, but older Xen (4.8 or
earlier) doesn't have support. So avoid using alternative to ease
backporting.

This is part of XSA-254.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
    Changes in v2:
        - Clarify the commit message
---
 xen/arch/arm/Kconfig       |  3 +++
 xen/arch/arm/arm32/entry.S | 41 ++++++++++++++++++++++++++++++++++++++++-
 xen/arch/arm/cpuerrata.c   | 30 ++++++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 06fd85cc77..2782ee6589 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -191,6 +191,9 @@ config HARDEN_BRANCH_PREDICTOR
 config ARM64_HARDEN_BRANCH_PREDICTOR
     def_bool y if ARM_64 && HARDEN_BRANCH_PREDICTOR
 
+config ARM32_HARDEN_BRANCH_PREDICTOR
+    def_bool y if ARM_32 && HARDEN_BRANCH_PREDICTOR
+
 source "common/Kconfig"
 
 source "drivers/Kconfig"
diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 64876c1184..828e52c25c 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -34,6 +34,20 @@
         blne save_guest_regs
 
 save_guest_regs:
+#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR
+        /*
+         * Restore vectors table to the default as it may have been
+         * changed when returning to the guest (see
+         * return_to_hypervisor). We need to do that early (e.g before
+         * any interrupts are unmasked) because hardened vectors requires
+         * SP to be 8 bytes aligned. This does not hold when running in
+         * the hypervisor.
+         */
+        ldr r1, =hyp_traps_vector
+        mcr p15, 4, r1, c12, c0, 0
+        isb
+#endif
+
         ldr r11, =0xffffffff  /* Clobber SP which is only valid for hypervisor frames. */
         str r11, [sp, #UREGS_sp]
         SAVE_ONE_BANKED(SP_usr)
@@ -179,12 +193,37 @@ return_to_guest:
         RESTORE_ONE_BANKED(R11_fiq); RESTORE_ONE_BANKED(R12_fiq);
         /* Fall thru */
 return_to_hypervisor:
-        cpsid i
+        cpsid ai
         ldr lr, [sp, #UREGS_lr]
         ldr r11, [sp, #UREGS_pc]
         msr ELR_hyp, r11
         ldr r11, [sp, #UREGS_cpsr]
         msr SPSR_hyp, r11
+#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR
+        /*
+         * Hardening branch predictor may require to setup a different
+         * vector tables before returning to the guests. Those vectors
+         * may rely on the state of registers that does not hold when
+         * running in the hypervisor (e.g SP is 8 bytes aligned). So setup
+         * HVBAR very late.
+         *
+         * Default vectors table will be restored on exit (see
+         * save_guest_regs).
+         */
+        mov r9, #0                      /* vector tables = NULL */
+        /*
+         * Load vector tables pointer from the per-cpu bp_harden_vecs
+         * when returning to the guest only.
+         */
+        and r11, #PSR_MODE_MASK
+        cmp r11, #PSR_MODE_HYP
+        ldrne r11, =per_cpu__bp_harden_vecs
+        mrcne p15, 4, r10, c13, c0, 2   /* r10 = per-cpu offset (HTPIDR) */
+        addne r11, r11, r10             /* r11 = offset of the vector tables */
+        ldrne r9, [r11]                 /* r9  = vector tables */
+        cmp r9, #0                      /* Only update HVBAR when the vector */
+        mcrne p15, 4, r9, c12, c0, 0    /* tables is not NULL. */
+#endif
         pop {r0-r12}
         add sp, #(UREGS_SP_usr - UREGS_sp); /* SP, LR, SPSR, PC */
         clrex
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index f1ea7f3c5b..0a138fa735 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -170,6 +170,36 @@ static int enable_psci_bp_hardening(void *data)
 
 #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */
 
+/* Hardening Branch predictor code for Arm32 */
+#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR
+
+/*
+ * Per-CPU vector tables to use when returning to the guests. They will
+ * only be used on platform requiring to harden the branch predictor.
+ */
+DEFINE_PER_CPU_READ_MOSTLY(const char *, bp_harden_vecs);
+
+extern char hyp_traps_vector_bp_inv[];
+
+static void __maybe_unused
+install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry,
+                          const char *hyp_vecs, const char *desc)
+{
+    /*
+     * Enable callbacks are called on every CPU based on the
+     * capabilities. So double-check whether the CPU matches the
+     * entry.
+     */
+    if ( !entry->matches(entry) )
+        return;
+
+    printk(XENLOG_INFO "CPU%u will %s on guest exit\n",
+           smp_processor_id(), desc);
+    this_cpu(bp_harden_vecs) = hyp_vecs;
+}
+
+#endif
+
 #define MIDR_RANGE(model, min, max)     \
     .matches = is_affected_midr_range,  \
     .midr_model = model,                \

From patchwork Fri Feb  2 14:19:23 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126712
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687203ljc;
 Fri, 2 Feb 2018 06:21:52 -0800 (PST)
X-Google-Smtp-Source: AH8x2249IQ9+MCRINE37ZgZ722TwcaWp0Q4iDLJmJ3nVZeW/8c66lah0lTa499p++Kspw8vVIyTm
X-Received: by 10.36.77.65 with SMTP id l62mr48066742itb.42.1517581312365;
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581312; cv=none;
 d=google.com; s=arc-20160816;
 b=qU5qzonJfkul9SvrStOkB2ddUrBz6yde6rjZJESyB/GIBMrFgP4PVhqvpqh7V84mJ8
 mOhl7izTazCu91sTsqr0RydiCchjeZKue4uVfon8FtroAHLEVVp/mP6+topVWAHteust
 hshW5R3StAVVFrQy0HCDKw+0Z3dQeTt73Fo1K+FBx2F7cUiS3Y1f28aZQQdD9yAWkfH7
 E9uTLOGUK+3y/ObIqbvQb+5cm4zDQmFaLONZF5HuG5jc2JYDYueRm3Q6IOclG6pRDJCM
 rsBmQB5s3Un5ByCu2Uh0/xZ5/u3WiinyrEbIbdYMMAVKSsElh2PAopIAziAiGW/WDuRu
 F06A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=GM3enhaCddwNtxzvfWMDfl0BIveIhUW3K0KcQybASbM=;
 b=B1+EIZjEk0Lf1tiCTjURTx+avwPi6mtrbE7b/wgIxLzdgRu098POro9E9qlQPAR0R8
 hC4YMq9WsDm4ho/SGd1zovXc8hHIXEbek7LBUlI/NTX0Z4QFKvFKd/wdXXcB9cBJFrv/
 L6A1KcOr/gTNaHaVeRRkmNbnYMVILP+pgq9DXF5kABpJxWgkVNwa9luVGFNi0VL34YCB
 9kBzYd2eeRoUiTHW69eRqMMr65qDDDHv36rCsShw74i43phVBai22rWJR3zIgQugBrxw
 bjjVbTQOCYWc6lYzQjP6OgUOkRFrVE9cUcCWbXk1dnOYjk7Tx7LG1eJjHksnf5vx4oI9
 smUw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=IG1cabCi; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 y99si1728126ita.113.2018.02.02.06.21.52
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=IG1cabCi; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBj-00086O-EB; Fri, 02 Feb 2018 14:19:35 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBi-00085w-FK
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:34 +0000
X-Inumbo-ID: 0c7ff5b4-0824-11e8-ba59-bc764e045a96
Received: from mail-wm0-x241.google.com (unknown [2a00:1450:400c:c09::241])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0c7ff5b4-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:16 +0100 (CET)
Received: by mail-wm0-x241.google.com with SMTP id g1so12934814wmg.2
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=dgbg1Eo7FLFxDacoQNT23U+p6yhJgkPrPU9eaIYxhis=;
 b=IG1cabCik8Q1vLGiy8T3LQgimdFZt9l6tB3OdgaxwpiuHG6fzK0w1PyVTedormXpzn
 zxtI7Fu40mlZoUNGP8FXLvBKgCu4WU1lEFWahQklpiKf1oPX5XTT1EYzG5IT6K81SknA
 7cp5L1YeiRKQiltLRKLiwSZU2qpa2EPfVLZxY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=dgbg1Eo7FLFxDacoQNT23U+p6yhJgkPrPU9eaIYxhis=;
 b=U1ZKX253MxLQj/chfKzCGL+WTowoLOuz2l2THt93RSIZASmodaSXfJtX3SLMvTSAZZ
 o8WUvn6s1OJLQRrxZz+lS3mLaAr2bJF8b6LjKNwahZf3SJNURE8eb3zZ1UaDybJ2hD2Z
 RAsW4pqLfr3FZMsnxsTW1l7DC0A1yw/o4523RM0SBmdsPHVcSWBlpNC8KlZNud9fAR/Z
 3q6OEBJ7KoVYnSdREpvIc0yy1WgA0J3EUfzF2CQ0xWVWZaAzxPXV4UTzw/iLbohEaDYH
 L3HZ57riRGHiwuAxoPn29FQumwIorRytKkdygfeyLeKNbCKc1+aW9oycB6EmEQ0wkGC5
 Oa+g==
X-Gm-Message-State: AKwxytdllCiT7p0jTisLEXHJYDvCcXyblr6t8+frRvyhdZjA+m197nIL
 L02AJG4fvjlrsQQngHMU+p4e5dbQ2t8=
X-Received: by 10.28.53.130 with SMTP id c124mr26681136wma.110.1517581172175; 
 Fri, 02 Feb 2018 06:19:32 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.31
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:31 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:23 +0000
Message-Id: <20180202141925.19387-6-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>, sstabellini@kernel.org,
 Julien Grall <julien.grall@linaro.org>, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 5/7] xen/arm32: Invalidate BTB on guest exit
 for Cortex A17 and 12
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

In order to avoid aliasing attackes agains the branch predictor, let's
invalidate the BTB on guest exist. This is made complicated by the fact
that we cannot take a branch invalidating the BTB.

This is based on the fourth version posted by Marc Zyngier on Linux-arm
mailing list (see [1]).

This is part of XSA-254.

[1] https://www.spinics.net/lists/arm-kernel/msg632062.html

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
    Changes in v3:
        - Drop Stefano's reviewed-by
        - Use the latest version of the Linux patch. This will improve
        code readability.

    Changes in v2:
        - Add Stefano's reviewed-by
---
 xen/arch/arm/arm32/entry.S | 38 ++++++++++++++++++++++++++++++++++++++
 xen/arch/arm/cpuerrata.c   | 19 +++++++++++++++++++
 2 files changed, 57 insertions(+)

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 828e52c25c..1ebbe4b065 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -160,6 +160,44 @@ GLOBAL(hyp_traps_vector)
         b trap_irq                      /* 0x18 - IRQ */
         b trap_fiq                      /* 0x1c - FIQ */
 
+#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
+
+        .align 5
+GLOBAL(hyp_traps_vector_bp_inv)
+        /*
+         * We encode the exception entry in the bottom 3 bits of
+         * SP, and we have to guarantee to be 8 bytes aligned.
+         */
+        add sp, sp, #1                  /* Reset            7 */
+        add sp, sp, #1                  /* Undef            6 */
+        add sp, sp, #1                  /* Hypervisor Call  5 */
+        add sp, sp, #1                  /* Prefetch abort   4 */
+        add sp, sp, #1                  /* Data abort       3 */
+        add sp, sp, #1                  /* Hypervisor       2 */
+        add sp, sp, #1                  /* IRQ              1 */
+        nop                             /* FIQ              0 */
+
+        mcr	p15, 0, r0, c7, c5, 6	    /* BPIALL */
+        isb
+
+.macro vect_br val, targ
+        eor     sp, sp, #\val
+        tst     sp, #7
+        eorne   sp, sp, #\val
+        beq     \targ
+.endm
+
+        vect_br 0, trap_fiq
+        vect_br 1, trap_irq
+        vect_br 2, trap_guest_sync
+        vect_br 3, trap_data_abort
+        vect_br 4, trap_prefetch_abort
+        vect_br 5, trap_hypervisor_call
+        vect_br 6, trap_undefined_instruction
+        vect_br 7, trap_reset
+
+#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
+
 DEFINE_TRAP_ENTRY(reset)
 DEFINE_TRAP_ENTRY(undefined_instruction)
 DEFINE_TRAP_ENTRY(hypervisor_call)
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 0a138fa735..c79e6d65d3 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -198,6 +198,13 @@ install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry,
     this_cpu(bp_harden_vecs) = hyp_vecs;
 }
 
+static int enable_bp_inv_hardening(void *data)
+{
+    install_bp_hardening_vecs(data, hyp_traps_vector_bp_inv,
+                              "execute BPIALL");
+    return 0;
+}
+
 #endif
 
 #define MIDR_RANGE(model, min, max)     \
@@ -284,6 +291,18 @@ static const struct arm_cpu_capabilities arm_errata[] = {
         .enable = enable_psci_bp_hardening,
     },
 #endif
+#ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR
+    {
+        .capability = ARM_HARDEN_BRANCH_PREDICTOR,
+        MIDR_ALL_VERSIONS(MIDR_CORTEX_A12),
+        .enable = enable_bp_inv_hardening,
+    },
+    {
+        .capability = ARM_HARDEN_BRANCH_PREDICTOR,
+        MIDR_ALL_VERSIONS(MIDR_CORTEX_A17),
+        .enable = enable_bp_inv_hardening,
+    },
+#endif
     {},
 };
 

From patchwork Fri Feb  2 14:19:24 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126715
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687236ljc;
 Fri, 2 Feb 2018 06:21:54 -0800 (PST)
X-Google-Smtp-Source: AH8x2269EFm8HUAkB8Tl1IZnBejVj9r14AgoOrWUyg7gi2PDkTakDJjrLxuAYhhoDUQjtVew7ljl
X-Received: by 10.36.2.16 with SMTP id 16mr45914318itu.81.1517581314150;
 Fri, 02 Feb 2018 06:21:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581314; cv=none;
 d=google.com; s=arc-20160816;
 b=PRv0HcXdjCZVMlC6d4Qrntrc3dWwG7nz0sjm6TarVwCW1WaQnBbCUUkkhfszjHGmgW
 xcd2eFME9KTY+OZWoOoOu2JegdMmLrYkyEjuc8s+YEBjgJejYyrhR886zohemHUA91LG
 xIBdQ43pn1yDQv0w/4cIFihmArytpS0NYJkzMH+6s7sW3evhqOHKs4hGQY91aiLh07ZQ
 PRGPvDTx0S8xuR813dGAODGEQXb5QpcxR6QOqieqcVM7pN2C8zBSjKl3kUmxMB7BQKHm
 KLKQU5NYv3/NSELAOnnY+nr4RyyWUNkufTk7rTMCXOT62lhSTu2wyjwKtJoXZiHFE7zM
 9CJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=jb2ONX6iSpj59qBzJcnX0OKiT+VXlYtiM21nI3TvpW8=;
 b=LvnkW1oht9JvAXNo/Ze3JNnBnRZ7FlUE437f7ez9Q00vpJYHNw0sdazn0SXXCqsWGk
 4OPx1RbiA+e8aOM52kLIZSSR6N01kxBue6Ok0sywI2KbjJ8xpZap8ys/m0HpjWtwv6Q4
 go8+NaqYaPZy1n9C4stGi86/UPQ4+X9E8rQooZrHjvXup785uW7RuMZF5LM6udiNQVJJ
 BQib574+40XLEfTov0HHMWOqnEsWptDj7zxWxrs+dZ0IORTcFruP8XONCJlLHqWicYuz
 3KC1xg3hLfC83EAbiXZYnPgpaVLec1AetCGmEkcJ1S4KyNK1BjUCRupEemDRdjEmfSBm
 9UEw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=h8aCRt5G; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id
 w70si2167501ioe.32.2018.02.02.06.21.53
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=h8aCRt5G; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBk-00088B-L4; Fri, 02 Feb 2018 14:19:36 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBj-00086Z-Nj
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:35 +0000
X-Inumbo-ID: 0d115074-0824-11e8-ba59-bc764e045a96
Received: from mail-wr0-x244.google.com (unknown [2a00:1450:400c:c0c::244])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0d115074-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:17 +0100 (CET)
Received: by mail-wr0-x244.google.com with SMTP id v31so22696968wrc.11
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=05I9oMFvVF+hHcZSGPTnK3m1qiGyhpohpor09+2qcSE=;
 b=h8aCRt5GFmvwu+yxVn/0jzU364qCPx85KczPu6ukHzz+/V0KyQMCceFqdYrT+nv0s0
 cFEKOoihh4zI8n/MoHK6lY22fUcuuH3Jdwe6i5neUmBz+n3+Xy/ZNKi/2RaAp78mOK66
 p7smY7gioiedBWlr82fdhfndATnWz6STgxxDo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=05I9oMFvVF+hHcZSGPTnK3m1qiGyhpohpor09+2qcSE=;
 b=K6w5n+5Pfldo25kmSj2zf23zwk4itjAYQbC9E8XqWPBfnow7/WEYsNUV7SAoDZAsSg
 gF6Uc6ORhvMno5ylNkm0aH6FjZYvbOHSQWBj7voyPvG6tUJ9D4TJfV1W64IL965Y2RnC
 j52XaSODra75Agd/YsbHz+5Cd9SFB/+uZgaUUC3JorWmfm6j9uLQA7G2ezWCYP9LIq6H
 iLfYRzMoAcPE7+NiJLvpU+0h6OaDX8iqt1RoPhBZA5GP3qgl3RXaU3oepwzlHMvPHrgb
 4nzTf88bal0PxBETBC+bpnAXIuLlkSlE+yEb8TW4yvX801hEfM7Mpj4VRgGhzDIxzWTm
 5PPg==
X-Gm-Message-State: AKwxytelrTetgy2k4zTF+0U3yp37tL1H3dr8/1vajFT/Z6nACWH/j+2M
 0Cot+AspDGK17BoDpzl7ytcxXd4VaPc=
X-Received: by 10.223.130.234 with SMTP id 97mr15865800wrc.144.1517581173212; 
 Fri, 02 Feb 2018 06:19:33 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.32
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:32 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:24 +0000
Message-Id: <20180202141925.19387-7-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>, sstabellini@kernel.org,
 Julien Grall <julien.grall@linaro.org>, andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 6/7] xen/arm32: Invalidate icache on guest
 exist for Cortex-A15
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

In order to avoid aliasing attacks against the branch predictor on
Cortex A-15, let's invalidate the BTB on guest exit, which can only be
done by invalidating the icache (with ACTLR[0] being set).

We use the same hack as for A12/A17 to perform the vector decoding.

This is based on Linux patch from the kpti branch in [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---

Changes in v2:
    - Add Stefano's reviewed-by
---
 xen/arch/arm/arm32/entry.S | 21 +++++++++++++++++++++
 xen/arch/arm/cpuerrata.c   | 13 +++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 1ebbe4b065..2f8b7cb7b8 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -163,6 +163,26 @@ GLOBAL(hyp_traps_vector)
 #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
 
         .align 5
+GLOBAL(hyp_traps_vector_ic_inv)
+        /*
+         * We encode the exception entry in the bottom 3 bits of
+         * SP, and we have to guarantee to be 8 bytes aligned.
+         */
+        add sp, sp, #1                  /* Reset            7 */
+        add sp, sp, #1                  /* Undef            6 */
+        add sp, sp, #1                  /* Hypervisor call  5 */
+        add sp, sp, #1                  /* Prefetch abort   4 */
+        add sp, sp, #1                  /* Data abort       3 */
+        add sp, sp, #1                  /* Hypervisor       2 */
+        add sp, sp, #1                  /* IRQ              1 */
+        nop                             /* FIQ              0 */
+
+        mcr p15, 0, r0, c7, c5, 0       /* ICIALLU */
+        isb
+
+        b decode_vectors
+
+        .align 5
 GLOBAL(hyp_traps_vector_bp_inv)
         /*
          * We encode the exception entry in the bottom 3 bits of
@@ -180,6 +200,7 @@ GLOBAL(hyp_traps_vector_bp_inv)
         mcr	p15, 0, r0, c7, c5, 6	    /* BPIALL */
         isb
 
+decode_vectors:
 .macro vect_br val, targ
         eor     sp, sp, #\val
         tst     sp, #7
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index c79e6d65d3..9c7458ef06 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -180,6 +180,7 @@ static int enable_psci_bp_hardening(void *data)
 DEFINE_PER_CPU_READ_MOSTLY(const char *, bp_harden_vecs);
 
 extern char hyp_traps_vector_bp_inv[];
+extern char hyp_traps_vector_ic_inv[];
 
 static void __maybe_unused
 install_bp_hardening_vecs(const struct arm_cpu_capabilities *entry,
@@ -205,6 +206,13 @@ static int enable_bp_inv_hardening(void *data)
     return 0;
 }
 
+static int enable_ic_inv_hardening(void *data)
+{
+    install_bp_hardening_vecs(data, hyp_traps_vector_ic_inv,
+                              "execute ICIALLU");
+    return 0;
+}
+
 #endif
 
 #define MIDR_RANGE(model, min, max)     \
@@ -302,6 +310,11 @@ static const struct arm_cpu_capabilities arm_errata[] = {
         MIDR_ALL_VERSIONS(MIDR_CORTEX_A17),
         .enable = enable_bp_inv_hardening,
     },
+    {
+        .capability = ARM_HARDEN_BRANCH_PREDICTOR,
+        MIDR_ALL_VERSIONS(MIDR_CORTEX_A15),
+        .enable = enable_ic_inv_hardening,
+    },
 #endif
     {},
 };

From patchwork Fri Feb  2 14:19:25 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julien Grall <julien.grall@linaro.org>
X-Patchwork-Id: 126717
Delivered-To: patch@linaro.org
Received: by 10.46.124.24 with SMTP id x24csp687278ljc;
 Fri, 2 Feb 2018 06:21:56 -0800 (PST)
X-Google-Smtp-Source: AH8x227gbwikl9DRlXxDEYW50NB/7eZrU+KPegCX+YnBDqnEt5Pf38mqDRxlr5pyM6cXHEvpQBoP
X-Received: by 10.36.47.78 with SMTP id j75mr44882931itj.129.1517581316541; 
 Fri, 02 Feb 2018 06:21:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517581316; cv=none;
 d=google.com; s=arc-20160816;
 b=eD91ojz9xADkGiWdrjLhdEmHVIGABbaaNVruWowCcRUqfPlzHBes96K+ogDX4AqI9j
 6RBnITPTvdZQwECJggfkR6J8MK8Ne/VC/G07Ul5k0vloc5mek+R4XvPbl1taMKFGFO7W
 5c+ZRM2jH9Sgt7MyQxl/8RZ3ljtKlRpXo7WM9opqweWcj3MTuqS9ws1uk0MrLLb+nOg5
 LGBUV3pKtcZwenJ4IZNice8vnnfNA3Iw6srMDvnA7Efi9SsFILTMRFyKWwH0F02m5RRh
 A+UhD5vOnlsgPZvHn8v3xEbOBins0OWuSP6K5iUNVN7BimBIOfrmtlM5nfA8Nlyi7Lg5
 8lag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-unsubscribe:list-id
 :precedence:subject:cc:references:in-reply-to:message-id:date:to
 :from:dkim-signature:arc-authentication-results;
 bh=Ttb4juC7JAV1qQciqeg16WG2L+oZrW8LZHC3VirZEdw=;
 b=dEQZot9R7Jh34OAgZS8yRt+ml1j/HfAESuH6bmRehq+pmez91xZ6XY3LaTlmy2eoRP
 ND6LnR97do48wfKBOM7KGXBvayHvcHKbtYkI9hjLCkLxB601axrG0mlcnRWF5MoBYrC+
 KBLKE0nv2Hh2KdjG1nRt+gnEboUdKup28SV43+mXPFGgI/hHum5rc8SUbj2IkE/RtK0a
 8WGYNdPP7LytjIjtqAIv8DYe54PZGgDoLN/WCMGkLbAF5ttwThLV7had8nC5dpAwvI0C
 cM2JjRS8Am2KJxkvrvROAHWB1ooHNJRB8cnZV07qKxX24WZXYG3WUDVp5Yr5sgDm5y2W
 mTYg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=FTYb+KUV; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120])
 by mx.google.com with ESMTPS id q1si1870391iof.47.2018.02.02.06.21.56
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:21:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=FTYb+KUV; 
 spf=pass (google.com: best guess record for domain of
 xen-devel-bounces@lists.xenproject.org designates
 192.237.175.120 as permitted sender)
 smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <xen-devel-bounces@lists.xenproject.org>)
 id 1ehcBm-0008AD-T9; Fri, 02 Feb 2018 14:19:38 +0000
Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6])
 by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from
 <srs0=ge3u=e4=linaro.org=julien.grall@srs-us1.protection.inumbo.net>)
 id 1ehcBk-00088Z-Vg
 for xen-devel@lists.xen.org; Fri, 02 Feb 2018 14:19:37 +0000
X-Inumbo-ID: 0da6486f-0824-11e8-ba59-bc764e045a96
Received: from mail-wm0-x243.google.com (unknown [2a00:1450:400c:c09::243])
 by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS
 id 0da6486f-0824-11e8-ba59-bc764e045a96;
 Fri, 02 Feb 2018 15:19:18 +0100 (CET)
Received: by mail-wm0-x243.google.com with SMTP id g1so12935035wmg.2
 for <xen-devel@lists.xen.org>; Fri, 02 Feb 2018 06:19:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=NIrW1NDfpzkQ2CWQ3gnFC6znmev1ATxTI9Fmu/nwmNk=;
 b=FTYb+KUVFNZpmzkljadpaOF9fF1aTQ6IErEYmzoGw5h6rFTYh4MvpLntd4lzdP5RFl
 LTyAT5arbZHLZW0AAAyuTU/iowD0cmgJV47ccp5fnYxb9TpuJTqs7KYWIhmQyvgEyhuY
 Fth5MHDUJySfFIbVekhFA2NrtXGK+tAhnIDmo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=NIrW1NDfpzkQ2CWQ3gnFC6znmev1ATxTI9Fmu/nwmNk=;
 b=mGzKMVqWk9T+T7ubJDb4gDAvJiIN9i2Gu72s3zxF2V/mseaxTdwYdu7UZ1UJVePTlB
 A94w+V735NoP7whSczN6SyQHwRibN5Rbm8Y+duw7PJTtVDJ+bmdKOxNLL6hHNxhJ2MzV
 hyGGpsPJN76RHfsdI/53WVGkGVCqXN6jdgcm6DWg214HH/IMU7Yl7v5/D53Vn32sCaK7
 t3r/pIrBlx6jya/pZ9Dr+OGB3xAlzSGa06Tw6Q34TyT41fcC6heHF92yPv8pAs8tpca+
 fABqB2R4yCs2p0J/7nnzQF+/3DdBqJeAiW12Y+Nz7U2fyFv5x+jLEsMqMRR/YUOhrAeU
 1SJg==
X-Gm-Message-State: AKwxytd37BSThbdHAN3TzrIclC4uIomxfxBVUkt3A2KcwoKk/FEnbf0v
 w2OHhz3J79htdxOrj2LYTXwFH65tGjk=
X-Received: by 10.28.185.196 with SMTP id j187mr32990644wmf.94.1517581174162; 
 Fri, 02 Feb 2018 06:19:34 -0800 (PST)
Received: from e108454-lin.cambridge.arm.com ([2001:41d0:1:6c23::1])
 by smtp.gmail.com with ESMTPSA id
 u79sm3057422wma.10.2018.02.02.06.19.33
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Feb 2018 06:19:33 -0800 (PST)
From: Julien Grall <julien.grall@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri,  2 Feb 2018 14:19:25 +0000
Message-Id: <20180202141925.19387-8-julien.grall@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180202141925.19387-1-julien.grall@linaro.org>
References: <20180202141925.19387-1-julien.grall@linaro.org>
Cc: sstabellini@kernel.org, Julien Grall <julien.grall@linaro.org>,
 andre.przywara@linaro.org
Subject: [Xen-devel] [PATCH v4 7/7] xen/arm32: entry: Document the purpose
 of r11 in the traps handler
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>, 
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

It took me a bit of time to understand why __DEFINE_TRAP_ENTRY is
storing the original stack pointer in r11. It is working in pair with
return_traps_entry where sp will be restored from r11.

This is fine because per the AAPCS r11 must be preserved by the
subroutine. So in return_from_trap, r11 will still contain the original
stack pointer.

Add some documentation in the code to point the 2 sides to each other.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
    Changes in v2:
        - Add Stefano's reviewed-by
---
 xen/arch/arm/arm32/entry.S | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
index 2f8b7cb7b8..f6908e3f16 100644
--- a/xen/arch/arm/arm32/entry.S
+++ b/xen/arch/arm/arm32/entry.S
@@ -136,6 +136,10 @@ trap_##trap:                                                            \
         cpsie iflags;                                                   \
         adr lr, return_from_trap;                                       \
         mov r0, sp;                                                     \
+        /*                                                              \
+         * Save the stack pointer in r11. It will be restored after the \
+         * trap has been handled (see return_from_trap).                \
+         */                                                             \
         mov r11, sp;                                                    \
         bic sp, #7; /* Align the stack pointer (noop on guest trap) */  \
         b do_trap_##trap
@@ -229,6 +233,10 @@ DEFINE_TRAP_ENTRY_NOIRQ(fiq)
 DEFINE_TRAP_ENTRY_NOABORT(data_abort)
 
 return_from_trap:
+        /*
+         * Restore the stack pointer from r11. It was saved on exception
+         * entry (see __DEFINE_TRAP_ENTRY).
+         */
         mov sp, r11
 ENTRY(return_to_new_vcpu32)
         ldr r11, [sp, #UREGS_cpsr]