From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 09:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 09:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281034.479180 (Exim 4.92) (envelope-from ) id 1nOyXA-0005M9-U5; Tue, 01 Mar 2022 09:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281034.479180; Tue, 01 Mar 2022 09:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXA-0005M1-Qz; Tue, 01 Mar 2022 09:11:04 +0000 Received: by outflank-mailman (input) for mailman id 281034; Tue, 01 Mar 2022 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXA-0005Lu-72 for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXA-00022j-4q for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOyXA-0007HW-3d for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8VYT5q5Svpbtav0atKNLM7pWHNbc/GWhSTjaNOJbziA=; b=uPAUYBR0nrdynxVFmxpc6E1Bps rqqIP6OUG3Y1Q7ZwwUzenl2dTWZ15GawM+h2+OnfVO9bxDgnbZHi4Ax0GsP4BnIvwgLFax+U1Dj7B 24nAPlmIJBb0LyLtivsVQvLPzSmrspGHk0+4MYG6JcNXoJNrnrfY3GLWYNpLDUIaMR00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vpci/msix: reduce indentation in msix_write PBA handling Message-Id: Date: Tue, 01 Mar 2022 09:11:04 +0000 commit 59c00502b2395b11a12cef6b231dd47e690f3dd2 Author: Roger Pau Monné AuthorDate: Tue Mar 1 10:02:13 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 1 10:02:13 2022 +0100 vpci/msix: reduce indentation in msix_write PBA handling No functional change. Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich --- xen/drivers/vpci/msix.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 2ab4079412..a1fa7a5f13 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -275,23 +275,24 @@ static int cf_check msix_write( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { - /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ - if ( is_hardware_domain(d) ) + + if ( !is_hardware_domain(d) ) + /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ + return X86EMUL_OKAY; + + switch ( len ) { - switch ( len ) - { - case 4: - writel(data, addr); - break; + case 4: + writel(data, addr); + break; - case 8: - writeq(data, addr); - break; + case 8: + writeq(data, addr); + break; - default: - ASSERT_UNREACHABLE(); - break; - } + default: + ASSERT_UNREACHABLE(); + break; } return X86EMUL_OKAY; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 09:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281035.479183 (Exim 4.92) (envelope-from ) id 1nOyXK-0005O0-VU; Tue, 01 Mar 2022 09:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281035.479183; Tue, 01 Mar 2022 09:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXK-0005Ns-SX; Tue, 01 Mar 2022 09:11:14 +0000 Received: by outflank-mailman (input) for mailman id 281035; Tue, 01 Mar 2022 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXK-0005Nk-8p for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nOyXK-00022r-7v for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nOyXK-0007ID-6z for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LlGNclHbhdEQxmU7asUEPbZ0RZjU3fUNxjy5GW+AcZA=; b=pppvuSRPB4PbFQXRu/JRIyMN7h jbx/xilRJlHFOwer+o6+tvQ2/F5QDe8kVDZtRrf2Z5v5cMr9cYDo3bcIb+W+njJfcbC+Vl+Ceq3U4 MAT+yi07avk3svlOjomzhnQG+lB7KlCkThaBA8Oka04o3RyTmPFQa1QwkX1XibUZITz0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/CPUID: correct FEATURESET_7d2 comment Message-Id: Date: Tue, 01 Mar 2022 09:11:14 +0000 commit e0a514d2f4b2fcb51835aa9a9b02653b491a61fc Author: Jan Beulich AuthorDate: Tue Mar 1 10:03:19 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 1 10:03:19 2022 +0100 x86/CPUID: correct FEATURESET_7d2 comment Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/include/xen/lib/x86/cpuid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index 50be07c0eb..73a5c33036 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,7 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ -#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ +#define FEATURESET_7d2 13 /* 0x00000007:2.edx */ struct cpuid_leaf { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 12:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 12:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281370.479678 (Exim 4.92) (envelope-from ) id 1nP1rI-0000Wk-Ny; Tue, 01 Mar 2022 12:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281370.479678; Tue, 01 Mar 2022 12:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP1rI-0000Wc-L7; Tue, 01 Mar 2022 12:44:04 +0000 Received: by outflank-mailman (input) for mailman id 281370; Tue, 01 Mar 2022 12:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP1rI-0000WW-8q for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 12:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP1rI-0006NK-6v for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 12:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nP1rI-0007ex-5g for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 12:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7tkhW13RJiSwI+BW8Hi29mcsqybdVMZLX8a1fUaKY20=; b=tYQ7Voi4Wu6yvxkG8xYaYlnaYS VeO2ZowjRWC3Qzp0FZ6ch0fRs6wrqibHiBLn2B/hVgIsAsVurZcK4EiJPxik8VXocPyAUSvF1VV24 FlORj7CgKmCj7D1/XlJLVIqW8+UayLjsO9gwu+jS35O6akpdJ3DUd4rnQW+Ui6x1TTnk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Tue, 01 Mar 2022 12:44:04 +0000 commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 1 12:34:46 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2d4cf5c7ef..12bf1c5722 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -944,10 +944,11 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. */ - if ( cpu_has_xen_shstk && + if ( (read_cr4() & X86_CR4_CET) && (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) thunk = THUNK_JMP; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 20:00:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 20:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281727.480174 (Exim 4.92) (envelope-from ) id 1nP8fF-0005mi-Nb; Tue, 01 Mar 2022 20:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281727.480174; Tue, 01 Mar 2022 20:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8fF-0005mB-Jk; Tue, 01 Mar 2022 20:00:05 +0000 Received: by outflank-mailman (input) for mailman id 281727; Tue, 01 Mar 2022 20:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8fE-0005a9-BY for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8fE-00072g-Ai for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nP8fE-0004Bx-9l for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TGP34HtdZbFdem1ouQD6lwJd1I1B26qfDDU3WDF4rUo=; b=fzAJtmh9OQhSpLG+QxYGXv8SyB 4hUbLIm8lsBilwMCEqCu8uRFaIh66GGdhyd16BcawAxGtGKfrgmpqjQt89BTPm/uQP5cRM6VpSBP4 hNjMwFf63iszQ8wy8kkkzL9UyPgm0FW4JZ4nTnQj+l1mRGAMgRYwab3S1jcrmTCHIkdg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Remove unused BOOT_RELOC_VIRT_START Message-Id: Date: Tue, 01 Mar 2022 20:00:04 +0000 commit 0c18fb76323bfb13615b6f13c98767face2d8097 Author: Julien Grall AuthorDate: Tue Apr 2 17:59:28 2019 +0100 Commit: Julien Grall CommitDate: Tue Mar 1 19:54:27 2022 +0000 xen/arm: Remove unused BOOT_RELOC_VIRT_START We stopped relocating Xen since commit f60658c6ae "xen/arm: Stop relocating Xen". At the same time, update the memory layout description. Signed-off-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/config.h | 4 +--- xen/arch/arm/mm.c | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index 2aced0bc3b..b25c9d39bb 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -77,8 +77,7 @@ * 2M - 4M Xen text, data, bss * 4M - 6M Fixmap: special-purpose 4K mapping slots * 6M - 10M Early boot mapping of FDT - * 10M - 12M Early relocation address (used when relocating Xen) - * and later for livepatch vmap (if compiled in) + * 10M - 12M Livepatch vmap (if compiled in) * * ARM32 layout: * 0 - 12M @@ -115,7 +114,6 @@ #define BOOT_FDT_SLOT_SIZE MB(4) #define BOOT_FDT_VIRT_END (BOOT_FDT_VIRT_START + BOOT_FDT_SLOT_SIZE) -#define BOOT_RELOC_VIRT_START _AT(vaddr_t,0x00a00000) #ifdef CONFIG_LIVEPATCH #define LIVEPATCH_VMAP_START _AT(vaddr_t,0x00a00000) #define LIVEPATCH_VMAP_END (LIVEPATCH_VMAP_START + MB(2)) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 515d0906f8..8a17222109 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -196,7 +196,6 @@ static void __init __maybe_unused build_assertions(void) /* 2MB aligned regions */ BUILD_BUG_ON(XEN_VIRT_START & ~SECOND_MASK); BUILD_BUG_ON(FIXMAP_ADDR(0) & ~SECOND_MASK); - BUILD_BUG_ON(BOOT_RELOC_VIRT_START & ~SECOND_MASK); /* 1GB aligned regions */ #ifdef CONFIG_ARM_32 BUILD_BUG_ON(XENHEAP_VIRT_START & ~FIRST_MASK); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 20:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 20:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281728.480177 (Exim 4.92) (envelope-from ) id 1nP8pt-00074x-Hi; Tue, 01 Mar 2022 20:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281728.480177; Tue, 01 Mar 2022 20:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8pt-00074p-Em; Tue, 01 Mar 2022 20:11:05 +0000 Received: by outflank-mailman (input) for mailman id 281728; Tue, 01 Mar 2022 20:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8ps-00074j-FO for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8ps-0007EQ-Dh for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nP8ps-00051O-CT for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jz2K2pzZQAaE8/29XdNLTmlSpzNj5u/yr3Gl50Qypzk=; b=NFb335HBGDIjvqfa4PyWvF2eKR Vnpi45jo966g34cQfgpvRpKDExlj5q6Y0gkliv+8iUDmQw5VuBCTCcSzM2oURmaKaup/Jk57Isc9D o0i/2bpe+h457JLUaNCge9j9dqBaPTD4JmeWxJ5udwZYC6OpZOMePq3N7Q8HSp8s82ms=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm32: head: Mark the end of subroutines with ENDPROC (take two) Message-Id: Date: Tue, 01 Mar 2022 20:11:04 +0000 commit 84c3eb3a9c104a9ee5095d2420d5dd137a381a37 Author: Julien Grall AuthorDate: Tue Mar 1 19:56:15 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 19:56:24 2022 +0000 xen/arm32: head: Mark the end of subroutines with ENDPROC (take two) Commit 2ac705a59ef5 ("xen/arm32: head: Mark the end of subroutines with ENDPROC") intended to mark all the subroutines with ENDPROC. Unfortunately, I missed fail(), switch_ttbr(), init_uart() and __lookup_processor_type(). Add ENDPROC for the benefits of static analysis tools and the reader. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index b1d209ea28..13cfc837d3 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -661,6 +661,7 @@ ENDPROC(launch) fail: PRINT("- Boot failed -\r\n") 1: wfe b 1b +ENDPROC(fail) GLOBAL(_end_boot) @@ -694,6 +695,7 @@ ENTRY(switch_ttbr) isb mov pc, lr +ENDPROC(switch_ttbr) #ifdef CONFIG_EARLY_PRINTK /* @@ -711,6 +713,7 @@ init_uart: #endif PRINT("- UART enabled -\r\n") mov pc, lr +ENDPROC(init_uart) /* * Print early debug messages. @@ -798,6 +801,7 @@ __lookup_processor_type: mov r1, #0 2: mov pc, lr +ENDPROC(__lookup_processor_type) /* * Local variables: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 20:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 20:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281729.480181 (Exim 4.92) (envelope-from ) id 1nP8q3-00077T-JR; Tue, 01 Mar 2022 20:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281729.480181; Tue, 01 Mar 2022 20:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8q3-00077L-GP; Tue, 01 Mar 2022 20:11:15 +0000 Received: by outflank-mailman (input) for mailman id 281729; Tue, 01 Mar 2022 20:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8q2-00077B-HN for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8q2-0007Eb-Ge for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nP8q2-000521-Fo for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lybYpSSpXjX6NL/QckoH1s4D9jFzKXOVlp5moob58Nw=; b=Qi56rlCXBnfUTMrPlpMimmtDnx jFf9m2pfHAihdL7uc2JsDNq178AFU1Peen47/NqffNO+sUvnHMN2+yQRxV2bGhug0d6EWsJCpNyFJ ce/NDqp+8gzTyV4aPcW1a54pR6S+0oQ4EFgoQ6Xg8JqNLp5Sl8CrrvO3M/d1s65sCBdE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: head: Mark the end of subroutines with ENDPROC (take two) Message-Id: Date: Tue, 01 Mar 2022 20:11:14 +0000 commit 767bae66e10494f7fb00544b861dd7d099f41921 Author: Julien Grall AuthorDate: Tue Mar 1 19:59:15 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 19:59:28 2022 +0000 xen/arm64: head: Mark the end of subroutines with ENDPROC (take two) Commit 13c03002c5df ("xen/arm64: head: Mark the end of subroutines with ENDPROC") intended to mark all the subroutines with ENDPROC. Unfortunately, I missed fail(), switch_ttbr() and init_uart(). Add ENDPROC for the benefits of static analysis tools and the reader. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm64/head.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 314b800b3f..66d862fc81 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -800,6 +800,7 @@ ENDPROC(launch) fail: PRINT("- Boot failed -\r\n") 1: wfe b 1b +ENDPROC(fail) GLOBAL(_end_boot) @@ -830,6 +831,7 @@ ENTRY(switch_ttbr) isb ret +ENDPROC(switch_ttbr) #ifdef CONFIG_EARLY_PRINTK /* @@ -847,6 +849,7 @@ init_uart: #endif PRINT("- UART enabled -\r\n") ret +ENDPROC(init_uart) /* Print early debug messages. * x0: Nul-terminated string to print. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 20:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 20:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281730.480187 (Exim 4.92) (envelope-from ) id 1nP8qD-0007AT-LF; Tue, 01 Mar 2022 20:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281730.480187; Tue, 01 Mar 2022 20:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8qD-0007AJ-Ht; Tue, 01 Mar 2022 20:11:25 +0000 Received: by outflank-mailman (input) for mailman id 281730; Tue, 01 Mar 2022 20:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8qC-0007A2-Kj for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nP8qC-0007F1-Jt for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nP8qC-00052i-Ir for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 20:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CmV2AqtfAOIFIVmvwOk/iYd0JQMY2WE/VLRTdjx4/VI=; b=mvYHoWtCVcxGqv1vjqV1RhJbz3 vyJGfbeZoVh08RDLLklIkYZGSpW/fVU2T51zhS9MkxRDgqN7//5nbnM5VC9McG53fnJ27HHZiJTBC /bOYVKD/UAcoll/U+Lccu4moLBcMmhM5qmb4DN7GFXWJNQprEwJGwsLyMdOzwMtdH/FI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm32: head: Don't set r12 and update the documentation Message-Id: Date: Tue, 01 Mar 2022 20:11:24 +0000 commit faecea18d252f97c6ad41f0f457566ff2c125b8d Author: Julien Grall AuthorDate: Tue Mar 1 19:59:54 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 20:01:12 2022 +0000 xen/arm32: head: Don't set r12 and update the documentation Since commit 54c4ae18d158 ("xen/arm32: head: Rework and document launch()"), the boot code is setting r12 but not read it. So remove the two instructions setting r12 and update the documentation to show r12 has no specific purpose. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 13cfc837d3..7a906167ef 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -79,7 +79,7 @@ * r9 - paddr(start) * r10 - phys offset * r11 - UART address - * r12 - is_secondary_cpu + * r12 - * r13 - SP * r14 - LR * r15 - PC @@ -166,8 +166,6 @@ past_zImage: #endif PRINT("- Boot CPU booting -\r\n") - mov r12, #0 /* r12 := is_secondary_cpu */ - bl check_cpu_mode bl cpu_init bl create_page_tables @@ -206,8 +204,6 @@ GLOBAL(init_secondary) adr r9, start /* r9 := paddr (start) */ sub r10, r9, r0 /* r10 := phys-offset */ - mov r12, #1 /* r12 := is_secondary_cpu */ - mrc CP32(r1, MPIDR) bic r7, r1, #(~MPIDR_HWID_MASK) /* Mask out flags to get CPU ID */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 23:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 23:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281845.480364 (Exim 4.92) (envelope-from ) id 1nPBoh-0002oi-77; Tue, 01 Mar 2022 23:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281845.480364; Tue, 01 Mar 2022 23:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBoh-0002nm-1N; Tue, 01 Mar 2022 23:22:03 +0000 Received: by outflank-mailman (input) for mailman id 281845; Tue, 01 Mar 2022 23:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBof-0002le-Ld for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBof-0002G4-Kr for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPBof-0001mQ-Jr for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uJkNojueUiYj6EzIc13GY+41s0Ik/NezjiS87C3uUHw=; b=NBukz0GXDvBtnuoi4gKSQneiD1 Ykw7XrX4cgGrwjbO427NCpxUaljOsfeakIYoIDltn7fCsSDCmMzI0UrMgRz8o8PjA97YUNBkNESq/ PVMA0EwFJnyVVj3MIuF/N0onI1Qh0uhRNZ4AFqa7BcmHYJH2XR0eVNYGrpI92L+SMAaM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vpci/msix: reduce indentation in msix_write PBA handling Message-Id: Date: Tue, 01 Mar 2022 23:22:01 +0000 commit 59c00502b2395b11a12cef6b231dd47e690f3dd2 Author: Roger Pau Monné AuthorDate: Tue Mar 1 10:02:13 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 1 10:02:13 2022 +0100 vpci/msix: reduce indentation in msix_write PBA handling No functional change. Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich --- xen/drivers/vpci/msix.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 2ab4079412..a1fa7a5f13 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -275,23 +275,24 @@ static int cf_check msix_write( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { - /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ - if ( is_hardware_domain(d) ) + + if ( !is_hardware_domain(d) ) + /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ + return X86EMUL_OKAY; + + switch ( len ) { - switch ( len ) - { - case 4: - writel(data, addr); - break; + case 4: + writel(data, addr); + break; - case 8: - writeq(data, addr); - break; + case 8: + writeq(data, addr); + break; - default: - ASSERT_UNREACHABLE(); - break; - } + default: + ASSERT_UNREACHABLE(); + break; } return X86EMUL_OKAY; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 01 23:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 01 Mar 2022 23:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.281848.480372 (Exim 4.92) (envelope-from ) id 1nPBor-00036j-AZ; Tue, 01 Mar 2022 23:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 281848.480372; Tue, 01 Mar 2022 23:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBor-00036b-7a; Tue, 01 Mar 2022 23:22:13 +0000 Received: by outflank-mailman (input) for mailman id 281848; Tue, 01 Mar 2022 23:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBop-00035m-OW for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPBop-0002GX-Np for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPBop-0001nJ-Mz for xen-changelog@lists.xenproject.org; Tue, 01 Mar 2022 23:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9tj8JKeRg8/HAizzLo0pucqxQRphqWvMjG4wCZWXdh0=; b=A9erbXvBIHijS34oSJlky6Wg/7 wDHdlxPpkssFYeg7hG0Qs3Od9L679WB/Zvo2+DV8GfbyhCZ4EZyZtgfZIEM4NvfBUR+TybgNDIt2O Ex/HyJjePhCa+muzKvgepdhCnRsPx3+92psOMY3dqKcw6sCgyk+SSP+p2XUSzRpYogUs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/CPUID: correct FEATURESET_7d2 comment Message-Id: Date: Tue, 01 Mar 2022 23:22:11 +0000 commit e0a514d2f4b2fcb51835aa9a9b02653b491a61fc Author: Jan Beulich AuthorDate: Tue Mar 1 10:03:19 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 1 10:03:19 2022 +0100 x86/CPUID: correct FEATURESET_7d2 comment Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/include/xen/lib/x86/cpuid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h index 50be07c0eb..73a5c33036 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h @@ -17,7 +17,7 @@ #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ -#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ +#define FEATURESET_7d2 13 /* 0x00000007:2.edx */ struct cpuid_leaf { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 08:33:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 08:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282059.480614 (Exim 4.92) (envelope-from ) id 1nPKPv-0004y4-4C; Wed, 02 Mar 2022 08:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282059.480614; Wed, 02 Mar 2022 08:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKPv-0004xw-1L; Wed, 02 Mar 2022 08:33:03 +0000 Received: by outflank-mailman (input) for mailman id 282059; Wed, 02 Mar 2022 08:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKPt-0004xo-Ay for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKPt-0000bR-AE for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPKPt-0001oX-9H for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4CRTqPg8WjvJwUjMvirUET5PGAB2TauLLpgBdfyBtVI=; b=FubxE1ir5mSbWfJ67MEEXScQ/1 pAluxv7smbzbOrhcqhXjRz8QVKijItPgpqIqzTgPf8DqHFVdJqXuMM0BivbHf/l4/YCYaBdEISjHu uLay/GfbZm58Pw8UguGsMFIw4fgQiU0/BKxH/w1iZx/9PF5JpVHCTqyBoE3hb3byMQ6M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Wed, 02 Mar 2022 08:33:01 +0000 commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 1 12:34:46 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2d4cf5c7ef..12bf1c5722 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -944,10 +944,11 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. */ - if ( cpu_has_xen_shstk && + if ( (read_cr4() & X86_CR4_CET) && (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) thunk = THUNK_JMP; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 08:33:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 08:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282060.480617 (Exim 4.92) (envelope-from ) id 1nPKQ7-00050Y-62; Wed, 02 Mar 2022 08:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282060.480617; Wed, 02 Mar 2022 08:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQ7-00050Q-2x; Wed, 02 Mar 2022 08:33:15 +0000 Received: by outflank-mailman (input) for mailman id 282060; Wed, 02 Mar 2022 08:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQ6-000507-AR for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQ6-0000bp-9f for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPKQ6-0001yH-8f for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u+QiOwRo0zso7S0b2Fw23M13ZjvE0EsybhskE7Qn+hg=; b=CvXXENleHtW9h3+6Cu8XxFoe+2 aB6nzQyT0e6ZXBAFkZqTv8ZVPxZNqxXVLAZSrSm/Me8GkO4gFkCiVDfPddsO2TD4BkRfMMCkzHymR 9rhJFYjOt1VfCIsxySxPNI+z6p5tEgjDyV49KrFIvNgzhutIm5Wj+YLElq4FmPlAK14w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: document patch rules Message-Id: Date: Wed, 02 Mar 2022 08:33:14 +0000 commit 5e326b61693c0a4633fdc2bf8a896857a2733e90 Author: Juergen Gross AuthorDate: Wed Mar 2 09:27:19 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:27:19 2022 +0100 docs: document patch rules Add a document to describe the rules for sending a proper patch. As it contains all the information already being present in docs/process/tags.pandoc remove that file. The "Reviewed-by:" and "Acked-by:" tags are expanded to allow an optional restriction of the tag. A new tag "Origin:" is added to tag patches taken from another project. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Reviewed-by: Julien Grall --- docs/process/sending-patches.pandoc | 300 ++++++++++++++++++++++++++++++++++++ docs/process/tags.pandoc | 55 ------- 2 files changed, 300 insertions(+), 55 deletions(-) diff --git a/docs/process/sending-patches.pandoc b/docs/process/sending-patches.pandoc new file mode 100644 index 0000000000..7ff7826c99 --- /dev/null +++ b/docs/process/sending-patches.pandoc @@ -0,0 +1,300 @@ +# How a proper patch should look like + +This is a brief description how a proper patch for the Xen project should +look like. Examples and tooling tips are not part of this document, those +can be found in the +[Xen Wiki](https://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches). + +## The patch subject + +The first line at the top of the patch should contain a short description of +what the patch does, and hints as to what code it touches. This line is used +as the **Subject** line of the mail when sending the patch. + +The hint which code is touched is usually in form of an abstract entity +(like e.g. `build` for the build system), or a component (like `tools` or +`iommu`). Further specification is possible via adding a sub-component with +a slash (e.g. `tools/xenstore`): + + : + +E.g.: + + xen/arm: increase memory banks number define value + tools/libxenevtchn: deduplicate xenevtchn_fd() + MAINTAINERS: update my email address + build: correct usage comments in Kbuild.include + +The description should give a rough hint *what* is done in the patch. + +The subject line should in general not exceed 80 characters. It must be +followed by a blank line. + +## The commit message + +The commit message is free text describing *why* the patch is done and +*how* the goal of the patch is achieved. A good commit message will describe +the current situation, the desired goal, and the way this goal is being +achieved. Parts of that can be omitted in obvious cases. + +In case additional changes are done in the patch (like e.g. cleanups), those +should be mentioned. + +When referencing other patches (e.g. `similar to patch xy ...`) those +patches should be referenced via their commit id (at least 12 digits) +and the patch subject, if the very same patch isn't referenced by the +`Fixes:` tag, too: + + Similar to commit 67d01cdb5518 ("x86: infrastructure to allow converting + certain indirect calls to direct ones") add ... + +The following ``git config`` settings can be used to add a pretty format for +outputting the above style in the ``git log`` or ``git show`` commands: + + [core] + abbrev = 12 + [pretty] + fixes = Fixes: %h (\"%s\") + +Lines in the commit message should not exceed 75 characters, except when +copying error output directly into the commit message. + +## Tags + +Tags are entries in the form + + Tag: something + +In general tags are added in chronological order. So a `Reviewed-by:` tag +should be added **after** the `Signed-off-by:` tag, as the review happened +after the patch was written. + +Do not split a tag across multiple lines, tags are exempt from the +"wrap at 75 columns" rule in order to simplify parsing scripts. + +### Origin: + +Xen has inherited some source files from other open source projects. In case +a patch modifying such an inherited file is taken from that project (maybe in +modified form), the `Origin:` tag specifies the source of the patch: + + Origin: + +E.g.: + + Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git f093b08c47b3 + +The commit id should be shortened to its first 12 characters. + +All tags **above** the `Origin:` tag are from the original patch (which +should all be kept), while tags **after** `Origin:` are related to the +normal Xen patch process as described here. + +### Fixes: + +If your patch fixes a bug in a specific commit, e.g. you found an issue using +``git bisect``, please use the `Fixes:` tag with the first 12 characters of +the commit id, and the one line summary. + + Fixes: ("") + +E.g.: + + Fixes: 67d01cdb5518 ("x86: infrastructure to allow converting certain indirect calls to direct ones") + +### Backport: + +A backport tag is an optional tag in the commit message to request a +given commit to be backported to the released trees: + + Backport: [# ] + +E.g.: + + Backport: 4.9+ + +It marks a commit for being a candidate for backports to all released +trees from 4.9 onward. + +The backport requester is expected to specify which currently supported +releases need the backport; but encouraged to specify a release as far +back as possible which applies. If the requester doesn't know the oldest +affected tree, they are encouraged to append a comment like the +following: + + Backport: 4.9+ # maybe older + +Maintainers request the Backport tag to be added on commit. Contributors +are welcome to mark their patches with the Backport tag when they deem +appropriate. Maintainers will request for it to be removed when that is +not the case. + +Please note that the Backport tag is a **request** for backport, which +will still need to be evaluated by the maintainers. Maintainers might +ask the requester to help with the backporting work if it is not +trivial. + +### Reported-by: + +This optional tag can be used to give credit to someone reporting an issue. +It is in the format: + + Reported-by: name + +E.g.: + + Reported-by: Jane Doe + +As the email address will be made public via git, the reporter of an issue +should be asked whether he/she is fine with being mentioned in the patch. + +### Suggested-by: + +This optional tag can be used to give credit to someone having suggested the +solution the patch is implementing. It is in the format: + + Suggested-by: name + +E.g.: + + Suggested-by: Jane Doe + +As the email address will be made public via git, the reporter of an issue +should be asked whether he/she is fine with being mentioned in the patch. + +### Requested-by: + +This tag is very similar to the `Suggested-by:` tag, but it refers to an +explicit request to add the patch. It is in the format: + + Requested-by: name + +E.g.: + + Requested-by: Jane Doe + +### Signed-off-by: + +This mandatory tag specifies the author(s) of a patch (for each author a +separate `Signed-off-by:` tag is needed). It is in the format: + + Signed-off-by: name + +E.g.: + + Signed-off-by: Jane Doe + +The author must be a natural person (not a team or just a company) and the +`Signed-off-by:` tag must include the real name of the author (no pseudonym). + +By signing the patch with her/his name the author explicitly confirms to have +made the contribution conforming to the `Developer's Certificate of Origin`: + + Developer's Certificate of Origin 1.1 + + By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +### Reviewed-by: + +A `Reviewed-by:` tag can only be given by a reviewer of the patch. With +responding to a sent patch adding the `Reviewed-by:` tag the reviewer +(which can be anybody) confirms to have looked thoroughly at the patch and +didn't find any issue (being it technical, legal or formal ones). If the +review is covering only some parts of the patch, those parts can optionally +be specified (multiple areas can be either separated by commas, or be covered +with multiple `Reviewed-by:` tags). It is in the format: + + Reviewed-by: name [# area[, area]] + +E.g.: + + Reviewed-by: Jane Doe + Reviewed-by: Jane Doe # xen/x86 + +In case a patch is being resent an already given `Reviewed-by:` tag can and +should be included, if the patch didn't meaningfully change the portions of the +patch covered by the tag, or if the reviewer already made clear it would be +fine to make specific changes and no *other* changes have been made. + +### Acked-by: + +Similar to `Reviewed-by:` the `Acked-by:` tag is given by someone having looked +at the patch. The `Acked-by:` tag can only be given by a **maintainer** of the +modified code, and it only covers the code the maintainer is responsible for. +With the `Acked-by:` tag the maintainer states, that he/she is fine with the +changes in principle, but didn't do a thorough review. The format is: + + Acked-by: name [# area[, area]] + +E.g.: + + Acked-by: Jane Doe + +Including the `Acked-by:` tag in a patch is done under the same rules as for +the `Reviewed-by:` tag, with the implied code area the maintainer who gave the +`Acked-by:` tag is responsible for (if no area was specified with the tag). + +### Tested-by: + +The `Tested-by:` tag is another tag given by someone else. The one giving it +confirms to have tested the patch without finding any functional issues. The +format is: + + Tested-by: name + +E.g.: + + Tested-by: Jane Doe + +Including the `Tested-by:` tag in a patch is done under the same rules as for +the `Reviewed-by:` tag, now limited to the patch not having been modified +regarding code logic (having changed only coding style, comments, or message +texts is fine). + +## Patch version history (change log), further comments + +When sending revised versions of a patch it is good practice to include a +change log after a line containing only `---` (this line will result in the +following text not being included in the commit message). This change log +will help reviewers to spot which parts of the patch have changed. Attributing +changes due to reviewer comments will help the reviewer even more, e.g.: + + --- + Changes in v2: + - changed function foo() as requested by Jane Doe + - code style fixed + +In some cases it might be desirable to add some more information for readers +of the patch, like potential enhancements, other possible solutions, etc., +which should not be part of the commit message. This information can be +added after the `---` line, too. + +## Recipients of the patch + +A patch should always be sent **to** the xen-devel mailing list + and all maintainers and designated reviewers +of all touched code areas should get a copy of the mail via **Cc**. In case +some other recipients are known to be interested in the patch, they can be +added via **Cc**, too. diff --git a/docs/process/tags.pandoc b/docs/process/tags.pandoc deleted file mode 100644 index 1841cb87a8..0000000000 --- a/docs/process/tags.pandoc +++ /dev/null @@ -1,55 +0,0 @@ -Tags: No line splitting ------------------------ -Do not split a tag across multiple lines, tags are exempt from the -"wrap at 75 columns" rule in order to simplify parsing scripts. For -example: - - Fixes: 67d01cdb5518 ("x86: infrastructure to allow converting certain indirect calls to direct ones") - - -Fixes Tag ---------- - -If your patch fixes a bug in a specific commit, e.g. you found an issue using -``git bisect``, please use the 'Fixes:' tag with the first 12 characters of -the SHA-1 ID, and the one line summary. - -The following ``git config`` settings can be used to add a pretty format for -outputting the above style in the ``git log`` or ``git show`` commands: - - [core] - abbrev = 12 - [pretty] - fixes = Fixes: %h (\"%s\") - - -Backport Tag ------------- - -A backport tag is an optional tag in the commit message to request a -given commit to be backported to the released trees: - - Backport: 4.9+ - -It marks a commit for being a candidate for backports to all released -trees from 4.9 onward. - -The backport requester is expected to specify which currently supported -releases need the backport; but encouraged to specify a release as far -back as possible which applies. If the requester doesn't know the oldest -affected tree, they are encouraged to append a comment like the -following: - - Backport: 4.9+ # maybe older - -Maintainers request the Backport tag to be added on commit. Contributors -are welcome to mark their patches with the Backport tag when they deem -appropriate. Maintainers will request for it to be removed when that is -not the case. - -Please note that the Backport tag is a **request** for backport, which -will still need to be evaluated by the maintainers. Maintainers might -ask the requester to help with the backporting work if it is not -trivial. - -When possible, please use the Fixes tag instead (or in addition). -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 08:33:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 08:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282061.480622 (Exim 4.92) (envelope-from ) id 1nPKQI-00054O-AF; Wed, 02 Mar 2022 08:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282061.480622; Wed, 02 Mar 2022 08:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQI-00054F-70; Wed, 02 Mar 2022 08:33:26 +0000 Received: by outflank-mailman (input) for mailman id 282061; Wed, 02 Mar 2022 08:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQG-00053r-Dq for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQG-0000c0-D4 for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPKQG-0001ym-C0 for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iZ14cW/RAAvLouB7P93uOTaWnG6l0GgxgtKYxMAJjAA=; b=zOei8ZMRWxRVADlY+w0YtBq43y GdFBb+6z+HxHg1JeJQQGNiUUWvNFEIYueVSE7pAlaZncyobUhd9JD+ToYhJwSEsbfmsGGgEZs5y0I nHaitRNDM2w1eNbN7cTFq8jI7V2qqDY/vDTfFBGXfOxgZAvv3bN0bPMpZHTn+qlMmYGY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: correct "gnttab=" documented default Message-Id: Date: Wed, 02 Mar 2022 08:33:24 +0000 commit da5827fff31c401132879130398a974a18befacb Author: Jan Beulich AuthorDate: Wed Mar 2 09:28:06 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:28:06 2022 +0100 docs: correct "gnttab=" documented default Defaults differ for Arm and x86, not the least because of v2 not even being security supported on Arm. Also drop a bogus sentence from gnttab_max_maptrack_frames, which was presumably mistakenly cloned from gnttab_max_frames (albeit even there what is being said is neither very precise nor very useful imo). Signed-off-by: Jan Beulich Acked-by: Julien Grall --- docs/misc/xen-command-line.pandoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index efda335652..eda92ce29e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1177,7 +1177,9 @@ Specify which console gdbstub should use. See **console**. ### gnttab > `= List of [ max-ver:, transitive=, transfer= ]` -> Default: `gnttab=max-ver:2,transitive,transfer` +> Default (Arm): `gnttab=max-ver:1` +> Default (x86,PV): `gnttab=max-ver:2,transitive,transfer` +> Default (x86,HVM): `gnttab=max-ver:2,transitive` Control various aspects of the grant table behaviour available to guests. @@ -1217,8 +1219,6 @@ Specify the maximum number of frames to use as part of a domains maptrack array. This value is an upper boundary of the per-domain value settable via Xen tools. -Dom0 is using this value for sizing its maptrack table. - ### global-pages = -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 08:33:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 08:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282062.480626 (Exim 4.92) (envelope-from ) id 1nPKQS-00057A-C4; Wed, 02 Mar 2022 08:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282062.480626; Wed, 02 Mar 2022 08:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQS-000571-8X; Wed, 02 Mar 2022 08:33:36 +0000 Received: by outflank-mailman (input) for mailman id 282062; Wed, 02 Mar 2022 08:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQQ-00056Y-Gf for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQQ-0000cU-Fy for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPKQQ-0001zQ-FD for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zrwyfAwD4QGitHXdeVZIfFbl9oZA5bG6g+kJSVzdLAA=; b=Je3FyJwWFi7qDc2pO86BTj6QJC 0KYT/sR+t0ufM1mXTxkfODN3AthVeBFImRjzkkIKntEu8SyqxVy8d7KVLXvDheJhn01xz183ky0zu gZPZsDQ/eIolLsZz8Txd35xfX2ahqeUrON+h4CThdKzQ3ZmPffya5aaE39S3FgQlKPTE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/altcall: silence undue warning Message-Id: Date: Wed, 02 Mar 2022 08:33:34 +0000 commit 97b80c7881b36ddb13e535d4e9af0eef2e7f24ec Author: Jan Beulich AuthorDate: Wed Mar 2 09:28:51 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:28:51 2022 +0100 x86/altcall: silence undue warning Suitable compiler options are passed only when the actual feature (XEN_IBT) is enabled, not when merely the compiler capability was found to be available. Fixes: 12e3410e071e ("x86/altcall: Check and optimise altcall targets") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index e19dfc6b36..d41eeef1bc 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -295,7 +295,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * marginal perf improvement which saves on instruction * decode bandwidth. */ - if ( IS_ENABLED(CONFIG_HAS_CC_CET_IBT) ) + if ( IS_ENABLED(CONFIG_XEN_IBT) ) { if ( is_endbr64(dest) ) dest += ENDBR64_LEN; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 08:33:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 08:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282063.480630 (Exim 4.92) (envelope-from ) id 1nPKQc-00059x-DD; Wed, 02 Mar 2022 08:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282063.480630; Wed, 02 Mar 2022 08:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQc-00059p-A2; Wed, 02 Mar 2022 08:33:46 +0000 Received: by outflank-mailman (input) for mailman id 282063; Wed, 02 Mar 2022 08:33:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQa-00059X-Jz for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKQa-0000cj-JF for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPKQa-000203-IB for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 08:33:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hpp6a2gUEBvfJnOE35JLRzlOQCgHjl1J4wvxLDLSQ+c=; b=egkSNOVaLmstOdv1ZtxWPgSv8A R3a+7+bvyNYfeoPgdDZG9lYDiOoV7S+wshYu+NGKL0h2rTJzQ64JCyvH+ReWq9m2LM74g/RXq8F39 YzQspmAS6monHvDfvhSGfb5v2hlf8fthgztjGZww+SvJV2PiAfso1EynAx18ir4Chdtk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: fold sections in final binaries Message-Id: Date: Wed, 02 Mar 2022 08:33:44 +0000 commit 4b7fd8153ddfe95d6d427ff241abb6fdf37e027b Author: Jan Beulich AuthorDate: Wed Mar 2 09:29:55 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:29:55 2022 +0100 x86: fold sections in final binaries Especially when linking a PE binary (xen.efi), standalone output sections are expensive: Often the linker will align the subsequent one on the section alignment boundary (2Mb) when the linker script doesn't otherwise place it. (I haven't been able to derive from observed behavior under what conditions it would not do so.) With gcov enabled (and with gcc11) I'm observing enough sections that, as of quite recently, the resulting image doesn't fit in 16Mb anymore, failing the final ASSERT() in the linker script. (That assertion is slated to go away, but that's a separate change.) Any destructor related sections can be discarded, as we never "exit" the hypervisor. This includes .text.exit, which is referenced from .dtors.*. Constructor related sections need to all be taken care of, not just those with historically used names: .ctors.* and .text.startup is what gcc11 populates. While there re-arrange ordering / sorting to match that used by the linker provided scripts. Finally, for xen.efi only, also discard .note.gnu.*. These are meaningless in a PE binary. Quite likely, while not meaningless there, the section is also of no use in ELF, but keep it there for now. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7b655df63f..83def6541e 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -194,6 +194,7 @@ SECTIONS #endif _sinittext = .; *(.init.text) + *(.text.startup) _einittext = .; /* * Here are the replacement instructions. The linker sticks them @@ -258,9 +259,10 @@ SECTIONS . = ALIGN(8); __ctors_start = .; - *(.ctors) + *(SORT_BY_INIT_PRIORITY(.init_array.*)) + *(SORT_BY_INIT_PRIORITY(.ctors.*)) *(.init_array) - *(SORT(.init_array.*)) + *(.ctors) __ctors_end = .; } PHDR(text) @@ -404,16 +406,20 @@ SECTIONS /* Sections to be discarded */ /DISCARD/ : { + *(.text.exit) *(.exit.text) *(.exit.data) *(.exitcall.exit) *(.discard) *(.discard.*) *(.eh_frame) + *(.dtors) + *(.dtors.*) #ifdef EFI *(.comment) *(.comment.*) *(.note.Xen) + *(.note.gnu.*) #endif } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 20:44:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 20:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282560.481304 (Exim 4.92) (envelope-from ) id 1nPVpL-0006wD-6X; Wed, 02 Mar 2022 20:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282560.481304; Wed, 02 Mar 2022 20:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpL-0006w5-3f; Wed, 02 Mar 2022 20:44:03 +0000 Received: by outflank-mailman (input) for mailman id 282560; Wed, 02 Mar 2022 20:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpK-0006vy-7J for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpK-0001aL-6K for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPVpK-0005XS-5B for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yQff0Wm+B17z+hWPdAfih3ckzi6yzq8uf0pdP1neooY=; b=2hsJlFEzi8f+QUKLRIv1+skHAi 3LbnswSTFIPHBk83gf5/Z9VFneVgrOFJJ/NFUMGFeQ4yJPJSzwmipRoQ29R9/VANNgBYm/6jMbeRS xHwQCoE/9V01NpjlVR3h6kuiW+LFGh8I9Ecw1ScClMdmsnQUkGErzxq6i2y4qWM0ulOU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Remove unused BOOT_RELOC_VIRT_START Message-Id: Date: Wed, 02 Mar 2022 20:44:02 +0000 commit 0c18fb76323bfb13615b6f13c98767face2d8097 Author: Julien Grall AuthorDate: Tue Apr 2 17:59:28 2019 +0100 Commit: Julien Grall CommitDate: Tue Mar 1 19:54:27 2022 +0000 xen/arm: Remove unused BOOT_RELOC_VIRT_START We stopped relocating Xen since commit f60658c6ae "xen/arm: Stop relocating Xen". At the same time, update the memory layout description. Signed-off-by: Julien Grall Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/config.h | 4 +--- xen/arch/arm/mm.c | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/xen/arch/arm/include/asm/config.h b/xen/arch/arm/include/asm/config.h index 2aced0bc3b..b25c9d39bb 100644 --- a/xen/arch/arm/include/asm/config.h +++ b/xen/arch/arm/include/asm/config.h @@ -77,8 +77,7 @@ * 2M - 4M Xen text, data, bss * 4M - 6M Fixmap: special-purpose 4K mapping slots * 6M - 10M Early boot mapping of FDT - * 10M - 12M Early relocation address (used when relocating Xen) - * and later for livepatch vmap (if compiled in) + * 10M - 12M Livepatch vmap (if compiled in) * * ARM32 layout: * 0 - 12M @@ -115,7 +114,6 @@ #define BOOT_FDT_SLOT_SIZE MB(4) #define BOOT_FDT_VIRT_END (BOOT_FDT_VIRT_START + BOOT_FDT_SLOT_SIZE) -#define BOOT_RELOC_VIRT_START _AT(vaddr_t,0x00a00000) #ifdef CONFIG_LIVEPATCH #define LIVEPATCH_VMAP_START _AT(vaddr_t,0x00a00000) #define LIVEPATCH_VMAP_END (LIVEPATCH_VMAP_START + MB(2)) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 515d0906f8..8a17222109 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -196,7 +196,6 @@ static void __init __maybe_unused build_assertions(void) /* 2MB aligned regions */ BUILD_BUG_ON(XEN_VIRT_START & ~SECOND_MASK); BUILD_BUG_ON(FIXMAP_ADDR(0) & ~SECOND_MASK); - BUILD_BUG_ON(BOOT_RELOC_VIRT_START & ~SECOND_MASK); /* 1GB aligned regions */ #ifdef CONFIG_ARM_32 BUILD_BUG_ON(XENHEAP_VIRT_START & ~FIRST_MASK); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 20:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 20:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282561.481308 (Exim 4.92) (envelope-from ) id 1nPVpV-0006y0-7v; Wed, 02 Mar 2022 20:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282561.481308; Wed, 02 Mar 2022 20:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpV-0006xt-56; Wed, 02 Mar 2022 20:44:13 +0000 Received: by outflank-mailman (input) for mailman id 282561; Wed, 02 Mar 2022 20:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpU-0006xi-AM for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpU-0001aW-9O for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPVpU-0005YX-8Y for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RVhWF2PyA+bLZsrtxqXa3AEuTSX0+C2HrubdYy7oEMU=; b=cu8ff6kOLYXvkSSrLQvnBPnjRS cyKTPnlulwy3ywpS2jbOmirtyBxXuQ5pvI7EOV+ilDEgt/GOETL0yJlivhv3CGw0/g7ivPfkkld+0 jY3uqtdHqaNLR9ZUlfL87SRD2ldZCzvq1Ybx3FUCnx6Pn9SVPQQvFKpHdnmgntxKxXso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm32: head: Mark the end of subroutines with ENDPROC (take two) Message-Id: Date: Wed, 02 Mar 2022 20:44:12 +0000 commit 84c3eb3a9c104a9ee5095d2420d5dd137a381a37 Author: Julien Grall AuthorDate: Tue Mar 1 19:56:15 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 19:56:24 2022 +0000 xen/arm32: head: Mark the end of subroutines with ENDPROC (take two) Commit 2ac705a59ef5 ("xen/arm32: head: Mark the end of subroutines with ENDPROC") intended to mark all the subroutines with ENDPROC. Unfortunately, I missed fail(), switch_ttbr(), init_uart() and __lookup_processor_type(). Add ENDPROC for the benefits of static analysis tools and the reader. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index b1d209ea28..13cfc837d3 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -661,6 +661,7 @@ ENDPROC(launch) fail: PRINT("- Boot failed -\r\n") 1: wfe b 1b +ENDPROC(fail) GLOBAL(_end_boot) @@ -694,6 +695,7 @@ ENTRY(switch_ttbr) isb mov pc, lr +ENDPROC(switch_ttbr) #ifdef CONFIG_EARLY_PRINTK /* @@ -711,6 +713,7 @@ init_uart: #endif PRINT("- UART enabled -\r\n") mov pc, lr +ENDPROC(init_uart) /* * Print early debug messages. @@ -798,6 +801,7 @@ __lookup_processor_type: mov r1, #0 2: mov pc, lr +ENDPROC(__lookup_processor_type) /* * Local variables: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 20:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 20:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282562.481312 (Exim 4.92) (envelope-from ) id 1nPVpf-00071F-9R; Wed, 02 Mar 2022 20:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282562.481312; Wed, 02 Mar 2022 20:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpf-000717-6c; Wed, 02 Mar 2022 20:44:23 +0000 Received: by outflank-mailman (input) for mailman id 282562; Wed, 02 Mar 2022 20:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpe-00070v-DT for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpe-0001ax-CM for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPVpe-0005ZR-BY for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jNBCADVp9qyXlYxCn+oHjImjl0dCI/5mUCYOvWuAssI=; b=LvR/78mETmiR7tmiveic0HIeio rQ7rEv5dvchftapP5gCiscVfm1IahgxbDzs+IPfGGl2lSrLr63XAOXgUeZ3uBVGr667WF7dlJNZXy oI7lAy17Qo5e2W3Q8bREHAcASexT47qNE7hLnKYJAF4xUnQix3Us5k01HrT8CEUdIdwA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: head: Mark the end of subroutines with ENDPROC (take two) Message-Id: Date: Wed, 02 Mar 2022 20:44:22 +0000 commit 767bae66e10494f7fb00544b861dd7d099f41921 Author: Julien Grall AuthorDate: Tue Mar 1 19:59:15 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 19:59:28 2022 +0000 xen/arm64: head: Mark the end of subroutines with ENDPROC (take two) Commit 13c03002c5df ("xen/arm64: head: Mark the end of subroutines with ENDPROC") intended to mark all the subroutines with ENDPROC. Unfortunately, I missed fail(), switch_ttbr() and init_uart(). Add ENDPROC for the benefits of static analysis tools and the reader. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm64/head.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 314b800b3f..66d862fc81 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -800,6 +800,7 @@ ENDPROC(launch) fail: PRINT("- Boot failed -\r\n") 1: wfe b 1b +ENDPROC(fail) GLOBAL(_end_boot) @@ -830,6 +831,7 @@ ENTRY(switch_ttbr) isb ret +ENDPROC(switch_ttbr) #ifdef CONFIG_EARLY_PRINTK /* @@ -847,6 +849,7 @@ init_uart: #endif PRINT("- UART enabled -\r\n") ret +ENDPROC(init_uart) /* Print early debug messages. * x0: Nul-terminated string to print. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 02 20:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 02 Mar 2022 20:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.282563.481316 (Exim 4.92) (envelope-from ) id 1nPVpp-00074s-B1; Wed, 02 Mar 2022 20:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 282563.481316; Wed, 02 Mar 2022 20:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpp-00074j-82; Wed, 02 Mar 2022 20:44:33 +0000 Received: by outflank-mailman (input) for mailman id 282563; Wed, 02 Mar 2022 20:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpo-00074Z-GD for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPVpo-0001bC-FU for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPVpo-0005ad-Ef for xen-changelog@lists.xenproject.org; Wed, 02 Mar 2022 20:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ana7QTId57G9I3O3P41vdxoTt00k2frydcjcr/Lmlck=; b=M4+eMKuJT6zw9M5voJoyNyWcsS Hvf/TYwQu8i0r1kMtNHXOa6sYj/Bs7qu7pipVWaD+W0FVKGm9umZ1xuAbCS4y89lr9X1Senv7qve9 nIJ3Jf3N1j0a3KfE4weTOqV3t2/Wb7TrX/ZlZVnXuA5spQ9MAmQWbXTW0n/HpRC5eLNI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm32: head: Don't set r12 and update the documentation Message-Id: Date: Wed, 02 Mar 2022 20:44:32 +0000 commit faecea18d252f97c6ad41f0f457566ff2c125b8d Author: Julien Grall AuthorDate: Tue Mar 1 19:59:54 2022 +0000 Commit: Julien Grall CommitDate: Tue Mar 1 20:01:12 2022 +0000 xen/arm32: head: Don't set r12 and update the documentation Since commit 54c4ae18d158 ("xen/arm32: head: Rework and document launch()"), the boot code is setting r12 but not read it. So remove the two instructions setting r12 and update the documentation to show r12 has no specific purpose. Signed-off-by: Julien Grall Reviewed-by: Michal Orzel Reviewed-by: Bertrand Marquis --- xen/arch/arm/arm32/head.S | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 13cfc837d3..7a906167ef 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -79,7 +79,7 @@ * r9 - paddr(start) * r10 - phys offset * r11 - UART address - * r12 - is_secondary_cpu + * r12 - * r13 - SP * r14 - LR * r15 - PC @@ -166,8 +166,6 @@ past_zImage: #endif PRINT("- Boot CPU booting -\r\n") - mov r12, #0 /* r12 := is_secondary_cpu */ - bl check_cpu_mode bl cpu_init bl create_page_tables @@ -206,8 +204,6 @@ GLOBAL(init_secondary) adr r9, start /* r9 := paddr (start) */ sub r10, r9, r0 /* r10 := phys-offset */ - mov r12, #1 /* r12 := is_secondary_cpu */ - mrc CP32(r1, MPIDR) bic r7, r1, #(~MPIDR_HWID_MASK) /* Mask out flags to get CPU ID */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 03 13:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Mar 2022 13:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.283387.482369 (Exim 4.92) (envelope-from ) id 1nPlZq-0004zn-8l; Thu, 03 Mar 2022 13:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 283387.482369; Thu, 03 Mar 2022 13:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPlZq-0004zf-5c; Thu, 03 Mar 2022 13:33:06 +0000 Received: by outflank-mailman (input) for mailman id 283387; Thu, 03 Mar 2022 13:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPlZo-0004zZ-Qf for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 13:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPlZo-0005uU-Pv for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 13:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPlZo-0001JQ-NS for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 13:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qBnqFjncuj5zKM7Aye1prAw2GZDHKGh4EnWZsOXsb8k=; b=PTvN/I8rYOKiS9cM3gT8zR7FB/ O9GTlJt0rtsEkFXmLEI0clOwmsHYS3gE6tQTsXbpzWeydIUytQtCGzEvT9V+9lcSR0O3q9KXhv4CY d0oLqQMm/8dmgL3s18Tsom63QEo7j3+tRgOHhdjzwry5UPLyL9OC+9ZyXuifp3VPUJ5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/cet: Fix __initconst_cf_clobber Message-Id: Date: Thu, 03 Mar 2022 13:33:04 +0000 commit 3e56754b08871ccceff856ff634731b9b9bccbbe Author: Andrew Cooper AuthorDate: Wed Mar 2 20:27:46 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 3 11:21:35 2022 +0000 xen/cet: Fix __initconst_cf_clobber The linker script collecting .init.rodata.* ahead of .init.rodata.cf_clobber accidentally causes __initconst_cf_clobber to be a no-op. Rearrange the linker script to unbreak this. The IOMMU adjust_irq_affinities() hooks currently violate the safety requirement for being cf_clobber, by also being plain __initcall()'s. Consolidate to a single initcall using the iommu_adjust_irq_affinities() wrapper (satisfying the cf_clobber safety requirement by using iommu_call() under the hood), and also removes the dubious property that we'd call into both vendors IOMMU drivers on boot, relying on the for_each_*() loops to be empty for safety. With this fixed, an all-enabled build of Xen has 1681 endbr64's in .text with 382 (23%) being clobbered during boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/xen.lds.S | 12 ++++++------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/vtd/iommu.c | 1 - xen/drivers/passthrough/x86/iommu.c | 6 ++++++ 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 83def6541e..b15e5b67e4 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -210,6 +210,12 @@ SECTIONS DECL_SECTION(.init.data) { #endif + . = ALIGN(POINTER_ALIGN); + __initdata_cf_clobber_start = .; + *(.init.data.cf_clobber) + *(.init.rodata.cf_clobber) + __initdata_cf_clobber_end = .; + *(.init.rodata) *(.init.rodata.*) @@ -224,12 +230,6 @@ SECTIONS *(.initcall1.init) __initcall_end = .; - . = ALIGN(POINTER_ALIGN); - __initdata_cf_clobber_start = .; - *(.init.data.cf_clobber) - *(.init.rodata.cf_clobber) - __initdata_cf_clobber_end = .; - *(.init.data) *(.init.data.rel) *(.init.data.rel.*) diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 657c7f619a..2e5bffa732 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -831,7 +831,6 @@ int cf_check iov_adjust_irq_affinities(void) return 0; } -__initcall(iov_adjust_irq_affinities); /* * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6a65ba1d82..f70d515806 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2119,7 +2119,6 @@ static int cf_check adjust_vtd_irq_affinities(void) return 0; } -__initcall(adjust_vtd_irq_affinities); static int __must_check init_vtd_hw(bool resume) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 58a422fb5f..57c7b26c1a 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -462,6 +462,12 @@ bool arch_iommu_use_permitted(const struct domain *d) likely(!p2m_get_hostp2m(d)->global_logdirty)); } +static int __init cf_check adjust_irq_affinities(void) +{ + return iommu_adjust_irq_affinities(); +} +__initcall(adjust_irq_affinities); + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 03 19:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Mar 2022 19:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.283715.482814 (Exim 4.92) (envelope-from ) id 1nPrXW-00087C-5R; Thu, 03 Mar 2022 19:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 283715.482814; Thu, 03 Mar 2022 19:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrXW-000874-2a; Thu, 03 Mar 2022 19:55:06 +0000 Received: by outflank-mailman (input) for mailman id 283715; Thu, 03 Mar 2022 19:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrXU-00086w-By for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 19:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrXU-0004sG-BD for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 19:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPrXU-0003kz-AH for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 19:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+hAoOCIBRLRrmEihpf/1qaW7fWtbIF6I1P2jcmkmqjM=; b=ATfmDK1vjyzgnVcdWT0L+s9FVZ cuMJtTBmSYGZ5Aq5v+26lkMtlAKM905xQ4z7ncb/DWlYHte3r/lKA3CCkIEzVP+nb4q625GnisnGE SJFgk77wUJHI2N4YDqvOFE02twCJbcyGWupPXVAWf0w+Ran5UFWWL5qh6/t+9dv13ESc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: gic: Introduce GIC_PRI_{IRQ/IPI}_ALL Message-Id: Date: Thu, 03 Mar 2022 19:55:04 +0000 commit b692523fafb39f5f930e1e8a316f7b8cebc9f62a Author: Michal Orzel AuthorDate: Wed Mar 2 10:59:11 2022 +0100 Commit: Julien Grall CommitDate: Thu Mar 3 19:53:41 2022 +0000 xen/arm: gic: Introduce GIC_PRI_{IRQ/IPI}_ALL Introduce macros GIC_PRI_IRQ_ALL and GIC_PRI_IPI_ALL to be used in all the places where we want to set default priority for all the offsets in interrupt priority register. This will improve readability and allow to get rid of introducing variables just to store this value. Take the opportunity to mark GIC_PRI_{IRQ/IPI} as unsigned values to suppress static analyzer warnings as they are used in expressions exceeding integer range (shifting into signed bit). Modify also other priority related macros to be coherent. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/gic-v2.c | 12 +++--------- xen/arch/arm/gic-v3.c | 16 +++------------- xen/arch/arm/include/asm/gic.h | 13 +++++++++---- 3 files changed, 15 insertions(+), 26 deletions(-) diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c index b2adc8ec9a..2cc2f6bc18 100644 --- a/xen/arch/arm/gic-v2.c +++ b/xen/arch/arm/gic-v2.c @@ -373,9 +373,7 @@ static void __init gicv2_dist_init(void) /* Default priority for global interrupts */ for ( i = 32; i < nr_lines; i += 4 ) - writel_gicd(GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IRQ_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Disable all global interrupts */ for ( i = 32; i < nr_lines; i += 32 ) @@ -403,15 +401,11 @@ static void gicv2_cpu_init(void) /* Set SGI priorities */ for ( i = 0; i < 16; i += 4 ) - writel_gicd(GIC_PRI_IPI << 24 | GIC_PRI_IPI << 16 | - GIC_PRI_IPI << 8 | GIC_PRI_IPI, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IPI_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Set PPI priorities */ for ( i = 16; i < 32; i += 4 ) - writel_gicd(GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IRQ_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Local settings: interface controller */ /* Don't mask by priority */ diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index 9a3a175ad7..3c472ed768 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xen/arch/arm/gic-v3.c @@ -594,7 +594,6 @@ static void gicv3_set_irq_priority(struct irq_desc *desc, static void __init gicv3_dist_init(void) { uint32_t type; - uint32_t priority; uint64_t affinity; unsigned int nr_lines; int i; @@ -621,11 +620,7 @@ static void __init gicv3_dist_init(void) /* Default priority for global interrupts */ for ( i = NR_GIC_LOCAL_IRQS; i < nr_lines; i += 4 ) - { - priority = (GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ); - writel_relaxed(priority, GICD + GICD_IPRIORITYR + (i / 4) * 4); - } + writel_relaxed(GIC_PRI_IRQ_ALL, GICD + GICD_IPRIORITYR + (i / 4) * 4); /* Disable/deactivate all global interrupts */ for ( i = NR_GIC_LOCAL_IRQS; i < nr_lines; i += 32 ) @@ -806,7 +801,6 @@ static int __init gicv3_populate_rdist(void) static int gicv3_cpu_init(void) { int i, ret; - uint32_t priority; /* Register ourselves with the rest of the world */ if ( gicv3_populate_rdist() ) @@ -826,16 +820,12 @@ static int gicv3_cpu_init(void) } /* Set priority on PPI and SGI interrupts */ - priority = (GIC_PRI_IPI << 24 | GIC_PRI_IPI << 16 | GIC_PRI_IPI << 8 | - GIC_PRI_IPI); for (i = 0; i < NR_GIC_SGI; i += 4) - writel_relaxed(priority, + writel_relaxed(GIC_PRI_IPI_ALL, GICD_RDIST_SGI_BASE + GICR_IPRIORITYR0 + (i / 4) * 4); - priority = (GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | GIC_PRI_IRQ << 8 | - GIC_PRI_IRQ); for (i = NR_GIC_SGI; i < NR_GIC_LOCAL_IRQS; i += 4) - writel_relaxed(priority, + writel_relaxed(GIC_PRI_IRQ_ALL, GICD_RDIST_SGI_BASE + GICR_IPRIORITYR0 + (i / 4) * 4); /* diff --git a/xen/arch/arm/include/asm/gic.h b/xen/arch/arm/include/asm/gic.h index c7f0c343d1..b3c6c67933 100644 --- a/xen/arch/arm/include/asm/gic.h +++ b/xen/arch/arm/include/asm/gic.h @@ -143,10 +143,15 @@ * * A GIC must support a mimimum of 16 priority levels. */ -#define GIC_PRI_LOWEST 0xf0 -#define GIC_PRI_IRQ 0xa0 -#define GIC_PRI_IPI 0x90 /* IPIs must preempt normal interrupts */ -#define GIC_PRI_HIGHEST 0x80 /* Higher priorities belong to Secure-World */ +#define GIC_PRI_LOWEST 0xf0U +#define GIC_PRI_IRQ 0xa0U +#define GIC_PRI_IPI 0x90U /* IPIs must preempt normal interrupts */ +#define GIC_PRI_HIGHEST 0x80U /* Higher priorities belong to Secure-World */ +#define GIC_PRI_IRQ_ALL ((GIC_PRI_IRQ << 24) | (GIC_PRI_IRQ << 16) |\ + (GIC_PRI_IRQ << 8) | GIC_PRI_IRQ) +#define GIC_PRI_IPI_ALL ((GIC_PRI_IPI << 24) | (GIC_PRI_IPI << 16) |\ + (GIC_PRI_IPI << 8) | GIC_PRI_IPI) + #define GIC_PRI_TO_GUEST(pri) (pri >> 3) /* GICH_LR and GICH_VMCR only support 5 bits for guest irq priority */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 03 20:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 03 Mar 2022 20:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.283751.482863 (Exim 4.92) (envelope-from ) id 1nPrxe-0005Py-A1; Thu, 03 Mar 2022 20:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 283751.482863; Thu, 03 Mar 2022 20:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrxe-0005Po-6R; Thu, 03 Mar 2022 20:22:06 +0000 Received: by outflank-mailman (input) for mailman id 283751; Thu, 03 Mar 2022 20:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrxc-0005Pi-9j for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 20:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nPrxc-0005UA-8x for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 20:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nPrxc-00062a-82 for xen-changelog@lists.xenproject.org; Thu, 03 Mar 2022 20:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P3xEChTEDveOoho0CQq4IQAeRDkD1SYpamT8QMH3KsM=; b=3/kSo4HC2sQYta7WrlS2WBfm8m cc91ljPfHgZ3jJ4/Paw8WQXNq6CnekCr1jZKe+6myBP86iv6+vBY7BOBe/5beLsNTlXYpc3BTzHvX pwDTTcFzJYHm2D+krpGm6nK6X2cHNgDidXl87u8pYHNTWqgBOhwjI5bd9HeXMC6izjdI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: mm: Encode existing constraints of the memory layout Message-Id: Date: Thu, 03 Mar 2022 20:22:04 +0000 commit 1f410b0c7455748021be4ede59e7a0c0a2ffb1c4 Author: Julien Grall AuthorDate: Thu Mar 3 20:14:53 2022 +0000 Commit: Julien Grall CommitDate: Thu Mar 3 20:15:14 2022 +0000 xen/arm: mm: Encode existing constraints of the memory layout The boot code expects the regions XEN_VIRT_START, FIXMAP_ADDR(0), BOOT_FDT_VIRT_START to use the same 0th (arm64 only) and 1st slot. Add some BUILD_BUG_ON() to confirm that. This is helpful if one wants to re-order the memory layout. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/mm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 8a17222109..7b1f2f4906 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -211,6 +211,22 @@ static void __init __maybe_unused build_assertions(void) #ifdef CONFIG_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif + /* + * The boot code expects the regions XEN_VIRT_START, FIXMAP_ADDR(0), + * BOOT_FDT_VIRT_START to use the same 0th (arm64 only) and 1st + * slot in the page tables. + */ +#define CHECK_SAME_SLOT(level, virt1, virt2) \ + BUILD_BUG_ON(level##_table_offset(virt1) != level##_table_offset(virt2)) + +#ifdef CONFIG_ARM_64 + CHECK_SAME_SLOT(zeroeth, XEN_VIRT_START, FIXMAP_ADDR(0)); + CHECK_SAME_SLOT(zeroeth, XEN_VIRT_START, BOOT_FDT_VIRT_START); +#endif + CHECK_SAME_SLOT(first, XEN_VIRT_START, FIXMAP_ADDR(0)); + CHECK_SAME_SLOT(first, XEN_VIRT_START, BOOT_FDT_VIRT_START); + +#undef CHECK_SAME_SLOT } void dump_pt_walk(paddr_t ttbr, paddr_t addr, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284059.483177 (Exim 4.92) (envelope-from ) id 1nQ3N4-0004FE-SI; Fri, 04 Mar 2022 08:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284059.483177; Fri, 04 Mar 2022 08:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3N4-0004F6-PG; Fri, 04 Mar 2022 08:33:06 +0000 Received: by outflank-mailman (input) for mailman id 284059; Fri, 04 Mar 2022 08:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3N3-0004F0-3n for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3N2-0005cS-RZ for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3N2-00051O-QT for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=czwP8MDLHPmwm7KXSB25tw9yrVfCfezosr3dZl3VeUs=; b=ZFOuvcRktjZvPK0Dxe0S3DWB+j FH5o+SRSoGwVbz6nTgTXTxMF3x0yCpFiby8obvIhGPMXRiZUZ1ANfwtZcBS3BZZLFDchANysRapdz qaGyFPW4SFxmydUQVfMa6eT9fp/RbXV2oGGjdVZcQ5Qz7TJ/QbUfIyWa2B19hfFFNvoY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build,x86: remove the need for build32.mk Message-Id: Date: Fri, 04 Mar 2022 08:33:04 +0000 commit d58a509e01c4833515a9a8340706d1a23bef168b Author: Anthony PERARD AuthorDate: Fri Mar 4 09:25:39 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:25:39 2022 +0100 build,x86: remove the need for build32.mk Rework "arch/x86/boot/Makefile" to allow it to build both file "cmdline.S" and "reloc.S" without "build32.mk". These will now use the main rules for "%.o: %.c", and thus generate a dependency file. (We will not need to track the dependency manually anymore.) But for that, we need to override the main CFLAGS to do a 32bit build. We introduce XEN_TREEWIDE_CFLAGS which can be reused in boot/Makefile, and avoid the need to reparse Config.mk with a different value for XEN_TARGET_ARCH. From this new $(XEN_TREEWIDE_CFLAGS), we only need to change -m64 to have the 32bit flags. Then those are applied only to "cmdline.o" and "reloc.o". Specifically apply the rule "%.S: %.bin" to both cmdline.S and reloc.S to avoid make trying to regenerate other %.S files with it. There is no change expected to the resulting "cmdline.S" and "reloc.S", only the *.o file changes as their symbol for FILE goes from "cmdline.c" to "arch/x86//cmdline.c". (No idea why "boot" is missing from the string.) (I've only check with GCC, not clang.) Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 4 ++++ xen/arch/x86/boot/Makefile | 49 +++++++++++++++++++++++++++++--------------- xen/arch/x86/boot/build32.mk | 40 ------------------------------------ 3 files changed, 37 insertions(+), 56 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index ed4891daf1..865c0cb2e6 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -171,6 +171,10 @@ export LEX = $(if $(FLEX),$(FLEX),flex) # Default file for 'make defconfig'. export KBUILD_DEFCONFIG := $(ARCH)_defconfig +# Copy CFLAGS generated by "Config.mk" so they can be reused later without +# reparsing Config.mk by e.g. arch/x86/boot/. +export XEN_TREEWIDE_CFLAGS := $(CFLAGS) + # CLANG_FLAGS needs to be calculated before calling Kconfig ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS := diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 1ac8cb435e..ca8001c72b 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,25 +1,42 @@ obj-bin-y += head.o +head-srcs := cmdline.S reloc.S -DEFS_H_DEPS = $(abs_srctree)/$(src)/defs.h $(abs_srctree)/include/xen/stdbool.h +nocov-y += $(head-srcs:.S=.o) +noubsan-y += $(head-srcs:.S=.o) +targets += $(head-srcs:.S=.o) -CMDLINE_DEPS = $(DEFS_H_DEPS) $(abs_srctree)/$(src)/video.h \ - $(BASEDIR)/include/xen/kconfig.h \ - $(BASEDIR)/include/generated/autoconf.h +head-srcs := $(addprefix $(obj)/, $(head-srcs)) -RELOC_DEPS = $(DEFS_H_DEPS) \ - $(BASEDIR)/include/generated/autoconf.h \ - $(BASEDIR)/include/xen/kconfig.h \ - $(BASEDIR)/include/xen/multiboot.h \ - $(BASEDIR)/include/xen/multiboot2.h \ - $(BASEDIR)/include/xen/const.h \ - $(BASEDIR)/include/public/arch-x86/hvm/start_info.h +$(obj)/head.o: $(head-srcs) -$(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S +CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) +$(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) +CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float +CFLAGS_x86_32 += -I$(srctree)/include -$(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds - $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" +# override for 32bit binaries +$(head-srcs:.S=.o): CFLAGS_stack_boundary := +$(head-srcs:.S=.o): XEN_CFLAGS := $(CFLAGS_x86_32) -fpic -$(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds - $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" +$(head-srcs): %.S: %.bin + (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ + sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ + +# Drop .got.plt during conversion to plain binary format. +# Please check build32.lds for more details. +%.bin: %.lnk + $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ + while read idx name sz rest; do \ + case "$$name" in \ + .got.plt) \ + test $$sz != 0c || continue; \ + echo "Error: non-empty $$name: 0x$$sz" >&2; \ + exit $$(expr $$idx + 1);; \ + esac; \ + done + $(OBJCOPY) -O binary -R .got.plt $< $@ + +%.lnk: %.o $(src)/build32.lds + $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT)) -N -T $(filter %.lds,$^) -o $@ $< clean-files := cmdline.S reloc.S *.lnk *.bin diff --git a/xen/arch/x86/boot/build32.mk b/xen/arch/x86/boot/build32.mk deleted file mode 100644 index e90680cd9f..0000000000 --- a/xen/arch/x86/boot/build32.mk +++ /dev/null @@ -1,40 +0,0 @@ -override XEN_TARGET_ARCH=x86_32 -CFLAGS = -include $(XEN_ROOT)/Config.mk - -$(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) - -CFLAGS += -Werror -fno-builtin -g0 -msoft-float -CFLAGS += -I$(BASEDIR)/include -CFLAGS := $(filter-out -flto,$(CFLAGS)) - -# NB. awk invocation is a portable alternative to 'head -n -1' -%.S: %.bin - (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ - sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ - -# Drop .got.plt during conversion to plain binary format. -# Please check build32.lds for more details. -%.bin: %.lnk - $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ - while read idx name sz rest; do \ - case "$$name" in \ - .got.plt) \ - test $$sz != 0c || continue; \ - echo "Error: non-empty $$name: 0x$$sz" >&2; \ - exit $$(expr $$idx + 1);; \ - esac; \ - done - $(OBJCOPY) -O binary -R .got.plt $< $@ - -%.lnk: %.o build32.lds - $(LD) $(LDFLAGS_DIRECT) -N -T build32.lds -o $@ $< - -%.o: %.c - $(CC) $(CFLAGS) -c -fpic $< -o $@ - -cmdline.o: cmdline.c $(CMDLINE_DEPS) - -reloc.o: reloc.c $(RELOC_DEPS) - -.PRECIOUS: %.bin %.lnk -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284060.483180 (Exim 4.92) (envelope-from ) id 1nQ3NE-0004H6-TT; Fri, 04 Mar 2022 08:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284060.483180; Fri, 04 Mar 2022 08:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NE-0004Gy-Qi; Fri, 04 Mar 2022 08:33:16 +0000 Received: by outflank-mailman (input) for mailman id 284060; Fri, 04 Mar 2022 08:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NC-0004Gn-VS for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NC-0005cd-Ub for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3NC-00051z-Tf for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2COxMuSW7pta+VPoqbihRWrF1/qUt6PamxYe2mo1dlw=; b=C8hyhf4Jb7fceIUUSKnrvwgCGr 7dcrV94kvYjxLfJLdrPMGe213EZZLI/SpUkKdpOA9Bn3ZGqYmh9dbnehFJnVV9VPmJmIIupzHEokd CkwZEDGfBZ0fFVVMhUkmUyjYGEEv0U9s3iHvbGq2/YaPVl2BwcqVhujtdd64+Gtk40PM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: export potentially overridden tool chain components Message-Id: Date: Fri, 04 Mar 2022 08:33:14 +0000 commit e1cafab334b998e46057bbb8d1303be4499814bd Author: Jan Beulich AuthorDate: Fri Mar 4 09:27:08 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:27:08 2022 +0100 build: export potentially overridden tool chain components When overriding the tool chain via CROSS_COMPILE, the resulting components need to be made available to, in particular (but not limited to) the check-endbr.sh script. Note that we don't allow overriding ADDR2LINE yet; this would first require additions to some config/*.mk before it would make sense to export the resulting variable as well. The lack of NM exporting was apparently not a problem so far, but add it at this occasion as well - we're using the tool, after all. Fixes: 4d037425dccf ("x86: Build check for embedded endbr64 instructions") Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 865c0cb2e6..5c21492d6f 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -55,7 +55,7 @@ export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ # Allow someone to change their config file export KCONFIG_CONFIG ?= .config -export CC CXX LD +export CC CXX LD NM OBJCOPY OBJDUMP export TARGET := xen -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284061.483185 (Exim 4.92) (envelope-from ) id 1nQ3NO-0004KY-VP; Fri, 04 Mar 2022 08:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284061.483185; Fri, 04 Mar 2022 08:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NO-0004KQ-SC; Fri, 04 Mar 2022 08:33:26 +0000 Received: by outflank-mailman (input) for mailman id 284061; Fri, 04 Mar 2022 08:33:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NN-0004Jr-2D for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NN-0005co-1P for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3NN-000532-0V for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nMqugbxcJ/pZN+OrWTvDOETnSsAn8yADe/WENRHUxeQ=; b=HJleXxsBhIuoHPIbKZEmtPq1YQ aWWEDr4rYCbgNBJaRThSGZIRKMX/4TowTDAZRujc7vR8qJ6Y6OSy6vmYayAzD812av/7rWrQu6Pw6 yFdjZ3utesaxc3MIG3jFV9xDpClsGVQjm/NKkervTK70rQ+iOZX2mL2fV02hLaaZeB3s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/time: add CF-clobber annotations Message-Id: Date: Fri, 04 Mar 2022 08:33:25 +0000 commit dc762a509d46422a7193f1ad6ecf9728ae35c989 Author: Jan Beulich AuthorDate: Fri Mar 4 09:28:09 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:28:09 2022 +0100 x86/time: add CF-clobber annotations With bed9ae54df44 ("x86/time: switch platform timer hooks to altcall") in place we can further arrange for ENDBR removal from the functions no longer subject to indirect calls. Note that plt_tsc is adjusted as well, despite presently not holding any pointer eligible for ENDBR removal. This is just to be on the safe side going forward. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/time.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c05d3ca98b..c840f45535 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -375,7 +375,7 @@ static void cf_check resume_pit(struct platform_timesource *pts) outb(0, PIT_CH2); /* MSB of count */ } -static struct platform_timesource __initdata plt_pit = +static struct platform_timesource __initdata_cf_clobber plt_pit = { .id = "pit", .name = "PIT", @@ -483,7 +483,7 @@ static void cf_check resume_hpet(struct platform_timesource *pts) hpet_resume(NULL); } -static struct platform_timesource __initdata plt_hpet = +static struct platform_timesource __initdata_cf_clobber plt_hpet = { .id = "hpet", .name = "HPET", @@ -528,7 +528,7 @@ static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); } -static struct platform_timesource __initdata plt_pmtimer = +static struct platform_timesource __initdata_cf_clobber plt_pmtimer = { .id = "acpi", .name = "ACPI PM Timer", @@ -590,7 +590,7 @@ static uint64_t __init cf_check read_tsc(void) return rdtsc_ordered(); } -static struct platform_timesource __initdata plt_tsc = +static struct platform_timesource __initdata_cf_clobber plt_tsc = { .id = "tsc", .name = "TSC", @@ -681,7 +681,7 @@ static void cf_check resume_xen_timer(struct platform_timesource *pts) write_atomic(&xen_timer_last, 0); } -static struct platform_timesource __initdata plt_xen_timer = +static struct platform_timesource __initdata_cf_clobber plt_xen_timer = { .id = "xen", .name = "XEN PV CLOCK", @@ -778,7 +778,7 @@ static uint64_t cf_check read_hyperv_timer(void) return hv_scale_tsc(tsc, scale, offset); } -static struct platform_timesource __initdata plt_hyperv_timer = +static struct platform_timesource __initdata_cf_clobber plt_hyperv_timer = { .id = "hyperv", .name = "HYPER-V REFERENCE TSC", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284062.483190 (Exim 4.92) (envelope-from ) id 1nQ3NZ-0004O0-2G; Fri, 04 Mar 2022 08:33:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284062.483190; Fri, 04 Mar 2022 08:33:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NY-0004Nr-V4; Fri, 04 Mar 2022 08:33:36 +0000 Received: by outflank-mailman (input) for mailman id 284062; Fri, 04 Mar 2022 08:33:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NX-0004Nf-5O for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3NX-0005d1-4b for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3NX-00053f-3X for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=er8IPyl3EWZ1qZ8Kr+zVTKIo891D8qX80FExuXzMoBQ=; b=yfSADeQ2HN0vpPjDg5Up6+CSip fhVAq8gzXqGWRR49Br9XYZ2qJvdcUnylYRUeMgnXp/ITar+ZkI6iham8WsUbw0EfU2yiDMZP2Z6FX eCwTXBJhZShHlPk88gZVGxeGWwo3fxbUOeLUKYcR13UvjjJ938/0aNzDgIooSAp2ZJUo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: drop use of CONSTRUCTORS from linker script Message-Id: Date: Fri, 04 Mar 2022 08:33:35 +0000 commit b7a7e346c71054b12c93b32b032232c7c583209a Author: Jan Beulich AuthorDate: Fri Mar 4 09:29:10 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:29:10 2022 +0100 x86: drop use of CONSTRUCTORS from linker script Current binutils document this for use by a.out only. Plus we deal with .ctors and alike sections elsewhere in the script anyway. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index b15e5b67e4..021470d932 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -292,7 +292,6 @@ SECTIONS *(.data) *(.data.rel) *(.data.rel.*) - CONSTRUCTORS } PHDR(text) DECL_SECTION(.bss) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284063.483192 (Exim 4.92) (envelope-from ) id 1nQ3Nj-0004Qp-3Q; Fri, 04 Mar 2022 08:33:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284063.483192; Fri, 04 Mar 2022 08:33:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nj-0004Qh-0S; Fri, 04 Mar 2022 08:33:47 +0000 Received: by outflank-mailman (input) for mailman id 284063; Fri, 04 Mar 2022 08:33:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nh-0004QR-8P for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nh-0005dE-7a for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3Nh-00054Q-6m for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JOV94prMj6eRtR1iMUmSe0ROo7vpOB8BAULHLyxXAnk=; b=P1Lzo5gtaaXlufT/CSkNLx2AmL J9nT3vflWt8UUaesVkWgM6JViuAtYBhIufxi/mzWEx6iCSbGqcVyzJQn994ifSfmC+MDtc7oWHhNp LRVLw+ob6IeLHNq9o/G6u3efkg79W+DVxG3t2f+eSeRTLj8UBY0oIuo3xJkdIoJ/uAFY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul/test: correct VRNDSCALES{S,D} entries in predicates test Message-Id: Date: Fri, 04 Mar 2022 08:33:45 +0000 commit ccb6f9a55844fc1205deb7811b237cbcbaaaea97 Author: Jan Beulich AuthorDate: Fri Mar 4 09:29:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:29:42 2022 +0100 x86emul/test: correct VRNDSCALES{S,D} entries in predicates test While benign (because only the decoder is exercised here, whereas a wrong EVEX.W would cause an exception only during actual emulation), let's still have correct information in the table entries. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index 4760f19bf2..0d10135195 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1974,8 +1974,8 @@ static const struct evex { { { 0x05 }, 3, T, R, pfx_66, W1, Ln }, /* vpermilpd */ { { 0x08 }, 3, T, R, pfx_66, W0, Ln }, /* vrndscaleps */ { { 0x09 }, 3, T, R, pfx_66, W1, Ln }, /* vrndscalepd */ - { { 0x0a }, 3, T, R, pfx_66, WIG, LIG }, /* vrndscaless */ - { { 0x0b }, 3, T, R, pfx_66, WIG, LIG }, /* vrndscalesd */ + { { 0x0a }, 3, T, R, pfx_66, W0, LIG }, /* vrndscaless */ + { { 0x0b }, 3, T, R, pfx_66, W1, LIG }, /* vrndscalesd */ { { 0x0f }, 3, T, R, pfx_66, WIG, Ln }, /* vpalignr */ { { 0x14 }, 3, T, W, pfx_66, WIG, L0 }, /* vpextrb */ { { 0x15 }, 3, T, W, pfx_66, WIG, L0 }, /* vpextrw */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 08:33:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 08:33:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284064.483197 (Exim 4.92) (envelope-from ) id 1nQ3Nt-0004Tt-57; Fri, 04 Mar 2022 08:33:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284064.483197; Fri, 04 Mar 2022 08:33:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nt-0004Tk-21; Fri, 04 Mar 2022 08:33:57 +0000 Received: by outflank-mailman (input) for mailman id 284064; Fri, 04 Mar 2022 08:33:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nr-0004TY-Bv for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ3Nr-0005dO-B4 for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ3Nr-00056v-AF for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 08:33:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aZN3KceWzVJ1vN4YkzwH0ZdthvxGPhJsmEf+YeDwj5U=; b=Kx66urv2x/jB9Fk99nGBrX4EDu wAHQiieBwDPcz4Ta/DY+LI1p6N8ylgHa2K75Oof/9U6EHj5eL6u10tHMkiPxQwc2+9nEsy+X8bm3V drX4DHGjper6/KPsofUvJRu0Tp2Hslv0J7yYzg/8z6OQ5KqCQW0DTwnSfaa+rhxzw+Rw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul: correct a few scalar insn comments Message-Id: Date: Fri, 04 Mar 2022 08:33:55 +0000 commit 248496f890562fd6d6fea779520dd6335269e92c Author: Jan Beulich AuthorDate: Fri Mar 4 09:30:07 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:30:07 2022 +0100 x86emul: correct a few scalar insn comments Truly scalar insns (i.e. not VBROADCASTS{S,D}) only every act on %xmm. Adjust comments accordingly. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 6c0d18954a..7f6af911bc 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7608,8 +7608,8 @@ x86_emulate( #ifndef X86EMUL_NO_SIMD case X86EMUL_OPC_VEX_66(0x0f3a, 0x08): /* vroundps $imm8,{x,y}mm/mem,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x09): /* vroundpd $imm8,{x,y}mm/mem,{x,y}mm */ - case X86EMUL_OPC_VEX_66(0x0f3a, 0x0a): /* vroundss $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ - case X86EMUL_OPC_VEX_66(0x0f3a, 0x0b): /* vroundsd $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ + case X86EMUL_OPC_VEX_66(0x0f3a, 0x0a): /* vroundss $imm8,xmm/mem,xmm,xmm */ + case X86EMUL_OPC_VEX_66(0x0f3a, 0x0b): /* vroundsd $imm8,xmm/mem,xmm,xmm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x0c): /* vblendps $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x0d): /* vblendpd $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x40): /* vdpps $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ @@ -10576,8 +10576,8 @@ x86_emulate( host_and_vcpu_must_have(sse4_1); goto simd_0f3a_common; - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0a): /* vrndscaless $imm8,[xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0b): /* vrndscalesd $imm8,[xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0a): /* vrndscaless $imm8,xmm/mem,xmm,xmm{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0b): /* vrndscalesd $imm8,xmm/mem,xmm,xmm{k} */ generate_exception_if(ea.type != OP_REG && evex.brs, EXC_UD); /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f3a, 0x08): /* vrndscaleps $imm8,[xyz]mm/mem,[xyz]mm{k} */ @@ -11063,7 +11063,7 @@ x86_emulate( break; case X86EMUL_OPC_EVEX_66(0x0f3a, 0x66): /* vfpclassp{s,d} $imm8,[xyz]mm/mem,k{k} */ - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x67): /* vfpclasss{s,d} $imm8,[xyz]mm/mem,k{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x67): /* vfpclasss{s,d} $imm8,xmm/mem,k{k} */ host_and_vcpu_must_have(avx512dq); generate_exception_if(!evex.r || !evex.R || evex.z, EXC_UD); if ( !(b & 1) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 09:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 09:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284130.483282 (Exim 4.92) (envelope-from ) id 1nQ4eQ-00010B-6n; Fri, 04 Mar 2022 09:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284130.483282; Fri, 04 Mar 2022 09:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4eQ-000103-3w; Fri, 04 Mar 2022 09:55:06 +0000 Received: by outflank-mailman (input) for mailman id 284130; Fri, 04 Mar 2022 09:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4eO-0000zx-8I for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 09:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4eO-00074H-7K for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 09:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4eO-00025z-6F for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 09:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OuGV1E3sb7S7qSKkdy3xLy0ppmqapb/9OtgpH99CRmE=; b=ddJfN6FLlOBDkSytCF8N/LgDbu B/H3jowUiv9VDE84smlpS5fOsN0MeMF44M3ooOH0+JblbBrWTG9iNHCiDue3+uWqWbz5XP/+uS9Rh cXcdHoQ2OcbkGCN3cDxik2vMGaz6alrvRk/ioAByfHhvQP7lyOIQCeOv7zysKuGm8OPw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: also discard .fini_array in linker script Message-Id: Date: Fri, 04 Mar 2022 09:55:04 +0000 commit 1145d94c738ea13e0d2ceedb97a4cfe46292b08e Author: Jan Beulich AuthorDate: Fri Mar 4 10:49:22 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 10:49:22 2022 +0100 x86: also discard .fini_array in linker script This simply parallels .dtors. Both section types can reference .text.exit, which requires them to be discarded together with that one. Compilers, depending on their findings during the configure phase, may elect to use either model. While .{init,fini}_array look to be preferred, cross compilers apparently have this guessed, likely resulting in a fallback to .{c,d}tors. Hence we need to support both sets. Fixes: 4b7fd8153ddf ("x86: fold sections in final binaries") Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 021470d932..506bc8e404 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -414,6 +414,8 @@ SECTIONS *(.eh_frame) *(.dtors) *(.dtors.*) + *(.fini_array) + *(.fini_array.*) #ifdef EFI *(.comment) *(.comment.*) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284131.483285 (Exim 4.92) (envelope-from ) id 1nQ4jD-0001em-K9; Fri, 04 Mar 2022 10:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284131.483285; Fri, 04 Mar 2022 10:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jD-0001eM-Gr; Fri, 04 Mar 2022 10:00:03 +0000 Received: by outflank-mailman (input) for mailman id 284131; Fri, 04 Mar 2022 10:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jC-0001Ru-9J for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jC-0007FC-8S for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4jC-0002Mz-7E for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fzn+9qWpeKasW5RFq575oCFg7HcHL0UAarDwfRO7MPU=; b=Foi/bJb9XianAjjuuiV+mck+C+ GBvgLKkuBpG9aWl78GwlQRukDzhl1oayxvkz3coPQnyM8OK+z9rbZujVmH7Ne+0V/M0hyHbwkm2yJ XvRrUWae+vYf+aH+lnU/HFoXvQ2k/G/15XKcbBptKjBD0jOYggnEWy637a13Di2K7BLY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: document patch rules Message-Id: Date: Fri, 04 Mar 2022 10:00:02 +0000 commit 5e326b61693c0a4633fdc2bf8a896857a2733e90 Author: Juergen Gross AuthorDate: Wed Mar 2 09:27:19 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:27:19 2022 +0100 docs: document patch rules Add a document to describe the rules for sending a proper patch. As it contains all the information already being present in docs/process/tags.pandoc remove that file. The "Reviewed-by:" and "Acked-by:" tags are expanded to allow an optional restriction of the tag. A new tag "Origin:" is added to tag patches taken from another project. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Reviewed-by: Julien Grall --- docs/process/sending-patches.pandoc | 300 ++++++++++++++++++++++++++++++++++++ docs/process/tags.pandoc | 55 ------- 2 files changed, 300 insertions(+), 55 deletions(-) diff --git a/docs/process/sending-patches.pandoc b/docs/process/sending-patches.pandoc new file mode 100644 index 0000000000..7ff7826c99 --- /dev/null +++ b/docs/process/sending-patches.pandoc @@ -0,0 +1,300 @@ +# How a proper patch should look like + +This is a brief description how a proper patch for the Xen project should +look like. Examples and tooling tips are not part of this document, those +can be found in the +[Xen Wiki](https://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches). + +## The patch subject + +The first line at the top of the patch should contain a short description of +what the patch does, and hints as to what code it touches. This line is used +as the **Subject** line of the mail when sending the patch. + +The hint which code is touched is usually in form of an abstract entity +(like e.g. `build` for the build system), or a component (like `tools` or +`iommu`). Further specification is possible via adding a sub-component with +a slash (e.g. `tools/xenstore`): + + : + +E.g.: + + xen/arm: increase memory banks number define value + tools/libxenevtchn: deduplicate xenevtchn_fd() + MAINTAINERS: update my email address + build: correct usage comments in Kbuild.include + +The description should give a rough hint *what* is done in the patch. + +The subject line should in general not exceed 80 characters. It must be +followed by a blank line. + +## The commit message + +The commit message is free text describing *why* the patch is done and +*how* the goal of the patch is achieved. A good commit message will describe +the current situation, the desired goal, and the way this goal is being +achieved. Parts of that can be omitted in obvious cases. + +In case additional changes are done in the patch (like e.g. cleanups), those +should be mentioned. + +When referencing other patches (e.g. `similar to patch xy ...`) those +patches should be referenced via their commit id (at least 12 digits) +and the patch subject, if the very same patch isn't referenced by the +`Fixes:` tag, too: + + Similar to commit 67d01cdb5518 ("x86: infrastructure to allow converting + certain indirect calls to direct ones") add ... + +The following ``git config`` settings can be used to add a pretty format for +outputting the above style in the ``git log`` or ``git show`` commands: + + [core] + abbrev = 12 + [pretty] + fixes = Fixes: %h (\"%s\") + +Lines in the commit message should not exceed 75 characters, except when +copying error output directly into the commit message. + +## Tags + +Tags are entries in the form + + Tag: something + +In general tags are added in chronological order. So a `Reviewed-by:` tag +should be added **after** the `Signed-off-by:` tag, as the review happened +after the patch was written. + +Do not split a tag across multiple lines, tags are exempt from the +"wrap at 75 columns" rule in order to simplify parsing scripts. + +### Origin: + +Xen has inherited some source files from other open source projects. In case +a patch modifying such an inherited file is taken from that project (maybe in +modified form), the `Origin:` tag specifies the source of the patch: + + Origin: + +E.g.: + + Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git f093b08c47b3 + +The commit id should be shortened to its first 12 characters. + +All tags **above** the `Origin:` tag are from the original patch (which +should all be kept), while tags **after** `Origin:` are related to the +normal Xen patch process as described here. + +### Fixes: + +If your patch fixes a bug in a specific commit, e.g. you found an issue using +``git bisect``, please use the `Fixes:` tag with the first 12 characters of +the commit id, and the one line summary. + + Fixes: ("") + +E.g.: + + Fixes: 67d01cdb5518 ("x86: infrastructure to allow converting certain indirect calls to direct ones") + +### Backport: + +A backport tag is an optional tag in the commit message to request a +given commit to be backported to the released trees: + + Backport: [# ] + +E.g.: + + Backport: 4.9+ + +It marks a commit for being a candidate for backports to all released +trees from 4.9 onward. + +The backport requester is expected to specify which currently supported +releases need the backport; but encouraged to specify a release as far +back as possible which applies. If the requester doesn't know the oldest +affected tree, they are encouraged to append a comment like the +following: + + Backport: 4.9+ # maybe older + +Maintainers request the Backport tag to be added on commit. Contributors +are welcome to mark their patches with the Backport tag when they deem +appropriate. Maintainers will request for it to be removed when that is +not the case. + +Please note that the Backport tag is a **request** for backport, which +will still need to be evaluated by the maintainers. Maintainers might +ask the requester to help with the backporting work if it is not +trivial. + +### Reported-by: + +This optional tag can be used to give credit to someone reporting an issue. +It is in the format: + + Reported-by: name + +E.g.: + + Reported-by: Jane Doe + +As the email address will be made public via git, the reporter of an issue +should be asked whether he/she is fine with being mentioned in the patch. + +### Suggested-by: + +This optional tag can be used to give credit to someone having suggested the +solution the patch is implementing. It is in the format: + + Suggested-by: name + +E.g.: + + Suggested-by: Jane Doe + +As the email address will be made public via git, the reporter of an issue +should be asked whether he/she is fine with being mentioned in the patch. + +### Requested-by: + +This tag is very similar to the `Suggested-by:` tag, but it refers to an +explicit request to add the patch. It is in the format: + + Requested-by: name + +E.g.: + + Requested-by: Jane Doe + +### Signed-off-by: + +This mandatory tag specifies the author(s) of a patch (for each author a +separate `Signed-off-by:` tag is needed). It is in the format: + + Signed-off-by: name + +E.g.: + + Signed-off-by: Jane Doe + +The author must be a natural person (not a team or just a company) and the +`Signed-off-by:` tag must include the real name of the author (no pseudonym). + +By signing the patch with her/his name the author explicitly confirms to have +made the contribution conforming to the `Developer's Certificate of Origin`: + + Developer's Certificate of Origin 1.1 + + By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +### Reviewed-by: + +A `Reviewed-by:` tag can only be given by a reviewer of the patch. With +responding to a sent patch adding the `Reviewed-by:` tag the reviewer +(which can be anybody) confirms to have looked thoroughly at the patch and +didn't find any issue (being it technical, legal or formal ones). If the +review is covering only some parts of the patch, those parts can optionally +be specified (multiple areas can be either separated by commas, or be covered +with multiple `Reviewed-by:` tags). It is in the format: + + Reviewed-by: name [# area[, area]] + +E.g.: + + Reviewed-by: Jane Doe + Reviewed-by: Jane Doe # xen/x86 + +In case a patch is being resent an already given `Reviewed-by:` tag can and +should be included, if the patch didn't meaningfully change the portions of the +patch covered by the tag, or if the reviewer already made clear it would be +fine to make specific changes and no *other* changes have been made. + +### Acked-by: + +Similar to `Reviewed-by:` the `Acked-by:` tag is given by someone having looked +at the patch. The `Acked-by:` tag can only be given by a **maintainer** of the +modified code, and it only covers the code the maintainer is responsible for. +With the `Acked-by:` tag the maintainer states, that he/she is fine with the +changes in principle, but didn't do a thorough review. The format is: + + Acked-by: name [# area[, area]] + +E.g.: + + Acked-by: Jane Doe + +Including the `Acked-by:` tag in a patch is done under the same rules as for +the `Reviewed-by:` tag, with the implied code area the maintainer who gave the +`Acked-by:` tag is responsible for (if no area was specified with the tag). + +### Tested-by: + +The `Tested-by:` tag is another tag given by someone else. The one giving it +confirms to have tested the patch without finding any functional issues. The +format is: + + Tested-by: name + +E.g.: + + Tested-by: Jane Doe + +Including the `Tested-by:` tag in a patch is done under the same rules as for +the `Reviewed-by:` tag, now limited to the patch not having been modified +regarding code logic (having changed only coding style, comments, or message +texts is fine). + +## Patch version history (change log), further comments + +When sending revised versions of a patch it is good practice to include a +change log after a line containing only `---` (this line will result in the +following text not being included in the commit message). This change log +will help reviewers to spot which parts of the patch have changed. Attributing +changes due to reviewer comments will help the reviewer even more, e.g.: + + --- + Changes in v2: + - changed function foo() as requested by Jane Doe + - code style fixed + +In some cases it might be desirable to add some more information for readers +of the patch, like potential enhancements, other possible solutions, etc., +which should not be part of the commit message. This information can be +added after the `---` line, too. + +## Recipients of the patch + +A patch should always be sent **to** the xen-devel mailing list + and all maintainers and designated reviewers +of all touched code areas should get a copy of the mail via **Cc**. In case +some other recipients are known to be interested in the patch, they can be +added via **Cc**, too. diff --git a/docs/process/tags.pandoc b/docs/process/tags.pandoc deleted file mode 100644 index 1841cb87a8..0000000000 --- a/docs/process/tags.pandoc +++ /dev/null @@ -1,55 +0,0 @@ -Tags: No line splitting ------------------------ -Do not split a tag across multiple lines, tags are exempt from the -"wrap at 75 columns" rule in order to simplify parsing scripts. For -example: - - Fixes: 67d01cdb5518 ("x86: infrastructure to allow converting certain indirect calls to direct ones") - - -Fixes Tag ---------- - -If your patch fixes a bug in a specific commit, e.g. you found an issue using -``git bisect``, please use the 'Fixes:' tag with the first 12 characters of -the SHA-1 ID, and the one line summary. - -The following ``git config`` settings can be used to add a pretty format for -outputting the above style in the ``git log`` or ``git show`` commands: - - [core] - abbrev = 12 - [pretty] - fixes = Fixes: %h (\"%s\") - - -Backport Tag ------------- - -A backport tag is an optional tag in the commit message to request a -given commit to be backported to the released trees: - - Backport: 4.9+ - -It marks a commit for being a candidate for backports to all released -trees from 4.9 onward. - -The backport requester is expected to specify which currently supported -releases need the backport; but encouraged to specify a release as far -back as possible which applies. If the requester doesn't know the oldest -affected tree, they are encouraged to append a comment like the -following: - - Backport: 4.9+ # maybe older - -Maintainers request the Backport tag to be added on commit. Contributors -are welcome to mark their patches with the Backport tag when they deem -appropriate. Maintainers will request for it to be removed when that is -not the case. - -Please note that the Backport tag is a **request** for backport, which -will still need to be evaluated by the maintainers. Maintainers might -ask the requester to help with the backporting work if it is not -trivial. - -When possible, please use the Fixes tag instead (or in addition). -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284132.483290 (Exim 4.92) (envelope-from ) id 1nQ4jN-0002CY-Nn; Fri, 04 Mar 2022 10:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284132.483290; Fri, 04 Mar 2022 10:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jN-0002CP-KZ; Fri, 04 Mar 2022 10:00:13 +0000 Received: by outflank-mailman (input) for mailman id 284132; Fri, 04 Mar 2022 10:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jM-0002C7-ED for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jM-0007Gy-Bl for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4jM-0002OK-Al for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LOyeIXzQnqEj7P9oOd4/BUECnrppVov7pZjEwDyr6mY=; b=GUISzIwAlyUfCrPLngwfkZnObp 5JAnqdOz9FyG860shJW///+wv33/RhdjJi3Goz8jnO2B1POVl6tFH1jhzpkSXVzWSyCU2x1SJO50t 69sUDJsenlgdLcMXtgRBNwBPT6mE0U2DpjfpF+uJBMMITmC93u7bkn1OY6qyPyMU185o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: correct "gnttab=" documented default Message-Id: Date: Fri, 04 Mar 2022 10:00:12 +0000 commit da5827fff31c401132879130398a974a18befacb Author: Jan Beulich AuthorDate: Wed Mar 2 09:28:06 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:28:06 2022 +0100 docs: correct "gnttab=" documented default Defaults differ for Arm and x86, not the least because of v2 not even being security supported on Arm. Also drop a bogus sentence from gnttab_max_maptrack_frames, which was presumably mistakenly cloned from gnttab_max_frames (albeit even there what is being said is neither very precise nor very useful imo). Signed-off-by: Jan Beulich Acked-by: Julien Grall --- docs/misc/xen-command-line.pandoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index efda335652..eda92ce29e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1177,7 +1177,9 @@ Specify which console gdbstub should use. See **console**. ### gnttab > `= List of [ max-ver:, transitive=, transfer= ]` -> Default: `gnttab=max-ver:2,transitive,transfer` +> Default (Arm): `gnttab=max-ver:1` +> Default (x86,PV): `gnttab=max-ver:2,transitive,transfer` +> Default (x86,HVM): `gnttab=max-ver:2,transitive` Control various aspects of the grant table behaviour available to guests. @@ -1217,8 +1219,6 @@ Specify the maximum number of frames to use as part of a domains maptrack array. This value is an upper boundary of the per-domain value settable via Xen tools. -Dom0 is using this value for sizing its maptrack table. - ### global-pages = -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284133.483294 (Exim 4.92) (envelope-from ) id 1nQ4jX-0002FV-Ow; Fri, 04 Mar 2022 10:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284133.483294; Fri, 04 Mar 2022 10:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jX-0002FN-M1; Fri, 04 Mar 2022 10:00:23 +0000 Received: by outflank-mailman (input) for mailman id 284133; Fri, 04 Mar 2022 10:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jW-0002F8-FY for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jW-0007H9-Ej for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4jW-0002PC-Do for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s4fBp27nHXYGJsVx8mvk8OzLks9eH8TygU8RuC3ceNs=; b=SJQfFQpxJtQ+5gWlVXUfxnnfHX 0WkJFxdzaot24onAWNouZtZ8dI80E/QkcT9bK5LTMWU9dLdBljnzf6C8UvDLqQOGaGjdT9bNslKTA /Fm7mW5IYdFNvNPH6PSbmXWXneO7iuYUiOVWHbdHbSg2LHdVPD7nc7mSWKODCNFLDXsQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/altcall: silence undue warning Message-Id: Date: Fri, 04 Mar 2022 10:00:22 +0000 commit 97b80c7881b36ddb13e535d4e9af0eef2e7f24ec Author: Jan Beulich AuthorDate: Wed Mar 2 09:28:51 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:28:51 2022 +0100 x86/altcall: silence undue warning Suitable compiler options are passed only when the actual feature (XEN_IBT) is enabled, not when merely the compiler capability was found to be available. Fixes: 12e3410e071e ("x86/altcall: Check and optimise altcall targets") Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index e19dfc6b36..d41eeef1bc 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -295,7 +295,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * marginal perf improvement which saves on instruction * decode bandwidth. */ - if ( IS_ENABLED(CONFIG_HAS_CC_CET_IBT) ) + if ( IS_ENABLED(CONFIG_XEN_IBT) ) { if ( is_endbr64(dest) ) dest += ENDBR64_LEN; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284135.483298 (Exim 4.92) (envelope-from ) id 1nQ4jh-0002IN-QT; Fri, 04 Mar 2022 10:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284135.483298; Fri, 04 Mar 2022 10:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jh-0002IF-NT; Fri, 04 Mar 2022 10:00:33 +0000 Received: by outflank-mailman (input) for mailman id 284135; Fri, 04 Mar 2022 10:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jg-0002I0-IK for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jg-0007HN-Hh for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4jg-0002Px-Go for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3mrKSU6JSFsxyY3WI4Z2diaKhP7xnumSH61xG+K75CE=; b=HCJ7Lq3XkFul8m/NB1TrMcFMkH scsPSxXeGhz/Yy0QCUceXRRtcMbsKRjntvV0+wJ8O6LbByKpTbRVITvd5h+e1vq8aEL6mj3Txh57n OVvYHrA4JTfKIqJAr5CjhNX7c8txOXqvxZw8NeNxovMDFP1lIoLU4JjkCO9kplihynZI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: fold sections in final binaries Message-Id: Date: Fri, 04 Mar 2022 10:00:32 +0000 commit 4b7fd8153ddfe95d6d427ff241abb6fdf37e027b Author: Jan Beulich AuthorDate: Wed Mar 2 09:29:55 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 2 09:29:55 2022 +0100 x86: fold sections in final binaries Especially when linking a PE binary (xen.efi), standalone output sections are expensive: Often the linker will align the subsequent one on the section alignment boundary (2Mb) when the linker script doesn't otherwise place it. (I haven't been able to derive from observed behavior under what conditions it would not do so.) With gcov enabled (and with gcc11) I'm observing enough sections that, as of quite recently, the resulting image doesn't fit in 16Mb anymore, failing the final ASSERT() in the linker script. (That assertion is slated to go away, but that's a separate change.) Any destructor related sections can be discarded, as we never "exit" the hypervisor. This includes .text.exit, which is referenced from .dtors.*. Constructor related sections need to all be taken care of, not just those with historically used names: .ctors.* and .text.startup is what gcc11 populates. While there re-arrange ordering / sorting to match that used by the linker provided scripts. Finally, for xen.efi only, also discard .note.gnu.*. These are meaningless in a PE binary. Quite likely, while not meaningless there, the section is also of no use in ELF, but keep it there for now. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7b655df63f..83def6541e 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -194,6 +194,7 @@ SECTIONS #endif _sinittext = .; *(.init.text) + *(.text.startup) _einittext = .; /* * Here are the replacement instructions. The linker sticks them @@ -258,9 +259,10 @@ SECTIONS . = ALIGN(8); __ctors_start = .; - *(.ctors) + *(SORT_BY_INIT_PRIORITY(.init_array.*)) + *(SORT_BY_INIT_PRIORITY(.ctors.*)) *(.init_array) - *(SORT(.init_array.*)) + *(.ctors) __ctors_end = .; } PHDR(text) @@ -404,16 +406,20 @@ SECTIONS /* Sections to be discarded */ /DISCARD/ : { + *(.text.exit) *(.exit.text) *(.exit.data) *(.exitcall.exit) *(.discard) *(.discard.*) *(.eh_frame) + *(.dtors) + *(.dtors.*) #ifdef EFI *(.comment) *(.comment.*) *(.note.Xen) + *(.note.gnu.*) #endif } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284136.483303 (Exim 4.92) (envelope-from ) id 1nQ4js-0002LJ-SM; Fri, 04 Mar 2022 10:00:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284136.483303; Fri, 04 Mar 2022 10:00:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4js-0002L9-P4; Fri, 04 Mar 2022 10:00:44 +0000 Received: by outflank-mailman (input) for mailman id 284136; Fri, 04 Mar 2022 10:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jq-0002Kw-Mz for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4jq-0007HY-MD for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4jq-0002Qw-K0 for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7OVSFwGa1fbVBXWNkDzKadDOLISphjkPZUc/LB7MXeo=; b=JROo5W3IbFPQeDc9D3GPBB1QML M4gHG7akNwrVVTwnV+f3PRD1UcXGl0db/+OSFr02s0v88V9vd6nwnC7Eo08G4kFKPt69CrqvdT+cg 63QXEaXARA2NwwxcaBuoTnNl1ZYVIg1vWTNrCBMBJrx3Pob7tf550Kzz+qLEHKvH8zac=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/cet: Fix __initconst_cf_clobber Message-Id: Date: Fri, 04 Mar 2022 10:00:42 +0000 commit 3e56754b08871ccceff856ff634731b9b9bccbbe Author: Andrew Cooper AuthorDate: Wed Mar 2 20:27:46 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 3 11:21:35 2022 +0000 xen/cet: Fix __initconst_cf_clobber The linker script collecting .init.rodata.* ahead of .init.rodata.cf_clobber accidentally causes __initconst_cf_clobber to be a no-op. Rearrange the linker script to unbreak this. The IOMMU adjust_irq_affinities() hooks currently violate the safety requirement for being cf_clobber, by also being plain __initcall()'s. Consolidate to a single initcall using the iommu_adjust_irq_affinities() wrapper (satisfying the cf_clobber safety requirement by using iommu_call() under the hood), and also removes the dubious property that we'd call into both vendors IOMMU drivers on boot, relying on the for_each_*() loops to be empty for safety. With this fixed, an all-enabled build of Xen has 1681 endbr64's in .text with 382 (23%) being clobbered during boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/xen.lds.S | 12 ++++++------ xen/drivers/passthrough/amd/iommu_init.c | 1 - xen/drivers/passthrough/vtd/iommu.c | 1 - xen/drivers/passthrough/x86/iommu.c | 6 ++++++ 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 83def6541e..b15e5b67e4 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -210,6 +210,12 @@ SECTIONS DECL_SECTION(.init.data) { #endif + . = ALIGN(POINTER_ALIGN); + __initdata_cf_clobber_start = .; + *(.init.data.cf_clobber) + *(.init.rodata.cf_clobber) + __initdata_cf_clobber_end = .; + *(.init.rodata) *(.init.rodata.*) @@ -224,12 +230,6 @@ SECTIONS *(.initcall1.init) __initcall_end = .; - . = ALIGN(POINTER_ALIGN); - __initdata_cf_clobber_start = .; - *(.init.data.cf_clobber) - *(.init.rodata.cf_clobber) - __initdata_cf_clobber_end = .; - *(.init.data) *(.init.data.rel) *(.init.data.rel.*) diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 657c7f619a..2e5bffa732 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -831,7 +831,6 @@ int cf_check iov_adjust_irq_affinities(void) return 0; } -__initcall(iov_adjust_irq_affinities); /* * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 6a65ba1d82..f70d515806 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2119,7 +2119,6 @@ static int cf_check adjust_vtd_irq_affinities(void) return 0; } -__initcall(adjust_vtd_irq_affinities); static int __must_check init_vtd_hw(bool resume) { diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 58a422fb5f..57c7b26c1a 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -462,6 +462,12 @@ bool arch_iommu_use_permitted(const struct domain *d) likely(!p2m_get_hostp2m(d)->global_logdirty)); } +static int __init cf_check adjust_irq_affinities(void) +{ + return iommu_adjust_irq_affinities(); +} +__initcall(adjust_irq_affinities); + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 10:00:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 10:00:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284137.483306 (Exim 4.92) (envelope-from ) id 1nQ4k2-0002OC-TT; Fri, 04 Mar 2022 10:00:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284137.483306; Fri, 04 Mar 2022 10:00:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4k2-0002O4-QU; Fri, 04 Mar 2022 10:00:54 +0000 Received: by outflank-mailman (input) for mailman id 284137; Fri, 04 Mar 2022 10:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4k0-0002Nr-Q0 for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQ4k0-0007Hl-PM for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQ4k0-0002SJ-Of for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 10:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ITovX1KJffq8wJ0sra30jKCK52Ouf0F+Xt+vYY2C8rM=; b=gDNSonmOA/iXiahsLdadqCjOLu Ro4aYxKcRJH783kPqan23LR7bQkBkXDM0QsS0sdLJ/GeUHUEIULZyvmktQiBRYmGbBOaIBcoj3l3I KtSJ7e3wXDXdm/4jSL2RYNpE59k+cViC9KcORqyqcvwgVxvqapdRLUh4rKUDVq/BN10k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: gic: Introduce GIC_PRI_{IRQ/IPI}_ALL Message-Id: Date: Fri, 04 Mar 2022 10:00:52 +0000 commit b692523fafb39f5f930e1e8a316f7b8cebc9f62a Author: Michal Orzel AuthorDate: Wed Mar 2 10:59:11 2022 +0100 Commit: Julien Grall CommitDate: Thu Mar 3 19:53:41 2022 +0000 xen/arm: gic: Introduce GIC_PRI_{IRQ/IPI}_ALL Introduce macros GIC_PRI_IRQ_ALL and GIC_PRI_IPI_ALL to be used in all the places where we want to set default priority for all the offsets in interrupt priority register. This will improve readability and allow to get rid of introducing variables just to store this value. Take the opportunity to mark GIC_PRI_{IRQ/IPI} as unsigned values to suppress static analyzer warnings as they are used in expressions exceeding integer range (shifting into signed bit). Modify also other priority related macros to be coherent. Signed-off-by: Michal Orzel Acked-by: Julien Grall --- xen/arch/arm/gic-v2.c | 12 +++--------- xen/arch/arm/gic-v3.c | 16 +++------------- xen/arch/arm/include/asm/gic.h | 13 +++++++++---- 3 files changed, 15 insertions(+), 26 deletions(-) diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c index b2adc8ec9a..2cc2f6bc18 100644 --- a/xen/arch/arm/gic-v2.c +++ b/xen/arch/arm/gic-v2.c @@ -373,9 +373,7 @@ static void __init gicv2_dist_init(void) /* Default priority for global interrupts */ for ( i = 32; i < nr_lines; i += 4 ) - writel_gicd(GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IRQ_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Disable all global interrupts */ for ( i = 32; i < nr_lines; i += 32 ) @@ -403,15 +401,11 @@ static void gicv2_cpu_init(void) /* Set SGI priorities */ for ( i = 0; i < 16; i += 4 ) - writel_gicd(GIC_PRI_IPI << 24 | GIC_PRI_IPI << 16 | - GIC_PRI_IPI << 8 | GIC_PRI_IPI, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IPI_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Set PPI priorities */ for ( i = 16; i < 32; i += 4 ) - writel_gicd(GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ, - GICD_IPRIORITYR + (i / 4) * 4); + writel_gicd(GIC_PRI_IRQ_ALL, GICD_IPRIORITYR + (i / 4) * 4); /* Local settings: interface controller */ /* Don't mask by priority */ diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index 9a3a175ad7..3c472ed768 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xen/arch/arm/gic-v3.c @@ -594,7 +594,6 @@ static void gicv3_set_irq_priority(struct irq_desc *desc, static void __init gicv3_dist_init(void) { uint32_t type; - uint32_t priority; uint64_t affinity; unsigned int nr_lines; int i; @@ -621,11 +620,7 @@ static void __init gicv3_dist_init(void) /* Default priority for global interrupts */ for ( i = NR_GIC_LOCAL_IRQS; i < nr_lines; i += 4 ) - { - priority = (GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | - GIC_PRI_IRQ << 8 | GIC_PRI_IRQ); - writel_relaxed(priority, GICD + GICD_IPRIORITYR + (i / 4) * 4); - } + writel_relaxed(GIC_PRI_IRQ_ALL, GICD + GICD_IPRIORITYR + (i / 4) * 4); /* Disable/deactivate all global interrupts */ for ( i = NR_GIC_LOCAL_IRQS; i < nr_lines; i += 32 ) @@ -806,7 +801,6 @@ static int __init gicv3_populate_rdist(void) static int gicv3_cpu_init(void) { int i, ret; - uint32_t priority; /* Register ourselves with the rest of the world */ if ( gicv3_populate_rdist() ) @@ -826,16 +820,12 @@ static int gicv3_cpu_init(void) } /* Set priority on PPI and SGI interrupts */ - priority = (GIC_PRI_IPI << 24 | GIC_PRI_IPI << 16 | GIC_PRI_IPI << 8 | - GIC_PRI_IPI); for (i = 0; i < NR_GIC_SGI; i += 4) - writel_relaxed(priority, + writel_relaxed(GIC_PRI_IPI_ALL, GICD_RDIST_SGI_BASE + GICR_IPRIORITYR0 + (i / 4) * 4); - priority = (GIC_PRI_IRQ << 24 | GIC_PRI_IRQ << 16 | GIC_PRI_IRQ << 8 | - GIC_PRI_IRQ); for (i = NR_GIC_SGI; i < NR_GIC_LOCAL_IRQS; i += 4) - writel_relaxed(priority, + writel_relaxed(GIC_PRI_IRQ_ALL, GICD_RDIST_SGI_BASE + GICR_IPRIORITYR0 + (i / 4) * 4); /* diff --git a/xen/arch/arm/include/asm/gic.h b/xen/arch/arm/include/asm/gic.h index c7f0c343d1..b3c6c67933 100644 --- a/xen/arch/arm/include/asm/gic.h +++ b/xen/arch/arm/include/asm/gic.h @@ -143,10 +143,15 @@ * * A GIC must support a mimimum of 16 priority levels. */ -#define GIC_PRI_LOWEST 0xf0 -#define GIC_PRI_IRQ 0xa0 -#define GIC_PRI_IPI 0x90 /* IPIs must preempt normal interrupts */ -#define GIC_PRI_HIGHEST 0x80 /* Higher priorities belong to Secure-World */ +#define GIC_PRI_LOWEST 0xf0U +#define GIC_PRI_IRQ 0xa0U +#define GIC_PRI_IPI 0x90U /* IPIs must preempt normal interrupts */ +#define GIC_PRI_HIGHEST 0x80U /* Higher priorities belong to Secure-World */ +#define GIC_PRI_IRQ_ALL ((GIC_PRI_IRQ << 24) | (GIC_PRI_IRQ << 16) |\ + (GIC_PRI_IRQ << 8) | GIC_PRI_IRQ) +#define GIC_PRI_IPI_ALL ((GIC_PRI_IPI << 24) | (GIC_PRI_IPI << 16) |\ + (GIC_PRI_IPI << 8) | GIC_PRI_IPI) + #define GIC_PRI_TO_GUEST(pri) (pri >> 3) /* GICH_LR and GICH_VMCR only support 5 bits for guest irq priority */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 04 22:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 04 Mar 2022 22:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.284972.484215 (Exim 4.92) (envelope-from ) id 1nQGpC-0005uv-VX; Fri, 04 Mar 2022 22:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 284972.484215; Fri, 04 Mar 2022 22:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQGpC-0005un-Sd; Fri, 04 Mar 2022 22:55:02 +0000 Received: by outflank-mailman (input) for mailman id 284972; Fri, 04 Mar 2022 22:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQGpB-0005tO-K8 for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 22:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQGpB-0004ye-G7 for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 22:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQGpB-0003eY-FE for xen-changelog@lists.xenproject.org; Fri, 04 Mar 2022 22:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HwVEd1CzYFU8v18MknKSY+7MK2yqNaJO9+7VTiuvY0c=; b=Q5Ye4STU+qydJjzdCWqVWyh/lB fQvYzQYhS1gZtA4glRlyRbGfuJCWOXmrmJYBzEvVXQCNeTRrmYq/FYvMy4+CVyWkkFBMOgBT5mggu ARGU31wmFVgbBrWGM7eY99AHUyphGPuOZKe1LKkK/zY88NXkrzaaZx2sfjCK/z8meFOQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: mm: Encode existing constraints of the memory layout Message-Id: Date: Fri, 04 Mar 2022 22:55:01 +0000 commit 1f410b0c7455748021be4ede59e7a0c0a2ffb1c4 Author: Julien Grall AuthorDate: Thu Mar 3 20:14:53 2022 +0000 Commit: Julien Grall CommitDate: Thu Mar 3 20:15:14 2022 +0000 xen/arm: mm: Encode existing constraints of the memory layout The boot code expects the regions XEN_VIRT_START, FIXMAP_ADDR(0), BOOT_FDT_VIRT_START to use the same 0th (arm64 only) and 1st slot. Add some BUILD_BUG_ON() to confirm that. This is helpful if one wants to re-order the memory layout. Signed-off-by: Julien Grall Reviewed-by: Bertrand Marquis --- xen/arch/arm/mm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 8a17222109..7b1f2f4906 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -211,6 +211,22 @@ static void __init __maybe_unused build_assertions(void) #ifdef CONFIG_DOMAIN_PAGE BUILD_BUG_ON(DOMHEAP_VIRT_START & ~FIRST_MASK); #endif + /* + * The boot code expects the regions XEN_VIRT_START, FIXMAP_ADDR(0), + * BOOT_FDT_VIRT_START to use the same 0th (arm64 only) and 1st + * slot in the page tables. + */ +#define CHECK_SAME_SLOT(level, virt1, virt2) \ + BUILD_BUG_ON(level##_table_offset(virt1) != level##_table_offset(virt2)) + +#ifdef CONFIG_ARM_64 + CHECK_SAME_SLOT(zeroeth, XEN_VIRT_START, FIXMAP_ADDR(0)); + CHECK_SAME_SLOT(zeroeth, XEN_VIRT_START, BOOT_FDT_VIRT_START); +#endif + CHECK_SAME_SLOT(first, XEN_VIRT_START, FIXMAP_ADDR(0)); + CHECK_SAME_SLOT(first, XEN_VIRT_START, BOOT_FDT_VIRT_START); + +#undef CHECK_SAME_SLOT } void dump_pt_walk(paddr_t ttbr, paddr_t addr, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285102.484341 (Exim 4.92) (envelope-from ) id 1nQRY4-0004SH-3c; Sat, 05 Mar 2022 10:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285102.484341; Sat, 05 Mar 2022 10:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRY4-0004S9-09; Sat, 05 Mar 2022 10:22:04 +0000 Received: by outflank-mailman (input) for mailman id 285102; Sat, 05 Mar 2022 10:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRY2-0004RK-9M for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRY2-0003JQ-8R for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRY2-0002IG-7a for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4EWY+4BIxgfDfrwQESX8S0zj+UoflJU5XhLHKbqEJOI=; b=O4nqXGW5IzT5Ev9LGvYvkoAhy2 IbxKHtreFreA4R8TrcxWSm83WPU8UtBv5bTPsfOeiKueSK2gE5pRbWmsYur3klH+Alzzas2IJCgbc 3vT1hdMVDJMYmTlcoy1r41OS/Dw2osk5ZoXqttHxoOk/dpcpTmEezOE2+1SDwabdX/d0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build,x86: remove the need for build32.mk Message-Id: Date: Sat, 05 Mar 2022 10:22:02 +0000 commit d58a509e01c4833515a9a8340706d1a23bef168b Author: Anthony PERARD AuthorDate: Fri Mar 4 09:25:39 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:25:39 2022 +0100 build,x86: remove the need for build32.mk Rework "arch/x86/boot/Makefile" to allow it to build both file "cmdline.S" and "reloc.S" without "build32.mk". These will now use the main rules for "%.o: %.c", and thus generate a dependency file. (We will not need to track the dependency manually anymore.) But for that, we need to override the main CFLAGS to do a 32bit build. We introduce XEN_TREEWIDE_CFLAGS which can be reused in boot/Makefile, and avoid the need to reparse Config.mk with a different value for XEN_TARGET_ARCH. From this new $(XEN_TREEWIDE_CFLAGS), we only need to change -m64 to have the 32bit flags. Then those are applied only to "cmdline.o" and "reloc.o". Specifically apply the rule "%.S: %.bin" to both cmdline.S and reloc.S to avoid make trying to regenerate other %.S files with it. There is no change expected to the resulting "cmdline.S" and "reloc.S", only the *.o file changes as their symbol for FILE goes from "cmdline.c" to "arch/x86//cmdline.c". (No idea why "boot" is missing from the string.) (I've only check with GCC, not clang.) Signed-off-by: Anthony PERARD Reviewed-by: Jan Beulich --- xen/Makefile | 4 ++++ xen/arch/x86/boot/Makefile | 49 +++++++++++++++++++++++++++++--------------- xen/arch/x86/boot/build32.mk | 40 ------------------------------------ 3 files changed, 37 insertions(+), 56 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index ed4891daf1..865c0cb2e6 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -171,6 +171,10 @@ export LEX = $(if $(FLEX),$(FLEX),flex) # Default file for 'make defconfig'. export KBUILD_DEFCONFIG := $(ARCH)_defconfig +# Copy CFLAGS generated by "Config.mk" so they can be reused later without +# reparsing Config.mk by e.g. arch/x86/boot/. +export XEN_TREEWIDE_CFLAGS := $(CFLAGS) + # CLANG_FLAGS needs to be calculated before calling Kconfig ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS := diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 1ac8cb435e..ca8001c72b 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -1,25 +1,42 @@ obj-bin-y += head.o +head-srcs := cmdline.S reloc.S -DEFS_H_DEPS = $(abs_srctree)/$(src)/defs.h $(abs_srctree)/include/xen/stdbool.h +nocov-y += $(head-srcs:.S=.o) +noubsan-y += $(head-srcs:.S=.o) +targets += $(head-srcs:.S=.o) -CMDLINE_DEPS = $(DEFS_H_DEPS) $(abs_srctree)/$(src)/video.h \ - $(BASEDIR)/include/xen/kconfig.h \ - $(BASEDIR)/include/generated/autoconf.h +head-srcs := $(addprefix $(obj)/, $(head-srcs)) -RELOC_DEPS = $(DEFS_H_DEPS) \ - $(BASEDIR)/include/generated/autoconf.h \ - $(BASEDIR)/include/xen/kconfig.h \ - $(BASEDIR)/include/xen/multiboot.h \ - $(BASEDIR)/include/xen/multiboot2.h \ - $(BASEDIR)/include/xen/const.h \ - $(BASEDIR)/include/public/arch-x86/hvm/start_info.h +$(obj)/head.o: $(head-srcs) -$(obj)/head.o: $(obj)/cmdline.S $(obj)/reloc.S +CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) +$(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) +CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float +CFLAGS_x86_32 += -I$(srctree)/include -$(obj)/cmdline.S: $(src)/cmdline.c $(CMDLINE_DEPS) $(src)/build32.lds - $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) CMDLINE_DEPS="$(CMDLINE_DEPS)" +# override for 32bit binaries +$(head-srcs:.S=.o): CFLAGS_stack_boundary := +$(head-srcs:.S=.o): XEN_CFLAGS := $(CFLAGS_x86_32) -fpic -$(obj)/reloc.S: $(src)/reloc.c $(RELOC_DEPS) $(src)/build32.lds - $(MAKE) -f $(abs_srctree)/$(src)/build32.mk -C $(obj) $(@F) RELOC_DEPS="$(RELOC_DEPS)" +$(head-srcs): %.S: %.bin + (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ + sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ + +# Drop .got.plt during conversion to plain binary format. +# Please check build32.lds for more details. +%.bin: %.lnk + $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ + while read idx name sz rest; do \ + case "$$name" in \ + .got.plt) \ + test $$sz != 0c || continue; \ + echo "Error: non-empty $$name: 0x$$sz" >&2; \ + exit $$(expr $$idx + 1);; \ + esac; \ + done + $(OBJCOPY) -O binary -R .got.plt $< $@ + +%.lnk: %.o $(src)/build32.lds + $(LD) $(subst x86_64,i386,$(LDFLAGS_DIRECT)) -N -T $(filter %.lds,$^) -o $@ $< clean-files := cmdline.S reloc.S *.lnk *.bin diff --git a/xen/arch/x86/boot/build32.mk b/xen/arch/x86/boot/build32.mk deleted file mode 100644 index e90680cd9f..0000000000 --- a/xen/arch/x86/boot/build32.mk +++ /dev/null @@ -1,40 +0,0 @@ -override XEN_TARGET_ARCH=x86_32 -CFLAGS = -include $(XEN_ROOT)/Config.mk - -$(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) - -CFLAGS += -Werror -fno-builtin -g0 -msoft-float -CFLAGS += -I$(BASEDIR)/include -CFLAGS := $(filter-out -flto,$(CFLAGS)) - -# NB. awk invocation is a portable alternative to 'head -n -1' -%.S: %.bin - (od -v -t x $< | tr -s ' ' | awk 'NR > 1 {print s} {s=$$0}' | \ - sed 's/ /,0x/g' | sed 's/,0x$$//' | sed 's/^[0-9]*,/ .long /') >$@ - -# Drop .got.plt during conversion to plain binary format. -# Please check build32.lds for more details. -%.bin: %.lnk - $(OBJDUMP) -h $< | sed -n '/[0-9]/{s,00*,0,g;p;}' | \ - while read idx name sz rest; do \ - case "$$name" in \ - .got.plt) \ - test $$sz != 0c || continue; \ - echo "Error: non-empty $$name: 0x$$sz" >&2; \ - exit $$(expr $$idx + 1);; \ - esac; \ - done - $(OBJCOPY) -O binary -R .got.plt $< $@ - -%.lnk: %.o build32.lds - $(LD) $(LDFLAGS_DIRECT) -N -T build32.lds -o $@ $< - -%.o: %.c - $(CC) $(CFLAGS) -c -fpic $< -o $@ - -cmdline.o: cmdline.c $(CMDLINE_DEPS) - -reloc.o: reloc.c $(RELOC_DEPS) - -.PRECIOUS: %.bin %.lnk -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285105.484345 (Exim 4.92) (envelope-from ) id 1nQRYE-0004aH-5h; Sat, 05 Mar 2022 10:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285105.484345; Sat, 05 Mar 2022 10:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYE-0004a9-2R; Sat, 05 Mar 2022 10:22:14 +0000 Received: by outflank-mailman (input) for mailman id 285105; Sat, 05 Mar 2022 10:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYC-0004Zn-Ck for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYC-0003JU-Bp for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRYC-0002Iz-Ag for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EMZ8185rrUrRJqd3Rk5ypxvIdLccd0hUGfkhdGgfpR4=; b=ki8zINLtn47Jc5jO+2Lzd2oFlo ewp2ZjFsC/3eySuys+tUhqPOwPgd+EuKdNFnST9lGOI2wwY67KY0hvuuZPHPAcNvP3P9tJjQ2Ya9I GzdhvISYge5y3OL7oqFqIg3OxGD/kQQOB/S3nv+qEBFLBepmRMlceegioYK8KmqFgHCY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: export potentially overridden tool chain components Message-Id: Date: Sat, 05 Mar 2022 10:22:12 +0000 commit e1cafab334b998e46057bbb8d1303be4499814bd Author: Jan Beulich AuthorDate: Fri Mar 4 09:27:08 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:27:08 2022 +0100 build: export potentially overridden tool chain components When overriding the tool chain via CROSS_COMPILE, the resulting components need to be made available to, in particular (but not limited to) the check-endbr.sh script. Note that we don't allow overriding ADDR2LINE yet; this would first require additions to some config/*.mk before it would make sense to export the resulting variable as well. The lack of NM exporting was apparently not a problem so far, but add it at this occasion as well - we're using the tool, after all. Fixes: 4d037425dccf ("x86: Build check for embedded endbr64 instructions") Signed-off-by: Jan Beulich Reviewed-by: Bertrand Marquis Acked-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 865c0cb2e6..5c21492d6f 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -55,7 +55,7 @@ export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ # Allow someone to change their config file export KCONFIG_CONFIG ?= .config -export CC CXX LD +export CC CXX LD NM OBJCOPY OBJDUMP export TARGET := xen -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285109.484349 (Exim 4.92) (envelope-from ) id 1nQRYO-0004kw-7Q; Sat, 05 Mar 2022 10:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285109.484349; Sat, 05 Mar 2022 10:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYO-0004kn-47; Sat, 05 Mar 2022 10:22:24 +0000 Received: by outflank-mailman (input) for mailman id 285109; Sat, 05 Mar 2022 10:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYM-0004iu-G5 for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYM-0003K1-FJ for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRYM-0002Jm-EF for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L9GFs5aPcOBfQh2rXMX0Cep2J8PdM552TQ2stFZGLs0=; b=4SCLxMVnINyoZfGicTwBq8mzRt AucpDrsCPVGjaMbivclJEfDoS8523jWrTATGyTA+usfYWAG+Ix+I50ZTJ19KYaGm1UEApFR39DTf2 zh4AGVTunT3+U8tXKnYOmq6lHgomWY5frdK+zUwOZSh7xlXBCXRZargiPrWLgsN5/zUM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/time: add CF-clobber annotations Message-Id: Date: Sat, 05 Mar 2022 10:22:22 +0000 commit dc762a509d46422a7193f1ad6ecf9728ae35c989 Author: Jan Beulich AuthorDate: Fri Mar 4 09:28:09 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:28:09 2022 +0100 x86/time: add CF-clobber annotations With bed9ae54df44 ("x86/time: switch platform timer hooks to altcall") in place we can further arrange for ENDBR removal from the functions no longer subject to indirect calls. Note that plt_tsc is adjusted as well, despite presently not holding any pointer eligible for ENDBR removal. This is just to be on the safe side going forward. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/time.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c05d3ca98b..c840f45535 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -375,7 +375,7 @@ static void cf_check resume_pit(struct platform_timesource *pts) outb(0, PIT_CH2); /* MSB of count */ } -static struct platform_timesource __initdata plt_pit = +static struct platform_timesource __initdata_cf_clobber plt_pit = { .id = "pit", .name = "PIT", @@ -483,7 +483,7 @@ static void cf_check resume_hpet(struct platform_timesource *pts) hpet_resume(NULL); } -static struct platform_timesource __initdata plt_hpet = +static struct platform_timesource __initdata_cf_clobber plt_hpet = { .id = "hpet", .name = "HPET", @@ -528,7 +528,7 @@ static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); } -static struct platform_timesource __initdata plt_pmtimer = +static struct platform_timesource __initdata_cf_clobber plt_pmtimer = { .id = "acpi", .name = "ACPI PM Timer", @@ -590,7 +590,7 @@ static uint64_t __init cf_check read_tsc(void) return rdtsc_ordered(); } -static struct platform_timesource __initdata plt_tsc = +static struct platform_timesource __initdata_cf_clobber plt_tsc = { .id = "tsc", .name = "TSC", @@ -681,7 +681,7 @@ static void cf_check resume_xen_timer(struct platform_timesource *pts) write_atomic(&xen_timer_last, 0); } -static struct platform_timesource __initdata plt_xen_timer = +static struct platform_timesource __initdata_cf_clobber plt_xen_timer = { .id = "xen", .name = "XEN PV CLOCK", @@ -778,7 +778,7 @@ static uint64_t cf_check read_hyperv_timer(void) return hv_scale_tsc(tsc, scale, offset); } -static struct platform_timesource __initdata plt_hyperv_timer = +static struct platform_timesource __initdata_cf_clobber plt_hyperv_timer = { .id = "hyperv", .name = "HYPER-V REFERENCE TSC", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285111.484354 (Exim 4.92) (envelope-from ) id 1nQRYY-0004oV-9v; Sat, 05 Mar 2022 10:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285111.484354; Sat, 05 Mar 2022 10:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYY-0004oM-5r; Sat, 05 Mar 2022 10:22:34 +0000 Received: by outflank-mailman (input) for mailman id 285111; Sat, 05 Mar 2022 10:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYW-0004nx-J9 for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYW-0003KC-IQ for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRYW-0002Ki-HY for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2zHjxVb2p68BBah4tNfE/YERaGv15oV9LjEnpEpXu6I=; b=HtmtPrP3gxTtX/n8MZEtGQoclP qAX7iXw/3HVYXbIe7Wvxj4j+XojPSMwohW5DykjN1nkgyo1paX2cbOx3ibdO56HXZctGOcUAaliRO o0Xf1NhU6EVA2Pb2JVsnWwuGpig3XO/jjZYE+8y4GztkNX60xaoWl4mWTsifwh0Rx2YY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: drop use of CONSTRUCTORS from linker script Message-Id: Date: Sat, 05 Mar 2022 10:22:32 +0000 commit b7a7e346c71054b12c93b32b032232c7c583209a Author: Jan Beulich AuthorDate: Fri Mar 4 09:29:10 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:29:10 2022 +0100 x86: drop use of CONSTRUCTORS from linker script Current binutils document this for use by a.out only. Plus we deal with .ctors and alike sections elsewhere in the script anyway. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 1 - 1 file changed, 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index b15e5b67e4..021470d932 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -292,7 +292,6 @@ SECTIONS *(.data) *(.data.rel) *(.data.rel.*) - CONSTRUCTORS } PHDR(text) DECL_SECTION(.bss) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285112.484357 (Exim 4.92) (envelope-from ) id 1nQRYi-0004rV-AO; Sat, 05 Mar 2022 10:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285112.484357; Sat, 05 Mar 2022 10:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYi-0004rN-7N; Sat, 05 Mar 2022 10:22:44 +0000 Received: by outflank-mailman (input) for mailman id 285112; Sat, 05 Mar 2022 10:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYg-0004r5-MR for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYg-0003KM-Lh for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRYg-0002LJ-Kk for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EXHU0f5J36K+v2+oy6YBAvtJIJwir8Gr/sxoUtW+cNY=; b=yP+BPJTdbvd8fR4LwwGvUnjX8Q Zt+o5IKFXp2TjGf7M/Y7+084c5ZKvZ1/JWPL8ZPB7y17SREF+lqGGi5AOZ1356zQseSxj+hG8Lj3P QMjODvdZvtVGGRvhKDwevdfsOybCwt1HYHKd3MkmS0FIUiIYY24q5bZbnFPGWfpIHTTg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul/test: correct VRNDSCALES{S,D} entries in predicates test Message-Id: Date: Sat, 05 Mar 2022 10:22:42 +0000 commit ccb6f9a55844fc1205deb7811b237cbcbaaaea97 Author: Jan Beulich AuthorDate: Fri Mar 4 09:29:42 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:29:42 2022 +0100 x86emul/test: correct VRNDSCALES{S,D} entries in predicates test While benign (because only the decoder is exercised here, whereas a wrong EVEX.W would cause an exception only during actual emulation), let's still have correct information in the table entries. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index 4760f19bf2..0d10135195 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1974,8 +1974,8 @@ static const struct evex { { { 0x05 }, 3, T, R, pfx_66, W1, Ln }, /* vpermilpd */ { { 0x08 }, 3, T, R, pfx_66, W0, Ln }, /* vrndscaleps */ { { 0x09 }, 3, T, R, pfx_66, W1, Ln }, /* vrndscalepd */ - { { 0x0a }, 3, T, R, pfx_66, WIG, LIG }, /* vrndscaless */ - { { 0x0b }, 3, T, R, pfx_66, WIG, LIG }, /* vrndscalesd */ + { { 0x0a }, 3, T, R, pfx_66, W0, LIG }, /* vrndscaless */ + { { 0x0b }, 3, T, R, pfx_66, W1, LIG }, /* vrndscalesd */ { { 0x0f }, 3, T, R, pfx_66, WIG, Ln }, /* vpalignr */ { { 0x14 }, 3, T, W, pfx_66, WIG, L0 }, /* vpextrb */ { { 0x15 }, 3, T, W, pfx_66, WIG, L0 }, /* vpextrw */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285113.484361 (Exim 4.92) (envelope-from ) id 1nQRYr-0004uR-Bw; Sat, 05 Mar 2022 10:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285113.484361; Sat, 05 Mar 2022 10:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYr-0004uJ-8q; Sat, 05 Mar 2022 10:22:53 +0000 Received: by outflank-mailman (input) for mailman id 285113; Sat, 05 Mar 2022 10:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYq-0004uA-QB for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRYq-0003KW-PN for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRYq-0002Ly-OR for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=po1sog+vOxF+uwUI60KmX7pNM2CbshqHLp0D5iYPSEc=; b=BZMpmZVqqO0S4qN+mG3H+bOLYb KSN8jT5PY5IPYAXj8XHpO3W3rKX6LMxjNPI8/hwHVhqYxkn176h58l17Tva26zlBlBRYLATXmY9KW 8rEq1To4Dzl0PnpLDNvPhPipM31rjJEF5HHkrFTDXUaxHZI9ztz/fABA/agxzBgFlkbc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul: correct a few scalar insn comments Message-Id: Date: Sat, 05 Mar 2022 10:22:52 +0000 commit 248496f890562fd6d6fea779520dd6335269e92c Author: Jan Beulich AuthorDate: Fri Mar 4 09:30:07 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 09:30:07 2022 +0100 x86emul: correct a few scalar insn comments Truly scalar insns (i.e. not VBROADCASTS{S,D}) only every act on %xmm. Adjust comments accordingly. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_emulate/x86_emulate.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c index 6c0d18954a..7f6af911bc 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -7608,8 +7608,8 @@ x86_emulate( #ifndef X86EMUL_NO_SIMD case X86EMUL_OPC_VEX_66(0x0f3a, 0x08): /* vroundps $imm8,{x,y}mm/mem,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x09): /* vroundpd $imm8,{x,y}mm/mem,{x,y}mm */ - case X86EMUL_OPC_VEX_66(0x0f3a, 0x0a): /* vroundss $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ - case X86EMUL_OPC_VEX_66(0x0f3a, 0x0b): /* vroundsd $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ + case X86EMUL_OPC_VEX_66(0x0f3a, 0x0a): /* vroundss $imm8,xmm/mem,xmm,xmm */ + case X86EMUL_OPC_VEX_66(0x0f3a, 0x0b): /* vroundsd $imm8,xmm/mem,xmm,xmm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x0c): /* vblendps $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x0d): /* vblendpd $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ case X86EMUL_OPC_VEX_66(0x0f3a, 0x40): /* vdpps $imm8,{x,y}mm/mem,{x,y}mm,{x,y}mm */ @@ -10576,8 +10576,8 @@ x86_emulate( host_and_vcpu_must_have(sse4_1); goto simd_0f3a_common; - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0a): /* vrndscaless $imm8,[xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0b): /* vrndscalesd $imm8,[xyz]mm/mem,[xyz]mm,[xyz]mm{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0a): /* vrndscaless $imm8,xmm/mem,xmm,xmm{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x0b): /* vrndscalesd $imm8,xmm/mem,xmm,xmm{k} */ generate_exception_if(ea.type != OP_REG && evex.brs, EXC_UD); /* fall through */ case X86EMUL_OPC_EVEX_66(0x0f3a, 0x08): /* vrndscaleps $imm8,[xyz]mm/mem,[xyz]mm{k} */ @@ -11063,7 +11063,7 @@ x86_emulate( break; case X86EMUL_OPC_EVEX_66(0x0f3a, 0x66): /* vfpclassp{s,d} $imm8,[xyz]mm/mem,k{k} */ - case X86EMUL_OPC_EVEX_66(0x0f3a, 0x67): /* vfpclasss{s,d} $imm8,[xyz]mm/mem,k{k} */ + case X86EMUL_OPC_EVEX_66(0x0f3a, 0x67): /* vfpclasss{s,d} $imm8,xmm/mem,k{k} */ host_and_vcpu_must_have(avx512dq); generate_exception_if(!evex.r || !evex.R || evex.z, EXC_UD); if ( !(b & 1) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 05 10:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 05 Mar 2022 10:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285114.484366 (Exim 4.92) (envelope-from ) id 1nQRZ1-0004yP-Fu; Sat, 05 Mar 2022 10:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285114.484366; Sat, 05 Mar 2022 10:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRZ1-0004yD-CA; Sat, 05 Mar 2022 10:23:03 +0000 Received: by outflank-mailman (input) for mailman id 285114; Sat, 05 Mar 2022 10:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRZ0-0004y0-TE for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nQRZ0-0003Kw-ST for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nQRZ0-0002Mw-RZ for xen-changelog@lists.xenproject.org; Sat, 05 Mar 2022 10:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dh6oTnubkUK5s6a0NMPk1A4hvgi7Z1ttvHFUpihh6iU=; b=VLg5dofAkk1biLuQMgxwtIYIp5 mY6dUQIK96q9dB/7puolXN20A3SP6IThPcpjZhzJ6CJwfHkMljpT2rp26KMu02RMppfClbmvnJ8UP XHA/epKfFO4BTR/0Mk7e4PfTIYDTYXDdb8USvcYpGeYc1KBGDR3p4LLwNH3sSZSccKyU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: also discard .fini_array in linker script Message-Id: Date: Sat, 05 Mar 2022 10:23:02 +0000 commit 1145d94c738ea13e0d2ceedb97a4cfe46292b08e Author: Jan Beulich AuthorDate: Fri Mar 4 10:49:22 2022 +0100 Commit: Jan Beulich CommitDate: Fri Mar 4 10:49:22 2022 +0100 x86: also discard .fini_array in linker script This simply parallels .dtors. Both section types can reference .text.exit, which requires them to be discarded together with that one. Compilers, depending on their findings during the configure phase, may elect to use either model. While .{init,fini}_array look to be preferred, cross compilers apparently have this guessed, likely resulting in a fallback to .{c,d}tors. Hence we need to support both sets. Fixes: 4b7fd8153ddf ("x86: fold sections in final binaries") Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 021470d932..506bc8e404 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -414,6 +414,8 @@ SECTIONS *(.eh_frame) *(.dtors) *(.dtors.*) + *(.fini_array) + *(.fini_array.*) #ifdef EFI *(.comment) *(.comment.*) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285710.484938 (Exim 4.92) (envelope-from ) id 1nR8SQ-00078R-4V; Mon, 07 Mar 2022 08:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285710.484938; Mon, 07 Mar 2022 08:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8SQ-00078J-1Y; Mon, 07 Mar 2022 08:11:06 +0000 Received: by outflank-mailman (input) for mailman id 285710; Mon, 07 Mar 2022 08:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8SO-00078D-H4 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8SO-0007iC-Ep for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8SO-0002ZK-Ds for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=56pxtoWo0urB9SVWgzSQCPLX55U9dKzrnBj9F2gdzpg=; b=MXwV0px6jMMjuZAA/rFZrgYm7o JHxMZcHn7+sAOqHr/IIqTaNrIqsAdCktjX0e1NB6B3JeCyvbn/jWJJ5UMqAEQud016NdpfjNjqEAT 1iC4ngb5ojRQ5x84+WrpNbGw3IztQ+Vpo5GUx3lHsRIQ8SClNgoEvGFauaQZcPCneqUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/tboot: adjust Kconfig default Message-Id: Date: Mon, 07 Mar 2022 08:11:04 +0000 commit a9c8432e2ab666cf1bbefa46ddfc5da1127a98c7 Author: Jan Beulich AuthorDate: Mon Mar 7 08:59:46 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 08:59:46 2022 +0100 x86/tboot: adjust Kconfig default We shouldn't include unsupported code by default, with not even a means for its building to be disabled. Convert the dependency from merely affecting the prompt's visibility to a real one. Signed-off-by: Jan Beulich Reviewed-by: Daniel P. Smith --- xen/arch/x86/Kconfig | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 8e70f9a448..83d0f317ec 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -193,14 +193,15 @@ config HVM_FEP If unsure, say N. config TBOOT - bool "Xen tboot support (UNSUPPORTED)" if UNSUPPORTED - default y if !PV_SHIM_EXCLUSIVE + bool "Xen tboot support (UNSUPPORTED)" + depends on UNSUPPORTED + default !PV_SHIM_EXCLUSIVE select CRYPTO ---help--- Allows support for Trusted Boot using the Intel(R) Trusted Execution Technology (TXT) - If unsure, say Y. + If unsure, stay with the default. choice prompt "Alignment of Xen image" -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285711.484942 (Exim 4.92) (envelope-from ) id 1nR8Sa-0007AH-5r; Mon, 07 Mar 2022 08:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285711.484942; Mon, 07 Mar 2022 08:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Sa-0007A9-2y; Mon, 07 Mar 2022 08:11:16 +0000 Received: by outflank-mailman (input) for mailman id 285711; Mon, 07 Mar 2022 08:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8SY-00079w-Ij for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8SY-0007iG-Ht for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8SY-0002a6-Gt for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eTSrFFuD3rqpouBu0jbjsynAGJS6yV4jOgSea5rCFe0=; b=euOTAWh8grOLDI23IViEYmTNmt 91AX6yj09Uya44LgXuCgZj20lEm/3PlLCjMEbUebsnZXL1oBTzKwDQ9XAdX2PL60YKfNBzCr2fkPi Cxv55KdfjRwAllmVG1qG4H2WP8hlLhxyHXJ8mMxLVfigZp4+bX4TRCgmFZI0H97pp+tg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: add fall-through comments to a switch statement Message-Id: Date: Mon, 07 Mar 2022 08:11:14 +0000 commit c9875a8cce8b5e534ec9348a1bf5d6972ec17369 Author: Lasse Collin AuthorDate: Mon Mar 7 09:05:44 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:05:44 2022 +0100 xz: add fall-through comments to a switch statement It's good style. I was also told that GCC 7 is more strict and might give a warning when such comments are missing. Suggested-by: Andrei Borzenkov Signed-off-by: Lasse Collin Signed-off-by: Jiri Kosina Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5a244f48ecbb Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_stream.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b7a8c15c5b..672c57fac9 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -583,6 +583,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) if (ret != XZ_OK) return ret; + /* Fall through */ + case SEQ_BLOCK_START: /* We need one byte of input to continue. */ if (b->in_pos == b->in_size) @@ -606,6 +608,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->temp.pos = 0; s->sequence = SEQ_BLOCK_HEADER; + /* Fall through */ + case SEQ_BLOCK_HEADER: if (!fill_temp(s, b)) return XZ_OK; @@ -616,6 +620,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_UNCOMPRESS; + /* Fall through */ + case SEQ_BLOCK_UNCOMPRESS: ret = dec_block(s, b); if (ret != XZ_STREAM_END) @@ -623,6 +629,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_PADDING; + /* Fall through */ + case SEQ_BLOCK_PADDING: /* * Size of Compressed Data + Block Padding @@ -643,6 +651,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_CHECK; + /* Fall through */ + case SEQ_BLOCK_CHECK: if (s->check_type == XZ_CHECK_CRC32) { ret = crc32_validate(s, b); @@ -665,6 +675,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_INDEX_PADDING; + /* Fall through */ + case SEQ_INDEX_PADDING: while ((s->index.size + (b->in_pos - s->in_start)) & 3) { @@ -687,6 +699,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_INDEX_CRC32; + /* Fall through */ + case SEQ_INDEX_CRC32: ret = crc32_validate(s, b); if (ret != XZ_STREAM_END) @@ -695,6 +709,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->temp.size = STREAM_HEADER_SIZE; s->sequence = SEQ_STREAM_FOOTER; + /* Fall through */ + case SEQ_STREAM_FOOTER: if (!fill_temp(s, b)) return XZ_OK; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285712.484947 (Exim 4.92) (envelope-from ) id 1nR8Sk-0007D5-7j; Mon, 07 Mar 2022 08:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285712.484947; Mon, 07 Mar 2022 08:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Sk-0007Cv-4N; Mon, 07 Mar 2022 08:11:26 +0000 Received: by outflank-mailman (input) for mailman id 285712; Mon, 07 Mar 2022 08:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Si-0007CY-Ln for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Si-0007iY-L0 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8Si-0002bF-K6 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UKigfJ9ESyD9Mk0yfKOnIE+/n4V9xAM+NS2qYREx+oA=; b=LaGOSQ1nitz2XJd7BOJc7uJxgx +1qU0mpIgIN4ANWUSEyGXjusKHu3ylBSK8UVAaoMFq2ddwJ/prYjzz2UN2MKhxLx843+bNBdCukqA fc1ja9Su0cVm6DNEpZOlMFi2D9LoHT7Y+PvthjtjQ2ml/fM7if9/lUaxQL1cktJFLPhM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: fix XZ_DYNALLOC to avoid useless memory reallocations Message-Id: Date: Mon, 07 Mar 2022 08:11:24 +0000 commit 22d5d1c0d18893d9cb92b322f95d7ebab6c0cfd9 Author: Lasse Collin AuthorDate: Mon Mar 7 09:06:31 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:06:31 2022 +0100 xz: fix XZ_DYNALLOC to avoid useless memory reallocations s->dict.allocated was initialized to 0 but never set after a successful allocation, thus the code always thought that the dictionary buffer has to be reallocated. Link: http://lkml.kernel.org/r/20191104185107.3b6330df@tukaani.org Reported-by: Yu Sun Signed-off-by: Lasse Collin Acked-by: Daniel Walker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 8e20ba2e53fc Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_lzma2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 6b07722e3c..68bcf0f29a 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -1146,6 +1146,7 @@ XZ_EXTERN enum xz_ret __init xz_dec_lzma2_reset(struct xz_dec_lzma2 *s, uint8_t if (DEC_IS_DYNALLOC(s->dict.mode)) { if (s->dict.allocated < s->dict.size) { + s->dict.allocated = s->dict.size; large_free(s->dict.buf); s->dict.buf = large_malloc(s->dict.size); if (s->dict.buf == NULL) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285713.484950 (Exim 4.92) (envelope-from ) id 1nR8Su-0007G8-8l; Mon, 07 Mar 2022 08:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285713.484950; Mon, 07 Mar 2022 08:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Su-0007Fy-5r; Mon, 07 Mar 2022 08:11:36 +0000 Received: by outflank-mailman (input) for mailman id 285713; Mon, 07 Mar 2022 08:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Ss-0007Fk-Oy for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8Ss-0007ii-OC for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8Ss-0002cE-NS for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OBWEUnv49HiO12LlHczyhNChRXLf/+YDuLUt+JIQOAk=; b=nS4Ir6S/Bqu6QpImZucYpE+5yN ntdLwa3Zja2AiIh7MLsnfNJxdiKIs3SOtxpKfXALU/OdtAciOlX1+MiUnDj22f5pZI71y+T79Plzc TeqCmdSbYE6hqpCb1TPdUFxVN2Q0sqiplHjS1c8LpUZojmZFQun41Y5z6iRjJM0Q/je8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] decompressors: fix spelling mistakes Message-Id: Date: Mon, 07 Mar 2022 08:11:34 +0000 commit bbd9f36bcaaea9cec2451d3c398b4e2318323db5 Author: Zhen Lei AuthorDate: Mon Mar 7 09:07:19 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:07:19 2022 +0100 decompressors: fix spelling mistakes Fix some spelling mistakes in comments: sentinal ==> sentinel compresed ==> compressed immediatelly ==> immediately dervied ==> derived splitted ==> split nore ==> not independed ==> independent asumed ==> assumed Link: https://lkml.kernel.org/r/20210604085656.12257-1-thunder.leizhen@huawei.com Signed-off-by: Zhen Lei Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 05911c5d964 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/bunzip2.c | 4 ++-- xen/common/unxz.c | 2 +- xen/common/unzstd.c | 2 +- xen/common/xz/dec_bcj.c | 2 +- xen/common/xz/dec_lzma2.c | 8 ++++---- xen/common/zstd/huf.h | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c index 782b589a8b..61b80aff1b 100644 --- a/xen/common/bunzip2.c +++ b/xen/common/bunzip2.c @@ -73,7 +73,7 @@ /* This is what we know about each Huffman coding group */ struct group_data { - /* We have an extra slot at the end of limit[] for a sentinal value. */ + /* We have an extra slot at the end of limit[] for a sentinel value. */ int limit[MAX_HUFCODE_BITS+1]; int base[MAX_HUFCODE_BITS]; int permute[MAX_SYMBOLS]; @@ -326,7 +326,7 @@ static int __init get_next_block(struct bunzip_data *bd) pp <<= 1; base[i+1] = pp-(t += temp[i]); } - limit[maxLen+1] = INT_MAX; /* Sentinal value for + limit[maxLen+1] = INT_MAX; /* Sentinel value for * reading next sym. */ limit[maxLen] = pp+temp[maxLen]-1; base[minLen] = 0; diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 7bfe23f422..4f1b50cade 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -23,7 +23,7 @@ * uncompressible. Thus, we must look for worst-case expansion when the * compressor is encoding uncompressible data. * - * The structure of the .xz file in case of a compresed kernel is as follows. + * The structure of the .xz file in case of a compressed kernel is as follows. * Sizes (as bytes) of the fields are in parenthesis. * * Stream Header (12) diff --git a/xen/common/unzstd.c b/xen/common/unzstd.c index a034b69e86..47073dd3e3 100644 --- a/xen/common/unzstd.c +++ b/xen/common/unzstd.c @@ -16,7 +16,7 @@ * uncompressible. Thus, we must look for worst-case expansion when the * compressor is encoding uncompressible data. * - * The structure of the .zst file in case of a compresed kernel is as follows. + * The structure of the .zst file in case of a compressed kernel is as follows. * Maximum sizes (as bytes) of the fields are in parenthesis. * * Frame Header: (18) diff --git a/xen/common/xz/dec_bcj.c b/xen/common/xz/dec_bcj.c index 970d3d89ee..bfa498587a 100644 --- a/xen/common/xz/dec_bcj.c +++ b/xen/common/xz/dec_bcj.c @@ -422,7 +422,7 @@ XZ_EXTERN enum xz_ret __init xz_dec_bcj_run(struct xz_dec_bcj *s, /* * Flush pending already filtered data to the output buffer. Return - * immediatelly if we couldn't flush everything, or if the next + * immediately if we couldn't flush everything, or if the next * filter in the chain had already returned XZ_STREAM_END. */ if (s->temp.filtered > 0) { diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 68bcf0f29a..2748c8e18a 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -147,8 +147,8 @@ struct lzma_dec { /* * LZMA properties or related bit masks (number of literal - * context bits, a mask dervied from the number of literal - * position bits, and a mask dervied from the number + * context bits, a mask derived from the number of literal + * position bits, and a mask derived from the number * position bits) */ uint32_t lc; @@ -484,7 +484,7 @@ static always_inline void rc_normalize(struct rc_dec *rc) } /* - * Decode one bit. In some versions, this function has been splitted in three + * Decode one bit. In some versions, this function has been split in three * functions so that the compiler is supposed to be able to more easily avoid * an extra branch. In this particular version of the LZMA decoder, this * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3 @@ -761,7 +761,7 @@ static bool_t __init lzma_main(struct xz_dec_lzma2 *s) } /* - * Reset the LZMA decoder and range decoder state. Dictionary is nore reset + * Reset the LZMA decoder and range decoder state. Dictionary is not reset * here, because LZMA state may be reset without resetting the dictionary. */ static void __init lzma_reset(struct xz_dec_lzma2 *s) diff --git a/xen/common/zstd/huf.h b/xen/common/zstd/huf.h index a498e0de28..0e091dbffe 100644 --- a/xen/common/zstd/huf.h +++ b/xen/common/zstd/huf.h @@ -131,7 +131,7 @@ typedef enum { HUF_repeat_none, /**< Cannot use the previous table */ HUF_repeat_check, /**< Can use the previous table but it must be checked. Note : The previous table must have been constructed by HUF_compress{1, 4}X_repeat */ - HUF_repeat_valid /**< Can use the previous table and it is asumed to be valid */ + HUF_repeat_valid /**< Can use the previous table and it is assumed to be valid */ } HUF_repeat; /** HUF_compress4X_repeat() : * Same as HUF_compress4X_wksp(), but considers using hufTable if *repeat != HUF_repeat_none. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285714.484954 (Exim 4.92) (envelope-from ) id 1nR8T4-0007JL-A8; Mon, 07 Mar 2022 08:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285714.484954; Mon, 07 Mar 2022 08:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8T4-0007JD-7D; Mon, 07 Mar 2022 08:11:46 +0000 Received: by outflank-mailman (input) for mailman id 285714; Mon, 07 Mar 2022 08:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8T2-0007Is-S8 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8T2-0007j0-RK for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8T2-0002cz-QU for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lHbYukRGon7PcPLWTGlN4pEE/Wu3mw40T1GaiqJhGDM=; b=twjClQop/f6HQoNYTlmFIkMz7W lh+vZKq4YcApNTLLNQBwo9hi6s8rPEs/bAZC7tM2lQMcByO8Jgl3/IVuNG46bR/0CX9d9+KHdvcyO 6Wat4vI9z2w81dAaANBf2LhYdF8pJWD68hetA7Fkcq2+2Zfu4KMYvOY2TzU68DvG+HM4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Mon, 07 Mar 2022 08:11:44 +0000 commit 10454f381f9157bce26d5db15e07e857b317b4af Author: Lasse Collin AuthorDate: Mon Mar 7 09:08:08 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:08:08 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression From: Lasse Collin With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 4f1b50cade..05e83e1ede 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 2748c8e18a..3b60191ee6 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t __init dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:11:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285715.484957 (Exim 4.92) (envelope-from ) id 1nR8TE-0007MZ-BW; Mon, 07 Mar 2022 08:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285715.484957; Mon, 07 Mar 2022 08:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TE-0007MR-8b; Mon, 07 Mar 2022 08:11:56 +0000 Received: by outflank-mailman (input) for mailman id 285715; Mon, 07 Mar 2022 08:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TD-0007MB-1B for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TC-0007jT-UM for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8TC-0002dw-TY for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oEIsnOrd7ZtaQers3XuucfLgmG7k1TrekNMAB5BsZlg=; b=I1l96FZcPA65x0z0schMD7MerT 9a6Q5YaskbrkE83C2mViWSJ0fXRlMU6ONg43YsC5TEAwLnJJtW0FtB4Q5RiJMMTSRGPCh6wmLMopd Du1deE03BbYH8ZlOBNsHQbIf0LF8YEV7bK88mK7Ri1J3ACSmeAc2TSRJesG8xUzWc9go=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: validate the value before assigning it to an enum variable Message-Id: Date: Mon, 07 Mar 2022 08:11:54 +0000 commit 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa Author: Lasse Collin AuthorDate: Mon Mar 7 09:08:54 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:08:54 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index 672c57fac9..b91d8362c1 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret __init dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:12:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:12:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285716.484962 (Exim 4.92) (envelope-from ) id 1nR8TO-0007PV-Em; Mon, 07 Mar 2022 08:12:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285716.484962; Mon, 07 Mar 2022 08:12:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TO-0007PN-By; Mon, 07 Mar 2022 08:12:06 +0000 Received: by outflank-mailman (input) for mailman id 285716; Mon, 07 Mar 2022 08:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TN-0007PF-24 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TN-0007jq-1D for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8TN-0002ek-0T for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ndZ8zg67WFybN5PxUWyFVZ5CT9A4eN37M26YKI69BuA=; b=jC/3GTfKhhGJzkKQLTkpz1bU0P u01gkfTd98LHLiB5gl2N+zQkVuKtfSifz0YKiuQeJyIszc02lXd+148bn4QRMSEsBwZ8o5IYZRVKS V9tG1HheZ6EI9OQLKAvAn8XCIow1KpR973Q2Ldd839cHKlj3zsnY2xr2lmjgsWJUGqq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: move s->lzma.len = 0 initialization to lzma_reset() Message-Id: Date: Mon, 07 Mar 2022 08:12:05 +0000 commit 9a46de64b8e454ec02b2040265d93530ad909d9c Author: Lasse Collin AuthorDate: Mon Mar 7 09:09:26 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:09:26 2022 +0100 xz: move s->lzma.len = 0 initialization to lzma_reset() It's a more logical place even if the resetting needs to be done only once per LZMA2 stream (if lzma_reset() called in the middle of an LZMA2 stream, .len will already be 0). Link: https://lore.kernel.org/r/20211010213145.17462-4-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git a98a25408b0e Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_lzma2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 3b60191ee6..027ca93ce9 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -791,6 +791,7 @@ static void __init lzma_reset(struct xz_dec_lzma2 *s) s->lzma.rep1 = 0; s->lzma.rep2 = 0; s->lzma.rep3 = 0; + s->lzma.len = 0; /* * All probabilities are initialized to the same value. This hack @@ -1174,8 +1175,6 @@ XZ_EXTERN enum xz_ret __init xz_dec_lzma2_reset(struct xz_dec_lzma2 *s, uint8_t } } - s->lzma.len = 0; - s->lzma2.sequence = SEQ_CONTROL; s->lzma2.need_dict_reset = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 08:12:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 08:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.285717.484966 (Exim 4.92) (envelope-from ) id 1nR8TY-0007SX-GL; Mon, 07 Mar 2022 08:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 285717.484966; Mon, 07 Mar 2022 08:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TY-0007SO-DN; Mon, 07 Mar 2022 08:12:16 +0000 Received: by outflank-mailman (input) for mailman id 285717; Mon, 07 Mar 2022 08:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TX-0007S4-59 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nR8TX-0007k0-4M for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nR8TX-0002fR-3V for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 08:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8JNr1uyim5Avufg1WHZwFVOaghQGBxof9R60xWZURrY=; b=tCOpf+3SseRIu9ueXLUK4bE0Dh 7JkA7wq2yaCqCz7hsZ5w3QooACUEzCh5b48O13rxoPP2zthJSm1NFp8V38BjaHHIl7OjuAd9rmaOX mnL+f6ZfDz0Eu1url1bK0x2j05Gugp1SM08uoKwLYoo9Qmw8bvZZZ4jE043+jegQi+2w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xz: fix spelling in comments Message-Id: Date: Mon, 07 Mar 2022 08:12:15 +0000 commit 4cb8d7a06752b368a365e30117f535a2fdad3963 Author: Lasse Collin AuthorDate: Mon Mar 7 09:10:03 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:10:03 2022 +0100 xz: fix spelling in comments uncompressible -> incompressible non-splitted -> non-split Link: https://lore.kernel.org/r/20211010213145.17462-6-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 0a434e0a2c9f Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/unxz.c | 10 +++++----- xen/common/xz/dec_lzma2.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 05e83e1ede..17aead0adf 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -20,8 +20,8 @@ * * The worst case for in-place decompression is that the beginning of * the file is compressed extremely well, and the rest of the file is - * uncompressible. Thus, we must look for worst-case expansion when the - * compressor is encoding uncompressible data. + * incompressible. Thus, we must look for worst-case expansion when the + * compressor is encoding incompressible data. * * The structure of the .xz file in case of a compressed kernel is as follows. * Sizes (as bytes) of the fields are in parenthesis. @@ -58,7 +58,7 @@ * uncompressed size of the payload is in practice never less than the * payload size itself. The LZMA2 format would allow uncompressed size * to be less than the payload size, but no sane compressor creates such - * files. LZMA2 supports storing uncompressible data in uncompressed form, + * files. LZMA2 supports storing incompressible data in uncompressed form, * so there's never a need to create payloads whose uncompressed size is * smaller than the compressed size. * @@ -127,8 +127,8 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memmove speed can matter and only if there is a lot of uncompressible data - * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the + * memmove speed can matter and only if there is a lot of incompressible data + * (LZMA2 stores incompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. */ diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 027ca93ce9..f80d8309f4 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -505,7 +505,7 @@ static always_inline void rc_normalize(struct rc_dec *rc) * functions so that the compiler is supposed to be able to more easily avoid * an extra branch. In this particular version of the LZMA decoder, this * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3 - * on x86). Using a non-splitted version results in nicer looking code too. + * on x86). Using a non-split version results in nicer looking code too. * * NOTE: This must return an int. Do not make it return a bool or the speed * of the code generated by GCC 3.x decreases 10-15 %. (GCC 4.3 doesn't care, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 14:22:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 14:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286091.485444 (Exim 4.92) (envelope-from ) id 1nREFS-00019h-4J; Mon, 07 Mar 2022 14:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286091.485444; Mon, 07 Mar 2022 14:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nREFS-00019Z-1T; Mon, 07 Mar 2022 14:22:06 +0000 Received: by outflank-mailman (input) for mailman id 286091; Mon, 07 Mar 2022 14:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nREFQ-00019T-WD for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 14:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nREFQ-0005rO-Tk for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 14:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nREFQ-00066u-SZ for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 14:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UfTNxS3t4OJZAIagb8LTL0uAQyBUxKcAHugEdNx5P/A=; b=pj1CWg2Xkz/Mho7Q/6/HpFuyVT TZULLuFTPpVEI3fc8/1BxHgTsasW8nse5cLZwXI82RCZj6+pMPrUf6iLmkgt68Bx5iU8GqQOpeQj0 y5tTAhlwmb5hoc2HJavWHDtABvC98Pm/6HzWTO3Ks/zdBQcHg9D13ykZjS5EHTfxcpxQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Force -fno-jump-tables for CET-IBT Message-Id: Date: Mon, 07 Mar 2022 14:22:04 +0000 commit 9d4a44380d273de22d5753883cbf5581795ff24d Author: Andrew Cooper AuthorDate: Mon Mar 7 12:34:48 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Mar 7 14:13:01 2022 +0000 x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/arch.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f6fc852b57..8e57476d65 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -51,7 +51,10 @@ CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif ifdef CONFIG_XEN_IBT -CFLAGS += -fcf-protection=branch -mmanual-endbr +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -mmanual-endbr -fno-jump-tables $(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286479.486004 (Exim 4.92) (envelope-from ) id 1nRMfy-00023m-NB; Mon, 07 Mar 2022 23:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286479.486004; Mon, 07 Mar 2022 23:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMfy-00023e-KK; Mon, 07 Mar 2022 23:22:02 +0000 Received: by outflank-mailman (input) for mailman id 286479; Mon, 07 Mar 2022 23:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMfx-00023Y-MO for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMfx-0007Yu-KT for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMfx-0004GT-JR for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9upSNZ2TAR0YcvAlS5n0Xc99vPr/MFYR+odtzvmeF8M=; b=E//5fpSiRuCiBKqWvMed9eSoJQ i5d9xyk8cxfieErTPaz91C/1gy2k3FF8RG26VsrJfrN3rn8df5gT+JvvjSNt73PG00jcm4pbwkuoM YhkYTif9ZP8x5vWnIMZSdPJVdFSpiCqJeqIlm1miFZ62X3lw7r3zsvfGA6cIjRee6Fkw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/tboot: adjust Kconfig default Message-Id: Date: Mon, 07 Mar 2022 23:22:01 +0000 commit a9c8432e2ab666cf1bbefa46ddfc5da1127a98c7 Author: Jan Beulich AuthorDate: Mon Mar 7 08:59:46 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 08:59:46 2022 +0100 x86/tboot: adjust Kconfig default We shouldn't include unsupported code by default, with not even a means for its building to be disabled. Convert the dependency from merely affecting the prompt's visibility to a real one. Signed-off-by: Jan Beulich Reviewed-by: Daniel P. Smith --- xen/arch/x86/Kconfig | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 8e70f9a448..83d0f317ec 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -193,14 +193,15 @@ config HVM_FEP If unsure, say N. config TBOOT - bool "Xen tboot support (UNSUPPORTED)" if UNSUPPORTED - default y if !PV_SHIM_EXCLUSIVE + bool "Xen tboot support (UNSUPPORTED)" + depends on UNSUPPORTED + default !PV_SHIM_EXCLUSIVE select CRYPTO ---help--- Allows support for Trusted Boot using the Intel(R) Trusted Execution Technology (TXT) - If unsure, say Y. + If unsure, stay with the default. choice prompt "Alignment of Xen image" -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286480.486008 (Exim 4.92) (envelope-from ) id 1nRMg8-00025d-Os; Mon, 07 Mar 2022 23:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286480.486008; Mon, 07 Mar 2022 23:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMg8-00025T-Lo; Mon, 07 Mar 2022 23:22:12 +0000 Received: by outflank-mailman (input) for mailman id 286480; Mon, 07 Mar 2022 23:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMg7-00025I-Od for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMg7-0007ZB-No for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMg7-0004Gy-Mm for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W2n4ElPTB+2j225o9wdxp8zd9JASos2qbfaCAY+XMm4=; b=OF8z8ACB0EyTeyCq9j2+w8K+7b /5lYX6Hw3L7OgFx6RVpsltv3HRMvpDmnjDcGGypiLoKsYpMxxFNaWLC43B/wTOa7rqOjJ14eve+oh 764X1vG40cBmcOR3O5FLQyREHKIpmMJK5v8m+DWGKOhTqVi0wXGhsFKqyC0tACplrPEc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: add fall-through comments to a switch statement Message-Id: Date: Mon, 07 Mar 2022 23:22:11 +0000 commit c9875a8cce8b5e534ec9348a1bf5d6972ec17369 Author: Lasse Collin AuthorDate: Mon Mar 7 09:05:44 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:05:44 2022 +0100 xz: add fall-through comments to a switch statement It's good style. I was also told that GCC 7 is more strict and might give a warning when such comments are missing. Suggested-by: Andrei Borzenkov Signed-off-by: Lasse Collin Signed-off-by: Jiri Kosina Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5a244f48ecbb Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_stream.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b7a8c15c5b..672c57fac9 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -583,6 +583,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) if (ret != XZ_OK) return ret; + /* Fall through */ + case SEQ_BLOCK_START: /* We need one byte of input to continue. */ if (b->in_pos == b->in_size) @@ -606,6 +608,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->temp.pos = 0; s->sequence = SEQ_BLOCK_HEADER; + /* Fall through */ + case SEQ_BLOCK_HEADER: if (!fill_temp(s, b)) return XZ_OK; @@ -616,6 +620,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_UNCOMPRESS; + /* Fall through */ + case SEQ_BLOCK_UNCOMPRESS: ret = dec_block(s, b); if (ret != XZ_STREAM_END) @@ -623,6 +629,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_PADDING; + /* Fall through */ + case SEQ_BLOCK_PADDING: /* * Size of Compressed Data + Block Padding @@ -643,6 +651,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_BLOCK_CHECK; + /* Fall through */ + case SEQ_BLOCK_CHECK: if (s->check_type == XZ_CHECK_CRC32) { ret = crc32_validate(s, b); @@ -665,6 +675,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_INDEX_PADDING; + /* Fall through */ + case SEQ_INDEX_PADDING: while ((s->index.size + (b->in_pos - s->in_start)) & 3) { @@ -687,6 +699,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->sequence = SEQ_INDEX_CRC32; + /* Fall through */ + case SEQ_INDEX_CRC32: ret = crc32_validate(s, b); if (ret != XZ_STREAM_END) @@ -695,6 +709,8 @@ static enum xz_ret __init dec_main(struct xz_dec *s, struct xz_buf *b) s->temp.size = STREAM_HEADER_SIZE; s->sequence = SEQ_STREAM_FOOTER; + /* Fall through */ + case SEQ_STREAM_FOOTER: if (!fill_temp(s, b)) return XZ_OK; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286481.486012 (Exim 4.92) (envelope-from ) id 1nRMgI-00028D-QV; Mon, 07 Mar 2022 23:22:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286481.486012; Mon, 07 Mar 2022 23:22:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgI-000285-NS; Mon, 07 Mar 2022 23:22:22 +0000 Received: by outflank-mailman (input) for mailman id 286481; Mon, 07 Mar 2022 23:22:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgH-00027v-Rs for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgH-0007ZV-R2 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMgH-0004HV-Q8 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AMdrlVXZhakWMrbxxqMBP5mzfBzfWJk8YI3NjD0okAQ=; b=AsZRVatrrzBl+JB96O2UJZ+jC4 BQhcDCbhTZ21YeJ+B4rFCheJrtPpDvCbGGfYvVHVYUxKAEQDp2S2gugX9zC9KRPvIQ58QIetazGgI Ega5KvOznFWvVH2JkeE7ktu/cCll/ZHJwsW4nRD6GYgM1Usvok2ocPw3oqR1Hy2Fdr24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: fix XZ_DYNALLOC to avoid useless memory reallocations Message-Id: Date: Mon, 07 Mar 2022 23:22:21 +0000 commit 22d5d1c0d18893d9cb92b322f95d7ebab6c0cfd9 Author: Lasse Collin AuthorDate: Mon Mar 7 09:06:31 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:06:31 2022 +0100 xz: fix XZ_DYNALLOC to avoid useless memory reallocations s->dict.allocated was initialized to 0 but never set after a successful allocation, thus the code always thought that the dictionary buffer has to be reallocated. Link: http://lkml.kernel.org/r/20191104185107.3b6330df@tukaani.org Reported-by: Yu Sun Signed-off-by: Lasse Collin Acked-by: Daniel Walker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 8e20ba2e53fc Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_lzma2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 6b07722e3c..68bcf0f29a 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -1146,6 +1146,7 @@ XZ_EXTERN enum xz_ret __init xz_dec_lzma2_reset(struct xz_dec_lzma2 *s, uint8_t if (DEC_IS_DYNALLOC(s->dict.mode)) { if (s->dict.allocated < s->dict.size) { + s->dict.allocated = s->dict.size; large_free(s->dict.buf); s->dict.buf = large_malloc(s->dict.size); if (s->dict.buf == NULL) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286482.486016 (Exim 4.92) (envelope-from ) id 1nRMgS-0002Bg-Rn; Mon, 07 Mar 2022 23:22:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286482.486016; Mon, 07 Mar 2022 23:22:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgS-0002BZ-P2; Mon, 07 Mar 2022 23:22:32 +0000 Received: by outflank-mailman (input) for mailman id 286482; Mon, 07 Mar 2022 23:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgR-0002BO-VB for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgR-0007Zg-UO for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMgR-0004I7-TS for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E+pv2YutMhmEYYF08xkV90Tx6iFctC/QgpJomFT2hyQ=; b=Q5cEqGKXNJ2NTuW297vBWq7ds7 ZZ9CdYMLaDiKg1ah6PFkIQWLKFyaeLvdjqWEtgMpGOk3skQGQhlCJVvBzq/YWN6KKJF6WZoSdWhKw 6/1WFySU8O+MkguKn5ntHWFdCPomY/tPlepHCjXuW1UqOgwwMmwv83MulxHII5Nl9zeg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] decompressors: fix spelling mistakes Message-Id: Date: Mon, 07 Mar 2022 23:22:31 +0000 commit bbd9f36bcaaea9cec2451d3c398b4e2318323db5 Author: Zhen Lei AuthorDate: Mon Mar 7 09:07:19 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:07:19 2022 +0100 decompressors: fix spelling mistakes Fix some spelling mistakes in comments: sentinal ==> sentinel compresed ==> compressed immediatelly ==> immediately dervied ==> derived splitted ==> split nore ==> not independed ==> independent asumed ==> assumed Link: https://lkml.kernel.org/r/20210604085656.12257-1-thunder.leizhen@huawei.com Signed-off-by: Zhen Lei Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 05911c5d964 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/bunzip2.c | 4 ++-- xen/common/unxz.c | 2 +- xen/common/unzstd.c | 2 +- xen/common/xz/dec_bcj.c | 2 +- xen/common/xz/dec_lzma2.c | 8 ++++---- xen/common/zstd/huf.h | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c index 782b589a8b..61b80aff1b 100644 --- a/xen/common/bunzip2.c +++ b/xen/common/bunzip2.c @@ -73,7 +73,7 @@ /* This is what we know about each Huffman coding group */ struct group_data { - /* We have an extra slot at the end of limit[] for a sentinal value. */ + /* We have an extra slot at the end of limit[] for a sentinel value. */ int limit[MAX_HUFCODE_BITS+1]; int base[MAX_HUFCODE_BITS]; int permute[MAX_SYMBOLS]; @@ -326,7 +326,7 @@ static int __init get_next_block(struct bunzip_data *bd) pp <<= 1; base[i+1] = pp-(t += temp[i]); } - limit[maxLen+1] = INT_MAX; /* Sentinal value for + limit[maxLen+1] = INT_MAX; /* Sentinel value for * reading next sym. */ limit[maxLen] = pp+temp[maxLen]-1; base[minLen] = 0; diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 7bfe23f422..4f1b50cade 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -23,7 +23,7 @@ * uncompressible. Thus, we must look for worst-case expansion when the * compressor is encoding uncompressible data. * - * The structure of the .xz file in case of a compresed kernel is as follows. + * The structure of the .xz file in case of a compressed kernel is as follows. * Sizes (as bytes) of the fields are in parenthesis. * * Stream Header (12) diff --git a/xen/common/unzstd.c b/xen/common/unzstd.c index a034b69e86..47073dd3e3 100644 --- a/xen/common/unzstd.c +++ b/xen/common/unzstd.c @@ -16,7 +16,7 @@ * uncompressible. Thus, we must look for worst-case expansion when the * compressor is encoding uncompressible data. * - * The structure of the .zst file in case of a compresed kernel is as follows. + * The structure of the .zst file in case of a compressed kernel is as follows. * Maximum sizes (as bytes) of the fields are in parenthesis. * * Frame Header: (18) diff --git a/xen/common/xz/dec_bcj.c b/xen/common/xz/dec_bcj.c index 970d3d89ee..bfa498587a 100644 --- a/xen/common/xz/dec_bcj.c +++ b/xen/common/xz/dec_bcj.c @@ -422,7 +422,7 @@ XZ_EXTERN enum xz_ret __init xz_dec_bcj_run(struct xz_dec_bcj *s, /* * Flush pending already filtered data to the output buffer. Return - * immediatelly if we couldn't flush everything, or if the next + * immediately if we couldn't flush everything, or if the next * filter in the chain had already returned XZ_STREAM_END. */ if (s->temp.filtered > 0) { diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 68bcf0f29a..2748c8e18a 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -147,8 +147,8 @@ struct lzma_dec { /* * LZMA properties or related bit masks (number of literal - * context bits, a mask dervied from the number of literal - * position bits, and a mask dervied from the number + * context bits, a mask derived from the number of literal + * position bits, and a mask derived from the number * position bits) */ uint32_t lc; @@ -484,7 +484,7 @@ static always_inline void rc_normalize(struct rc_dec *rc) } /* - * Decode one bit. In some versions, this function has been splitted in three + * Decode one bit. In some versions, this function has been split in three * functions so that the compiler is supposed to be able to more easily avoid * an extra branch. In this particular version of the LZMA decoder, this * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3 @@ -761,7 +761,7 @@ static bool_t __init lzma_main(struct xz_dec_lzma2 *s) } /* - * Reset the LZMA decoder and range decoder state. Dictionary is nore reset + * Reset the LZMA decoder and range decoder state. Dictionary is not reset * here, because LZMA state may be reset without resetting the dictionary. */ static void __init lzma_reset(struct xz_dec_lzma2 *s) diff --git a/xen/common/zstd/huf.h b/xen/common/zstd/huf.h index a498e0de28..0e091dbffe 100644 --- a/xen/common/zstd/huf.h +++ b/xen/common/zstd/huf.h @@ -131,7 +131,7 @@ typedef enum { HUF_repeat_none, /**< Cannot use the previous table */ HUF_repeat_check, /**< Can use the previous table but it must be checked. Note : The previous table must have been constructed by HUF_compress{1, 4}X_repeat */ - HUF_repeat_valid /**< Can use the previous table and it is asumed to be valid */ + HUF_repeat_valid /**< Can use the previous table and it is assumed to be valid */ } HUF_repeat; /** HUF_compress4X_repeat() : * Same as HUF_compress4X_wksp(), but considers using hufTable if *repeat != HUF_repeat_none. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286483.486020 (Exim 4.92) (envelope-from ) id 1nRMgc-0002EP-U7; Mon, 07 Mar 2022 23:22:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286483.486020; Mon, 07 Mar 2022 23:22:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgc-0002EH-Qs; Mon, 07 Mar 2022 23:22:42 +0000 Received: by outflank-mailman (input) for mailman id 286483; Mon, 07 Mar 2022 23:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgc-0002E5-22 for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgc-0007Zq-1G for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMgc-0004Il-0F for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OUXzq4rbyKrclI3vvkyhgeJmM8IqKFqQ0vhL+i0eL9Q=; b=MN7XnlPbqGi3dXVtlApCh+SzOo ACq/7WZ5rRrcZJMducgq/Fkuo5qmyOUIou/cvkDpqhGDNvY/ZznoMLKkBsCgF+qukjLlEX/TvdAjh nk9yVJjD45Dv5FRBiY1zR6p/iHGfmRah/9genQK+EqBMIKF2OQhM2zVjGztGSD7OCOnE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Mon, 07 Mar 2022 23:22:42 +0000 commit 10454f381f9157bce26d5db15e07e857b317b4af Author: Lasse Collin AuthorDate: Mon Mar 7 09:08:08 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:08:08 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression From: Lasse Collin With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 4f1b50cade..05e83e1ede 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 2748c8e18a..3b60191ee6 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t __init dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286484.486024 (Exim 4.92) (envelope-from ) id 1nRMgn-0002Hi-0o; Mon, 07 Mar 2022 23:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286484.486024; Mon, 07 Mar 2022 23:22:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgm-0002Ha-UA; Mon, 07 Mar 2022 23:22:52 +0000 Received: by outflank-mailman (input) for mailman id 286484; Mon, 07 Mar 2022 23:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgm-0002HR-5O for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgm-0007a0-4b for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMgm-0004JI-3g for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k1nfdCuLQ/EF+UpHflcAexOoKPq42XySIPdNRZMLKtU=; b=Zg1v8mBBtdTxatc9ZYAZ4o3wNN WuuCZRubxrSBGwSU8PB0pbyynGvA16QRlGIHf7LKkurKG68bx/BSurn5tRqLjqtISTG8wexwhvkwy n80EX2vWNzy1HHkh2uo4v2NdufAcDyS3JMPcHlPphNYjxOUJn6BiXAKqzs0JoHabrOBw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: validate the value before assigning it to an enum variable Message-Id: Date: Mon, 07 Mar 2022 23:22:52 +0000 commit 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa Author: Lasse Collin AuthorDate: Mon Mar 7 09:08:54 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:08:54 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index 672c57fac9..b91d8362c1 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret __init dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:23:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286485.486028 (Exim 4.92) (envelope-from ) id 1nRMgx-0002L5-2O; Mon, 07 Mar 2022 23:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286485.486028; Mon, 07 Mar 2022 23:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgw-0002Kx-Vm; Mon, 07 Mar 2022 23:23:02 +0000 Received: by outflank-mailman (input) for mailman id 286485; Mon, 07 Mar 2022 23:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgw-0002Kj-8O for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMgw-0007ag-7f for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMgw-0004Ju-6t for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OC75moco7P4UT7gloJMP51IMlLWWz/1sRTUYYcsr/K4=; b=PZ2Hm8/vIQblnSr6F4OKtcM5nP y9T7JaqTpnVTwPOmFoHAUiagTRt5g+C0R3HZqprEspmyBZir0ADaUBotXKZQnZz4SpZhKYE/XA7ZL WZ+e0NENHAU4I9rpv239yhEr4vJfbQGA8UJYu/Uj9UV3hhSOC8XFeayaeglKf4ga/150=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: move s->lzma.len = 0 initialization to lzma_reset() Message-Id: Date: Mon, 07 Mar 2022 23:23:02 +0000 commit 9a46de64b8e454ec02b2040265d93530ad909d9c Author: Lasse Collin AuthorDate: Mon Mar 7 09:09:26 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:09:26 2022 +0100 xz: move s->lzma.len = 0 initialization to lzma_reset() It's a more logical place even if the resetting needs to be done only once per LZMA2 stream (if lzma_reset() called in the middle of an LZMA2 stream, .len will already be 0). Link: https://lore.kernel.org/r/20211010213145.17462-4-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git a98a25408b0e Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/xz/dec_lzma2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 3b60191ee6..027ca93ce9 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -791,6 +791,7 @@ static void __init lzma_reset(struct xz_dec_lzma2 *s) s->lzma.rep1 = 0; s->lzma.rep2 = 0; s->lzma.rep3 = 0; + s->lzma.len = 0; /* * All probabilities are initialized to the same value. This hack @@ -1174,8 +1175,6 @@ XZ_EXTERN enum xz_ret __init xz_dec_lzma2_reset(struct xz_dec_lzma2 *s, uint8_t } } - s->lzma.len = 0; - s->lzma2.sequence = SEQ_CONTROL; s->lzma2.need_dict_reset = true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 07 23:23:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 07 Mar 2022 23:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286486.486032 (Exim 4.92) (envelope-from ) id 1nRMh8-0002Nv-4E; Mon, 07 Mar 2022 23:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286486.486032; Mon, 07 Mar 2022 23:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMh8-0002Nn-13; Mon, 07 Mar 2022 23:23:14 +0000 Received: by outflank-mailman (input) for mailman id 286486; Mon, 07 Mar 2022 23:23:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMh6-0002NW-BR for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRMh6-0007aq-Ah for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRMh6-0004KN-9q for xen-changelog@lists.xenproject.org; Mon, 07 Mar 2022 23:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aJfT6u03+Knj9GHwwVK0U1VO1AnunQP0KDaZjp/922c=; b=rpH3gerbzfFi/tja0n6jT+q1c2 F1y5fqx03tsNBdt21ESiqW8b1evZR7nX7McnWnDZSgzu2yAbarSoKH93n/aFU4/XJnaicrNZpnKoa A0ezJ5pVpS2S+kbf+gM4Sa9WcxPthtxW6fyyyAforvzMrEhQ+j6ftko5gPAUrnHvoAso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xz: fix spelling in comments Message-Id: Date: Mon, 07 Mar 2022 23:23:12 +0000 commit 4cb8d7a06752b368a365e30117f535a2fdad3963 Author: Lasse Collin AuthorDate: Mon Mar 7 09:10:03 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 7 09:10:03 2022 +0100 xz: fix spelling in comments uncompressible -> incompressible non-splitted -> non-split Link: https://lore.kernel.org/r/20211010213145.17462-6-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 0a434e0a2c9f Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper --- xen/common/unxz.c | 10 +++++----- xen/common/xz/dec_lzma2.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 05e83e1ede..17aead0adf 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -20,8 +20,8 @@ * * The worst case for in-place decompression is that the beginning of * the file is compressed extremely well, and the rest of the file is - * uncompressible. Thus, we must look for worst-case expansion when the - * compressor is encoding uncompressible data. + * incompressible. Thus, we must look for worst-case expansion when the + * compressor is encoding incompressible data. * * The structure of the .xz file in case of a compressed kernel is as follows. * Sizes (as bytes) of the fields are in parenthesis. @@ -58,7 +58,7 @@ * uncompressed size of the payload is in practice never less than the * payload size itself. The LZMA2 format would allow uncompressed size * to be less than the payload size, but no sane compressor creates such - * files. LZMA2 supports storing uncompressible data in uncompressed form, + * files. LZMA2 supports storing incompressible data in uncompressed form, * so there's never a need to create payloads whose uncompressed size is * smaller than the compressed size. * @@ -127,8 +127,8 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memmove speed can matter and only if there is a lot of uncompressible data - * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the + * memmove speed can matter and only if there is a lot of incompressible data + * (LZMA2 stores incompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. */ diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 027ca93ce9..f80d8309f4 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -505,7 +505,7 @@ static always_inline void rc_normalize(struct rc_dec *rc) * functions so that the compiler is supposed to be able to more easily avoid * an extra branch. In this particular version of the LZMA decoder, this * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3 - * on x86). Using a non-splitted version results in nicer looking code too. + * on x86). Using a non-split version results in nicer looking code too. * * NOTE: This must return an int. Do not make it return a bool or the speed * of the code generated by GCC 3.x decreases 10-15 %. (GCC 4.3 doesn't care, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 09:44:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 09:44:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.286669.486281 (Exim 4.92) (envelope-from ) id 1nRWNu-0006pz-Rv; Tue, 08 Mar 2022 09:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 286669.486281; Tue, 08 Mar 2022 09:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRWNu-0006pn-OV; Tue, 08 Mar 2022 09:44:02 +0000 Received: by outflank-mailman (input) for mailman id 286669; Tue, 08 Mar 2022 09:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRWNt-0006pJ-Up for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 09:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRWNt-0004l6-U3 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 09:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRWNt-0004wM-T0 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 09:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QmQ2kJ6uSzSPzD0WMFdboU5SeJ7Pqym8nZxvBXjtOFU=; b=mtolXy0g0LCPhLB1EJ8ZDVmKoq Pzxwyk7beiqV8I6JaZ6+ui6hhfiNV434glkgpTRJF3Q+svI2uMGkX+UiTTOaLgUNhwbH9PaXIBuCb 0zFGosCnVnZnFpI38VXjyPymPiHIwAxup5h92zmeGbmOhh4CSN1G1agAERneu6FpqsZA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Force -fno-jump-tables for CET-IBT Message-Id: Date: Tue, 08 Mar 2022 09:44:01 +0000 commit 9d4a44380d273de22d5753883cbf5581795ff24d Author: Andrew Cooper AuthorDate: Mon Mar 7 12:34:48 2022 +0000 Commit: Andrew Cooper CommitDate: Mon Mar 7 14:13:01 2022 +0000 x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/arch.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f6fc852b57..8e57476d65 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -51,7 +51,10 @@ CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif ifdef CONFIG_XEN_IBT -CFLAGS += -fcf-protection=branch -mmanual-endbr +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -mmanual-endbr -fno-jump-tables $(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287289.487214 (Exim 4.92) (envelope-from ) id 1nReIb-0003Hz-Sv; Tue, 08 Mar 2022 18:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287289.487214; Tue, 08 Mar 2022 18:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIb-0003Hr-Q9; Tue, 08 Mar 2022 18:11:05 +0000 Received: by outflank-mailman (input) for mailman id 287289; Tue, 08 Mar 2022 18:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIa-0003Hl-CJ for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIa-0006qt-Aa for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReIa-0002Xs-9e for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O4PQs4Rp1afuB4GKRpDP07/gkCtxkGUUUUxUn0fCUqY=; b=R977hIa7sJ97O4/fCTMuwsdDVd 0HXYxD0kBM/dlL6FrzjBL3TbRLpCEUb3Zjt83IbYg1omlt6ngE0UTD3JKG55plnq1BRhS6AFbGDEu FcHPzVqG1Hq9p4XjztjrBKj3gERRWohW8sYUvi8gIXk1Kx9QP3/ukuZDq69eH6eTmz0A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:11:04 +0000 commit 35d1b85a6b43483f6bd007d48757434e54743e98 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/include/asm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/arch/arm/include/asm/processor.h b/xen/arch/arm/include/asm/processor.h index 8ab2940f68..852b5f3c24 100644 --- a/xen/arch/arm/include/asm/processor.h +++ b/xen/arch/arm/include/asm/processor.h @@ -65,6 +65,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -72,11 +73,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -84,6 +94,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287290.487218 (Exim 4.92) (envelope-from ) id 1nReIl-0003Ji-US; Tue, 08 Mar 2022 18:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287290.487218; Tue, 08 Mar 2022 18:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIl-0003Ja-RZ; Tue, 08 Mar 2022 18:11:15 +0000 Received: by outflank-mailman (input) for mailman id 287290; Tue, 08 Mar 2022 18:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIk-0003JP-Ep for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIk-0006rD-E6 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReIk-0002YX-Cw for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hnUJttvvyYNxos9+8o8gkKaPN61Q+xBO7MLd5aOGyWI=; b=dFvtAfPHobfvGnur0yXUUgNFRj RNSOtNki5tvFRFaZE3Dj9ZdQewA+hDuZaXVc5r7rDpPsvoFsFB/jQdes0AZYxPftSgaQiAgiJx63u E8WtRLrq0BrW1QG2tqeBTn5/wEn+6BXMw0vRq+EBiamXGZWOvnVVWtZB2fiVzpv8efJg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:11:14 +0000 commit 599616d70eb886b9ad0ef9d6b51693ce790504ba Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287291.487222 (Exim 4.92) (envelope-from ) id 1nReIv-0003Ma-W7; Tue, 08 Mar 2022 18:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287291.487222; Tue, 08 Mar 2022 18:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIv-0003MQ-Sz; Tue, 08 Mar 2022 18:11:25 +0000 Received: by outflank-mailman (input) for mailman id 287291; Tue, 08 Mar 2022 18:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIu-0003M5-I8 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReIu-0006rU-HK for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReIu-0002ZP-GL for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8t2T+Bn0AS9oDFneBOVu8YZdHBm07PjKF2WJGgqRFfo=; b=HRqPBNpYiVMoDmkQSDpbha1U5k NK2kx+0E6SLJacdPm6YNkPxC5SGAa/Fy8WB3LXv58fSerGCB/bH3ypATzgu75dfsBTjjYUxANxuF0 6iEtc/GUZxLKkJ4/+SlshhBlR8CUu+n1zaMkA8e7Wd/+AKsJuO7eVkk3nrKTSKmoZ1c4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:11:24 +0000 commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/cpufeature.c | 1 + xen/arch/arm/include/asm/arm64/sysregs.h | 7 +++++++ xen/arch/arm/include/asm/cpufeature.h | 11 +++++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 6e51f530a8..a58965f7b9 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/arch/arm/include/asm/arm64/sysregs.h b/xen/arch/arm/include/asm/arm64/sysregs.h index d7e4772f21..eac08ed33f 100644 --- a/xen/arch/arm/include/asm/arm64/sysregs.h +++ b/xen/arch/arm/include/asm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* ID registers (imported from arm64/include/asm/sysreg.h in Linux) */ @@ -139,6 +142,9 @@ #define ID_AA64ISAR1_GPI_NI 0x0 #define ID_AA64ISAR1_GPI_IMP_DEF 0x1 +/* id_aa64isar2 */ +#define ID_AA64ISAR2_CLEARBHB_SHIFT 28 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 @@ -232,6 +238,7 @@ #define ID_AA64MMFR0_PARANGE_52 0x6 /* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ECBHB_SHIFT 60 #define ID_AA64MMFR1_ETS_SHIFT 36 #define ID_AA64MMFR1_TWED_SHIFT 32 #define ID_AA64MMFR1_XNX_SHIFT 28 diff --git a/xen/arch/arm/include/asm/cpufeature.h b/xen/arch/arm/include/asm/cpufeature.h index 8a5afbaf0b..db126508f1 100644 --- a/xen/arch/arm/include/asm/cpufeature.h +++ b/xen/arch/arm/include/asm/cpufeature.h @@ -243,14 +243,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - register_t bits[2]; + register_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -286,6 +287,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287292.487226 (Exim 4.92) (envelope-from ) id 1nReJ6-0003Pk-1D; Tue, 08 Mar 2022 18:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287292.487226; Tue, 08 Mar 2022 18:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJ5-0003Pc-UV; Tue, 08 Mar 2022 18:11:35 +0000 Received: by outflank-mailman (input) for mailman id 287292; Tue, 08 Mar 2022 18:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJ4-0003PJ-L3 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJ4-0006re-KM for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJ4-0002aS-JS for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=muOJlVpVfOtIkOa4KuFJVsqZZcMDHwD97oozjlOna2I=; b=VkvvnZlOvdtW0xuVCpINcOo2Qz kYZACTQVyTjnPrCwmWm8J8IZ1s2h184QrpJtMDF+7B4rSRBZwlWXFRaMEwDoEGNiK8LbukDz1n8HO Ah4xgv86VMBiSvpLXyCtVoGlIjOctD/3afs53Y7LVGXSMjrlp/W/Y55SeYKDh72/Y0s8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:11:34 +0000 commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall --- xen/arch/arm/arm64/bpi.S | 32 +++++- xen/arch/arm/cpuerrata.c | 170 ++++++++++++++++++++++++++++++-- xen/arch/arm/include/asm/arm64/macros.h | 5 + xen/arch/arm/include/asm/cpufeature.h | 6 +- xen/arch/arm/include/asm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/arch/arm/include/asm/arm64/macros.h b/xen/arch/arm/include/asm/arm64/macros.h index 5ad66efd6b..140e223b4c 100644 --- a/xen/arch/arm/include/asm/arm64/macros.h +++ b/xen/arch/arm/include/asm/arm64/macros.h @@ -27,6 +27,11 @@ sb .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/arch/arm/include/asm/cpufeature.h b/xen/arch/arm/include/asm/cpufeature.h index db126508f1..f7368766c0 100644 --- a/xen/arch/arm/include/asm/cpufeature.h +++ b/xen/arch/arm/include/asm/cpufeature.h @@ -63,8 +63,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/arch/arm/include/asm/smccc.h b/xen/arch/arm/include/asm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/arch/arm/include/asm/smccc.h +++ b/xen/arch/arm/include/asm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287293.487229 (Exim 4.92) (envelope-from ) id 1nReJG-0003SG-32; Tue, 08 Mar 2022 18:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287293.487229; Tue, 08 Mar 2022 18:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJF-0003S8-W5; Tue, 08 Mar 2022 18:11:45 +0000 Received: by outflank-mailman (input) for mailman id 287293; Tue, 08 Mar 2022 18:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJE-0003Ru-OJ for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJE-0006rv-Na for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJE-0002bU-Ma for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZV1DN/Nv9u9T7b3iFAgkihat/xT5mb0OEcQgraIXzLY=; b=1SUQAsZdiOnEIPZeJsFBNvupeH d+BmEAHm3msJQedOC+CjcP/5ox8dr3qkb1au0gIJDATjI66A4aQLiUwBi3eu6HnGS8CXoUsAA/acF voxLqP1ZQhJuS4tvHoiuHW0unGMbg1+5rIYFp7J26NnTPyiHzncF47IPKp4cAQdtBh04=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:11:44 +0000 commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 8c48087256..95f1a92684 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -365,16 +365,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -383,10 +393,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:11:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:11:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287294.487234 (Exim 4.92) (envelope-from ) id 1nReJP-0003Vj-5n; Tue, 08 Mar 2022 18:11:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287294.487234; Tue, 08 Mar 2022 18:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJP-0003Vb-2q; Tue, 08 Mar 2022 18:11:55 +0000 Received: by outflank-mailman (input) for mailman id 287294; Tue, 08 Mar 2022 18:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJO-0003VR-Ru for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJO-0006s5-Qv for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJO-0002ca-Px for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D93NxLU0tqKkfu8OFDnoZ3VXl36fsMG8GceZbxCwirU=; b=QHcrSPF1XdSm+w5ez0zErGhSCR yEkiROxvq8O6PMqNm+MzC/dwFjDjc2+jCxWV5UtEP/I1ZFzgkIkYJ5jjOEdOodQCRW9k8MDwLvssp WCoDsD+ivFY6fHNKUDFhMY5TicS/uAV/OjAdrzcmnhgFI+EhEumIdQzFpnAGCEvXVBkc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:11:54 +0000 commit 8d03080d2a339840d3a59e0932a94f804e45110d Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index eda92ce29e..1dc7e1ca07 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2297,9 +2297,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 12bf1c5722..1408e4c7ab 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -947,10 +952,23 @@ void __init init_speculation_mitigations(void) * First, disable the use of retpolines if Xen is using CET. Retpolines * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends * on executing indirect branches for the safety properties to apply. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( (read_cr4() & X86_CR4_CET) && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( read_cr4() & X86_CR4_CET ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -970,16 +988,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287295.487238 (Exim 4.92) (envelope-from ) id 1nReJa-0003ZG-7D; Tue, 08 Mar 2022 18:12:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287295.487238; Tue, 08 Mar 2022 18:12:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJa-0003Z8-4F; Tue, 08 Mar 2022 18:12:06 +0000 Received: by outflank-mailman (input) for mailman id 287295; Tue, 08 Mar 2022 18:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJZ-0003Z2-9i for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJZ-0006sS-8q for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJZ-0002eG-84 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8h1M5R788k3CcrNxtQyoyMrEyAShdF7yRtl3q97jCi4=; b=po5RL/zCUA7XdDQT/JLX6c4H0T SV5J5f3mzkPSU87H0UrkVyvNZp0WgZQUy5b7z7VWuE4ri4tLZzUuVRrW72Dl1bnqx5PsSUcSAAHh5 fRbQEefusMptkV/i7jZG7gSUNg4ecQdYjb6ORTkI559OP+1Fq8gKKVvBl3ydSE5QqmlU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:12:05 +0000 commit 8d18b03c95850239a1a9ebaeb565936c7c9ae070 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 8ab2940f68..852b5f3c24 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -65,6 +65,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -72,11 +73,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -84,6 +94,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287296.487242 (Exim 4.92) (envelope-from ) id 1nReJk-0003c5-8f; Tue, 08 Mar 2022 18:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287296.487242; Tue, 08 Mar 2022 18:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJk-0003bv-5j; Tue, 08 Mar 2022 18:12:16 +0000 Received: by outflank-mailman (input) for mailman id 287296; Tue, 08 Mar 2022 18:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJj-0003bo-CX for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJj-0006sv-Bo for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJj-0002el-Aw for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AFyoTTGbvo95yUbfZc74WbkQhlIVr12OpjNz+EtUMiI=; b=1bsaxeOXLAdC81gO7aN/hbLX7k WFfFnIsO3dAcXHEqYAOaQaeSBuoUQVwZ1ZjUi+xUUWOF/OnHW85ovLjqLoB0Jy5CV38C0Fu7hX7VR HLq9lxrNnHWg/p/h3vkLBNCkFJ5MTTdNdDv9F9TXw6ELOT3b1qQrPyG0q0c3MJmimTDQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:12:15 +0000 commit 3d963874461b3001e33f3ff90e285670f04d16c4 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287297.487246 (Exim 4.92) (envelope-from ) id 1nReJu-0003eU-A7; Tue, 08 Mar 2022 18:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287297.487246; Tue, 08 Mar 2022 18:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJu-0003eM-7F; Tue, 08 Mar 2022 18:12:26 +0000 Received: by outflank-mailman (input) for mailman id 287297; Tue, 08 Mar 2022 18:12:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJt-0003eE-FX for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReJt-0006t5-Ev for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReJt-0002fE-E3 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aiH2Z1lxWghuvOLZkNmEzJbm6XyjYlaR2uwr/MSAeLk=; b=csie20uBMCQoCKjP8TvBcYU1S5 wMpNjdy35rVzsWWTITaKMVsKnYMOB1+XOXEtng6/HuQFBbxzmDjkIe6ZxUhUu6wnF9sjps8HgaVk4 zAn6FMDYnKGFP6J24cJtuUAxw1HOyx85Fu9As+xyU0U4a18LdnP0LIco3qRyUHRJhM6U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:12:25 +0000 commit 8aa3833db97e8fe1143c5ece110b9321ce1494ea Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 7 +++++++ xen/include/asm-arm/cpufeature.h | 11 +++++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 6e51f530a8..a58965f7b9 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index d7e4772f21..eac08ed33f 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* ID registers (imported from arm64/include/asm/sysreg.h in Linux) */ @@ -139,6 +142,9 @@ #define ID_AA64ISAR1_GPI_NI 0x0 #define ID_AA64ISAR1_GPI_IMP_DEF 0x1 +/* id_aa64isar2 */ +#define ID_AA64ISAR2_CLEARBHB_SHIFT 28 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 @@ -232,6 +238,7 @@ #define ID_AA64MMFR0_PARANGE_52 0x6 /* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ECBHB_SHIFT 60 #define ID_AA64MMFR1_ETS_SHIFT 36 #define ID_AA64MMFR1_TWED_SHIFT 32 #define ID_AA64MMFR1_XNX_SHIFT 28 diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 8a5afbaf0b..db126508f1 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -243,14 +243,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - register_t bits[2]; + register_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -286,6 +287,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287298.487250 (Exim 4.92) (envelope-from ) id 1nReK4-0003hg-Bm; Tue, 08 Mar 2022 18:12:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287298.487250; Tue, 08 Mar 2022 18:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReK4-0003hY-8m; Tue, 08 Mar 2022 18:12:36 +0000 Received: by outflank-mailman (input) for mailman id 287298; Tue, 08 Mar 2022 18:12:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReK3-0003hM-Ia for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReK3-0006t9-Ht for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReK3-0002g3-H8 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UlKtCJv73u+jUaaIzfvHFKLzIPohuNbnOF7gELNArZ4=; b=qLMedG3eo6HZxzhBPHlgI79q8w CTGPEqugoGWxjdiZIg1Cwjn3RXdV5pZFyYmKkt6of9EaDDyYVED/Db2PQO2OmB7HsQhwrjmPhXbdj oTobp0TYt6/u+olKu2bgKvWtUdrR0J+lThfDORFZhHZY25gzEUjvjPit39dyCinABtG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:12:35 +0000 commit 789523a2aac88e3668f9c4ad892fa47b5f6bf1a7 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index 5ad66efd6b..140e223b4c 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -27,6 +27,11 @@ sb .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index db126508f1..f7368766c0 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -63,8 +63,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287299.487253 (Exim 4.92) (envelope-from ) id 1nReKE-0003ks-EX; Tue, 08 Mar 2022 18:12:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287299.487253; Tue, 08 Mar 2022 18:12:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKE-0003kk-Bd; Tue, 08 Mar 2022 18:12:46 +0000 Received: by outflank-mailman (input) for mailman id 287299; Tue, 08 Mar 2022 18:12:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKD-0003ke-LR for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKD-0006tD-Kh for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReKD-0002gc-K2 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oLU0aJ7seFSA/2WLRIEKfDWTD1WeYYSIzFL1HGSBUWM=; b=ynCFWazBStIXAOplYEuM8AN42w 3u5QYpBNewuXcW4/I8e3gQ6KKOnUUy7DSeWiUpV9+fqa0Zc3NXltXRKkHf4fvFzyvogPtIvVLtuDY Cl2tgW2HV0KhqFWBG7cs3Zu68+0OhnO2aKsfJSYAvQHaobQuk4i+TT3FlEYgA919E0Fs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:12:45 +0000 commit dab616cd3d4856a7a4d4f3a429a82dbdbf1aeeb9 Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index fc3811ad0a..cf7b9d826f 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -336,16 +336,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -354,10 +364,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:12:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:12:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287300.487258 (Exim 4.92) (envelope-from ) id 1nReKO-0003ne-GD; Tue, 08 Mar 2022 18:12:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287300.487258; Tue, 08 Mar 2022 18:12:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKO-0003nW-D6; Tue, 08 Mar 2022 18:12:56 +0000 Received: by outflank-mailman (input) for mailman id 287300; Tue, 08 Mar 2022 18:12:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKN-0003nK-OR for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKN-0006tO-Ni for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReKN-0002hB-N1 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:12:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2DDY5N9hH19Vkk4LLs4mDWJ5YH2fNo0Vg+vd1eGIml8=; b=adBvnsKxRW4WuGOg9SPPqHcgfb bUmC3nM3Z/C1UQayqDPWmWsDKFq9lYNiGM+qwHJtJQMTzq+ot2lJOXdRttStgIct7UFfH97VEJAjT 1wv5tg1e0dJI7xqV02jq13y1SDqyvD/OcVfvqL7ULPSLgDr5u1YC6jmuZedK+V+2SBEc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:12:55 +0000 commit c374a8c5cc74535e16410b7a0d9e92bf5de54f79 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 995197f4b2..f606dc0e14 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2269,9 +2269,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cbeeb19903..ae076bec3a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -945,10 +950,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -968,16 +986,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287301.487261 (Exim 4.92) (envelope-from ) id 1nReKZ-0003qn-HT; Tue, 08 Mar 2022 18:13:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287301.487261; Tue, 08 Mar 2022 18:13:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKZ-0003qf-Ea; Tue, 08 Mar 2022 18:13:07 +0000 Received: by outflank-mailman (input) for mailman id 287301; Tue, 08 Mar 2022 18:13:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKY-0003qV-7n for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKY-0006tf-72 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReKY-0002j2-4t for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8OHWiUfzOFf39Ess3bWcN4Rdu+OjQbh7LDExMKry3LY=; b=BCjrs5fVGpaFfTGQTYPfwGnObD P2jI92albzxOem6Ykecod4Cq8iJIXaZQlKTqvQYaUSZjc2HIEvOG/jTakdXD0Sy5Rppct5raqJvwm ZuuEopuHirHmknNFMSio5qvRx8axZcyvSS3MJkltZ4Cu2lfQtSJch+NPgQOKXF/yaP3A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:13:06 +0000 commit 5f097af94ec78e170d599a05c6e528cda259891f Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 5c1768cdec..2e1f5da785 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287302.487266 (Exim 4.92) (envelope-from ) id 1nReKj-0003tZ-J9; Tue, 08 Mar 2022 18:13:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287302.487266; Tue, 08 Mar 2022 18:13:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKj-0003tR-GA; Tue, 08 Mar 2022 18:13:17 +0000 Received: by outflank-mailman (input) for mailman id 287302; Tue, 08 Mar 2022 18:13:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKi-0003tJ-AY for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKi-0006u5-9o for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReKi-0002lq-99 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XIH5vdMfsGdJ8Ww+gHdNHz65cKfMLuDQimUoK/2oY5w=; b=BTJ7kdWzS47uxWoBoplksWWvDC AJgXKhUI8IWlXKeCkCgrzdnONJMYpXSQW63/nNFlAiAl16YIH0hrj9cBX6rT9JVytPAnLGE1z7Lip 54RkR/A8pdooDOEel8Cv60JAUvjSd3aYAWD2CiG/6GNfqAjTt4ORrGmOh39944gwEJgQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:13:16 +0000 commit 9a4a4abb595e6600ab3b652676a998f5bbc580d5 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287303.487270 (Exim 4.92) (envelope-from ) id 1nReKt-0003wG-KW; Tue, 08 Mar 2022 18:13:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287303.487270; Tue, 08 Mar 2022 18:13:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKt-0003w8-Hh; Tue, 08 Mar 2022 18:13:27 +0000 Received: by outflank-mailman (input) for mailman id 287303; Tue, 08 Mar 2022 18:13:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKs-0003vx-Do for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReKs-0006u9-DB for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReKs-0002mW-C8 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZfbkrGpo1FU4Oz/1EoPLrxmy1f+NRXpV2iO7V6GFdi0=; b=2HwnFnFDD9R6lqb+smmBSmCFnr P+ISe1Zu9ftThUavsrIEX4Wht02g1PlUpQEC13Tq6FLUkHYwL5uOw2sKzWk/M+qh+BHhBZTXn9GpZ PN4IZ5xfgcYbBJJ+jpcR+tzfvvoEVYqg3EcVKeqUTRtLQ0juM/VjgNNdYUb6X5ipNFp4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:13:26 +0000 commit 7259e87984a00c6a481b89e1b3da8392750bcc36 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 3 +++ xen/include/asm-arm/cpufeature.h | 11 +++++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 1d88783809..6b7b510d26 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index 077fd95fb7..3115c81970 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* Access to system registers */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 9ea3970c70..538145f260 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -206,14 +206,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - uint64_t bits[2]; + uint64_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -249,6 +250,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287304.487274 (Exim 4.92) (envelope-from ) id 1nReL3-0003z4-ME; Tue, 08 Mar 2022 18:13:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287304.487274; Tue, 08 Mar 2022 18:13:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReL3-0003yw-JC; Tue, 08 Mar 2022 18:13:37 +0000 Received: by outflank-mailman (input) for mailman id 287304; Tue, 08 Mar 2022 18:13:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReL2-0003yk-H5 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReL2-0006uE-GI for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReL2-0002nL-FZ for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1VR9Lzb5ioFUeneFa+mgdS0kOuK3v2riAWc4LcQ9Fy8=; b=z5Np/GcxRfm5s8tC8lXwDxWaxk rY3sb8AhCKtrq56mEqor464dev+J34ks2Xf3NqJjaELkRPCwwcp5/F3IO+60+Uj9+MBNUVkVCJI+f b0x8rDbsd3jCc35n7bkUzkwGRNr4Wx4ayYjP/XrGcXzyx1d/HU5ouSDnE8+w8zIAxXLA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:13:36 +0000 commit eed4a84a83f828611210499fd0e995f6c8e73a10 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 538145f260..d4e7cde675 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -49,8 +49,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287305.487279 (Exim 4.92) (envelope-from ) id 1nReLD-00042O-PR; Tue, 08 Mar 2022 18:13:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287305.487279; Tue, 08 Mar 2022 18:13:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLD-00042G-M7; Tue, 08 Mar 2022 18:13:47 +0000 Received: by outflank-mailman (input) for mailman id 287305; Tue, 08 Mar 2022 18:13:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLC-000423-Js for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLC-0006uL-JB for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReLC-0002o0-IS for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YiCnOdBkSk22zGw9BZNzNnD0PcXFSi2RbdwzYW9fsFY=; b=SqSMU6RDNlfk3Q20efh2ITPXR/ 4sGxo2ztWqu29WjiYAmOU4tqMGgFF7qCIGfmxVmrEFdfHFlKJwcEBgLZ3Rzi3SU2jjszIzcxLbN/H mhQlkciFrFGWzEZ6hO4gmR4rY525DE5bS69JdQifCGg3CmInFrMEP0V6txDyWJJVarAU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:13:46 +0000 commit 65110f49535d15b6dddf4a8f34308231eae761da Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:13:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:13:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287306.487282 (Exim 4.92) (envelope-from ) id 1nReLN-00045M-Qp; Tue, 08 Mar 2022 18:13:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287306.487282; Tue, 08 Mar 2022 18:13:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLN-00045D-Na; Tue, 08 Mar 2022 18:13:57 +0000 Received: by outflank-mailman (input) for mailman id 287306; Tue, 08 Mar 2022 18:13:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLM-000453-NB for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLM-0006uP-MW for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReLM-0002qF-Lc for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:13:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H8M7qU67MJbW9p/FhSOCrvC+Yye55EhMeXVBStSl1OQ=; b=qBIk6qSOQI/bRirJ45FMlCyMR1 mXk29OFQs3RUQjdKPqecp/u9QqP7lr1EFSfAG93FMDbZwp9sjU2SFFqWCEKJ8JppcVA7MEYXsbAUY 8Mn7H3zM9HWRK3ZyWq7mNK9D9WfV/Ywc4OGJLKT/JHw3P4jIS0W17qtJz/4SQHnP7hG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:13:56 +0000 commit 1b50f41b3bd800eb72064063da0c64b86d629f3a Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 443802b3d2..2392537954 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2205,9 +2205,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9301d95bd7..7ded6ecba1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -916,10 +921,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -939,16 +957,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287307.487286 (Exim 4.92) (envelope-from ) id 1nReLX-00048W-S2; Tue, 08 Mar 2022 18:14:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287307.487286; Tue, 08 Mar 2022 18:14:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLX-00048O-P8; Tue, 08 Mar 2022 18:14:07 +0000 Received: by outflank-mailman (input) for mailman id 287307; Tue, 08 Mar 2022 18:14:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLX-00048G-52 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLX-0006un-4M for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReLX-0002sK-3e for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0w85pIxG0sLSdjKwgs5j6nxqQgbdNWD04zQp1wvmqko=; b=zN8VdG/S6YNWXLAAxx+zFcZwRv oRdv88QY4sJwveBw6OJJWt0GbgjIpdG756DsW2fyB/zl6sx8EkEB0dMVnLxDjQiYRnrzz4vByGywb F4OaCwuT3oFOmASD8zGKJ8I1e9AXawy+F1t4wYP8/ZMlew1D3twd46dZDsKm1jkK3U6c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:14:07 +0000 commit 021466aa73caaa0c5983f02203678e649dd4d22c Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 87c8136022..17cc5cf486 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287308.487290 (Exim 4.92) (envelope-from ) id 1nReLi-0004BL-TY; Tue, 08 Mar 2022 18:14:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287308.487290; Tue, 08 Mar 2022 18:14:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLi-0004BD-Qe; Tue, 08 Mar 2022 18:14:18 +0000 Received: by outflank-mailman (input) for mailman id 287308; Tue, 08 Mar 2022 18:14:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLh-0004B5-7s for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLh-0006vM-7A for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReLh-0002t5-6R for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YjX+cpguGiQ7YvJfO2dk1epse+rsBa8q/ymZnjnLzs8=; b=fU+L1lUYfQIFlgXbHUA7TEV3Oa KuStrcmlXLIPI6H7DTySW2E905+PvD7c5xxLx0O+4mn6QhA4uc6qs0Xj+FDhYSHx0Iqhhh9LyvZd0 NCLSZBBWln/XYFgEHZqf4z0NKIW6mYDzYfxZPEVEowXSpdNPutHIc1yIZJsYwv0Y8x8I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:14:17 +0000 commit 6da7a845fb476ef7395185ec08a58c76ebd8c442 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 66d9a1e45c..9d79e3bad7 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -168,6 +161,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287309.487294 (Exim 4.92) (envelope-from ) id 1nReLs-0004E5-VK; Tue, 08 Mar 2022 18:14:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287309.487294; Tue, 08 Mar 2022 18:14:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLs-0004Dw-S8; Tue, 08 Mar 2022 18:14:28 +0000 Received: by outflank-mailman (input) for mailman id 287309; Tue, 08 Mar 2022 18:14:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLr-0004Dj-B0 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReLr-0006vb-AP for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReLr-0002ts-9W for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wFCrDVWtl9Z5Q3vtAPjqE/XLC7s9O3HhtIjFAEoFAa4=; b=tfXQ4Y0OrLmUXtsuqRg8t5CnL2 rjbrPZK+UyRnvk8FAEtECNm3VSD7bUJnoUH+fCcylWBaWSa9vjDMPqjoIahHCOiv+ESMXykDhZLdW CnjNWru3n7tqv+tkYCfbdWOgBQdNESYxFdUrIpMFPVbyGAbsDEXwyynVBkKcV7TVzTyU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:14:27 +0000 commit ee4b53ae1b95966fd9a491668f0eca73028925e1 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index c60029d38f..cfd2e1d486 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ((uint32_t)READ_SYSREG64(name)) diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 016a9fe203..7be4ee8cf8 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -188,12 +188,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287310.487300 (Exim 4.92) (envelope-from ) id 1nReM3-0004Gs-2c; Tue, 08 Mar 2022 18:14:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287310.487300; Tue, 08 Mar 2022 18:14:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReM2-0004Gf-U2; Tue, 08 Mar 2022 18:14:38 +0000 Received: by outflank-mailman (input) for mailman id 287310; Tue, 08 Mar 2022 18:14:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReM1-0004GT-EB for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReM1-0006vm-DU for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReM1-0002uh-Cj for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5xNMbwrZ94SfpGIFhefqFfFDOMw0BKKiC/zAGu5cIGI=; b=0VPFnrsv437iiZJBpQXMi42nec hteC8OB1klSFK5HCQ64LduNz7BCWlEFDW7Xzi1zuBFdLTtq6Kb0x5hvGo7ys5ehZ2d7Aq+mooTsaD z3ulPVumI9h6cC/29tJNkx1mtz2QNH5siWI3IlUN2DkK/UMof2/wedAw0Dt6y7pwXjRw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:14:37 +0000 commit fc56dd212e4574c5fd77f830d077036b330dc1b5 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 9d79e3bad7..1c1149b2c7 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -177,8 +186,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -193,6 +202,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -438,19 +534,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 7be4ee8cf8..14c7f7d218 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -46,8 +46,12 @@ #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 +#define ARM_WORKAROUND_BHB_LOOP_8 11 +#define ARM_WORKAROUND_BHB_LOOP_24 12 +#define ARM_WORKAROUND_BHB_LOOP_32 13 +#define ARM_WORKAROUND_BHB_SMCC_3 14 -#define ARM_NCAPS 11 +#define ARM_NCAPS 15 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287311.487303 (Exim 4.92) (envelope-from ) id 1nReMD-0004KB-52; Tue, 08 Mar 2022 18:14:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287311.487303; Tue, 08 Mar 2022 18:14:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMD-0004Jz-1n; Tue, 08 Mar 2022 18:14:49 +0000 Received: by outflank-mailman (input) for mailman id 287311; Tue, 08 Mar 2022 18:14:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMB-0004Jm-HJ for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMB-0006vw-Gd for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReMB-0002vN-Fp for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AqMrZvgSi9S5uSk/j3QHyWu2i4xfmjFySsW8uilpsL8=; b=DEjOgQRxqqGUJ/0wAtBU8dYJMo xIH8ujV/Bhjh2Na5M9CUIyLiwTglz8Bgcp6gON45tov94BlYwVKVGjjvrsmTUneqRm8F97qxHnFWA t17CeSXs9wqbccy1kthhN3p+EUN0LBcL9TtQSSv9mM+pOvpVTXOfeBq7lsyep0wAXlC4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:14:47 +0000 commit 7cebd77c80ce87f84c63a6043a5ad7115ccab9d5 Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:14:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:14:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287312.487306 (Exim 4.92) (envelope-from ) id 1nReMN-0004N0-67; Tue, 08 Mar 2022 18:14:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287312.487306; Tue, 08 Mar 2022 18:14:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMN-0004Ms-3G; Tue, 08 Mar 2022 18:14:59 +0000 Received: by outflank-mailman (input) for mailman id 287312; Tue, 08 Mar 2022 18:14:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReML-0004Mf-KC for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReML-0006w8-JZ for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReML-0002vt-Iw for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:14:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TokTBY87sZRLEUSQeDTxms5rSbvZEQ10cIKGIDsop7g=; b=ArLNpX7d57URKYIyKamFyY83Qs DXZTOZQWUlmectes/jTs3ylvvZ/Rf2j1TxIeH8oDcwG42pAc/3QUgY24qHnJElPxnsNh/bPAUAvve VpM6jZRh8Z/Xx7KcIBOD48enz0YUPAn/CmIwZceZvAds1XahxTTGuPLzoh6sXQBYtMhI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:14:57 +0000 commit ca304edd3ba8c19211107fd2e898249987557ce5 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index fd8f825491..c0bfbb7a5c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2140,9 +2140,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9301d95bd7..7ded6ecba1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -916,10 +921,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -939,16 +957,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:15:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:15:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287313.487310 (Exim 4.92) (envelope-from ) id 1nReMX-0004RY-7Z; Tue, 08 Mar 2022 18:15:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287313.487310; Tue, 08 Mar 2022 18:15:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMX-0004RQ-4f; Tue, 08 Mar 2022 18:15:09 +0000 Received: by outflank-mailman (input) for mailman id 287313; Tue, 08 Mar 2022 18:15:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMW-0004RC-1Z for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMW-0006wp-0x for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReMV-0002xh-WF for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xRGOYG7XFpcyOlLohS6BsKPts9HFLP4hrD81cWPLxRQ=; b=FtLf6VCJrZwAt2PFTvjdE9zVG9 otF+1VTXOmS+FhtiXH/RlXGas9hg7Uu4IMXlxt1WXEcw221+pUgB7gOgrT441MHoMsPCoahazqxDu Z/6v/Vx7UTxqTId4SlMeikUPBYat29NYRgdbmCCgbpaJynkFW4BKYxNGNbfldDm8Hl8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:15:08 +0000 commit 9a8804a92fed77f77afe9fc525c6891bb60f68d3 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 87c8136022..17cc5cf486 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:15:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:15:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287314.487315 (Exim 4.92) (envelope-from ) id 1nReMh-0004UT-9T; Tue, 08 Mar 2022 18:15:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287314.487315; Tue, 08 Mar 2022 18:15:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMh-0004UL-68; Tue, 08 Mar 2022 18:15:19 +0000 Received: by outflank-mailman (input) for mailman id 287314; Tue, 08 Mar 2022 18:15:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMg-0004UB-4L for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMg-0006yn-3i for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReMg-0002yG-36 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZhmlQW8kNCjkJNKOFSbLe0RfdObM++uNkeXa3wz4230=; b=WYY7h7RLMd/DN623MEIZegmccw HdigIgOpWenguTJf8kyDyL2iNWEFBunv27aEkuS+TOIxYAvQJfsVqALhi6PAJ0UeV7KyVnVgjWVI5 xdx7cvzsPtWT9A4vVqS+AneZwT2tVNLtoBsscuQCXV5t5hzU9gCMeNJzJSH+zBTUG0sg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:15:18 +0000 commit 03db21387b8653d663e8da89c964d611ba509130 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index f94bcf74cc..79620889b4 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -102,13 +102,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:15:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:15:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287315.487319 (Exim 4.92) (envelope-from ) id 1nReMr-0004XF-B3; Tue, 08 Mar 2022 18:15:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287315.487319; Tue, 08 Mar 2022 18:15:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMr-0004X7-7g; Tue, 08 Mar 2022 18:15:29 +0000 Received: by outflank-mailman (input) for mailman id 287315; Tue, 08 Mar 2022 18:15:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMq-0004Wv-73 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReMq-0006z0-6Q for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReMq-0002z0-5p for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LzeyI92rpDTlkZwaS7W5OP/5CHhMkj6fEyzaAA2ITcs=; b=dC23qI5y4d+Rd/jmCJDV8+iQYl bNdYFoOjrSwmfMyP7ODpAJNntlME5bxmpH7xVcFM111Bg3kdDMmsg6SgFNKiB4hvMNHCpql6CoQGh hAlxGmXy0GpfzV0WZeaKCJ31HpYTYX1D1LkJf/yVs7wnwAOwTmyt5LN5Arc+c0ZbrF/Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:15:28 +0000 commit d99df7d50d366c7a8dc71f5bdc3454f469b00a00 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index c60029d38f..cfd2e1d486 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ((uint32_t)READ_SYSREG64(name)) diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 29753fee78..8519d2987b 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -183,12 +183,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:15:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:15:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287316.487322 (Exim 4.92) (envelope-from ) id 1nReN1-0004a4-Ct; Tue, 08 Mar 2022 18:15:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287316.487322; Tue, 08 Mar 2022 18:15:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReN1-0004Zu-9F; Tue, 08 Mar 2022 18:15:39 +0000 Received: by outflank-mailman (input) for mailman id 287316; Tue, 08 Mar 2022 18:15:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReN0-0004Zl-A6 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReN0-0006zA-9R for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReN0-0002zh-8c for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DkkkGehgSpZfR0m0QBKMxLeQrJY2Ad//QrCkedW6w48=; b=0LzbE5yZmUt/7ceGiLxWtRAMdK UsfiXRoP+ekMItEgxaV57YMWuXLmBgxUxUEnvgCxCgtLzFzeoXMv3fnpDqcyWfbDk3n8JR0eQkzLl niS342hu6pFU4mdiAznJO03bJYvjUT3QHfLbq3UmrO8oARr0CZnzbPS2D60Am7ocvXrg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:15:38 +0000 commit 47125f5fb2073abb9d5d3f65824cd066e7ec62f1 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 79620889b4..8d9e977b77 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -144,7 +144,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -192,6 +201,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -437,19 +533,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 8519d2987b..a1fa3bc1cf 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -46,8 +46,12 @@ #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 +#define ARM_WORKAROUND_BHB_LOOP_8 11 +#define ARM_WORKAROUND_BHB_LOOP_24 12 +#define ARM_WORKAROUND_BHB_LOOP_32 13 +#define ARM_WORKAROUND_BHB_SMCC_3 14 -#define ARM_NCAPS 11 +#define ARM_NCAPS 15 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 126399dd70..2abbffc3bd 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:15:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:15:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287317.487326 (Exim 4.92) (envelope-from ) id 1nReNC-0004dJ-FY; Tue, 08 Mar 2022 18:15:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287317.487326; Tue, 08 Mar 2022 18:15:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNC-0004dB-Cj; Tue, 08 Mar 2022 18:15:50 +0000 Received: by outflank-mailman (input) for mailman id 287317; Tue, 08 Mar 2022 18:15:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNA-0004cu-DN for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNA-0006zN-CS for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNA-00030R-Bf for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Iut2MaMVh6PeqODJVnVnmBJu7ag3Db4l9jhPKJykFDE=; b=toSnX9/eESmWipiOQ0itnuZh+s +Ojw5M/Hh1vZMXTQrF6w5BjsKrIE16SFPDTPbsMktbXbzIRYpjQBe7OPtQBxuH53GvDDLk+8soSuw ZzOTSsl764zYqXWhD807IEBieLTiI+vyIO97Gnb2iuFkkWf8mXYfvzBFCHyjJTQ0UCQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:15:48 +0000 commit fbabb62dd9e57180400f145a8756624c82de888f Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287318.487330 (Exim 4.92) (envelope-from ) id 1nReNM-0004g7-HK; Tue, 08 Mar 2022 18:16:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287318.487330; Tue, 08 Mar 2022 18:16:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNM-0004fz-EF; Tue, 08 Mar 2022 18:16:00 +0000 Received: by outflank-mailman (input) for mailman id 287318; Tue, 08 Mar 2022 18:15:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNK-0004fh-H0 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNK-0006zR-GO for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNK-00031T-F3 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:15:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0C5hLs4vkzmRoja2e+gr1LI74G3zrziVC7V/+EasR/A=; b=I7n/ByBabriSun4C5GTwJFgUG1 XIie5pIsG/I0ycW0nGWuSdE5aM0iVWKe8Q1OOsRFQQaEo0vWwb93f1m2qrpr3ZIvPQARekFuzkyjM lWJAbolLWEE/auPKLkL7zovtbenNbSP3xTPwIhyELsocZpj2ozQbyONl65+im730Di4k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.13] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:15:58 +0000 commit 7b9814b250a5a28277bd0866d341a5cfc0f4c1ac Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Update the default heuristics to never select THUNK_LFENCE. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 10 ++-------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index cf9dea62db..eead69ada2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2077,9 +2077,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1cfd02d7d7..7447d4a8e5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -908,16 +908,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.13 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287319.487334 (Exim 4.92) (envelope-from ) id 1nReNW-0004vp-J7; Tue, 08 Mar 2022 18:16:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287319.487334; Tue, 08 Mar 2022 18:16:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNW-0004vU-Fv; Tue, 08 Mar 2022 18:16:10 +0000 Received: by outflank-mailman (input) for mailman id 287319; Tue, 08 Mar 2022 18:16:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNV-0004jq-0Z for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNU-000707-UU for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNU-00033Q-Te for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fu4lBTjyRaNxTqACgiHFNmO8cpMc8+/hTcUzZcgIyWY=; b=hSKtO5kKSZuZzleTKLhKFZeHDn sV8RTM7ZdTDUbfVmpCjbe5vc+eV0XZ1mucsesjtwpIUuJQnZttbmky2mdK7Mgiv6f/nN88vXeaRhC yzjJ1UNoMbjCzelscznMTY3fJJz8kAC7249bO9EmCYrgyx5XhTluKCn3MLrjbmymxuqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: Introduce new Arm processors Message-Id: Date: Tue, 08 Mar 2022 18:16:08 +0000 commit f1346b2cfdbeb468b50be7b6f7aa38ce3c1acf2a Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 0f35ec59d1..cd45fba978 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -48,23 +48,43 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 +#define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A73 0xD09 #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287320.487338 (Exim 4.92) (envelope-from ) id 1nReNg-0004zl-KR; Tue, 08 Mar 2022 18:16:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287320.487338; Tue, 08 Mar 2022 18:16:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNg-0004zd-HN; Tue, 08 Mar 2022 18:16:20 +0000 Received: by outflank-mailman (input) for mailman id 287320; Tue, 08 Mar 2022 18:16:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNf-0004zN-1s for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNf-00070B-1C for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNf-00034U-0T for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=94mHDloTw6atuoaY8VDG4kjV7/fHdMqBeV3YrSnc6HI=; b=PmHuF+x7wHUqqHDkQ0o0xhSV3i nbPQC7DJXJ0yeqZBqtYSiz377XXsiG78EijOpYSJkUBNBd2u/zL2ksXck0yRztV2aomgtToS4Lblr BH3qbhTUuzMFvQ+ao9pNMi+oTjmRF+DjhmgPQ7QPwQMQUlDogyFZrpVT1Awb3Xlq9KDM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: move errata CSV2 check earlier Message-Id: Date: Tue, 08 Mar 2022 18:16:19 +0000 commit 35164a1704fe13e1f83dbd4b5b79838f07d564c6 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b254b98657..9e1ecd0714 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -102,13 +102,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287321.487342 (Exim 4.92) (envelope-from ) id 1nReNq-00052S-M3; Tue, 08 Mar 2022 18:16:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287321.487342; Tue, 08 Mar 2022 18:16:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNq-00052K-J3; Tue, 08 Mar 2022 18:16:30 +0000 Received: by outflank-mailman (input) for mailman id 287321; Tue, 08 Mar 2022 18:16:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNp-000529-4g for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNp-00070F-43 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNp-00035J-3K for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7ex6P9N8UBffT1GV/bRC4y8ZzuXSRItTFle+pik7SFw=; b=yP2O7tZdmsijred2PdsgLHpjDA iqYRYiyNuvcSHG60AaHJbnfltvN3xrsNIEooKmX4XHsNtJcBN0qf7m4c2U72RHl6TaHCZCbSUZWil ifYuiGijNlly1FWCyZKC4EcXOrHsdfpbZLYokQFvKZZDzGXIc1nafw0SY/5gr1gEvJA0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Tue, 08 Mar 2022 18:16:29 +0000 commit 2e519fd8c1e3e7ae5370a6638615d2a52169db28 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index 08585a969e..5f1e9b998f 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ({ \ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 60e677d842..c748fc17fe 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -182,12 +182,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287322.487346 (Exim 4.92) (envelope-from ) id 1nReO0-00055M-Nq; Tue, 08 Mar 2022 18:16:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287322.487346; Tue, 08 Mar 2022 18:16:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReO0-00055E-Kq; Tue, 08 Mar 2022 18:16:40 +0000 Received: by outflank-mailman (input) for mailman id 287322; Tue, 08 Mar 2022 18:16:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNz-000554-7w for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReNz-00070f-77 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReNz-00038F-6H for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=42vvU7dGdT2vyZcC8gaNi/u8ST1XD2PbjqPMhqYJd7Q=; b=jJ3ENYt1jsdKKIjTbUMb5sldc+ cNyni4LNJeJnuAAuaVOfxjY/S3Gelm69+edpDRBGpfWDW+kq0PjRIlqFTMvnavFBo+B+MvSvS0J9g OBEnFEg96VFDN66kOly8nFs1/OLT3O09kcgvYwIGTtdvWicza40aXwuztGKeWExiOjfw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: Add Spectre BHB handling Message-Id: Date: Tue, 08 Mar 2022 18:16:39 +0000 commit d340fad8be324e1760ea29d7c25658a8aec83306 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 9e1ecd0714..d70d1e16e9 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -144,7 +144,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -192,6 +201,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -451,19 +547,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index 9c5e676b37..a13ad8e2b1 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,5 +21,10 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + #endif /* __ASM_ARM_ARM64_MACROS_H */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index c748fc17fe..87989eac6f 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -45,8 +45,12 @@ #define ARM_SSBD 7 #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 +#define ARM_WORKAROUND_BHB_LOOP_8 10 +#define ARM_WORKAROUND_BHB_LOOP_24 11 +#define ARM_WORKAROUND_BHB_LOOP_32 12 +#define ARM_WORKAROUND_BHB_SMCC_3 13 -#define ARM_NCAPS 10 +#define ARM_NCAPS 14 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 126399dd70..2abbffc3bd 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:16:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:16:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287323.487350 (Exim 4.92) (envelope-from ) id 1nReO9-00058Y-RE; Tue, 08 Mar 2022 18:16:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287323.487350; Tue, 08 Mar 2022 18:16:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReO9-00058Q-OF; Tue, 08 Mar 2022 18:16:49 +0000 Received: by outflank-mailman (input) for mailman id 287323; Tue, 08 Mar 2022 18:16:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReO9-00058I-B6 for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReO9-00071j-AV for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReO9-0003Bp-9f for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DPLBL3AJ1nK18X6xsYlbc9ZYtc3jCD5N7HjSRsLtUI8=; b=VxDDljmPiYgA7KbQwZl9Oz+wZS XuWX9fcGr/rgHxP0NHoqPgNnE1wXjBUsMzUebNFtMQSxvZ7FszWIv90tn66vB5xeanu1AKYNMfeQ8 baJNUXMe/kTyZoB0o6EsMZxuJmPoHp0LBZqYD6kVPKOwoeWcc+NVPH53nzmlj66ycYyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Tue, 08 Mar 2022 18:16:49 +0000 commit 21f5a7b22687aa1e384782c8a1c04148f288ad9f Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 97bd06217b..788d0a1912 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -343,16 +343,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -361,10 +371,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index ecf4faa13d..643976db65 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -123,6 +123,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -131,6 +135,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Tue Mar 08 18:17:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 08 Mar 2022 18:17:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287325.487359 (Exim 4.92) (envelope-from ) id 1nReOL-0005C4-2o; Tue, 08 Mar 2022 18:17:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287325.487359; Tue, 08 Mar 2022 18:17:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReOK-0005Bp-Si; Tue, 08 Mar 2022 18:17:00 +0000 Received: by outflank-mailman (input) for mailman id 287325; Tue, 08 Mar 2022 18:16:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReOJ-0005BQ-Eb for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nReOJ-00072E-Dj for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nReOJ-0003Cb-Cx for xen-changelog@lists.xenproject.org; Tue, 08 Mar 2022 18:16:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=o0T47+BFRH7zWvawclJufnAr6Us+WKkUgJh2It5nlwM=; b=RP9VXqXs0uYzRAhO+tshhhbke8 85w9KiZEM48vJMvHhZfVGFxw6ou8mXGutGBFu7lgA5aHOwcpcmxCUoPBz0Fv8Fl/iyrwlQmQ29+Wx ThQacYv7w+5e7yhhy4pdUdpgkhYPrZanENt2gx3ChrIpi6zgI+puXY/JbGMXneyuy1gs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.12] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Tue, 08 Mar 2022 18:16:59 +0000 commit 944afa38d9339a67f0164d07fb7ac8a54e9a4c60 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Update the default heuristics to never select THUNK_LFENCE. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 10 ++-------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index d7919f2ed4..f9fb162138 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1960,9 +1960,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e2fcefc86a..866b864918 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -904,16 +904,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287643.487723 (Exim 4.92) (envelope-from ) id 1nRsrS-0000Pg-BZ; Wed, 09 Mar 2022 09:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287643.487723; Wed, 09 Mar 2022 09:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrS-0000PY-8d; Wed, 09 Mar 2022 09:44:02 +0000 Received: by outflank-mailman (input) for mailman id 287643; Wed, 09 Mar 2022 09:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrR-0000PS-R7 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrR-0000sj-QL for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRsrR-0006J3-PJ for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=prc8fqRxpd3sEfETSWbmCDMzCHIw5AaRD2ZyYTVZzqc=; b=Tmlt57C8yyPrTaUQhudeoyuTWg ropwOcj+6+n9CCnmlmJDrsDT3JE3ZQpM5n81w8ZaD48fvGZujb6ZeEO9fxZyBJfRv1KNudCX+5cgf HfFHN4SrJMR3rT1tEL+jfNRbH2dSfLUxkzg8IsHvePSGW8m+GHNMHgdp/cZTwkKZtjaE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: Introduce new Arm processors Message-Id: Date: Wed, 09 Mar 2022 09:44:01 +0000 commit 9a8804a92fed77f77afe9fc525c6891bb60f68d3 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 87c8136022..17cc5cf486 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287645.487727 (Exim 4.92) (envelope-from ) id 1nRsrd-0000SG-D2; Wed, 09 Mar 2022 09:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287645.487727; Wed, 09 Mar 2022 09:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrd-0000S8-AE; Wed, 09 Mar 2022 09:44:13 +0000 Received: by outflank-mailman (input) for mailman id 287645; Wed, 09 Mar 2022 09:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrb-0000S0-UR for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrb-0000sw-Te for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRsrb-0006Je-Sb for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W+syJJb/av7by8wKUdstSsTIlyIKjCoeEXMsxNqbtNU=; b=nz1/qT3o1S5Loi/ba9w/W2j4m+ LQiNU25w51/8klnbVne6V057iKe6eBlM/9zmTRK0ohD/qQL9zJok3AN9KAd6U9wsWv9f59YI6TYvs vjNKy+DQ9fp4BdJ/cSLt7GoFxExR0DQbcsSsIucPG2WoWy4JHs8ccHCOGnR++0X+TWQU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: move errata CSV2 check earlier Message-Id: Date: Wed, 09 Mar 2022 09:44:11 +0000 commit 03db21387b8653d663e8da89c964d611ba509130 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index f94bcf74cc..79620889b4 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -102,13 +102,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287646.487731 (Exim 4.92) (envelope-from ) id 1nRsrn-0000V7-Er; Wed, 09 Mar 2022 09:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287646.487731; Wed, 09 Mar 2022 09:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrn-0000Uz-Bj; Wed, 09 Mar 2022 09:44:23 +0000 Received: by outflank-mailman (input) for mailman id 287646; Wed, 09 Mar 2022 09:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrm-0000Un-1O for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrm-0000tR-0Z for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRsrl-0006KH-Vn for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZN2coB3BNQKTG38h9TKkZF7cBPyncB/UZnWLNP3DhoY=; b=WCdJfkenI/XOTzZ1dnNVDy4pwA rxuEgF64ScFXcvQT58/VzSiDHQkQyzib6nJfjonoel5iumyReYX+S+hQ/BvuFvzJktDn9NeupSiOP 5RS3drc7fuYPyV9Q/UhrZlCmxM/yHVfXMZ2wryqxudLrWL44ow51HRXk6qD+LiikVhkA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Wed, 09 Mar 2022 09:44:21 +0000 commit d99df7d50d366c7a8dc71f5bdc3454f469b00a00 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index c60029d38f..cfd2e1d486 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ((uint32_t)READ_SYSREG64(name)) diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 29753fee78..8519d2987b 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -183,12 +183,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287647.487736 (Exim 4.92) (envelope-from ) id 1nRsrx-0000Xk-HK; Wed, 09 Mar 2022 09:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287647.487736; Wed, 09 Mar 2022 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrx-0000Xa-DC; Wed, 09 Mar 2022 09:44:33 +0000 Received: by outflank-mailman (input) for mailman id 287647; Wed, 09 Mar 2022 09:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrw-0000XG-4i for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRsrw-0000tV-3r for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRsrw-0006Ko-2s for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yJER0VAGTBiua3U9dN447y36MZWcIqtQ9gnwDVrwRa8=; b=lEnJpVJFWAXaKT7xA2paIlaim9 OlBA+nHcEVdV3a6QTE1P41O6d+ZHPeRBa8EK6kqLHQIFCSMgrraxB08ZEUNa5VyZEXeMuInuKW+/a nHPg7b00d6qV1VqgkAtdFHYSTwUosxpi8ppK9n8q8X9WVTgeTiNO7R1KVMrE5XUCTjPs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: Add Spectre BHB handling Message-Id: Date: Wed, 09 Mar 2022 09:44:32 +0000 commit 47125f5fb2073abb9d5d3f65824cd066e7ec62f1 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 79620889b4..8d9e977b77 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -144,7 +144,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -192,6 +201,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -437,19 +533,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 8519d2987b..a1fa3bc1cf 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -46,8 +46,12 @@ #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 +#define ARM_WORKAROUND_BHB_LOOP_8 11 +#define ARM_WORKAROUND_BHB_LOOP_24 12 +#define ARM_WORKAROUND_BHB_LOOP_32 13 +#define ARM_WORKAROUND_BHB_SMCC_3 14 -#define ARM_NCAPS 11 +#define ARM_NCAPS 15 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 126399dd70..2abbffc3bd 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287648.487738 (Exim 4.92) (envelope-from ) id 1nRss7-0000b3-JV; Wed, 09 Mar 2022 09:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287648.487738; Wed, 09 Mar 2022 09:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRss7-0000av-GX; Wed, 09 Mar 2022 09:44:43 +0000 Received: by outflank-mailman (input) for mailman id 287648; Wed, 09 Mar 2022 09:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRss6-0000ah-7j for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRss6-0000tf-6y for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRss6-0006Lg-6D for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=itTdzwEtp/1Cn5CkmgWVeqmpggitBwWEQn1wjjUUt1E=; b=MajofN2UJEb8ccHim052dMVpZ1 Paoh6p841iXsuZTQst8EF7bOrzj598sXpCIdiA8DBN9gRkXGDT6Wm5/cspQZWnbusqEtFkRA6K0x7 opkz8R0RDXmhqZMV7zq0A1UpAerkwxdPz4wBIU9B3YxPp415m0pu5mYQHv7NnYZtswAc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Wed, 09 Mar 2022 09:44:42 +0000 commit fbabb62dd9e57180400f145a8756624c82de888f Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 09:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 09:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287649.487742 (Exim 4.92) (envelope-from ) id 1nRssH-0000eR-LE; Wed, 09 Mar 2022 09:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287649.487742; Wed, 09 Mar 2022 09:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRssH-0000eI-IB; Wed, 09 Mar 2022 09:44:53 +0000 Received: by outflank-mailman (input) for mailman id 287649; Wed, 09 Mar 2022 09:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRssG-0000e2-B7 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRssG-0000to-AI for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRssG-0006MO-9H for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 09:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=enVSC0QrB/PHs5bCgyvzo8Uk57T8QatqgFUj1yDitPA=; b=ysEtliJQbVqE38itKnXV1Fk49E oq+tOBbuPxKnDgvw/Do9FmlGQ/U8DnAPY+I9gAPTzuKzb0aR3JRrg1HSk1pFy312sJ2SlzBqYwUdH 2Q9Qt3EWFRjQkELPJHIzAvf7oX7OnI6yYY4yjQ8b5lIHz1tfQRuvcyrnazOiz4SeXxXo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.13] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Wed, 09 Mar 2022 09:44:52 +0000 commit 7b9814b250a5a28277bd0866d341a5cfc0f4c1ac Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:13:41 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Update the default heuristics to never select THUNK_LFENCE. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 10 ++-------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index cf9dea62db..eead69ada2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2077,9 +2077,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1cfd02d7d7..7447d4a8e5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -908,16 +908,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287714.487835 (Exim 4.92) (envelope-from ) id 1nRuDf-0005Bu-6N; Wed, 09 Mar 2022 11:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287714.487835; Wed, 09 Mar 2022 11:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDf-0005Bm-3M; Wed, 09 Mar 2022 11:11:03 +0000 Received: by outflank-mailman (input) for mailman id 287714; Wed, 09 Mar 2022 11:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDe-0005BZ-8b for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDe-0002WA-7o for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuDe-00041I-6m for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ayZ37LT8IYC/xjSU6u1OLbRzFCKH4zy0YQdGzUwHzIM=; b=eR3KTE85kth8yCVjVqz1CERL/C nyduupT4RY5E8c8z3lIkDPXNzNQkmCQ/f7+zSjcDv0VjsBhpr/zSd1+JkU0CxvNVVwFzMYVuNpTiW lGbtwaYiQYjNIKwG5gwdILObWgyZlSq1W2c2GKCyGHRkdI4rfeAz0IqugZWOWqjMY178=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: Introduce new Arm processors Message-Id: Date: Wed, 09 Mar 2022 11:11:02 +0000 commit f1346b2cfdbeb468b50be7b6f7aa38ce3c1acf2a Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 0f35ec59d1..cd45fba978 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -48,23 +48,43 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 +#define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A73 0xD09 #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287715.487839 (Exim 4.92) (envelope-from ) id 1nRuDp-0005Fe-7n; Wed, 09 Mar 2022 11:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287715.487839; Wed, 09 Mar 2022 11:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDp-0005FW-4w; Wed, 09 Mar 2022 11:11:13 +0000 Received: by outflank-mailman (input) for mailman id 287715; Wed, 09 Mar 2022 11:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDo-0005FK-BZ for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDo-0002WH-Ak for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuDo-00041v-9t for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Yxqz5VZpg8CkNqqABmiJ6NDe+Va5kUsSvNGQIN98aQc=; b=V9g9fyfbhutrYeKo7jZTc+hTrU DllM3c2OZYdR3ue4ONMthNIbDb+gZFjxSkuvSRgToOQ593t+0uDWUK4jBaUYsEvJHHO1O0RhDvXRr 0DlsuySPLExDcoUyZobMUfKk9xaHPI9jl2rRQOcaPsuPnEofd9il6DqRrCNDITxfg42o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: move errata CSV2 check earlier Message-Id: Date: Wed, 09 Mar 2022 11:11:12 +0000 commit 35164a1704fe13e1f83dbd4b5b79838f07d564c6 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b254b98657..9e1ecd0714 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -102,13 +102,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287716.487843 (Exim 4.92) (envelope-from ) id 1nRuDz-0005Jf-9D; Wed, 09 Mar 2022 11:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287716.487843; Wed, 09 Mar 2022 11:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDz-0005JX-6M; Wed, 09 Mar 2022 11:11:23 +0000 Received: by outflank-mailman (input) for mailman id 287716; Wed, 09 Mar 2022 11:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDy-0005J8-Eg for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuDy-0002Wn-Ds for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuDy-00042e-Cx for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DJ9Pi9pCXFbI7CbAUZv0HTtOS+o3JaS11zdDn3NG+GY=; b=lxCx3y4r10tvWJeTFGUojM2pHw n8vbR2DCLwz4tdB8d2GONCiCaIH7iGKHu7oRcDLyskpWA73mgCmHfN0eb59u09XflBmbRNQCZ+5/y z5ke/o5yQG28cIlACW8+qPbIc5edAgcf7XGSDyEwatOAIyanPX+3PasJ5tMk3HKA+kTQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Wed, 09 Mar 2022 11:11:22 +0000 commit 2e519fd8c1e3e7ae5370a6638615d2a52169db28 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index 08585a969e..5f1e9b998f 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ({ \ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 60e677d842..c748fc17fe 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -182,12 +182,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287718.487846 (Exim 4.92) (envelope-from ) id 1nRuEA-0005OZ-Aw; Wed, 09 Mar 2022 11:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287718.487846; Wed, 09 Mar 2022 11:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuEA-0005OR-7v; Wed, 09 Mar 2022 11:11:34 +0000 Received: by outflank-mailman (input) for mailman id 287718; Wed, 09 Mar 2022 11:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuE8-0005OB-L0 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuE8-0002Wx-K8 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuE8-00043W-GG for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fcpDHtejuYXWbei6C5Jno9JRCqrhhSpIcn9hIE6SRQY=; b=1miPHJFCULmjJ6HHBjlM/5rnWq lT5HcPKvZe1pucFrzanIi9jLY3KAE7qQ/qi9ZpMNvTAm5WwNWChaU6hWKiAwi8Q1Yrgd3Y2AUG0/i 3YCM9vGU6WxhZjs05HOov/8LkPiVFknHQ6X9vmjIFk++APoGD85SjhqV0u3JUjyz24v8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: Add Spectre BHB handling Message-Id: Date: Wed, 09 Mar 2022 11:11:32 +0000 commit d340fad8be324e1760ea29d7c25658a8aec83306 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 9e1ecd0714..d70d1e16e9 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -144,7 +144,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -192,6 +201,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -451,19 +547,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index 9c5e676b37..a13ad8e2b1 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,5 +21,10 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + #endif /* __ASM_ARM_ARM64_MACROS_H */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index c748fc17fe..87989eac6f 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -45,8 +45,12 @@ #define ARM_SSBD 7 #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 +#define ARM_WORKAROUND_BHB_LOOP_8 10 +#define ARM_WORKAROUND_BHB_LOOP_24 11 +#define ARM_WORKAROUND_BHB_LOOP_32 12 +#define ARM_WORKAROUND_BHB_SMCC_3 13 -#define ARM_NCAPS 10 +#define ARM_NCAPS 14 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 126399dd70..2abbffc3bd 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287719.487851 (Exim 4.92) (envelope-from ) id 1nRuEK-0005T7-EJ; Wed, 09 Mar 2022 11:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287719.487851; Wed, 09 Mar 2022 11:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuEK-0005Sw-Aw; Wed, 09 Mar 2022 11:11:44 +0000 Received: by outflank-mailman (input) for mailman id 287719; Wed, 09 Mar 2022 11:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuEI-0005So-O8 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuEI-0002XB-NO for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuEI-00044J-MZ for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NS8hXtKxnywGd0HzD+82B5QtQCsDqw78xwGfAkA30yg=; b=3zBYtja3WV8Ec6JpCFtYuAID/4 mfsZzGcmiEhsBPBnsNRcQomfb7/I/2B37SmgrKAMf6ijW1bGKw7WP35pvzywUBO5MueYXbdTukZKk nZEvdfynItHnEOcJENHkiRmHk2c0wpcmEoGisYpsLaRcajvhRgZO9OWukHHCTKLRxvqw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Wed, 09 Mar 2022 11:11:42 +0000 commit 21f5a7b22687aa1e384782c8a1c04148f288ad9f Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 97bd06217b..788d0a1912 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -343,16 +343,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -361,10 +371,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index ecf4faa13d..643976db65 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -123,6 +123,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -131,6 +135,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 11:11:54 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 11:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287720.487855 (Exim 4.92) (envelope-from ) id 1nRuEU-0005Wa-Fp; Wed, 09 Mar 2022 11:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287720.487855; Wed, 09 Mar 2022 11:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuEU-0005WR-CX; Wed, 09 Mar 2022 11:11:54 +0000 Received: by outflank-mailman (input) for mailman id 287720; Wed, 09 Mar 2022 11:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuES-0005WC-RU for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRuES-0002XM-Qd for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRuES-00044w-Pm for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 11:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8gPrEVW2ojK17fo+GDuqqRYkJJKMB7Uwrn0lhhUHbZg=; b=NsrKN6TNDfufFrvGTEpHmc9iLg 4JUBrbmZvs3HIXn/z5NnNcFasYYQoSB3jx21Te5lguqHQyGz6LyHNPqQ1/PXRQWT9j3STcSWOeNs2 aDQGW3mJJUzi9peMhn8JE5M0znKTzYfg9g3+jrSaJVzMet/jW8Mlys01vtnLvznyNuwE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.12] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Wed, 09 Mar 2022 11:11:52 +0000 commit 944afa38d9339a67f0164d07fb7ac8a54e9a4c60 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:12:50 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Update the default heuristics to never select THUNK_LFENCE. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 10 ++-------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index d7919f2ed4..f9fb162138 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1960,9 +1960,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index e2fcefc86a..866b864918 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -904,16 +904,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( boot_cpu_has(X86_FEATURE_IBRSB) ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.12 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287864.488123 (Exim 4.92) (envelope-from ) id 1nRwrC-0001Eo-Ss; Wed, 09 Mar 2022 14:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287864.488123; Wed, 09 Mar 2022 14:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrC-0001EP-Pb; Wed, 09 Mar 2022 14:00:02 +0000 Received: by outflank-mailman (input) for mailman id 287864; Wed, 09 Mar 2022 14:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrB-00014K-QB for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrB-0005bJ-Kp for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRwrB-00079Q-Iz for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MaYyqxu/uR966NJE9KkCXdz/SZS4cfqzbuSVi0mT7a4=; b=7Kw9JuyTsi7qL7+JqisjTqz/MC l5WR8L2VZmK/xoUktg0HuNsPffA3gp5MvRHKuOVB0zwgOSSbsKRYiLMNy6I+Sr/q2MpRE0C/Nsq/e c3tqTE/Zzsbf//qRkUxwtE61iYEMiIikoAnwZeEqurs5ALrUAmRtwN/smZiraM6y7Xyk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: Introduce new Arm processors Message-Id: Date: Wed, 09 Mar 2022 14:00:01 +0000 commit 8d18b03c95850239a1a9ebaeb565936c7c9ae070 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 8ab2940f68..852b5f3c24 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -65,6 +65,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -72,11 +73,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -84,6 +94,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287865.488127 (Exim 4.92) (envelope-from ) id 1nRwrM-0001mU-UA; Wed, 09 Mar 2022 14:00:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287865.488127; Wed, 09 Mar 2022 14:00:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrM-0001mM-R5; Wed, 09 Mar 2022 14:00:12 +0000 Received: by outflank-mailman (input) for mailman id 287865; Wed, 09 Mar 2022 14:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrL-0001mB-Op for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrL-0005dV-OB for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRwrL-0007Az-N7 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rxnNSND+swdzPg53nD6lvjTs9Q8BhofTkl61DO6cc1w=; b=iOq1Dd2wKX9wZBk/Gy+YiluF2C RZp3rvxAphemHfwGcwvXj1k0k8+cwyDuwMBx4YJiH7Uy7AZKcCW39aAEXjU6sPq3Udh5JI6i5V+ud rfeGi4tkb/yINUDCpREKfypOlFxccUG5xLQjZ801heTrnBH0PtkQs3i2NC3QqCZIrKWs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: move errata CSV2 check earlier Message-Id: Date: Wed, 09 Mar 2022 14:00:11 +0000 commit 3d963874461b3001e33f3ff90e285670f04d16c4 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287866.488131 (Exim 4.92) (envelope-from ) id 1nRwrW-0001q7-VR; Wed, 09 Mar 2022 14:00:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287866.488131; Wed, 09 Mar 2022 14:00:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrW-0001pz-ST; Wed, 09 Mar 2022 14:00:22 +0000 Received: by outflank-mailman (input) for mailman id 287866; Wed, 09 Mar 2022 14:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrV-0001pg-Rw for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrV-0005e6-RD for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRwrV-0007Bk-QG for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AiUEP9EyuiWmm/MnFB/K3Ai7GogkLfFI1NF90WtGjj8=; b=p93IrbfL7jTSQUSBT7+xRVyRQL l5KwdaCh6jT0TfoToqOjouNvAcL2xjQ7/P+8/rnzmRLm36+c2idyW8PMTV4z0YXVOFRcOCSOsDJKk gP2nJ8MpIat3GcOIsQHIBJ85Wqk+oVnxC/AXvawcIaMM0XY47zFkCiAqWSmb+ohze4Ug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Wed, 09 Mar 2022 14:00:21 +0000 commit 8aa3833db97e8fe1143c5ece110b9321ce1494ea Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 7 +++++++ xen/include/asm-arm/cpufeature.h | 11 +++++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 6e51f530a8..a58965f7b9 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index d7e4772f21..eac08ed33f 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* ID registers (imported from arm64/include/asm/sysreg.h in Linux) */ @@ -139,6 +142,9 @@ #define ID_AA64ISAR1_GPI_NI 0x0 #define ID_AA64ISAR1_GPI_IMP_DEF 0x1 +/* id_aa64isar2 */ +#define ID_AA64ISAR2_CLEARBHB_SHIFT 28 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 @@ -232,6 +238,7 @@ #define ID_AA64MMFR0_PARANGE_52 0x6 /* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ECBHB_SHIFT 60 #define ID_AA64MMFR1_ETS_SHIFT 36 #define ID_AA64MMFR1_TWED_SHIFT 32 #define ID_AA64MMFR1_XNX_SHIFT 28 diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 8a5afbaf0b..db126508f1 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -243,14 +243,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - register_t bits[2]; + register_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -286,6 +287,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287867.488135 (Exim 4.92) (envelope-from ) id 1nRwrh-0001sU-0k; Wed, 09 Mar 2022 14:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287867.488135; Wed, 09 Mar 2022 14:00:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrg-0001sM-Ty; Wed, 09 Mar 2022 14:00:32 +0000 Received: by outflank-mailman (input) for mailman id 287867; Wed, 09 Mar 2022 14:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrf-0001sC-VR for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrf-0005eK-Ue for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRwrf-0007CV-TY for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ao0wWa7KEM2dJEkiW0qYSzmSvAmoyk3b3suMH1hjeMk=; b=srRue20KyawK45X6iWJj6vKvuw HB1wYurMds+3hXT9YGWojQFpcW20kSxVLK2b5eBEobp+xM2INk1brkiWBCPVRj0HwRyZD7bJHoCnf vgQWV973P9FSajOZqCwYllcL4SpfneBDVnQFo35uV6ojDbQuODKzvn7B0TBwgwQwbdzg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: Add Spectre BHB handling Message-Id: Date: Wed, 09 Mar 2022 14:00:31 +0000 commit 789523a2aac88e3668f9c4ad892fa47b5f6bf1a7 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index 5ad66efd6b..140e223b4c 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -27,6 +27,11 @@ sb .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index db126508f1..f7368766c0 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -63,8 +63,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287868.488140 (Exim 4.92) (envelope-from ) id 1nRwrr-0001vK-33; Wed, 09 Mar 2022 14:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287868.488140; Wed, 09 Mar 2022 14:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrq-0001vC-Vc; Wed, 09 Mar 2022 14:00:42 +0000 Received: by outflank-mailman (input) for mailman id 287868; Wed, 09 Mar 2022 14:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrq-0001uz-2H for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRwrq-0005eV-1d for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRwrq-0007DP-0e for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eG+DIfSJEvdn+mXQI1FcllUCuhfzGcumrxU6xoFEyco=; b=fuSIxBB6NPkvmlNV0/tkdEWJOK nUT2cQmykbj+tBZ2OUDlbXWHYjnw+bUGoe42Y8wavLiOJEHEAny3JmtCbXuSIx+fv1ttNKaZKJp1L bLG871EFBpIYbX33xk4MaLg9iTD4wgC0geeJ4Y/Dae/DwXT2REZa0iaQfRtHRdMiT1Xk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Wed, 09 Mar 2022 14:00:42 +0000 commit dab616cd3d4856a7a4d4f3a429a82dbdbf1aeeb9 Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index fc3811ad0a..cf7b9d826f 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -336,16 +336,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -354,10 +364,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 14:00:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 14:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287869.488143 (Exim 4.92) (envelope-from ) id 1nRws1-0001yw-6Q; Wed, 09 Mar 2022 14:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287869.488143; Wed, 09 Mar 2022 14:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRws1-0001yo-3S; Wed, 09 Mar 2022 14:00:53 +0000 Received: by outflank-mailman (input) for mailman id 287869; Wed, 09 Mar 2022 14:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRws0-0001yW-5U for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRws0-0005eh-4j for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRws0-0007E7-3w for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 14:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ETiPw5GP2YXKr/EZ24EZCq2i5tvqGwUrL/myvAOIISU=; b=M3zbqNQagA0qzlngjaPWdICou5 JwLIJ7xzhcoZgbaXn1KlQCo903GrIFyrOdeY6AnIysazURCERDFDl7gkyEKk58xdK8NYUtLojiXcQ h2LAEWNvR1dFjW1tlS7O1zUA8Rysk9C9oBrqJ6lV9IFbqXWnj1t4r9KijNVfA4/diHig=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Wed, 09 Mar 2022 14:00:52 +0000 commit c374a8c5cc74535e16410b7a0d9e92bf5de54f79 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:41 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 995197f4b2..f606dc0e14 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2269,9 +2269,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index cbeeb19903..ae076bec3a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -945,10 +950,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -968,16 +986,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 15:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 15:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287956.488301 (Exim 4.92) (envelope-from ) id 1nRyJG-0001q6-R9; Wed, 09 Mar 2022 15:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287956.488301; Wed, 09 Mar 2022 15:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJG-0001py-OI; Wed, 09 Mar 2022 15:33:06 +0000 Received: by outflank-mailman (input) for mailman id 287956; Wed, 09 Mar 2022 15:33:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJF-0001ps-AW for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJF-0007Ct-78 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRyJF-0005OD-64 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QZzmvkshn+JTH4zM2zRs7ijZHQ2W3H/Wy+HYhQfS6Tw=; b=qubWsBqmr8CMgePHosKfB9p30f cH2OM4EcfzPCXHRmgPZNjXhphDacROlrcMvvPRYjpix0uJdv53rKnNxASgXpbrfus4Z8a0CV+sDMo Oef3C6amOaRaWJ+xVsYtgdNdgxC+dDLbXq9ljyKfgPfeagi9Tjlj4d0v8JI9p2QUA+HI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vpci/msix: fix PBA accesses Message-Id: Date: Wed, 09 Mar 2022 15:33:05 +0000 commit b4f21160601155762a4d014db9623af921fec959 Author: Roger Pau Monné AuthorDate: Wed Mar 9 16:21:01 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 9 16:21:01 2022 +0100 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Tested-by: Alex Olson --- xen/drivers/vpci/msix.c | 64 +++++++++++++++++++++++++++++++++++++++++++++---- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 64 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index a1fa7a5f13..63f162cf5a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int cf_check msix_read( struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int cf_check msix_read( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int cf_check msix_read( * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -275,19 +319,31 @@ static int cf_check msix_write( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); if ( !is_hardware_domain(d) ) /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ return X86EMUL_OKAY; + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index f3b32d66cb..9fb3c05b2b 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -51,6 +51,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index bcad1516ae..67c9a0c631 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 15:33:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 15:33:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.287957.488305 (Exim 4.92) (envelope-from ) id 1nRyJQ-0001sB-Sh; Wed, 09 Mar 2022 15:33:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 287957.488305; Wed, 09 Mar 2022 15:33:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJQ-0001s3-Pk; Wed, 09 Mar 2022 15:33:16 +0000 Received: by outflank-mailman (input) for mailman id 287957; Wed, 09 Mar 2022 15:33:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJP-0001rn-Az for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nRyJP-0007D0-AH for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nRyJP-0005Oz-9C for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 15:33:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eaXxv5jBo3U/cn7XEkPYj4dFoWW6YAHSVmwc5X5q9HA=; b=D7tyUV/5qZSPFqt4jTaAdkl0Us CtGpDlTsVG4EZgvxM0yDk4ya5f5ERW/j4m0lED+ZKsQC+yhA9pg2Ii7LEETr0EOYqxp08ljCIYrOR +zT54deNy7yTbEc0l8VBWZ4aZoIPc62x3O/R8h5JhsxlZ/o/01KF0lWTie0P5RkL8m0M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: resolve old address before function verification Message-Id: Date: Wed, 09 Mar 2022 15:33:15 +0000 commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5 Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 9 16:22:03 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index ec301a9f12..be2cf75c2d 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -684,11 +684,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288062.488474 (Exim 4.92) (envelope-from ) id 1nS2eF-0003FX-HR; Wed, 09 Mar 2022 20:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288062.488474; Wed, 09 Mar 2022 20:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eF-0003FP-Ea; Wed, 09 Mar 2022 20:11:03 +0000 Received: by outflank-mailman (input) for mailman id 288062; Wed, 09 Mar 2022 20:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eE-0003FJ-9N for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eE-00048O-6B for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2eE-0002GD-5B for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JwgYNf0uDQ5Y55wBToNYiZWNTMKPvGtPDHivgri+JAs=; b=aybcNwScnHLPwKt4PhiyHB952w aVERmE3dJhdjxw5fIXO7I8sFogwWaaxLRtLN9nnwTcHZxQd2GgpRLdpjzkkUzdq07RVk8VSjbaPVS 0X5GF4DlhtVkRITLA1BDpesR0Lm7nMJm0EJS7M6hP4yMNTbrlVYDJDWxwLSuZXTEOKCI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: Introduce new Arm processors Message-Id: Date: Wed, 09 Mar 2022 20:11:02 +0000 commit 5f097af94ec78e170d599a05c6e528cda259891f Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 5c1768cdec..2e1f5da785 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288063.488479 (Exim 4.92) (envelope-from ) id 1nS2eP-0003HZ-Jb; Wed, 09 Mar 2022 20:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288063.488479; Wed, 09 Mar 2022 20:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eP-0003HQ-GL; Wed, 09 Mar 2022 20:11:13 +0000 Received: by outflank-mailman (input) for mailman id 288063; Wed, 09 Mar 2022 20:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eO-0003HF-9z for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eO-00048S-99 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2eO-0002Gz-8K for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WOH8K8daA56BQ9OGtnrtXEb3zq1pnS28ez8pdsT/OaA=; b=oAiSX3UVwsx+ynFxzk/NTjmWkT O9+diUh8qlIH1dpxFkumCdRxHHVtB2WwVmrEujgHJOoJFRn5sB5ao8THP41ibZaZQSnL4DJb7/FXJ Vx/Hn6NS2rHOwym6+bMEauX8fdmRz9EmlfinfQYpdF2JTZOZmWOKHfBxLhzxRHc4sea4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: move errata CSV2 check earlier Message-Id: Date: Wed, 09 Mar 2022 20:11:12 +0000 commit 9a4a4abb595e6600ab3b652676a998f5bbc580d5 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288064.488482 (Exim 4.92) (envelope-from ) id 1nS2eZ-0003L8-Kj; Wed, 09 Mar 2022 20:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288064.488482; Wed, 09 Mar 2022 20:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eZ-0003L0-Hp; Wed, 09 Mar 2022 20:11:23 +0000 Received: by outflank-mailman (input) for mailman id 288064; Wed, 09 Mar 2022 20:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eY-0003Kq-D8 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2eY-00048k-CN for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2eY-0002Hp-BO for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X9ywTHKiQGvJ4/Gmop8NAQPnFeAkv0EydnI+rEylUZw=; b=x5c8ppYtHtNh7od6zyojLUD+za ynlPobwMoV0GwcJK37PfR0YHS2NFMR9pkr9kgs3s6Cfs0OvxC1ckouqIlcOTBoHF7gjKX8GSH4Ofh CUBLctW5BoGBnllTDfaDaIMfkxshCCeNGXFvYfZAxP0jhxgcmIjbibC2ELykOd2nXgyc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Wed, 09 Mar 2022 20:11:22 +0000 commit 7259e87984a00c6a481b89e1b3da8392750bcc36 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 3 +++ xen/include/asm-arm/cpufeature.h | 11 +++++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 1d88783809..6b7b510d26 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index 077fd95fb7..3115c81970 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* Access to system registers */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 9ea3970c70..538145f260 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -206,14 +206,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - uint64_t bits[2]; + uint64_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -249,6 +250,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288065.488486 (Exim 4.92) (envelope-from ) id 1nS2ej-0003OW-NY; Wed, 09 Mar 2022 20:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288065.488486; Wed, 09 Mar 2022 20:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2ej-0003OO-Ka; Wed, 09 Mar 2022 20:11:33 +0000 Received: by outflank-mailman (input) for mailman id 288065; Wed, 09 Mar 2022 20:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2ei-0003OD-GL for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2ei-00049A-FU for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2ei-0002IT-Ea for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9UiYco6Ewfskk6FA3vRZN2elb20Iy8VRhNip3qhlXc8=; b=aaLHDuizlHIkSZ5dq2e4KtCO1x 7Ra4XBU+DLeW5jYJ1mfvaUQ6V+0g0J8InwGoqDdHkq0IRyBODgK8aV3kZvWiuGN1M8EgO7T17XygU xonku7NT81bP/CD09fjR4UgmK+f9RzRhSMYi0/oA8YfAzKYfSEK8xyAh8hb+F5rhg/oA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: Add Spectre BHB handling Message-Id: Date: Wed, 09 Mar 2022 20:11:32 +0000 commit eed4a84a83f828611210499fd0e995f6c8e73a10 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 538145f260..d4e7cde675 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -49,8 +49,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288066.488489 (Exim 4.92) (envelope-from ) id 1nS2et-0003R2-PK; Wed, 09 Mar 2022 20:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288066.488489; Wed, 09 Mar 2022 20:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2et-0003Qv-MP; Wed, 09 Mar 2022 20:11:43 +0000 Received: by outflank-mailman (input) for mailman id 288066; Wed, 09 Mar 2022 20:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2es-0003QY-JV for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2es-00049K-Ih for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2es-0002J2-Hj for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SnWp3V4pizOAATjxaiYPae01g54n6+gKKuz+SEzESPY=; b=DBljfxzMOXIAspk57/RSJpJdFF c6n9grGqPrjIHXI6S5AvBY5ZVQin9KjDWBbrpjYOmuEK3lRg4bG3jSsV4h8CHZFoo589GOHuD1quf nQvL08uhnYKX+z9EIPb000V2M9MY1N+pvTHTpZvwRejmUh/lggG5b0/3PBdLKIln2+tc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Wed, 09 Mar 2022 20:11:42 +0000 commit 65110f49535d15b6dddf4a8f34308231eae761da Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Mar 09 20:11:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 09 Mar 2022 20:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288067.488493 (Exim 4.92) (envelope-from ) id 1nS2f3-0003U6-RM; Wed, 09 Mar 2022 20:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288067.488493; Wed, 09 Mar 2022 20:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2f3-0003Ty-OH; Wed, 09 Mar 2022 20:11:53 +0000 Received: by outflank-mailman (input) for mailman id 288067; Wed, 09 Mar 2022 20:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2f2-0003Tm-Mh for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nS2f2-00049a-Lp for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nS2f2-0002Jb-L0 for xen-changelog@lists.xenproject.org; Wed, 09 Mar 2022 20:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NrYVBMVrqaBonRPSx3prg+Nj1yE8el12NSMKw4sv6A0=; b=BOz6ow9uuMLzgdVQooOGk2Dy3f 5MQbJA9kFH6WdaCXzpZ6/kkbcZWWyQ8v43gQlQ+b+Mls0B/w183uGdCJrlcMUAXWypuRkYGOza1IL 5hE3EmqokNDcgBs+M/jBGx0XAvmB/81mi3Lm2A8z11/CvDEjSGKnfo8ApE6SfONQyrp4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Wed, 09 Mar 2022 20:11:52 +0000 commit 1b50f41b3bd800eb72064063da0c64b86d629f3a Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:15:10 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 443802b3d2..2392537954 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2205,9 +2205,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9301d95bd7..7ded6ecba1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -916,10 +921,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -939,16 +957,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288222.488750 (Exim 4.92) (envelope-from ) id 1nSEZd-00087s-VO; Thu, 10 Mar 2022 08:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288222.488750; Thu, 10 Mar 2022 08:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZd-00087k-SP; Thu, 10 Mar 2022 08:55:05 +0000 Received: by outflank-mailman (input) for mailman id 288222; Thu, 10 Mar 2022 08:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZc-00087d-I9 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZc-0004yE-DC for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEZc-0004FX-C1 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DBGJB9yop0SdWWXixSe/gm93L5SOaa5gXYNSLKWG1kg=; b=SZ3iNayuGJRcnImJ79cj+cKuaZ rjBZMltjqQgN6zuIodZDOPuHaIAI9QENmzW2/Bl5OWyS3SlzJPj65xAOE8TeDf0v/Xv3hH/249b7R RkMO1KjXEn0MJc0/wzvqLKKCHAjvJVzwqkmP75VLlNNorcrs2ENdmgYmbWfm3tXaey98=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VT-d: drop undue address-of from check_cleanup_domid_map() Message-Id: Date: Thu, 10 Mar 2022 08:55:04 +0000 commit b2db518e952c3a8fe5b9ec6a2d007cda73fd05a4 Author: Jan Beulich AuthorDate: Thu Mar 10 09:43:50 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:43:50 2022 +0100 VT-d: drop undue address-of from check_cleanup_domid_map() For an unknown reason I added back the operator while backporting, despite 4.16 having c06e3d810314 ("VT-d: per-domain IOMMU bitmap needs to have dynamic size"). I can only assume that I mistakenly took the 4.15 backport as basis and/or reference. Fixes: fa45f6b5560e ("VT-d: split domid map cleanup check into a function") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/drivers/passthrough/vtd/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3b37bad25e..ead12db6a4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -197,7 +197,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { - clear_bit(iommu->index, &dom_iommu(d)->arch.vtd.iommu_bitmap); + clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); cleanup_domid_map(d, iommu); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288223.488755 (Exim 4.92) (envelope-from ) id 1nSEZo-0008AF-1z; Thu, 10 Mar 2022 08:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288223.488755; Thu, 10 Mar 2022 08:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZn-0008A7-VC; Thu, 10 Mar 2022 08:55:15 +0000 Received: by outflank-mailman (input) for mailman id 288223; Thu, 10 Mar 2022 08:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZm-00089v-H9 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZm-0004zo-GL for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEZm-0004GP-FN for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bEE1IyQVjblN6cHSmcv42YZNACm78JpnrfdQczYx9uE=; b=1Ko0vs4zp5HuE0bFZYF8kcxcTB rJSccxOZ/R9AVQ50h4zyZ31l5PZ+Ov4GjwFdFIlw7wm+ME7OYFL9Kg3kmTDFvXfPUjCu2kAC7A0VQ 1CcNQUKEFBdXIjpdc1VP35zbtDUJJMy+e4UqcotMctFWB/vWYHjtpPRX04mVp3nC/isg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/console: process softirqs between warning prints Message-Id: Date: Thu, 10 Mar 2022 08:55:14 +0000 commit 99fa2c61ae1d3b83d7ef3c339568102a1252fafa Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:45:27 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:45:27 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288224.488758 (Exim 4.92) (envelope-from ) id 1nSEZy-0008Ck-3F; Thu, 10 Mar 2022 08:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288224.488758; Thu, 10 Mar 2022 08:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZy-0008Cd-0O; Thu, 10 Mar 2022 08:55:26 +0000 Received: by outflank-mailman (input) for mailman id 288224; Thu, 10 Mar 2022 08:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZw-0008CN-KL for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEZw-000505-Jc for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEZw-0004H9-Ie for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aI3t6RymY+DjIn9+yHdqmo1+NoHcZn2pPhM7eOgg2uw=; b=hJ686JS+K5GmOe+FbrgvnJ+XJP n3RoTJP52vacEzjnQ3o3ezv01vz1+ptRp0ArG3/TEH+2bioX8mqJIOrSxRlNLeunqMHvKG7/TImyd WvTvNR/JUz7u9M3qKqx1WuL3ZjNIhzneXA1KxEzugcW7Xxp735tFv5/dpqFZhalOtIdo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Thu, 10 Mar 2022 08:55:24 +0000 commit 38fbfddf660de9572b1c906315a345b1470d3a04 Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:46:28 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:46:28 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index dcd09d32ba..2890697de8 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1158,17 +1158,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288225.488763 (Exim 4.92) (envelope-from ) id 1nSEa8-0008GH-5C; Thu, 10 Mar 2022 08:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288225.488763; Thu, 10 Mar 2022 08:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEa8-0008G7-24; Thu, 10 Mar 2022 08:55:36 +0000 Received: by outflank-mailman (input) for mailman id 288225; Thu, 10 Mar 2022 08:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEa6-0008Fo-Na for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEa6-00050Y-Mm for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEa6-0004Hs-Lp for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HFxkGkedrwXRKKpV+JoTAXzjnanfeOumSM0q74JXQ3w=; b=HiX8iXGRmTSMfc0Ho6mzyP3ccd X7r8SGt4lXQTHd38VoCpzXWxBsCC7jwbnOrK6bC0Vv4/w52I0Pgjtg1609/NdEsgcRijftAbv+Gjd 3FOu7wBSrRDdNcEsODQotoMGLE2EoFWpyEg0DKJ76/Ldm3Y9OHlJthM16TU1TfVoZfyE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Thu, 10 Mar 2022 08:55:34 +0000 commit 6a6600cebbbe7cc734b388f48aa3475d75916e71 Author: Lasse Collin AuthorDate: Thu Mar 10 09:47:02 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:47:02 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 7bfe23f422..3463a39cfd 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 6b07722e3c..53d9f358fe 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t __init dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288226.488767 (Exim 4.92) (envelope-from ) id 1nSEaI-0008JI-6V; Thu, 10 Mar 2022 08:55:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288226.488767; Thu, 10 Mar 2022 08:55:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaI-0008JA-3a; Thu, 10 Mar 2022 08:55:46 +0000 Received: by outflank-mailman (input) for mailman id 288226; Thu, 10 Mar 2022 08:55:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaG-0008J0-QQ for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaG-00050i-Pp for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEaG-0004IR-Ow for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kMf9QuHLwKa0YW/DgJwnfTgwwYgRS9zlW94OLYEd7ns=; b=xbwqzla9pF5FatjBUb7TE/1Fcn scJU2evF3g0DKyhJM2xGzwNKsvDliUJuj4EiX9tfs0sxNOmxFG/LeDC3dxZfy+I6GXLvQM5Pq/Fzy n7Bgz0m2OtZ/4DikE6u2gXQzyInRIo4oY27DWEdSQFzJEPhKHgmARmNrhAAX4xgKTq5A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xz: validate the value before assigning it to an enum variable Message-Id: Date: Thu, 10 Mar 2022 08:55:44 +0000 commit ee4d66242eef4d4c4215a432dece577093bfcbbc Author: Lasse Collin AuthorDate: Thu Mar 10 09:47:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:47:26 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b7a8c15c5b..3a346b629a 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret __init dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:55:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:55:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288227.488770 (Exim 4.92) (envelope-from ) id 1nSEaS-0008MR-7p; Thu, 10 Mar 2022 08:55:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288227.488770; Thu, 10 Mar 2022 08:55:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaS-0008MJ-52; Thu, 10 Mar 2022 08:55:56 +0000 Received: by outflank-mailman (input) for mailman id 288227; Thu, 10 Mar 2022 08:55:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaR-0008M5-7b for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaR-00050s-6v for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEaR-0004Jn-5m for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:55:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QBbZ2p+MNSytpqGah6wHYrr8SZ327855OCAxU8DAaVE=; b=ZhfJY5TJIRfQLWx0cWfOyIrSu2 mCtua0luEsKUkyyP9kBFsjjq2B5boDQOgRN9C0WVinpE1lZSTr+2oEvv76S+uLER464aQGLYek73C ODncdal6BKWQa05c8XrPYO0wCWXLKUuzr7BXOvLtWJS5HSZ8bltfqihcsyGuFt03hvyY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/console: process softirqs between warning prints Message-Id: Date: Thu, 10 Mar 2022 08:55:55 +0000 commit b4632c9cf57e79d4d9e0f8befd6a79d1d61b1cab Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:50:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:50:26 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:56:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:56:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288228.488775 (Exim 4.92) (envelope-from ) id 1nSEac-0008PH-9N; Thu, 10 Mar 2022 08:56:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288228.488775; Thu, 10 Mar 2022 08:56:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEac-0008P9-6W; Thu, 10 Mar 2022 08:56:06 +0000 Received: by outflank-mailman (input) for mailman id 288228; Thu, 10 Mar 2022 08:56:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEab-0008Ow-Bm for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEab-00051F-B6 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEab-0004Kr-99 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dJ3i3xIca1Ubj84bTUYCEMSJ6I+xkbox75W2D66mIPU=; b=JeQXZRgzh1EhwATg/3IgGnSfLL RWRihEry5ejQq8nB6ACf4lX5mBiTXO9uSuJIEiQ5QxSTw0LRJpNSWTR6lNQh+bGxYXtXRoY9dtqyq NrWR52FUwV+KKrFBp1Sm1c4jdFNBvuPOwhueuG21Uy/2XvBgg3RyZQs6ORWPYsDpzPYA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Thu, 10 Mar 2022 08:56:05 +0000 commit ef27037d430b662ff6eeb9eda02595e644056905 Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:50:44 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:50:44 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 0c64268f66..93b5093920 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1135,17 +1135,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:56:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:56:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288229.488780 (Exim 4.92) (envelope-from ) id 1nSEam-0008U7-C4; Thu, 10 Mar 2022 08:56:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288229.488780; Thu, 10 Mar 2022 08:56:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEam-0008Tz-7z; Thu, 10 Mar 2022 08:56:16 +0000 Received: by outflank-mailman (input) for mailman id 288229; Thu, 10 Mar 2022 08:56:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEal-0008To-F7 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEal-00051P-ED for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEal-0004Lg-DS for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HZjs6x6lYCIRxskMk8E/+EBz4jbO5T+7qKU+cxZU2FM=; b=uLCqkN62t1x6Zh5R6q4zED6RPq LbzdqqlsYVYjC7CrskehT7t0AXJer5aSeLf63rH9arKUC/9Se9l5Fuj0eDT2GTQOxCFbScXkxgd86 VAbbr+86HsSwsoYQeiQNR4+3d9BdOE/fwzPdX3IDmU6cSpRSodElaaln6u2iROp9FazE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Thu, 10 Mar 2022 08:56:15 +0000 commit a12402e4d0ecdad6f7d9289c4c3e2abe82178051 Author: Lasse Collin AuthorDate: Thu Mar 10 09:51:12 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:51:12 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index cf25c9fc8e..3676a2ab0c 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 44fe79bc30..3c086732c8 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t INIT dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 08:56:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 08:56:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288230.488783 (Exim 4.92) (envelope-from ) id 1nSEaw-00005T-F3; Thu, 10 Mar 2022 08:56:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288230.488783; Thu, 10 Mar 2022 08:56:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEaw-00005L-C5; Thu, 10 Mar 2022 08:56:26 +0000 Received: by outflank-mailman (input) for mailman id 288230; Thu, 10 Mar 2022 08:56:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEav-00005B-IE for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSEav-00051Z-HV for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSEav-0004MH-GS for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 08:56:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ivdWPCqA+55AUKQ7bfU6qe6powfxZyhZP+x/GmjWZV8=; b=RJ496owm+YwuvTp2ARJjnvpKoP CwoDY/uLcqhcHUpbD5jQvt2WNyGMaD3HbZmunMFOipoQ/ilog77ce2VqSwSTWfggxtxBbQjJ1r+JA BwqciV2/NSVmQJwC2b7EFQ80KcAmVBAE4dmcwFFGg1YeIs3M5RXUzqLb0+tg1fYv41G8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xz: validate the value before assigning it to an enum variable Message-Id: Date: Thu, 10 Mar 2022 08:56:25 +0000 commit cd751c09a5bab9f3529901fbe4d867ad7d52e89d Author: Lasse Collin AuthorDate: Thu Mar 10 09:51:29 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:51:29 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b8b566307c..e921d46abc 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret INIT dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288275.488875 (Exim 4.92) (envelope-from ) id 1nSGH5-0006OF-BI; Thu, 10 Mar 2022 10:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288275.488875; Thu, 10 Mar 2022 10:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGH5-0006O7-8K; Thu, 10 Mar 2022 10:44:03 +0000 Received: by outflank-mailman (input) for mailman id 288275; Thu, 10 Mar 2022 10:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGH3-0006O0-PO for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGH3-00070E-Nj for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGH3-0004Q8-Mi for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2I8oJENYmeRasoPPDS3fz/btDCrCR7kFo8MWGDcgWMU=; b=z/5SsBv0G/lDnd3x9cWw1VRypu BgfhQGxLUYbL54h6rqOcGtZL/G278jAsyU2vYdB7AtZaxNFbXfTrY2FsK9rKnjKCTW8kNUzYxos7n UX5ZENWjcYy2l/HyFpsKwd34qfXNUjmbhh+Vl+ODWcZ98hB0s2+EhoNw8Mgu+734D+YQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Introduce new Arm processors Message-Id: Date: Thu, 10 Mar 2022 10:44:01 +0000 commit 35d1b85a6b43483f6bd007d48757434e54743e98 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/include/asm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/arch/arm/include/asm/processor.h b/xen/arch/arm/include/asm/processor.h index 8ab2940f68..852b5f3c24 100644 --- a/xen/arch/arm/include/asm/processor.h +++ b/xen/arch/arm/include/asm/processor.h @@ -65,6 +65,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -72,11 +73,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -84,6 +94,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288276.488879 (Exim 4.92) (envelope-from ) id 1nSGHF-0006QS-Cc; Thu, 10 Mar 2022 10:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288276.488879; Thu, 10 Mar 2022 10:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHF-0006QK-9k; Thu, 10 Mar 2022 10:44:13 +0000 Received: by outflank-mailman (input) for mailman id 288276; Thu, 10 Mar 2022 10:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHD-0006QA-Tm for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHD-00070e-R2 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGHD-0004Qq-Q4 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vrKoqc929oJsPihTU5OHmQbtwaHU7r4U9Yl7IY8TSHQ=; b=MjMuxqbPJ+fUVnE617QIKqsow0 iqQMAC972TlkLClCqVPiz2x2p2S3Zjpa8MiUcXNZRaXWZitXf301qxr7/9VFUf6VoEIpr+7D000H5 TJvg4z+PdtgyiZiK+DGRMekcIq6vzsrmeM+PJ5AMZZnM8nyyOH2+nQ4BrdOWwVVSKyjQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: move errata CSV2 check earlier Message-Id: Date: Thu, 10 Mar 2022 10:44:11 +0000 commit 599616d70eb886b9ad0ef9d6b51693ce790504ba Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index b398d480f1..00f9ebe9ce 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -167,6 +160,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288277.488883 (Exim 4.92) (envelope-from ) id 1nSGHP-0006TE-EB; Thu, 10 Mar 2022 10:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288277.488883; Thu, 10 Mar 2022 10:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHP-0006T6-BB; Thu, 10 Mar 2022 10:44:23 +0000 Received: by outflank-mailman (input) for mailman id 288277; Thu, 10 Mar 2022 10:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHN-0006So-Uy for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHN-00070x-UC for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGHN-0004RR-TI for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aY4tIfqNJSIcFqbqVyS8BuL/gaczRdEVjvFuuh+0Bwk=; b=uUSQJ03+GuMnhPWwUNC2MLDC6o CVQzGd9OkeN7qxc2+qTeB4VP7Rn/pMo5bzk3fLl52D92M+c9EB1MlkAXoddmYpLLD2u6rN2wWwbLy fyFEM2rlKQ42qiZ0o6/4Y0KFttb395pgpudpnkkuJfcSs4r7qXmmIdHjIe2CbAfFDD+A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Thu, 10 Mar 2022 10:44:21 +0000 commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall --- xen/arch/arm/cpufeature.c | 1 + xen/arch/arm/include/asm/arm64/sysregs.h | 7 +++++++ xen/arch/arm/include/asm/cpufeature.h | 11 +++++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 6e51f530a8..a58965f7b9 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -122,6 +122,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG(ID_AA64ISAR2_EL1); c->zfr64.bits[0] = READ_SYSREG(ID_AA64ZFR0_EL1); diff --git a/xen/arch/arm/include/asm/arm64/sysregs.h b/xen/arch/arm/include/asm/arm64/sysregs.h index d7e4772f21..eac08ed33f 100644 --- a/xen/arch/arm/include/asm/arm64/sysregs.h +++ b/xen/arch/arm/include/asm/arm64/sysregs.h @@ -84,6 +84,9 @@ #ifndef ID_DFR1_EL1 #define ID_DFR1_EL1 S3_0_C0_C3_5 #endif +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif /* ID registers (imported from arm64/include/asm/sysreg.h in Linux) */ @@ -139,6 +142,9 @@ #define ID_AA64ISAR1_GPI_NI 0x0 #define ID_AA64ISAR1_GPI_IMP_DEF 0x1 +/* id_aa64isar2 */ +#define ID_AA64ISAR2_CLEARBHB_SHIFT 28 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 @@ -232,6 +238,7 @@ #define ID_AA64MMFR0_PARANGE_52 0x6 /* id_aa64mmfr1 */ +#define ID_AA64MMFR1_ECBHB_SHIFT 60 #define ID_AA64MMFR1_ETS_SHIFT 36 #define ID_AA64MMFR1_TWED_SHIFT 32 #define ID_AA64MMFR1_XNX_SHIFT 28 diff --git a/xen/arch/arm/include/asm/cpufeature.h b/xen/arch/arm/include/asm/cpufeature.h index 8a5afbaf0b..db126508f1 100644 --- a/xen/arch/arm/include/asm/cpufeature.h +++ b/xen/arch/arm/include/asm/cpufeature.h @@ -243,14 +243,15 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; unsigned long __res3:64; }; } mm64; union { - register_t bits[2]; + register_t bits[3]; struct { /* ISAR0 */ unsigned long __res0:4; @@ -286,6 +287,12 @@ struct cpuinfo_arm { unsigned long dgh:4; unsigned long i8mm:4; unsigned long __res2:8; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; }; } isa64; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288278.488887 (Exim 4.92) (envelope-from ) id 1nSGHZ-0006Wd-Fg; Thu, 10 Mar 2022 10:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288278.488887; Thu, 10 Mar 2022 10:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHZ-0006WV-Ch; Thu, 10 Mar 2022 10:44:33 +0000 Received: by outflank-mailman (input) for mailman id 288278; Thu, 10 Mar 2022 10:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHY-0006WI-20 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHY-000718-1B for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGHY-0004S9-0C for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pHLUYj33Bk9uRSR+8j9vKGF8TFd9lakXIbZxg1WD7IQ=; b=rtsSpxj+OaFLiQzdCRhTnP3Yyd mQNDa2IU4dOyrmGBCSSVtterRyXqVS57Akweys3WFF9d83uSJFg5gTH1RRhXxHZSltbO+bSZGyvmP rmXuJ15PhkT366ThkMcYaEw+/WmO6ws9MXG8jG8RFBm/h3K3QpHqzuAQDqkg5XS3Rj2w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Add Spectre BHB handling Message-Id: Date: Thu, 10 Mar 2022 10:44:32 +0000 commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall --- xen/arch/arm/arm64/bpi.S | 32 +++++- xen/arch/arm/cpuerrata.c | 170 ++++++++++++++++++++++++++++++-- xen/arch/arm/include/asm/arm64/macros.h | 5 + xen/arch/arm/include/asm/cpufeature.h | 6 +- xen/arch/arm/include/asm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 00f9ebe9ce..ae649d16ef 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -176,8 +185,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -187,6 +196,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -446,19 +542,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/arch/arm/include/asm/arm64/macros.h b/xen/arch/arm/include/asm/arm64/macros.h index 5ad66efd6b..140e223b4c 100644 --- a/xen/arch/arm/include/asm/arm64/macros.h +++ b/xen/arch/arm/include/asm/arm64/macros.h @@ -27,6 +27,11 @@ sb .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/arch/arm/include/asm/cpufeature.h b/xen/arch/arm/include/asm/cpufeature.h index db126508f1..f7368766c0 100644 --- a/xen/arch/arm/include/asm/cpufeature.h +++ b/xen/arch/arm/include/asm/cpufeature.h @@ -63,8 +63,12 @@ #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 #define ARM64_WORKAROUND_REPEAT_TLBI 11 +#define ARM_WORKAROUND_BHB_LOOP_8 12 +#define ARM_WORKAROUND_BHB_LOOP_24 13 +#define ARM_WORKAROUND_BHB_LOOP_32 14 +#define ARM_WORKAROUND_BHB_SMCC_3 15 -#define ARM_NCAPS 12 +#define ARM_NCAPS 16 #ifndef __ASSEMBLY__ diff --git a/xen/arch/arm/include/asm/smccc.h b/xen/arch/arm/include/asm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/arch/arm/include/asm/smccc.h +++ b/xen/arch/arm/include/asm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288279.488891 (Exim 4.92) (envelope-from ) id 1nSGHj-0006a8-J9; Thu, 10 Mar 2022 10:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288279.488891; Thu, 10 Mar 2022 10:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHj-0006Zy-Fu; Thu, 10 Mar 2022 10:44:43 +0000 Received: by outflank-mailman (input) for mailman id 288279; Thu, 10 Mar 2022 10:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHi-0006Zl-4x for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHi-00071b-4G for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGHi-0004T5-3O for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sSZxpH3MMQChh9CY2xL1MWqsQ9zvdqM5SlLZaM66sXo=; b=mZzBt7Tqu7KXaBh7aqvNHuJ72s w6mSYc8+bra4HAd96SOBc6kde6AMJ+0vFgpZ9oKf1ikwgupH7DfKatM1/xxtk9DMokPzx1xmcIsYV AkaSku1OujaFOOKUCwbhw54lrdlqjNaWAKe0hUJ5QC/aesXJ9d2AFMyVwdAtQM1c0N20=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Thu, 10 Mar 2022 10:44:42 +0000 commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 8c48087256..95f1a92684 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -365,16 +365,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -383,10 +393,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 10:44:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 10:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288280.488894 (Exim 4.92) (envelope-from ) id 1nSGHt-0006cx-KE; Thu, 10 Mar 2022 10:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288280.488894; Thu, 10 Mar 2022 10:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHt-0006cp-HL; Thu, 10 Mar 2022 10:44:53 +0000 Received: by outflank-mailman (input) for mailman id 288280; Thu, 10 Mar 2022 10:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHs-0006cc-8D for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSGHs-00071n-7Z for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSGHs-0004Tq-6V for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 10:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Gp0wn38Ysq1PYN95wqvqjc4vcm2XPfT19OfbT13iTJ8=; b=DQdxaiLaqf+zGdzBLeFPWusHvC yBAlQMBqmW5pUkcSrpkvJaD0dfLwwbdZXkefLk8/Nd/xZpa3o0/XTlLuk4QNsiUW2+cwDpXpbXblR 63v//x4lx+WQi3DkbYgN0ODRja7+oi2p+4OxnvSDBnltZ/uLaQf2Gb0ocWCzlj/rnMWg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Thu, 10 Mar 2022 10:44:52 +0000 commit 8d03080d2a339840d3a59e0932a94f804e45110d Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 16:38:02 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index eda92ce29e..1dc7e1ca07 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2297,9 +2297,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 12bf1c5722..1408e4c7ab 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -947,10 +952,23 @@ void __init init_speculation_mitigations(void) * First, disable the use of retpolines if Xen is using CET. Retpolines * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends * on executing indirect branches for the safety properties to apply. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( (read_cr4() & X86_CR4_CET) && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( read_cr4() & X86_CR4_CET ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -970,16 +988,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 17:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 17:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288584.489409 (Exim 4.92) (envelope-from ) id 1nSN0D-0007Bo-RS; Thu, 10 Mar 2022 17:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288584.489409; Thu, 10 Mar 2022 17:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0D-0007Bg-Od; Thu, 10 Mar 2022 17:55:05 +0000 Received: by outflank-mailman (input) for mailman id 288584; Thu, 10 Mar 2022 17:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0C-0007BX-6z for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0C-0006dG-3b for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSN0C-0007OG-21 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gbTRcwJYerSgjqbXpnz/jdXm8WnfHLeJ77Y28Eyoozg=; b=pAy+R/MGM7KlxuSxPymYXGkDLo /p2Wrap3rXVI2IOmRbKiAixPEQ2V8o9MJqE1XVmnulC5SZcz+5vLNgyAUUpc9ueeyHZaBTtqLy8km tNNCarNOWe4r390S26DBWwkmCuoLJN5lkFpTqHfDew4LYtg4psO1J+Wdm0aonm4dqu8E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm64: Zero the top 32 bits of gp registers on entry... Message-Id: Date: Thu, 10 Mar 2022 17:55:04 +0000 commit 04c7cc2b79053e7d358631d3450bf1b35fbc5f8d Author: Michal Orzel AuthorDate: Fri Dec 17 08:21:59 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:19 2022 -0800 xen/arm64: Zero the top 32 bits of gp registers on entry... to hypervisor when switching from AArch32 state. According to section D1.20.2 of Arm Arm(DDI 0487A.j): "If the general-purpose register was accessible from AArch32 state the upper 32 bits either become zero, or hold the value that the same architectural register held before any AArch32 execution. The choice between these two options is IMPLEMENTATION DEFINED" Currently Xen does not ensure that the top 32 bits are zeroed and this needs to be fixed. The reason why is that there are places in Xen where we assume that top 32bits are zero for AArch32 guests. If they are not, this can lead to misinterpretation of Xen regarding what the guest requested. For example hypercalls returning an error encoded in a signed long like do_sched_op, do_hmv_op, do_memory_op would return -ENOSYS if the command passed as the first argument was clobbered. Create a macro clobber_gp_top_halves to clobber top 32 bits of gp registers when hyp == 0 (guest mode) and compat == 1 (AArch32 mode). Add a compile time check to ensure that save_x0_x1 == 1 if compat == 1. Signed-off-by: Michal Orzel [julieng: Tweak the comment in clobber_gp_top_halves] Acked-by: Julien Grall (cherry picked from commit 32365f3476ac4655f2f26111cd7879912808cd77) --- xen/arch/arm/arm64/entry.S | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index cf7b9d826f..95f1a92684 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -102,6 +102,30 @@ .endif .endm + +/* + * Clobber top 32 bits of gp registers when switching from AArch32 + */ + .macro clobber_gp_top_halves, compat, save_x0_x1 + + .if \compat == 1 /* AArch32 mode */ + + /* + * At the moment, no-one is using save_x0_x1 == 0 with compat == 1. + * So the code is not handling it to simplify the implementation. + */ + .if \save_x0_x1 == 0 + .error "save_x0_x1 is 0 but compat is 1" + .endif + + .irp n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 + mov w\n, w\n + .endr + + .endif + + .endm + /* * Save state on entry to hypervisor, restore on exit * @@ -111,6 +135,11 @@ */ .macro entry, hyp, compat, save_x0_x1=1 sub sp, sp, #(UREGS_SPSR_el1 - UREGS_LR) /* CPSR, PC, SP, LR */ + + .if \hyp == 0 /* Guest mode */ + clobber_gp_top_halves compat=\compat, save_x0_x1=\save_x0_x1 + .endif + push x28, x29 push x26, x27 push x24, x25 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 17:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 17:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288585.489414 (Exim 4.92) (envelope-from ) id 1nSN0N-0007E6-T7; Thu, 10 Mar 2022 17:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288585.489414; Thu, 10 Mar 2022 17:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0N-0007Dy-QA; Thu, 10 Mar 2022 17:55:15 +0000 Received: by outflank-mailman (input) for mailman id 288585; Thu, 10 Mar 2022 17:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0M-0007Dk-7K for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0M-0006f0-6b for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSN0M-0007P5-5e for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HXJP/jYGzmGERbJqjdDp08GlX8rcJygbgMyvoqgZALw=; b=O7pVfqvKX9GPGpdI09EmGVnc1k HHHw2uxWc8oLHt910mMcfLUTUg/RsGzT8RNaRHKc6Xaw1U9vZ4XaD48OqsoQ1SOzC3N+B8vi1Z+Q0 b4t0XPTVMTS9FSrQOMBsBxwItymmaCKMAi2RJP69YAFJXZIoAVo6GSlCU6YW9/bcYOm0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/arm: increase memory banks number define value Message-Id: Date: Thu, 10 Mar 2022 17:55:14 +0000 commit 81e6eabbfeab554db192ae6f0d1de8179daab2f0 Author: Luca Fancellu AuthorDate: Thu Dec 16 14:43:19 2021 -0800 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:35 2022 -0800 xen/arm: increase memory banks number define value Currently the maximum number of memory banks (NR_MEM_BANKS define) is fixed to 128, but on some new platforms that have a large amount of memory, this value is not enough and prevents Xen from booting. Increase the value to 256. Signed-off-by: Luca Fancellu Reviewed-by: Stefano Stabellini (cherry picked from commit f1f38e26c3669f5e4583c3756f213c167d19651a) --- xen/include/asm-arm/setup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/asm-arm/setup.h b/xen/include/asm-arm/setup.h index 95da0b7ab9..07daf160dc 100644 --- a/xen/include/asm-arm/setup.h +++ b/xen/include/asm-arm/setup.h @@ -6,7 +6,7 @@ #define MIN_FDT_ALIGN 8 #define MAX_FDT_SIZE SZ_2M -#define NR_MEM_BANKS 128 +#define NR_MEM_BANKS 256 #define MAX_MODULES 32 /* Current maximum useful modules */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 17:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 17:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288586.489418 (Exim 4.92) (envelope-from ) id 1nSN0X-0007Hk-Ul; Thu, 10 Mar 2022 17:55:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288586.489418; Thu, 10 Mar 2022 17:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0X-0007HZ-Rd; Thu, 10 Mar 2022 17:55:25 +0000 Received: by outflank-mailman (input) for mailman id 288586; Thu, 10 Mar 2022 17:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0W-0007HD-AP for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSN0W-0006fG-9a for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSN0W-0007Q3-8i for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 17:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Uayz2DJBOp9qgV2rX/qXN6KATebdAqk3V5Yy+x/c5hY=; b=631Iq+tRUJuPTO5Q2OCxfcWbPQ W6lu3gjsLFRPe8+1uSmrtf8GZYxadODZJXnQH7/d6geMAaKx+eSGsxAlCfa+d3+qLwjktlWdZFbSa E4XBA4TXuYAqWhqN9sOXDLCyDGWTZ1vZTnyNsh31kY5yQuRvlHrkjMYmf29z9mG4v7v4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] arm/efi: Handle Xen bootargs from both xen.cfg and DT Message-Id: Date: Thu, 10 Mar 2022 17:55:24 +0000 commit cfd29b83a26f35f49f074f06169ce4cadfdebf0d Author: Luca Fancellu AuthorDate: Mon Dec 13 11:48:54 2021 +0000 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:53 2022 -0800 arm/efi: Handle Xen bootargs from both xen.cfg and DT Currently the Xen UEFI stub can accept Xen boot arguments from the Xen configuration file using the "options=" keyword, but also directly from the device tree specifying xen,xen-bootargs property. When the configuration file is used, device tree boot arguments are ignored and overwritten even if the keyword "options=" is not used. This patch handle this case, so if the Xen configuration file is not specifying boot arguments, the device tree boot arguments will be used, if they are present. Signed-off-by: Luca Fancellu Reviewed-by: Stefano Stabellini (cherry picked from commit f3999bc2e099c571e4583bff8f494b834b2f5f76) --- docs/misc/efi.pandoc | 4 ++++ xen/arch/arm/efi/efi-boot.h | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc index abafb34527..71fdc316b6 100644 --- a/docs/misc/efi.pandoc +++ b/docs/misc/efi.pandoc @@ -249,6 +249,10 @@ UEFI stub for module loading. When adding DomU modules to device tree, also add the property xen,uefi-cfg-load under chosen for Xen to load the Xen config file. Otherwise, Xen will skip the config file and rely on device tree alone. +When using the Xen configuration file in conjunction with the device tree, you +can specify the Xen boot arguments in the configuration file with the "options=" +keyword or in the device tree with the "xen,xen-bootargs" property, but be +aware that the Xen configuration file value has a precedence over the DT value. Example 1 of how to boot a true dom0less configuration: diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index 458cfbbed4..9f26798239 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -514,11 +514,26 @@ static void __init efi_arch_handle_cmdline(CHAR16 *image_name, if ( cfgfile_options ) { + PrintMessage(L"Using bootargs from Xen configuration file."); prop_len += snprintf(buf + prop_len, EFI_PAGE_SIZE - prop_len, " %s", cfgfile_options); if ( prop_len >= EFI_PAGE_SIZE ) blexit(L"FDT string overflow"); } + else + { + /* Get xen,xen-bootargs in /chosen if it is specified */ + const char *dt_bootargs_prop = fdt_getprop(fdt, chosen, + "xen,xen-bootargs", NULL); + if ( dt_bootargs_prop ) + { + PrintMessage(L"Using bootargs from device tree."); + prop_len += snprintf(buf + prop_len, EFI_PAGE_SIZE - prop_len, + " %s", dt_bootargs_prop); + if ( prop_len >= EFI_PAGE_SIZE ) + blexit(L"FDT string overflow"); + } + } if ( cmdline_options ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 18:55:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 18:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288603.489455 (Exim 4.92) (envelope-from ) id 1nSNwI-0006Dj-3a; Thu, 10 Mar 2022 18:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288603.489455; Thu, 10 Mar 2022 18:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwI-0006Db-0d; Thu, 10 Mar 2022 18:55:06 +0000 Received: by outflank-mailman (input) for mailman id 288603; Thu, 10 Mar 2022 18:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwG-0006DV-Td for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwG-0007j0-O6 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSNwG-0003Q0-N5 for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EYHQSZ2QeJvvBHQWMM277jUUbXePAScyKSTuajVYv34=; b=lG2seFE1ChkC2I6NQ00tWi0uX/ 3xtZrgqPgpGZkMhUV+OCBTrGuUdTFwxUO4WxWKahuBfkbAms6HPimihK20wxKAgH8cQMVMGJJSUAW aFYhdBSIWdncFX5HQi1yMNvQc3rizi0EZviNjlMk+QxiBOqngIyjoNzLQoa5EaLrx8wk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Thu, 10 Mar 2022 18:55:04 +0000 commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346 Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 003222c0f1..99089f77a7 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -187,16 +187,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 751a9efcaf..1dd0c9aad8 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 18:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 18:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288604.489459 (Exim 4.92) (envelope-from ) id 1nSNwS-0006Fq-57; Thu, 10 Mar 2022 18:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288604.489459; Thu, 10 Mar 2022 18:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwS-0006Fi-2A; Thu, 10 Mar 2022 18:55:16 +0000 Received: by outflank-mailman (input) for mailman id 288604; Thu, 10 Mar 2022 18:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwQ-0006FY-SC for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwQ-0007kg-RN for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSNwQ-0003Qf-QW for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Oq1MVfOwsM2w3kr/ILg4qF6Cw7jh93PLbHp95ZI2JBM=; b=N7kyjvZkOsGFfzAAAP0tbTD4t4 yKaN17syipNn4Ri01eULfZ0SBCy2nfmtO/8aLTdGbQTqrEJ4JKDqRa+OYzQezgmLKA4/F4zsFpQgk 3s4fFP8AgVdg6rr4kf1Kxy44VnCJIVrXtikDcxeBh5od3RA4A5r6H/lZjh/67ItYOirA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/build: put image header into a separate section Message-Id: Date: Thu, 10 Mar 2022 18:55:14 +0000 commit 4267a33b19d43c988fd4535093c426aa2aec70a1 Author: Roger Pau Monne AuthorDate: Wed Mar 9 13:28:45 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 xen/build: put image header into a separate section So it can be explicitly placed ahead of the rest of the .text content in the linker script (and thus the resulting image). This is a prerequisite for further work that will add a catch-all to the text section (.text.*). Note that placement of the sections inside of .text is also slightly adjusted to be more similar to the position found in the default GNU ld linker script. The special handling of the object file containing the header data as the first object file passed to the linker command line can also be removed. While there also remove the special handling of efi/ on x86. There's no need for the resulting object file to be passed in any special order to the linker. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/arch.mk | 2 -- xen/arch/arm/arm32/Makefile | 3 +-- xen/arch/arm/arm32/head.S | 1 + xen/arch/arm/arm64/Makefile | 3 +-- xen/arch/arm/arm64/head.S | 1 + xen/arch/arm/xen.lds.S | 8 ++++++-- xen/arch/x86/Makefile | 5 ++--- xen/arch/x86/arch.mk | 2 -- xen/arch/x86/boot/head.S | 2 +- xen/arch/x86/xen.lds.S | 11 +++++++---- 10 files changed, 20 insertions(+), 18 deletions(-) diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index 094b670723..58db76c4e1 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -23,5 +23,3 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) LDFLAGS += --fix-cortex-a53-843419 endif endif - -ALL_OBJS-y := arch/arm/$(TARGET_SUBARCH)/head.o $(ALL_OBJS-y) diff --git a/xen/arch/arm/arm32/Makefile b/xen/arch/arm/arm32/Makefile index 3040eabce3..520fb42054 100644 --- a/xen/arch/arm/arm32/Makefile +++ b/xen/arch/arm/arm32/Makefile @@ -4,11 +4,10 @@ obj-$(CONFIG_EARLY_PRINTK) += debug.o obj-y += domctl.o obj-y += domain.o obj-y += entry.o +obj-y += head.o obj-y += insn.o obj-$(CONFIG_LIVEPATCH) += livepatch.o obj-y += proc-v7.o proc-caxx.o obj-y += smpboot.o obj-y += traps.o obj-y += vfp.o - -extra-y += head.o diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 7a906167ef..c837d3054c 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -120,6 +120,7 @@ #endif /* !CONFIG_EARLY_PRINTK */ + .section .text.header, "ax", %progbits .arm /* diff --git a/xen/arch/arm/arm64/Makefile b/xen/arch/arm/arm64/Makefile index baa87655fa..6d507da0d4 100644 --- a/xen/arch/arm/arm64/Makefile +++ b/xen/arch/arm/arm64/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_EARLY_PRINTK) += debug.o obj-y += domctl.o obj-y += domain.o obj-y += entry.o +obj-y += head.o obj-y += insn.o obj-$(CONFIG_LIVEPATCH) += livepatch.o obj-y += smc.o @@ -14,5 +15,3 @@ obj-y += smpboot.o obj-y += traps.o obj-y += vfp.o obj-y += vsysreg.o - -extra-y += head.o diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 66d862fc81..e62c48ec1c 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -133,6 +133,7 @@ add \xb, \xb, x20 .endm + .section .text.header, "ax", %progbits /*.aarch64*/ /* diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 08016948ab..743455a5f9 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -30,9 +30,13 @@ SECTIONS _start = .; .text : { _stext = .; /* Text section */ - *(.text) + *(.text.header) + *(.text.cold) - *(.text.unlikely) + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + + *(.text) + *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9c40e0b4d7..04065a7310 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -1,5 +1,7 @@ obj-y += acpi/ +obj-y += boot/ obj-y += cpu/ +obj-y += efi/ obj-y += genapic/ obj-$(CONFIG_GUEST) += guest/ obj-$(CONFIG_HVM) += hvm/ @@ -77,9 +79,6 @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif -# Allows "clean" to descend into boot/ -subdir- += boot - extra-y += asm-macros.i extra-y += xen.lds diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 8e57476d65..c90e56aeab 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -117,5 +117,3 @@ endif # Set up the assembler include path properly for older toolchains. CFLAGS += -Wa,-I$(srctree)/include - -ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index dd1bea0d10..92d73345f0 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -9,7 +9,7 @@ #include #include - .text + .section .text.header, "ax", @progbits .code32 #define sym_offs(sym) ((sym) - __XEN_VIRT_START) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 506bc8e404..960c51eb4c 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -73,9 +73,7 @@ SECTIONS _start = .; DECL_SECTION(.text) { _stext = .; /* Text and read-only data */ - *(.text) - *(.text.__x86_indirect_thunk_*) - *(.text.page_aligned) + *(.text.header) . = ALIGN(PAGE_SIZE); _stextentry = .; @@ -87,7 +85,12 @@ SECTIONS kexec_reloc_end = .; *(.text.cold) - *(.text.unlikely) + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + + *(.text) + *(.text.__x86_indirect_thunk_*) + *(.text.page_aligned) + *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 10 18:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 10 Mar 2022 18:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288605.489463 (Exim 4.92) (envelope-from ) id 1nSNwc-0006J1-6d; Thu, 10 Mar 2022 18:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288605.489463; Thu, 10 Mar 2022 18:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwc-0006Ir-3n; Thu, 10 Mar 2022 18:55:26 +0000 Received: by outflank-mailman (input) for mailman id 288605; Thu, 10 Mar 2022 18:55:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwa-0006IU-VT for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSNwa-0007ks-Uj for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSNwa-0003RL-Th for xen-changelog@lists.xenproject.org; Thu, 10 Mar 2022 18:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+XSW4tXhL4PRrRzWsmRNRN5bUkqwUSZdTIuUVpeC+AM=; b=tKNfQVz/ywiZKozuBz88qDtw6f gPJrl6Rtjsx9bVs3O7chqv/bmUcZJ3V5m7qogzIFWre2ATE34qKhv3YUAwKXASfLc1Zw7DWieOt5L wSaWMRuls1YHzXMVGuRM+UroB/758GjO18ZNbLXusFr5GWVxjwA2xzFkcOFU99FbXIBE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: set -f{function,data}-sections compiler option Message-Id: Date: Thu, 10 Mar 2022 18:55:24 +0000 commit 6ff9a7e62b8c43fe3e9d360fbd49d5854787bc39 Author: Roger Pau Monne AuthorDate: Wed Mar 9 13:28:46 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 livepatch: set -f{function,data}-sections compiler option If livepatching support is enabled build the hypervisor with -f{function,data}-sections compiler options, which is required by the livepatching tools to detect changes and create livepatches. This shouldn't result in any functional change on the hypervisor binary image, but does however require some changes in the linker script in order to handle that each function and data item will now be placed into its own section in object files. As a result add catch-all for .text, .data and .bss in order to merge each individual item section into the final image. The main difference will be that .text.startup will end up being part of .text rather than .init, and thus won't be freed. .text.exit will also be part of .text rather than dropped. Overall this could make the image bigger, and package some .text code in a sub-optimal way. On Arm the .data.read_mostly needs to be moved ahead of the .data section like it's already done on x86, so the .data.* catch-all doesn't also include .data.read_mostly. The alignment of .data.read_mostly also needs to be set to PAGE_SIZE so it doesn't end up being placed at the tail of a read-only page from the previous section. While there move the alignment of the .data section ahead of the section declaration, like it's done for other sections. The benefit of having CONFIG_LIVEPATCH enable those compiler option is that the livepatch build tools no longer need to fiddle with the build system in order to enable them. Note the current livepatch tools are broken after the recent build changes due to the way they attempt to set -f{function,data}-sections. Signed-off-by: Roger Pau Monné Acked-by: Julien Grall Reviewed-by: Jan Beulich --- xen/Kconfig | 4 ++++ xen/Makefile | 2 ++ xen/arch/arm/xen.lds.S | 41 +++++++++++++++++++++-------------------- xen/arch/x86/xen.lds.S | 11 ++++++----- xen/common/Kconfig | 1 + 5 files changed, 34 insertions(+), 25 deletions(-) diff --git a/xen/Kconfig b/xen/Kconfig index bcbd2758e5..d134397a0b 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -27,6 +27,10 @@ config CLANG_VERSION config CC_HAS_VISIBILITY_ATTRIBUTE def_bool $(cc-option,-fvisibility=hidden) +# Use -f{function,data}-sections compiler parameters +config CC_SPLIT_SECTIONS + bool + source "arch/$(SRCARCH)/Kconfig" config DEFCONFIG_LIST diff --git a/xen/Makefile b/xen/Makefile index 5c21492d6f..18a4f7e101 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -273,6 +273,8 @@ else CFLAGS += -fomit-frame-pointer endif +CFLAGS-$(CONFIG_CC_SPLIT_SECTIONS) += -ffunction-sections -fdata-sections + CFLAGS += -nostdinc -fno-builtin -fno-common CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith $(call cc-option-add,CFLAGS,CC,-Wvla) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 743455a5f9..7921d8fa28 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -36,6 +36,9 @@ SECTIONS *(.text.unlikely .text.*_unlikely .text.unlikely.*) *(.text) +#ifdef CONFIG_CC_SPLIT_SECTIONS + *(.text.*) +#endif *(.fixup) *(.gnu.warning) @@ -82,10 +85,24 @@ SECTIONS #endif _erodata = .; /* End of read-only data */ + . = ALIGN(PAGE_SIZE); + .data.read_mostly : { + /* Exception table */ + __start___ex_table = .; + *(.ex_table) + __stop___ex_table = .; + + /* Pre-exception table */ + __start___pre_ex_table = .; + *(.ex_table.pre) + __stop___pre_ex_table = .; + + *(.data.read_mostly) + } :text + + . = ALIGN(SMP_CACHE_BYTES); .data : { /* Data */ - . = ALIGN(PAGE_SIZE); *(.data.page_aligned) - *(.data) . = ALIGN(8); __start_schedulers_array = .; *(.data.schedulers) @@ -98,26 +115,10 @@ SECTIONS __paramhypfs_end = .; #endif - *(.data.rel) - *(.data.rel.*) + *(.data .data.*) CONSTRUCTORS } :text - . = ALIGN(SMP_CACHE_BYTES); - .data.read_mostly : { - /* Exception table */ - __start___ex_table = .; - *(.ex_table) - __stop___ex_table = .; - - /* Pre-exception table */ - __start___pre_ex_table = .; - *(.ex_table.pre) - __stop___pre_ex_table = .; - - *(.data.read_mostly) - } :text - . = ALIGN(8); .arch.info : { _splatform = .; @@ -211,7 +212,7 @@ SECTIONS *(.bss.percpu.read_mostly) . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; - *(.bss) + *(.bss .bss.*) . = ALIGN(POINTER_ALIGN); __bss_end = .; } :text diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 960c51eb4c..4103763f63 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -87,9 +87,12 @@ SECTIONS *(.text.cold) *(.text.unlikely .text.*_unlikely .text.unlikely.*) + *(.text.page_aligned) *(.text) +#ifdef CONFIG_CC_SPLIT_SECTIONS + *(.text.*) +#endif *(.text.__x86_indirect_thunk_*) - *(.text.page_aligned) *(.fixup) *(.gnu.warning) @@ -292,9 +295,7 @@ SECTIONS DECL_SECTION(.data) { *(.data.page_aligned) - *(.data) - *(.data.rel) - *(.data.rel.*) + *(.data .data.*) } PHDR(text) DECL_SECTION(.bss) { @@ -309,7 +310,7 @@ SECTIONS *(.bss.percpu.read_mostly) . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; - *(.bss) + *(.bss .bss.*) . = ALIGN(POINTER_ALIGN); __bss_end = .; } PHDR(text) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6443943889..d921c74d61 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -354,6 +354,7 @@ config LIVEPATCH bool "Live patching support" default X86 depends on "$(XEN_HAS_BUILD_ID)" = "y" + select CC_SPLIT_SECTIONS ---help--- Allows a running Xen hypervisor to be dynamically patched using binary patches without rebooting. This is primarily used to binarily -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 02:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 02:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288663.489561 (Exim 4.92) (envelope-from ) id 1nSV5T-0000gE-Kf; Fri, 11 Mar 2022 02:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288663.489561; Fri, 11 Mar 2022 02:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5T-0000g5-HZ; Fri, 11 Mar 2022 02:33:03 +0000 Received: by outflank-mailman (input) for mailman id 288663; Fri, 11 Mar 2022 02:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5S-0000fz-Cr for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5S-0004xJ-C1 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSV5S-0006D3-B4 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iMBVqUS8jvLZlb7kUk6ue9qeadolzUV6CORVSSGffKw=; b=czImjjzyBn3oEIAUOCx+M2V94Z rm5Z7PxuGGm2zht3n1/yi3vauyX2LPaN/dBJNWf8NtvkgtUVBzuC6HvVFV1e5O1XxIUuZBDsOUNK0 pRdlmNq3KNvE8l6gqbEM09s5Kt13ptZk4Nr2IrhiNoMp2tzn5U4MEjpTCM+Lkv/qPu1Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/console: process softirqs between warning prints Message-Id: Date: Fri, 11 Mar 2022 02:33:02 +0000 commit b4632c9cf57e79d4d9e0f8befd6a79d1d61b1cab Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:50:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:50:26 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 02:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 02:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288664.489565 (Exim 4.92) (envelope-from ) id 1nSV5d-0000iC-M3; Fri, 11 Mar 2022 02:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288664.489565; Fri, 11 Mar 2022 02:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5d-0000i4-J2; Fri, 11 Mar 2022 02:33:13 +0000 Received: by outflank-mailman (input) for mailman id 288664; Fri, 11 Mar 2022 02:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5c-0000hs-G3 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5c-0004xQ-FN for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSV5c-0006Dg-EL for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YiGMCEMKqz2lkmZ6yFUAlmVMLJmYpur5LZsRKZQlw2I=; b=ReC7B5x29SJYi6q7ja9QKEhm0p kBCCDmm6rpyOElQgTRPxF1gPs/RfFtHDyBMBqIEmHtnUUggYHg9XwCP9VU2oNiYNnOiyZ48zacMFU yL1hUcvFov5jW1Zs1hV2z+nYwfpQQQCh28ZIr1rjK1RTythMUZywYZ+grHuorcDMtSvM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Fri, 11 Mar 2022 02:33:12 +0000 commit ef27037d430b662ff6eeb9eda02595e644056905 Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:50:44 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:50:44 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 0c64268f66..93b5093920 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1135,17 +1135,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 02:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 02:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288665.489569 (Exim 4.92) (envelope-from ) id 1nSV5n-0000lG-NR; Fri, 11 Mar 2022 02:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288665.489569; Fri, 11 Mar 2022 02:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5n-0000l8-KW; Fri, 11 Mar 2022 02:33:23 +0000 Received: by outflank-mailman (input) for mailman id 288665; Fri, 11 Mar 2022 02:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5m-0000kr-JK for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5m-0004xe-IW for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSV5m-0006EL-HV for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JVALNmsWDxC29KwB5ZOTdfu8nw2TQcayCwUEDUQWU+o=; b=lTdTjgXR/cysZjlL9VM09/MpTZ PzKsOJKoLrlgGQS/VwUkh2Lab9rk4HFmDtzZGASzrg0MR+DSBbGkXgNDTp5AulPeIHROAPo9CxSjb K9fGQ7ual1eBVooh0eGLC1+3pGQZsrUxxqT8tAWmjD8RMTETzIS57khGytNhRC5s+7AI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Fri, 11 Mar 2022 02:33:22 +0000 commit a12402e4d0ecdad6f7d9289c4c3e2abe82178051 Author: Lasse Collin AuthorDate: Thu Mar 10 09:51:12 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:51:12 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index cf25c9fc8e..3676a2ab0c 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 44fe79bc30..3c086732c8 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void INIT dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t INIT dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 02:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 02:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288666.489573 (Exim 4.92) (envelope-from ) id 1nSV5x-0000nv-PD; Fri, 11 Mar 2022 02:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288666.489573; Fri, 11 Mar 2022 02:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5x-0000nn-M2; Fri, 11 Mar 2022 02:33:33 +0000 Received: by outflank-mailman (input) for mailman id 288666; Fri, 11 Mar 2022 02:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5w-0000nf-Mc for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSV5w-0004xq-Lr for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSV5w-0006F5-Km for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 02:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jqJs/nI4ZxRSV2oA3+6ZRzIzQwxIXikxZYDg8HFqi7A=; b=5QsOrGJyeU0BYfEzhYeSFXbc0U uUYn8Bm59bIGjfGraUL5EVUhqV8cKzmqb4qzdkzb7HTB3df3/W/ltzCMKsDSgwqKv6zz72pnxJuwW jEvUq8LkUDu5QP2MSuW/SlAXRvw5UY8S4yKXFqTUcqMBLa2w6JrT/2gmKXfduvt7xcQs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xz: validate the value before assigning it to an enum variable Message-Id: Date: Fri, 11 Mar 2022 02:33:32 +0000 commit cd751c09a5bab9f3529901fbe4d867ad7d52e89d Author: Lasse Collin AuthorDate: Thu Mar 10 09:51:29 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:51:29 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b8b566307c..e921d46abc 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret INIT dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 05:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 05:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288687.489610 (Exim 4.92) (envelope-from ) id 1nSXYM-0000nu-U5; Fri, 11 Mar 2022 05:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288687.489610; Fri, 11 Mar 2022 05:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYM-0000nm-RA; Fri, 11 Mar 2022 05:11:02 +0000 Received: by outflank-mailman (input) for mailman id 288687; Fri, 11 Mar 2022 05:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYM-0000ng-DB for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYM-0008MO-C4 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSXYM-0007zl-B7 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ey+8cws5RAqPSWAh/0VE9VUabqhZoBPIYxLdFIqE0lA=; b=QIYTV6JdVPOOkW2NH+uNUmNcsZ yjrfKwq22LSDvjfF8wHSRxoeFcYGko0plUmJ88Xgnrj1u9/dj7X7wrIAVxzpJul5+jsFn0tBDL1kq ZC/jY95CxEsOAcDQtpOeW4y1JRaJHZpMx0NSJy4HKV93XCPTH8f63M2ZF54ICg5r86IM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VT-d: drop undue address-of from check_cleanup_domid_map() Message-Id: Date: Fri, 11 Mar 2022 05:11:02 +0000 commit b2db518e952c3a8fe5b9ec6a2d007cda73fd05a4 Author: Jan Beulich AuthorDate: Thu Mar 10 09:43:50 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:43:50 2022 +0100 VT-d: drop undue address-of from check_cleanup_domid_map() For an unknown reason I added back the operator while backporting, despite 4.16 having c06e3d810314 ("VT-d: per-domain IOMMU bitmap needs to have dynamic size"). I can only assume that I mistakenly took the 4.15 backport as basis and/or reference. Fixes: fa45f6b5560e ("VT-d: split domid map cleanup check into a function") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/drivers/passthrough/vtd/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index 3b37bad25e..ead12db6a4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -197,7 +197,7 @@ static void check_cleanup_domid_map(struct domain *d, if ( !found ) { - clear_bit(iommu->index, &dom_iommu(d)->arch.vtd.iommu_bitmap); + clear_bit(iommu->index, dom_iommu(d)->arch.vtd.iommu_bitmap); cleanup_domid_map(d, iommu); } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 05:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 05:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288688.489614 (Exim 4.92) (envelope-from ) id 1nSXYW-0000pY-Vj; Fri, 11 Mar 2022 05:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288688.489614; Fri, 11 Mar 2022 05:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYW-0000pQ-Sg; Fri, 11 Mar 2022 05:11:12 +0000 Received: by outflank-mailman (input) for mailman id 288688; Fri, 11 Mar 2022 05:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYW-0000pK-Fx for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYW-0008MS-FD for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSXYW-00080O-EC for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/WaygIEm1cgX2Fy1JSJ8sp7TmFSzKuGqDhaC7+u0moo=; b=g/z6Leam28e6oAec8J0M4Z7eo/ uAPKF/2MEg24xSqOz2CQX45XCS1SiNtmsCVGrM16WtRM6MTf33W8bQx5CJ5SkkhrSC40c7m5KpM/E i0j9W6qopAkwDYyTAEJysToLI2ASdWbTCzybRqCPfG/HBx0d0BtaoEmOH1r0Xuwrbeco=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/console: process softirqs between warning prints Message-Id: Date: Fri, 11 Mar 2022 05:11:12 +0000 commit 99fa2c61ae1d3b83d7ef3c339568102a1252fafa Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:45:27 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:45:27 2022 +0100 x86/console: process softirqs between warning prints Process softirqs while printing end of boot warnings. Each warning can be several lines long, and on slow consoles printing multiple ones without processing softirqs can result in the watchdog triggering: (XEN) [ 22.277806] *************************************************** (XEN) [ 22.417802] WARNING: CONSOLE OUTPUT IS SYNCHRONOUS (XEN) [ 22.556029] This option is intended to aid debugging of Xen by ensuring (XEN) [ 22.696802] that all output is synchronously delivered on the serial line. (XEN) [ 22.838024] However it can introduce SIGNIFICANT latencies and affect (XEN) [ 22.978710] timekeeping. It is NOT recommended for production use! (XEN) [ 23.119066] *************************************************** (XEN) [ 23.258865] Booted on L1TF-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.399560] enabled. Please assess your configuration and choose an (XEN) [ 23.539925] explicit 'smt=' setting. See XSA-273. (XEN) [ 23.678860] *************************************************** (XEN) [ 23.818492] Booted on MLPDS/MFBDS-vulnerable hardware with SMT/Hyperthreading (XEN) [ 23.959811] enabled. Mitigations will not be fully effective. Please (XEN) [ 24.100396] choose an explicit smt= setting. See XSA-297. (XEN) [ 24.240254] *************************************************(XEN) [ 24.247302] Watchdog timer detects that CPU0 is stuck! (XEN) [ 24.386785] ----[ Xen-4.17-unstable x86_64 debug=y Tainted: C ]---- (XEN) [ 24.527874] CPU: 0 (XEN) [ 24.662422] RIP: e008:[] drivers/char/ns16550.c#ns16550_tx_ready+0x3a/0x90 Fixes: ee3fd57acd ('xen: add warning infrastructure') Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich master commit: 6bd1b4d35c05c21a78bf00f610587ce8a75cb5c2 master date: 2022-02-18 09:02:16 +0100 --- xen/common/warning.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/warning.c b/xen/common/warning.c index 0269c6715c..e6e1404baf 100644 --- a/xen/common/warning.c +++ b/xen/common/warning.c @@ -30,6 +30,7 @@ void __init warning_print(void) { printk("%s", warnings[i]); printk("***************************************************\n"); + process_pending_softirqs(); } for ( i = 0; i < 3; i++ ) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 05:11:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 05:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288689.489618 (Exim 4.92) (envelope-from ) id 1nSXYi-0000so-1Y; Fri, 11 Mar 2022 05:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288689.489618; Fri, 11 Mar 2022 05:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYh-0000se-UB; Fri, 11 Mar 2022 05:11:23 +0000 Received: by outflank-mailman (input) for mailman id 288689; Fri, 11 Mar 2022 05:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYg-0000sM-JB for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYg-0008Ml-IP for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSXYg-000819-HS for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KSd70Haa/sHgnbodEGj2dmRibc6A2cdYU/42AR0V5EE=; b=W/vpTgc3zey8RLzhaDg4nCTJ/D LAPTbNdEyONIX3J942dOEhYtir9XYPGkd4695Yk9+c86AKlfVm3zIf4RBuvp73wobS389QRiHYA9g Nqt9LE0BwTK9pJ43TIgazX0oiZddIcn2LCfqnSy68cAf6/Ou315XJnXEh83q8hK6Yalk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] tools/libxl: don't allow IOMMU usage with PoD Message-Id: Date: Fri, 11 Mar 2022 05:11:22 +0000 commit 38fbfddf660de9572b1c906315a345b1470d3a04 Author: Roger Pau Monné AuthorDate: Thu Mar 10 09:46:28 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:46:28 2022 +0100 tools/libxl: don't allow IOMMU usage with PoD Prevent libxl from creating guests that attempts to use PoD together with an IOMMU, even if no devices are actually assigned. While the hypervisor could support using PoD together with an IOMMU as long as no devices are assigned, such usage seems doubtful. There's no guarantee the guest has PoD no longer be active, and thus a later assignment of a PCI device to such domain could fail. Preventing the usage of PoD together with an IOMMU at guest creation avoids having to add checks for active PoD entries in the device assignment paths. Signed-off-by: Roger Pau Monné Reviewed-by: Anthony PERARD master commit: 07449ecfa42532495156fa342af2112e3e31dd3f master date: 2022-02-18 09:03:08 +0100 --- tools/libs/light/libxl_create.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index dcd09d32ba..2890697de8 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1158,17 +1158,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 05:11:34 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 05:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288692.489632 (Exim 4.92) (envelope-from ) id 1nSXYs-0001Bz-CE; Fri, 11 Mar 2022 05:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288692.489632; Fri, 11 Mar 2022 05:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYs-0001Br-97; Fri, 11 Mar 2022 05:11:34 +0000 Received: by outflank-mailman (input) for mailman id 288692; Fri, 11 Mar 2022 05:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYq-0000w1-MH for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXYq-0008N0-LZ for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSXYq-000828-Kf for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bWDL0aGOooga/fKayZRXA1zCEuHiShOVZy1BOrj4plY=; b=rqWzfrfZEuBxZ3U2ysi3pCD/u8 kgl7fUjPlV/IJpenuDZAWNPrl3mfVp1etA1V1xoKQ+fKvjvSB0azuCi1uMxpZw2MwOwJvJBEXJR8J 25jmuKbgvMI9b3FhBw2RAh3wJHpBNBy4uf8EiobYMQJAi67N0mcYVtEWOBJigrUxVdeA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xz: avoid overlapping memcpy() with invalid input with in-place decompression Message-Id: Date: Fri, 11 Mar 2022 05:11:32 +0000 commit 6a6600cebbbe7cc734b388f48aa3475d75916e71 Author: Lasse Collin AuthorDate: Thu Mar 10 09:47:02 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:47:02 2022 +0100 xz: avoid overlapping memcpy() with invalid input with in-place decompression With valid files, the safety margin described in lib/decompress_unxz.c ensures that these buffers cannot overlap. But if the uncompressed size of the input is larger than the caller thought, which is possible when the input file is invalid/corrupt, the buffers can overlap. Obviously the result will then be garbage (and usually the decoder will return an error too) but no other harm will happen when such an over-run occurs. This change only affects uncompressed LZMA2 chunks and so this should have no effect on performance. Link: https://lore.kernel.org/r/20211010213145.17462-2-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 83d3c4f22a36 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 10454f381f9157bce26d5db15e07e857b317b4af master date: 2022-03-07 09:08:08 +0100 --- xen/common/unxz.c | 2 +- xen/common/xz/dec_lzma2.c | 21 +++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/xen/common/unxz.c b/xen/common/unxz.c index 7bfe23f422..3463a39cfd 100644 --- a/xen/common/unxz.c +++ b/xen/common/unxz.c @@ -127,7 +127,7 @@ * memeq and memzero are not used much and any remotely sane implementation * is fast enough. memcpy/memmove speed matters in multi-call mode, but * the kernel image is decompressed in single-call mode, in which only - * memcpy speed can matter and only if there is a lot of uncompressible data + * memmove speed can matter and only if there is a lot of uncompressible data * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the * functions below should just be kept small; it's probably not worth * optimizing for speed. diff --git a/xen/common/xz/dec_lzma2.c b/xen/common/xz/dec_lzma2.c index 6b07722e3c..53d9f358fe 100644 --- a/xen/common/xz/dec_lzma2.c +++ b/xen/common/xz/dec_lzma2.c @@ -387,7 +387,14 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, *left -= copy_size; - memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size); + /* + * If doing in-place decompression in single-call mode and the + * uncompressed size of the file is larger than the caller + * thought (i.e. it is invalid input!), the buffers below may + * overlap and cause undefined behavior with memcpy(). + * With valid inputs memcpy() would be fine here. + */ + memmove(dict->buf + dict->pos, b->in + b->in_pos, copy_size); dict->pos += copy_size; if (dict->full < dict->pos) @@ -397,7 +404,11 @@ static void __init dict_uncompressed(struct dictionary *dict, struct xz_buf *b, if (dict->pos == dict->end) dict->pos = 0; - memcpy(b->out + b->out_pos, b->in + b->in_pos, + /* + * Like above but for multi-call mode: use memmove() + * to avoid undefined behavior with invalid input. + */ + memmove(b->out + b->out_pos, b->in + b->in_pos, copy_size); } @@ -421,6 +432,12 @@ static uint32_t __init dict_flush(struct dictionary *dict, struct xz_buf *b) if (dict->pos == dict->end) dict->pos = 0; + /* + * These buffers cannot overlap even if doing in-place + * decompression because in multi-call mode dict->buf + * has been allocated by us in this file; it's not + * provided by the caller like in single-call mode. + */ memcpy(b->out + b->out_pos, dict->buf + dict->start, copy_size); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 05:11:44 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 05:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288694.489636 (Exim 4.92) (envelope-from ) id 1nSXZ2-0001HW-Dr; Fri, 11 Mar 2022 05:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288694.489636; Fri, 11 Mar 2022 05:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXZ2-0001HM-Au; Fri, 11 Mar 2022 05:11:44 +0000 Received: by outflank-mailman (input) for mailman id 288694; Fri, 11 Mar 2022 05:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXZ0-0001GS-P2 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSXZ0-0008NA-OH for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSXZ0-00082t-Nc for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 05:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uiBmEfEQ7TB7CumBBfDLmdqxCo/2U6D1tMLF/vD+Txw=; b=U257EMiZ1jVEUO7aYNCtaAKcST jDf4LNCeUdlf0hewEc6y3oW2Dbx2XbY2bbSalKxxc2Qh/4KxVpjAs9DjSNxAX/VHs4MNHQ5As1bRt CGF46BqW3I6tWfPQ3jUuR7ZR1loFfn1pK9Y+nYKtePeODgkexJuXiArfnDWcURX93zO0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xz: validate the value before assigning it to an enum variable Message-Id: Date: Fri, 11 Mar 2022 05:11:42 +0000 commit ee4d66242eef4d4c4215a432dece577093bfcbbc Author: Lasse Collin AuthorDate: Thu Mar 10 09:47:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 10 09:47:26 2022 +0100 xz: validate the value before assigning it to an enum variable This might matter, for example, if the underlying type of enum xz_check was a signed char. In such a case the validation wouldn't have caught an unsupported header. I don't know if this problem can occur in the kernel on any arch but it's still good to fix it because some people might copy the XZ code to their own projects from Linux instead of the upstream XZ Embedded repository. This change may increase the code size by a few bytes. An alternative would have been to use an unsigned int instead of enum xz_check but using an enumeration looks cleaner. Link: https://lore.kernel.org/r/20211010213145.17462-3-xiang@kernel.org Signed-off-by: Lasse Collin Signed-off-by: Gao Xiang Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4f8d7abaa413 Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu Acked-by: Andrew Cooper master commit: 0a21660515c24f09c4ee060ce0bb42e4b2e6b6fa master date: 2022-03-07 09:08:54 +0100 --- xen/common/xz/dec_stream.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/common/xz/dec_stream.c b/xen/common/xz/dec_stream.c index b7a8c15c5b..3a346b629a 100644 --- a/xen/common/xz/dec_stream.c +++ b/xen/common/xz/dec_stream.c @@ -402,12 +402,12 @@ static enum xz_ret __init dec_stream_header(struct xz_dec *s) * we will accept other check types too, but then the check won't * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given. */ + if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX) + return XZ_OPTIONS_ERROR; + s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1]; #ifdef XZ_DEC_ANY_CHECK - if (s->check_type > XZ_CHECK_MAX) - return XZ_OPTIONS_ERROR; - if (s->check_type > XZ_CHECK_CRC32) return XZ_UNSUPPORTED_CHECK; #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288906.490047 (Exim 4.92) (envelope-from ) id 1nScPM-0002KZ-1h; Fri, 11 Mar 2022 10:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288906.490047; Fri, 11 Mar 2022 10:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPL-0002KR-Us; Fri, 11 Mar 2022 10:22:03 +0000 Received: by outflank-mailman (input) for mailman id 288906; Fri, 11 Mar 2022 10:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPK-0002KJ-Dq for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPK-0006Bq-BB for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScPK-0006mh-AE for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e2dKYEabpfy/Cd8P6LeNy0s2eFNiXJHUZT4dSlGPZoE=; b=ZSIX3yriALBGO6EEZNnZ8gda+W E6DOBRdv1j7J6VloA1K+zwwDV7c9oAKnZUxo1HzdZfnJW2o5pNaJR8t4OSJUtRv/vF0PR6sm37Own NZFo+raV+jU8TrEbprqgUuHytyJ7EgljbU8SXlIDQvEI/vu9mrqMLPWtdkn3U2oS/hB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: Introduce new Arm processors Message-Id: Date: Fri, 11 Mar 2022 10:22:02 +0000 commit 021466aa73caaa0c5983f02203678e649dd4d22c Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:37:51 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Introduce new Arm processors Add some new processor identifiers in processor.h and sync Xen definitions with status of Linux 5.17 (declared in arch/arm64/include/asm/cputype.h). This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 35d1b85a6b43483f6bd007d48757434e54743e98) --- xen/include/asm-arm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 87c8136022..17cc5cf486 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -53,6 +53,7 @@ #define ARM_CPU_PART_CORTEX_A17 0xC0E #define ARM_CPU_PART_CORTEX_A15 0xC0F #define ARM_CPU_PART_CORTEX_A53 0xD03 +#define ARM_CPU_PART_CORTEX_A35 0xD04 #define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 @@ -60,11 +61,20 @@ #define ARM_CPU_PART_CORTEX_A75 0xD0A #define ARM_CPU_PART_CORTEX_A76 0xD0B #define ARM_CPU_PART_NEOVERSE_N1 0xD0C +#define ARM_CPU_PART_CORTEX_A77 0xD0D +#define ARM_CPU_PART_NEOVERSE_V1 0xD40 +#define ARM_CPU_PART_CORTEX_A78 0xD41 +#define ARM_CPU_PART_CORTEX_X1 0xD44 +#define ARM_CPU_PART_CORTEX_A710 0xD47 +#define ARM_CPU_PART_CORTEX_X2 0xD48 +#define ARM_CPU_PART_NEOVERSE_N2 0xD49 +#define ARM_CPU_PART_CORTEX_A78C 0xD4B #define MIDR_CORTEX_A12 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A12) #define MIDR_CORTEX_A17 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A17) #define MIDR_CORTEX_A15 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A15) #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A35 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A35) #define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) @@ -72,6 +82,14 @@ #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) #define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76) #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1) +#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77) +#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1) +#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78) +#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) +#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) +#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2) +#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2) +#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C) /* MPIDR Multiprocessor Affinity Register */ #define _MPIDR_UP (30) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288907.490052 (Exim 4.92) (envelope-from ) id 1nScPW-0002N4-3s; Fri, 11 Mar 2022 10:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288907.490052; Fri, 11 Mar 2022 10:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPW-0002Mu-0J; Fri, 11 Mar 2022 10:22:14 +0000 Received: by outflank-mailman (input) for mailman id 288907; Fri, 11 Mar 2022 10:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPU-0002MT-F6 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPU-0006Bu-EK for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScPU-0006nO-DR for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0QPkppqTV7VO1uyw4TXDHfnS5kSLdM2gyGIYxV7+Og8=; b=PU4HQWslxdhyfUlmB2CwKGiCoH XHphPaQxKzmZqUnpoZmkkPmOz91JyWdCjLDenoSZWYNiY5HmarbnbE9FWdKzqNALOR9q4216wMtRV G+AxilJHWheeJInByfVk1b1NzKXSqD4QDDLlhSt94EAQqfH/0zX3Lzms9cjv8+sR6DsI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: move errata CSV2 check earlier Message-Id: Date: Fri, 11 Mar 2022 10:22:12 +0000 commit 6da7a845fb476ef7395185ec08a58c76ebd8c442 Author: Bertrand Marquis AuthorDate: Tue Feb 15 10:39:47 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: move errata CSV2 check earlier CSV2 availability check is done after printing to the user that workaround 1 will be used. Move the check before to prevent saying to the user that workaround 1 is used when it is not because it is not needed. This will also allow to reuse install_bp_hardening_vec function for other use cases. Code previously returning "true", now returns "0" to conform to enable_smccc_arch_workaround_1 returning an int and surrounding code doing a "return 0" if workaround is not needed. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit 599616d70eb886b9ad0ef9d6b51693ce790504ba) --- xen/arch/arm/cpuerrata.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 66d9a1e45c..9d79e3bad7 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -103,13 +103,6 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, printk(XENLOG_INFO "CPU%u will %s on exception entry\n", smp_processor_id(), desc); - /* - * No need to install hardened vector when the processor has - * ID_AA64PRF0_EL1.CSV2 set. - */ - if ( cpu_data[smp_processor_id()].pfr64.csv2 ) - return true; - spin_lock(&bp_lock); /* @@ -168,6 +161,13 @@ static int enable_smccc_arch_workaround_1(void *data) if ( !entry->matches(entry) ) return 0; + /* + * No need to install hardened vector when the processor has + * ID_AA64PRF0_EL1.CSV2 set. + */ + if ( cpu_data[smp_processor_id()].pfr64.csv2 ) + return 0; + if ( smccc_ver < SMCCC_VERSION(1, 1) ) goto warn; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288908.490056 (Exim 4.92) (envelope-from ) id 1nScPf-0002Pf-4r; Fri, 11 Mar 2022 10:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288908.490056; Fri, 11 Mar 2022 10:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPf-0002PX-1q; Fri, 11 Mar 2022 10:22:23 +0000 Received: by outflank-mailman (input) for mailman id 288908; Fri, 11 Mar 2022 10:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPe-0002PP-I3 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPe-0006CB-HH for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScPe-0006o3-GT for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r2y32gjJqQ+MYLx7nhTUls4s89uw3XWDDWY2ZhQtO64=; b=doz7Rh9xOcviYSKNf3OI+6Oanj uj1i8b0S7uFSFZqF3VZ86r1sLI52Lsnf/VgsKQQfwYoiBlSN+44232dhAXl0m/AO92HPAmk68n54p 8u05IyMyl77cj5iJI+Vol1UJ4yJ1YW3iRqlu8BNSZN4viucsWFEwOIdbc3JEr8/R+Qps=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: Add ECBHB and CLEARBHB ID fields Message-Id: Date: Fri, 11 Mar 2022 10:22:22 +0000 commit ee4b53ae1b95966fd9a491668f0eca73028925e1 Author: Bertrand Marquis AuthorDate: Wed Feb 23 09:42:18 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Add ECBHB and CLEARBHB ID fields Introduce ID coprocessor register ID_AA64ISAR2_EL1. Add definitions in cpufeature and sysregs of ECBHB field in mmfr1 and CLEARBHB in isar2 ID coprocessor registers. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Acked-by: Julien Grall (cherry picked from commit 4b68d12d98b8790d8002fcc2c25a9d713374a4d7) --- xen/arch/arm/cpufeature.c | 1 + xen/include/asm-arm/arm64/sysregs.h | 4 ++++ xen/include/asm-arm/cpufeature.h | 20 +++++++++++++++++--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c index 44126dbf07..13dac7ccaf 100644 --- a/xen/arch/arm/cpufeature.c +++ b/xen/arch/arm/cpufeature.c @@ -117,6 +117,7 @@ void identify_cpu(struct cpuinfo_arm *c) c->isa64.bits[0] = READ_SYSREG64(ID_AA64ISAR0_EL1); c->isa64.bits[1] = READ_SYSREG64(ID_AA64ISAR1_EL1); + c->isa64.bits[2] = READ_SYSREG64(ID_AA64ISAR2_EL1); #endif c->pfr32.bits[0] = READ_SYSREG32(ID_PFR0_EL1); diff --git a/xen/include/asm-arm/arm64/sysregs.h b/xen/include/asm-arm/arm64/sysregs.h index c60029d38f..cfd2e1d486 100644 --- a/xen/include/asm-arm/arm64/sysregs.h +++ b/xen/include/asm-arm/arm64/sysregs.h @@ -57,6 +57,10 @@ #define ICH_AP1R2_EL2 __AP1Rx_EL2(2) #define ICH_AP1R3_EL2 __AP1Rx_EL2(3) +#ifndef ID_AA64ISAR2_EL1 +#define ID_AA64ISAR2_EL1 S3_0_C0_C6_2 +#endif + /* Access to system registers */ #define READ_SYSREG32(name) ((uint32_t)READ_SYSREG64(name)) diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 016a9fe203..7be4ee8cf8 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -188,12 +188,26 @@ struct cpuinfo_arm { unsigned long lo:4; unsigned long pan:4; unsigned long __res1:8; - unsigned long __res2:32; + unsigned long __res2:28; + unsigned long ecbhb:4; }; } mm64; - struct { - uint64_t bits[2]; + union { + uint64_t bits[3]; + struct { + /* ISAR0 */ + unsigned long __res0:64; + + /* ISAR1 */ + unsigned long __res1:64; + + /* ISAR2 */ + unsigned long __res3:28; + unsigned long clearbhb:4; + + unsigned long __res4:32; + }; } isa64; #endif -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288909.490059 (Exim 4.92) (envelope-from ) id 1nScPp-0002T7-6I; Fri, 11 Mar 2022 10:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288909.490059; Fri, 11 Mar 2022 10:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPp-0002T1-3N; Fri, 11 Mar 2022 10:22:33 +0000 Received: by outflank-mailman (input) for mailman id 288909; Fri, 11 Mar 2022 10:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPo-0002Sr-LY for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPo-0006CO-KX for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScPo-0006op-Jd for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5O30iGEhjKlbYli5ctr6KWTFFdqlkyyxVzP3Rpl3JKI=; b=Bk0jrOjZZoyTb1kaXwNs6JNvS/ D2HBmvIj90wt1dRqVyEzYD4jVevuF5IyKDkVIbWa4QG4DI7hBeJtsvTI+GtqJfuT+O4KoQZupXJLa zA2Bsk5l1VnyFiyG6MCzxod0HIXU+eY359+G3r5cPz1VXSz7Aarnvc5Po9faE7Ohxmi4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: Add Spectre BHB handling Message-Id: Date: Fri, 11 Mar 2022 10:22:32 +0000 commit fc56dd212e4574c5fd77f830d077036b330dc1b5 Author: Rahul Singh AuthorDate: Mon Feb 14 18:47:32 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Add Spectre BHB handling This commit is adding Spectre BHB handling to Xen on Arm. The commit is introducing new alternative code to be executed during exception entry: - SMCC workaround 3 call - loop workaround (with 8, 24 or 32 iterations) - use of new clearbhb instruction Cpuerrata is modified by this patch to apply the required workaround for CPU affected by Spectre BHB when CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR is enabled. To do this the system previously used to apply smcc workaround 1 is reused and new alternative code to be copied in the exception handler is introduced. To define the type of workaround required by a processor, 4 new cpu capabilities are introduced (for each number of loop and for smcc workaround 3). When a processor is affected, enable_spectre_bhb_workaround is called and if the processor does not have CSV2 set to 3 or ECBHB feature (which would mean that the processor is doing what is required in hardware), the proper code is enabled at exception entry. In the case where workaround 3 is not supported by the firmware, we enable workaround 1 when possible as it will also mitigate Spectre BHB on systems without CSV2. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Signed-off-by: Rahul Singh Acked-by: Julien Grall (cherry picked from commit 62c91eb66a2904eefb1d1d9642e3697a1e3c3a3c) --- xen/arch/arm/arm64/bpi.S | 32 ++++++- xen/arch/arm/cpuerrata.c | 170 +++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/arm64/macros.h | 5 ++ xen/include/asm-arm/cpufeature.h | 6 +- xen/include/asm-arm/smccc.h | 6 ++ 5 files changed, 207 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index d8743d955c..4e63825220 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -58,16 +58,42 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) -ENTRY(__smccc_workaround_1_smc_start) +.macro mitigate_spectre_bhb_loop count +ENTRY(__mitigate_spectre_bhb_loop_start_\count) + stp x0, x1, [sp, #-16]! + mov x0, \count +.Lspectre_bhb_loop\@: + b . + 4 + subs x0, x0, #1 + b.ne .Lspectre_bhb_loop\@ + sb + ldp x0, x1, [sp], #16 +ENTRY(__mitigate_spectre_bhb_loop_end_\count) +.endm + +.macro smccc_workaround num smcc_id +ENTRY(__smccc_workaround_smc_start_\num) sub sp, sp, #(8 * 4) stp x0, x1, [sp, #(8 * 2)] stp x2, x3, [sp, #(8 * 0)] - mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + mov w0, \smcc_id smc #0 ldp x2, x3, [sp, #(8 * 0)] ldp x0, x1, [sp, #(8 * 2)] add sp, sp, #(8 * 4) -ENTRY(__smccc_workaround_1_smc_end) +ENTRY(__smccc_workaround_smc_end_\num) +.endm + +ENTRY(__mitigate_spectre_bhb_clear_insn_start) + clearbhb + isb +ENTRY(__mitigate_spectre_bhb_clear_insn_end) + +mitigate_spectre_bhb_loop 8 +mitigate_spectre_bhb_loop 24 +mitigate_spectre_bhb_loop 32 +smccc_workaround 1, #ARM_SMCCC_ARCH_WORKAROUND_1_FID +smccc_workaround 3, #ARM_SMCCC_ARCH_WORKAROUND_3_FID /* * Local variables: diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 9d79e3bad7..1c1149b2c7 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -145,7 +145,16 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } -extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; +extern char __smccc_workaround_smc_start_1[], __smccc_workaround_smc_end_1[]; +extern char __smccc_workaround_smc_start_3[], __smccc_workaround_smc_end_3[]; +extern char __mitigate_spectre_bhb_clear_insn_start[], + __mitigate_spectre_bhb_clear_insn_end[]; +extern char __mitigate_spectre_bhb_loop_start_8[], + __mitigate_spectre_bhb_loop_end_8[]; +extern char __mitigate_spectre_bhb_loop_start_24[], + __mitigate_spectre_bhb_loop_end_24[]; +extern char __mitigate_spectre_bhb_loop_start_32[], + __mitigate_spectre_bhb_loop_end_32[]; static int enable_smccc_arch_workaround_1(void *data) { @@ -177,8 +186,8 @@ static int enable_smccc_arch_workaround_1(void *data) if ( (int)res.a0 < 0 ) goto warn; - return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, - __smccc_workaround_1_smc_end, + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_1, + __smccc_workaround_smc_end_1, "call ARM_SMCCC_ARCH_WORKAROUND_1"); warn: @@ -193,6 +202,93 @@ warn: return 0; } +/* + * Spectre BHB Mitigation + * + * CPU is either: + * - Having CVS2.3 so it is not affected. + * - Having ECBHB and is clearing the branch history buffer when an exception + * to a different exception level is happening so no mitigation is needed. + * - Mitigating using a loop on exception entry (number of loop depending on + * the CPU). + * - Mitigating using the firmware. + */ +static int enable_spectre_bhb_workaround(void *data) +{ + const struct arm_cpu_capabilities *entry = data; + + /* + * Enable callbacks are called on every CPU based on the capabilities, so + * double-check whether the CPU matches the entry. + */ + if ( !entry->matches(entry) ) + return 0; + + if ( cpu_data[smp_processor_id()].pfr64.csv2 == 3 ) + return 0; + + if ( cpu_data[smp_processor_id()].mm64.ecbhb ) + return 0; + + if ( cpu_data[smp_processor_id()].isa64.clearbhb ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_clear_insn_start, + __mitigate_spectre_bhb_clear_insn_end, + "use clearBHB instruction"); + + /* Apply solution depending on hwcaps set on arm_errata */ + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_8) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_8, + __mitigate_spectre_bhb_loop_end_8, + "use 8 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_24) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_24, + __mitigate_spectre_bhb_loop_end_24, + "use 24 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_LOOP_32) ) + return !install_bp_hardening_vec(entry, + __mitigate_spectre_bhb_loop_start_32, + __mitigate_spectre_bhb_loop_end_32, + "use 32 loops workaround"); + + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + { + struct arm_smccc_res res; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + goto warn; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_3_FID, &res); + /* The return value is in the lower 32-bits. */ + if ( (int)res.a0 < 0 ) + { + /* + * On processor affected with CSV2=0, workaround 1 will mitigate + * both Spectre v2 and BHB so use it when available + */ + if ( enable_smccc_arch_workaround_1(data) ) + return 1; + + goto warn; + } + + return !install_bp_hardening_vec(entry,__smccc_workaround_smc_start_3, + __smccc_workaround_smc_end_3, + "call ARM_SMCCC_ARCH_WORKAROUND_3"); + } + +warn: + printk_once("**** No support for any spectre BHB workaround. ****\n" + "**** Please update your firmware. ****\n"); + + return 0; +} + #endif /* CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR */ /* Hardening Branch predictor code for Arm32 */ @@ -438,19 +534,77 @@ static const struct arm_cpu_capabilities arm_errata[] = { }, { .capability = ARM_HARDEN_BRANCH_PREDICTOR, - MIDR_ALL_VERSIONS(MIDR_CORTEX_A72), + MIDR_RANGE(MIDR_CORTEX_A72, 0, 1 << MIDR_VARIANT_SHIFT), .enable = enable_smccc_arch_workaround_1, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A73), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, }, { - .capability = ARM_HARDEN_BRANCH_PREDICTOR, + .capability = ARM_WORKAROUND_BHB_SMCC_3, MIDR_ALL_VERSIONS(MIDR_CORTEX_A75), - .enable = enable_smccc_arch_workaround_1, + .enable = enable_spectre_bhb_workaround, + }, + /* spectre BHB */ + { + .capability = ARM_WORKAROUND_BHB_LOOP_8, + MIDR_RANGE(MIDR_CORTEX_A72, 1 << MIDR_VARIANT_SHIFT, + (MIDR_VARIANT_MASK | MIDR_REVISION_MASK)), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A76), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A77), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), + .enable = enable_spectre_bhb_workaround, }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_24, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + .enable = enable_spectre_bhb_workaround, + }, + { + .capability = ARM_WORKAROUND_BHB_LOOP_32, + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + .enable = enable_spectre_bhb_workaround, + }, + #endif #ifdef CONFIG_ARM32_HARDEN_BRANCH_PREDICTOR { diff --git a/xen/include/asm-arm/arm64/macros.h b/xen/include/asm-arm/arm64/macros.h index f981b4f43e..5100aed6e3 100644 --- a/xen/include/asm-arm/arm64/macros.h +++ b/xen/include/asm-arm/arm64/macros.h @@ -21,6 +21,11 @@ ldr \dst, [\dst, \tmp] .endm + /* clearbhb instruction clearing the branch history */ + .macro clearbhb + hint #22 + .endm + /* * Register aliases. */ diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h index 7be4ee8cf8..14c7f7d218 100644 --- a/xen/include/asm-arm/cpufeature.h +++ b/xen/include/asm-arm/cpufeature.h @@ -46,8 +46,12 @@ #define ARM_SMCCC_1_1 8 #define ARM64_WORKAROUND_AT_SPECULATE 9 #define ARM_WORKAROUND_858921 10 +#define ARM_WORKAROUND_BHB_LOOP_8 11 +#define ARM_WORKAROUND_BHB_LOOP_24 12 +#define ARM_WORKAROUND_BHB_LOOP_32 13 +#define ARM_WORKAROUND_BHB_SMCC_3 14 -#define ARM_NCAPS 11 +#define ARM_NCAPS 15 #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 9d94beb3df..b3dbeecc90 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -334,6 +334,12 @@ void __arm_smccc_1_0_smc(register_t a0, register_t a1, register_t a2, ARM_SMCCC_OWNER_ARCH, \ 0x7FFF) +#define ARM_SMCCC_ARCH_WORKAROUND_3_FID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + ARM_SMCCC_OWNER_ARCH, \ + 0x3FFF) + /* SMCCC error codes */ #define ARM_SMCCC_NOT_REQUIRED (-2) #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288910.490063 (Exim 4.92) (envelope-from ) id 1nScPz-0002WX-9K; Fri, 11 Mar 2022 10:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288910.490063; Fri, 11 Mar 2022 10:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPz-0002WQ-6N; Fri, 11 Mar 2022 10:22:43 +0000 Received: by outflank-mailman (input) for mailman id 288910; Fri, 11 Mar 2022 10:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPy-0002WK-Oa for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScPy-0006CY-Np for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScPy-0006pS-Mr for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JPdeAmDi84JEhi3XRP5EzrIv0EtAmVxymuMQWDEkQck=; b=ehrBDgK7v9QVQYnH/A+WVlF0B3 Wg20+vC6R7Brl47DtxGNP8AIn3RQoccsGdyAAjF8gBeHmGH/eOoznKbjZN2h0PmLMr2nW8qJTCg1H u0COFy/lFQqkV/YmB+H0uHySOVTXNZJxhlAnN8MDJa8L+K+CDF0z+ktNg2hYYIp1bKFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Message-Id: Date: Fri, 11 Mar 2022 10:22:42 +0000 commit 7cebd77c80ce87f84c63a6043a5ad7115ccab9d5 Author: Bertrand Marquis AuthorDate: Thu Feb 17 14:52:54 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 Allow guest to discover whether or not SMCCC_ARCH_WORKAROUND_3 is supported and create a fastpath in the code to handle guests request to do the workaround. The function SMCCC_ARCH_WORKAROUND_3 will be called by the guest for flushing the branch history. So we want the handling to be as fast as possible. As the mitigation is applied on every guest exit, we can check for the call before saving all context and return very early. This is part of XSA-398 / CVE-2022-23960. Signed-off-by: Bertrand Marquis Reviewed-by: Julien Grall (cherry picked from commit c0a56ea0fd92ecb471936b7355ddbecbaea3707c) --- xen/arch/arm/arm64/entry.S | 21 ++++++++++++++------- xen/arch/arm/vsmc.c | 5 +++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index 175ea2981e..a8c2145067 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -338,16 +338,26 @@ guest_sync: cbnz x1, guest_sync_slowpath /* should be 0 for HVC #0 */ /* - * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1. - * The workaround has already been applied on the exception + * Fastest path possible for ARM_SMCCC_ARCH_WORKAROUND_1 and + * ARM_SMCCC_ARCH_WORKAROUND_3. + * The workaround needed has already been applied on the exception * entry from the guest, so let's quickly get back to the guest. * * Note that eor is used because the function identifier cannot * be encoded as an immediate for cmp. */ eor w0, w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID - cbnz w0, check_wa2 + cbz w0, fastpath_out_workaround + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) + cbz w0, wa2_ssbd + + /* Fastpath out for ARM_SMCCC_ARCH_WORKAROUND_3 */ + eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_2_FID ^ ARM_SMCCC_ARCH_WORKAROUND_3_FID) + cbnz w0, guest_sync_slowpath + +fastpath_out_workaround: /* * Clobber both x0 and x1 to prevent leakage. Note that thanks * the eor, x0 = 0. @@ -356,10 +366,7 @@ guest_sync: eret sb -check_wa2: - /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ - eor w0, w0, #(ARM_SMCCC_ARCH_WORKAROUND_1_FID ^ ARM_SMCCC_ARCH_WORKAROUND_2_FID) - cbnz w0, guest_sync_slowpath +wa2_ssbd: #ifdef CONFIG_ARM_SSBD alternative_cb arm_enable_wa2_handling b wa2_end diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index a36db15fff..b633ff2fe8 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -124,6 +124,10 @@ static bool handle_arch(struct cpu_user_regs *regs) break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: + if ( cpus_have_cap(ARM_WORKAROUND_BHB_SMCC_3) ) + ret = 0; + break; } set_user_reg(regs, 0, ret); @@ -132,6 +136,7 @@ static bool handle_arch(struct cpu_user_regs *regs) } case ARM_SMCCC_ARCH_WORKAROUND_1_FID: + case ARM_SMCCC_ARCH_WORKAROUND_3_FID: /* No return value */ return true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:22:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288911.490068 (Exim 4.92) (envelope-from ) id 1nScQ9-0002Zb-B2; Fri, 11 Mar 2022 10:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288911.490068; Fri, 11 Mar 2022 10:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScQ9-0002ZT-7w; Fri, 11 Mar 2022 10:22:53 +0000 Received: by outflank-mailman (input) for mailman id 288911; Fri, 11 Mar 2022 10:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScQ8-0002ZN-Rk for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScQ8-0006D1-Qz for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScQ8-0006q9-Q9 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yqykluftX48k6Qwp98j6jD+143sGOS4pd4sVU2DBoT4=; b=eMHvA+dukQnuk6LTUqtCVQqYv8 oPh1GkMZfb7K4U4gaKQIpAHjAUTCz3g2bqMRoVTnAKVyBPid9ouQjNpmQY6V2LzNjI8idDNAIsqbL hm/WTdHFDg8Xmomu/k1+Rt6MuNrcccijidio/F0SOvv+fLJTcZ8KUs6yhSOLNpDqM9cg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.14] x86/spec-ctrl: Cease using thunk=lfence on AMD Message-Id: Date: Fri, 11 Mar 2022 10:22:52 +0000 commit ca304edd3ba8c19211107fd2e898249987557ce5 Author: Andrew Cooper AuthorDate: Mon Mar 7 16:35:52 2022 +0000 Commit: Andrew Cooper CommitDate: Tue Mar 8 17:14:23 2022 +0000 x86/spec-ctrl: Cease using thunk=lfence on AMD AMD have updated their Spectre v2 guidance, and lfence/jmp is no longer considered safe. AMD are recommending using retpoline everywhere. Retpoline is incompatible with CET. All CET-capable hardware has efficient IBRS (specifically, not something retrofitted in microcode), so use IBRS (and STIBP for consistency sake). This is a logical change on AMD, but not on Intel as the default calculations would end up with these settings anyway. Leave behind a message if IBRS is found to be missing. Also update the default heuristics to never select THUNK_LFENCE. This causes AMD CPUs to change their default to retpoline. Also update the printed message to include the AMD MSR_SPEC_CTRL settings, and STIBP now that we set it for consistency sake. This is part of XSA-398 / CVE-2021-26401. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8d03080d2a339840d3a59e0932a94f804e45110d) --- docs/misc/xen-command-line.pandoc | 6 +++--- xen/arch/x86/spec_ctrl.c | 40 +++++++++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index fd8f825491..c0bfbb7a5c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2140,9 +2140,9 @@ to use. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` -locations. The default thunk is `retpoline` (generally preferred for Intel -hardware), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal -overhead), and `lfence` (an `lfence; jmp *%reg` gadget, preferred for AMD). +locations. The default thunk is `retpoline` (generally preferred), with the +alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and +`lfence` (an `lfence; jmp *%reg` gadget). On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 9301d95bd7..7ded6ecba1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -367,14 +367,19 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s, Other:%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", - !boot_cpu_has(X86_FEATURE_IBRSB) ? "No" : + (!boot_cpu_has(X86_FEATURE_IBRSB) && + !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", - !boot_cpu_has(X86_FEATURE_SSBD) ? "" : + (!boot_cpu_has(X86_FEATURE_STIBP) && + !boot_cpu_has(X86_FEATURE_AMD_STIBP)) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_STIBP) ? " STIBP+" : " STIBP-", + (!boot_cpu_has(X86_FEATURE_SSBD) && + !boot_cpu_has(X86_FEATURE_AMD_SSBD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", @@ -916,10 +921,23 @@ void __init init_speculation_mitigations(void) /* * First, disable the use of retpolines if Xen is using shadow stacks, as * they are incompatible. + * + * In the absence of retpolines, IBRS needs to be used for speculative + * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk && - (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) - thunk = THUNK_JMP; + if ( cpu_has_xen_shstk ) + { + if ( !has_spec_ctrl ) + printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); + else if ( opt_ibrs == -1 ) + { + opt_ibrs = ibrs = true; + default_xen_spec_ctrl |= SPEC_CTRL_IBRS | SPEC_CTRL_STIBP; + } + + if ( opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE ) + thunk = THUNK_JMP; + } /* * Has the user specified any custom BTI mitigations? If so, follow their @@ -939,16 +957,10 @@ void __init init_speculation_mitigations(void) if ( IS_ENABLED(CONFIG_INDIRECT_THUNK) ) { /* - * AMD's recommended mitigation is to set lfence as being dispatch - * serialising, and to use IND_THUNK_LFENCE. - */ - if ( cpu_has_lfence_dispatch ) - thunk = THUNK_LFENCE; - /* - * On Intel hardware, we'd like to use retpoline in preference to + * On all hardware, we'd like to use retpoline in preference to * IBRS, but only if it is safe on this hardware. */ - else if ( retpoline_safe(caps) ) + if ( retpoline_safe(caps) ) thunk = THUNK_RETPOLINE; else if ( has_spec_ctrl ) ibrs = true; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:55:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:55:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288973.490204 (Exim 4.92) (envelope-from ) id 1nScvH-0004DO-67; Fri, 11 Mar 2022 10:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288973.490204; Fri, 11 Mar 2022 10:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvH-0004DC-2j; Fri, 11 Mar 2022 10:55:03 +0000 Received: by outflank-mailman (input) for mailman id 288973; Fri, 11 Mar 2022 10:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvG-0004D1-DF for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvG-0006lo-CO for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScvG-0000rt-BQ for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mcY3/K1YDVjsb+I/n242EGdnCLVsPyvP4E+YTb93618=; b=BOormLW/pGIeS91cZfTJRgYfi3 eoC9OkEq3PBupc9ffytaO+IV1lNkkR4GwLpmObn4jJPvhScYsinXbq4BPFXbFXHW3GAtPJFTJXS5y ocLVnap6nC6o0smo7Noj9tl5zJG4cOlJbU5LC6abATXsUI4v7TMcBGaJ6KA9QnzP7+sE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vpci/msix: fix PBA accesses Message-Id: Date: Fri, 11 Mar 2022 10:55:02 +0000 commit b4f21160601155762a4d014db9623af921fec959 Author: Roger Pau Monné AuthorDate: Wed Mar 9 16:21:01 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 9 16:21:01 2022 +0100 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Tested-by: Alex Olson --- xen/drivers/vpci/msix.c | 64 +++++++++++++++++++++++++++++++++++++++++++++---- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 64 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index a1fa7a5f13..63f162cf5a 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int cf_check msix_read( struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int cf_check msix_read( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int cf_check msix_read( * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -275,19 +319,31 @@ static int cf_check msix_write( if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); if ( !is_hardware_domain(d) ) /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ return X86EMUL_OKAY; + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index f3b32d66cb..9fb3c05b2b 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -51,6 +51,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index bcad1516ae..67c9a0c631 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -127,6 +127,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 10:55:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 10:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.288974.490208 (Exim 4.92) (envelope-from ) id 1nScvR-0004FV-7E; Fri, 11 Mar 2022 10:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 288974.490208; Fri, 11 Mar 2022 10:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvR-0004FN-4B; Fri, 11 Mar 2022 10:55:13 +0000 Received: by outflank-mailman (input) for mailman id 288974; Fri, 11 Mar 2022 10:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvQ-0004FA-GI for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nScvQ-0006nY-FY for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nScvQ-0000sp-Eg for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 10:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TU7+JFRCUCKhai9Heir2Q2QKYKuidVYcY2RlHysnHyY=; b=nbCTOSuA5+Vu1s8i7U7LdCIcw2 PaIAGkXgZ6pxn8fkgdBmu6pNxJzyzoMLzhRnPTrAKy8Cfe/vjlPKT1106WBB2CJ+NZcHKQe/gZmpg Gv684owphkd88Bdxjiw1dXgEmzYtBpbCO+Fmi5U1LkSX/c7XcM1TzGEs9zBRsVARJZpg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: resolve old address before function verification Message-Id: Date: Fri, 11 Mar 2022 10:55:12 +0000 commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5 Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Jan Beulich CommitDate: Wed Mar 9 16:22:03 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index ec301a9f12..be2cf75c2d 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -684,11 +684,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 22:55:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 22:55:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289286.490805 (Exim 4.92) (envelope-from ) id 1nSoA2-0001iK-SR; Fri, 11 Mar 2022 22:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289286.490805; Fri, 11 Mar 2022 22:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoA2-0001iB-PD; Fri, 11 Mar 2022 22:55:02 +0000 Received: by outflank-mailman (input) for mailman id 289286; Fri, 11 Mar 2022 22:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoA2-0001hM-1b for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoA2-0002ol-0o for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSoA1-0005W0-W6 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JpIGNWcTbSQ2f0bUjV6KgM4B5nAY5N0F/+UD+H3I+dw=; b=RnvY/tZmP/lIKjQf+3dXsujtEm eOE95nQdEjSYxZa7eXwlDtsszFzwMiJuNOVanOzQ1z0s3UbTxFIQBkYEde7Ab7nXH2POYAAPnZE6C gciKUCaNeaouPf81GFtgKa9kJaa3ARIndS0g2bAhmZly/ZUE833ZBN4zonjdBJG13Ofk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm64: Zero the top 32 bits of gp registers on entry... Message-Id: Date: Fri, 11 Mar 2022 22:55:01 +0000 commit 04c7cc2b79053e7d358631d3450bf1b35fbc5f8d Author: Michal Orzel AuthorDate: Fri Dec 17 08:21:59 2021 +0100 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:19 2022 -0800 xen/arm64: Zero the top 32 bits of gp registers on entry... to hypervisor when switching from AArch32 state. According to section D1.20.2 of Arm Arm(DDI 0487A.j): "If the general-purpose register was accessible from AArch32 state the upper 32 bits either become zero, or hold the value that the same architectural register held before any AArch32 execution. The choice between these two options is IMPLEMENTATION DEFINED" Currently Xen does not ensure that the top 32 bits are zeroed and this needs to be fixed. The reason why is that there are places in Xen where we assume that top 32bits are zero for AArch32 guests. If they are not, this can lead to misinterpretation of Xen regarding what the guest requested. For example hypercalls returning an error encoded in a signed long like do_sched_op, do_hmv_op, do_memory_op would return -ENOSYS if the command passed as the first argument was clobbered. Create a macro clobber_gp_top_halves to clobber top 32 bits of gp registers when hyp == 0 (guest mode) and compat == 1 (AArch32 mode). Add a compile time check to ensure that save_x0_x1 == 1 if compat == 1. Signed-off-by: Michal Orzel [julieng: Tweak the comment in clobber_gp_top_halves] Acked-by: Julien Grall (cherry picked from commit 32365f3476ac4655f2f26111cd7879912808cd77) --- xen/arch/arm/arm64/entry.S | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S index cf7b9d826f..95f1a92684 100644 --- a/xen/arch/arm/arm64/entry.S +++ b/xen/arch/arm/arm64/entry.S @@ -102,6 +102,30 @@ .endif .endm + +/* + * Clobber top 32 bits of gp registers when switching from AArch32 + */ + .macro clobber_gp_top_halves, compat, save_x0_x1 + + .if \compat == 1 /* AArch32 mode */ + + /* + * At the moment, no-one is using save_x0_x1 == 0 with compat == 1. + * So the code is not handling it to simplify the implementation. + */ + .if \save_x0_x1 == 0 + .error "save_x0_x1 is 0 but compat is 1" + .endif + + .irp n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 + mov w\n, w\n + .endr + + .endif + + .endm + /* * Save state on entry to hypervisor, restore on exit * @@ -111,6 +135,11 @@ */ .macro entry, hyp, compat, save_x0_x1=1 sub sp, sp, #(UREGS_SPSR_el1 - UREGS_LR) /* CPSR, PC, SP, LR */ + + .if \hyp == 0 /* Guest mode */ + clobber_gp_top_halves compat=\compat, save_x0_x1=\save_x0_x1 + .endif + push x28, x29 push x26, x27 push x24, x25 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 22:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 22:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289287.490809 (Exim 4.92) (envelope-from ) id 1nSoAC-0001l0-To; Fri, 11 Mar 2022 22:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289287.490809; Fri, 11 Mar 2022 22:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAC-0001ks-Qc; Fri, 11 Mar 2022 22:55:12 +0000 Received: by outflank-mailman (input) for mailman id 289287; Fri, 11 Mar 2022 22:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAC-0001ki-4d for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAC-0002ql-3v for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSoAC-0005WW-2z for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T9hyvYEmEah3mAxzT2RPJrPivE753ZoKLJp/phwSmUU=; b=WY72g7vmHJrq5TawJn944PPZai q5Tzad4AQdEXcgX3ndxFZr5KMxX777sLoVU0FZT+cspyHPtEvb0ZTK/M8dbdlk8WDa3o5+sFMbsW/ idJHO6FhowYipl7oy5rnp8HzruO1YCume4BQOD5WI5pcjRiuo/OTtcWCHr4sv6TEcWRU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/arm: increase memory banks number define value Message-Id: Date: Fri, 11 Mar 2022 22:55:12 +0000 commit 81e6eabbfeab554db192ae6f0d1de8179daab2f0 Author: Luca Fancellu AuthorDate: Thu Dec 16 14:43:19 2021 -0800 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:35 2022 -0800 xen/arm: increase memory banks number define value Currently the maximum number of memory banks (NR_MEM_BANKS define) is fixed to 128, but on some new platforms that have a large amount of memory, this value is not enough and prevents Xen from booting. Increase the value to 256. Signed-off-by: Luca Fancellu Reviewed-by: Stefano Stabellini (cherry picked from commit f1f38e26c3669f5e4583c3756f213c167d19651a) --- xen/include/asm-arm/setup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/asm-arm/setup.h b/xen/include/asm-arm/setup.h index 95da0b7ab9..07daf160dc 100644 --- a/xen/include/asm-arm/setup.h +++ b/xen/include/asm-arm/setup.h @@ -6,7 +6,7 @@ #define MIN_FDT_ALIGN 8 #define MAX_FDT_SIZE SZ_2M -#define NR_MEM_BANKS 128 +#define NR_MEM_BANKS 256 #define MAX_MODULES 32 /* Current maximum useful modules */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 11 22:55:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 11 Mar 2022 22:55:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289288.490812 (Exim 4.92) (envelope-from ) id 1nSoAM-0001oe-V8; Fri, 11 Mar 2022 22:55:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289288.490812; Fri, 11 Mar 2022 22:55:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAM-0001oW-S6; Fri, 11 Mar 2022 22:55:22 +0000 Received: by outflank-mailman (input) for mailman id 289288; Fri, 11 Mar 2022 22:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAM-0001oN-7e for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nSoAM-0002qx-6w for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nSoAM-0005XC-65 for xen-changelog@lists.xenproject.org; Fri, 11 Mar 2022 22:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GrFpgZTlP0sLXdqK5lztBzs5tOk6IsFdG5dvMF/SlUI=; b=GKaAXpA4BTTOBB1bfnuo/wotkY C8ZfgvLRaFBxVDG6Pc5i1C9Ya8uKHzgcKYz3u+k+aMs+YiK7jP3yPq3QIG9RG/e0Ww0MQfw0k6Hl2 Dr83O/yPMNZrNbk8tLb8J4AdN9E5ZKzVnlQ2M7HTsJQBbyNqpeitrrYuMC0VaVQEDJ3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] arm/efi: Handle Xen bootargs from both xen.cfg and DT Message-Id: Date: Fri, 11 Mar 2022 22:55:22 +0000 commit cfd29b83a26f35f49f074f06169ce4cadfdebf0d Author: Luca Fancellu AuthorDate: Mon Dec 13 11:48:54 2021 +0000 Commit: Stefano Stabellini CommitDate: Thu Mar 10 09:41:53 2022 -0800 arm/efi: Handle Xen bootargs from both xen.cfg and DT Currently the Xen UEFI stub can accept Xen boot arguments from the Xen configuration file using the "options=" keyword, but also directly from the device tree specifying xen,xen-bootargs property. When the configuration file is used, device tree boot arguments are ignored and overwritten even if the keyword "options=" is not used. This patch handle this case, so if the Xen configuration file is not specifying boot arguments, the device tree boot arguments will be used, if they are present. Signed-off-by: Luca Fancellu Reviewed-by: Stefano Stabellini (cherry picked from commit f3999bc2e099c571e4583bff8f494b834b2f5f76) --- docs/misc/efi.pandoc | 4 ++++ xen/arch/arm/efi/efi-boot.h | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/docs/misc/efi.pandoc b/docs/misc/efi.pandoc index abafb34527..71fdc316b6 100644 --- a/docs/misc/efi.pandoc +++ b/docs/misc/efi.pandoc @@ -249,6 +249,10 @@ UEFI stub for module loading. When adding DomU modules to device tree, also add the property xen,uefi-cfg-load under chosen for Xen to load the Xen config file. Otherwise, Xen will skip the config file and rely on device tree alone. +When using the Xen configuration file in conjunction with the device tree, you +can specify the Xen boot arguments in the configuration file with the "options=" +keyword or in the device tree with the "xen,xen-bootargs" property, but be +aware that the Xen configuration file value has a precedence over the DT value. Example 1 of how to boot a true dom0less configuration: diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index 458cfbbed4..9f26798239 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -514,11 +514,26 @@ static void __init efi_arch_handle_cmdline(CHAR16 *image_name, if ( cfgfile_options ) { + PrintMessage(L"Using bootargs from Xen configuration file."); prop_len += snprintf(buf + prop_len, EFI_PAGE_SIZE - prop_len, " %s", cfgfile_options); if ( prop_len >= EFI_PAGE_SIZE ) blexit(L"FDT string overflow"); } + else + { + /* Get xen,xen-bootargs in /chosen if it is specified */ + const char *dt_bootargs_prop = fdt_getprop(fdt, chosen, + "xen,xen-bootargs", NULL); + if ( dt_bootargs_prop ) + { + PrintMessage(L"Using bootargs from device tree."); + prop_len += snprintf(buf + prop_len, EFI_PAGE_SIZE - prop_len, + " %s", dt_bootargs_prop); + if ( prop_len >= EFI_PAGE_SIZE ) + blexit(L"FDT string overflow"); + } + } if ( cmdline_options ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Sat Mar 12 17:00:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 12 Mar 2022 17:00:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289477.491027 (Exim 4.92) (envelope-from ) id 1nT564-0002Fv-1z; Sat, 12 Mar 2022 17:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289477.491027; Sat, 12 Mar 2022 17:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT563-0002Fn-Us; Sat, 12 Mar 2022 17:00:03 +0000 Received: by outflank-mailman (input) for mailman id 289477; Sat, 12 Mar 2022 17:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT562-00024G-Lx for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT562-0006z0-G4 for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nT562-0001Yb-Cu for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ngHk9H78XnbME+oKhKsOUg8OrhGXwZp9/o4JoUyQiJI=; b=MI/qJzzu1O/cU5BFe2aFaZOYdq BdjTaIugkans/ndR3xWgzgUSuBG2yfFRxmQowUrxYuAVBavNSwJTb4kdvJjcJ9gcaG85/br1grJ1e ZIsq5OMqZw4qyAhrQLXXYd/uH6Ou0sj4KNRJO8VyDZrm3ILIACEg1BTj5k6eY+Yydfq4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Sat, 12 Mar 2022 17:00:02 +0000 commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346 Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 003222c0f1..99089f77a7 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -187,16 +187,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 751a9efcaf..1dd0c9aad8 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 12 17:00:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 12 Mar 2022 17:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289478.491032 (Exim 4.92) (envelope-from ) id 1nT56E-0002mF-3P; Sat, 12 Mar 2022 17:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289478.491032; Sat, 12 Mar 2022 17:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56E-0002m7-0P; Sat, 12 Mar 2022 17:00:14 +0000 Received: by outflank-mailman (input) for mailman id 289478; Sat, 12 Mar 2022 17:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56C-0002lw-KC for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56C-00070v-JO for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nT56C-0001at-IV for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Hfuo6BSLxKGQzPEOux8SdfJ6lyp5Qis+itaG+OPokb4=; b=DYBEdKA0ZJC+qxrk2YBoYFNZ7K 2ncXMANg3SMcI5EpGs6wQCJE4fUQMnQ74bTbMOBJgXvjlf40k2iB0l37dpUhj/k6bRHtBWt7hwOjw 3f3DJHEW3jma9s9Dj3MceZqdn6/30zivF/q4DXdn2s2pKa5wo3BPOXN+yulmaTPT2/Ak=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/build: put image header into a separate section Message-Id: Date: Sat, 12 Mar 2022 17:00:12 +0000 commit 4267a33b19d43c988fd4535093c426aa2aec70a1 Author: Roger Pau Monne AuthorDate: Wed Mar 9 13:28:45 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 xen/build: put image header into a separate section So it can be explicitly placed ahead of the rest of the .text content in the linker script (and thus the resulting image). This is a prerequisite for further work that will add a catch-all to the text section (.text.*). Note that placement of the sections inside of .text is also slightly adjusted to be more similar to the position found in the default GNU ld linker script. The special handling of the object file containing the header data as the first object file passed to the linker command line can also be removed. While there also remove the special handling of efi/ on x86. There's no need for the resulting object file to be passed in any special order to the linker. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/arch.mk | 2 -- xen/arch/arm/arm32/Makefile | 3 +-- xen/arch/arm/arm32/head.S | 1 + xen/arch/arm/arm64/Makefile | 3 +-- xen/arch/arm/arm64/head.S | 1 + xen/arch/arm/xen.lds.S | 8 ++++++-- xen/arch/x86/Makefile | 5 ++--- xen/arch/x86/arch.mk | 2 -- xen/arch/x86/boot/head.S | 2 +- xen/arch/x86/xen.lds.S | 11 +++++++---- 10 files changed, 20 insertions(+), 18 deletions(-) diff --git a/xen/arch/arm/arch.mk b/xen/arch/arm/arch.mk index 094b670723..58db76c4e1 100644 --- a/xen/arch/arm/arch.mk +++ b/xen/arch/arm/arch.mk @@ -23,5 +23,3 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) LDFLAGS += --fix-cortex-a53-843419 endif endif - -ALL_OBJS-y := arch/arm/$(TARGET_SUBARCH)/head.o $(ALL_OBJS-y) diff --git a/xen/arch/arm/arm32/Makefile b/xen/arch/arm/arm32/Makefile index 3040eabce3..520fb42054 100644 --- a/xen/arch/arm/arm32/Makefile +++ b/xen/arch/arm/arm32/Makefile @@ -4,11 +4,10 @@ obj-$(CONFIG_EARLY_PRINTK) += debug.o obj-y += domctl.o obj-y += domain.o obj-y += entry.o +obj-y += head.o obj-y += insn.o obj-$(CONFIG_LIVEPATCH) += livepatch.o obj-y += proc-v7.o proc-caxx.o obj-y += smpboot.o obj-y += traps.o obj-y += vfp.o - -extra-y += head.o diff --git a/xen/arch/arm/arm32/head.S b/xen/arch/arm/arm32/head.S index 7a906167ef..c837d3054c 100644 --- a/xen/arch/arm/arm32/head.S +++ b/xen/arch/arm/arm32/head.S @@ -120,6 +120,7 @@ #endif /* !CONFIG_EARLY_PRINTK */ + .section .text.header, "ax", %progbits .arm /* diff --git a/xen/arch/arm/arm64/Makefile b/xen/arch/arm/arm64/Makefile index baa87655fa..6d507da0d4 100644 --- a/xen/arch/arm/arm64/Makefile +++ b/xen/arch/arm/arm64/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_EARLY_PRINTK) += debug.o obj-y += domctl.o obj-y += domain.o obj-y += entry.o +obj-y += head.o obj-y += insn.o obj-$(CONFIG_LIVEPATCH) += livepatch.o obj-y += smc.o @@ -14,5 +15,3 @@ obj-y += smpboot.o obj-y += traps.o obj-y += vfp.o obj-y += vsysreg.o - -extra-y += head.o diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 66d862fc81..e62c48ec1c 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -133,6 +133,7 @@ add \xb, \xb, x20 .endm + .section .text.header, "ax", %progbits /*.aarch64*/ /* diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 08016948ab..743455a5f9 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -30,9 +30,13 @@ SECTIONS _start = .; .text : { _stext = .; /* Text section */ - *(.text) + *(.text.header) + *(.text.cold) - *(.text.unlikely) + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + + *(.text) + *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9c40e0b4d7..04065a7310 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -1,5 +1,7 @@ obj-y += acpi/ +obj-y += boot/ obj-y += cpu/ +obj-y += efi/ obj-y += genapic/ obj-$(CONFIG_GUEST) += guest/ obj-$(CONFIG_HVM) += hvm/ @@ -77,9 +79,6 @@ obj-$(CONFIG_COMPAT) += x86_64/platform_hypercall.o obj-y += sysctl.o endif -# Allows "clean" to descend into boot/ -subdir- += boot - extra-y += asm-macros.i extra-y += xen.lds diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 8e57476d65..c90e56aeab 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -117,5 +117,3 @@ endif # Set up the assembler include path properly for older toolchains. CFLAGS += -Wa,-I$(srctree)/include - -ALL_OBJS-y := arch/x86/boot/built_in.o arch/x86/efi/built_in.o $(ALL_OBJS-y) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index dd1bea0d10..92d73345f0 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -9,7 +9,7 @@ #include #include - .text + .section .text.header, "ax", @progbits .code32 #define sym_offs(sym) ((sym) - __XEN_VIRT_START) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 506bc8e404..960c51eb4c 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -73,9 +73,7 @@ SECTIONS _start = .; DECL_SECTION(.text) { _stext = .; /* Text and read-only data */ - *(.text) - *(.text.__x86_indirect_thunk_*) - *(.text.page_aligned) + *(.text.header) . = ALIGN(PAGE_SIZE); _stextentry = .; @@ -87,7 +85,12 @@ SECTIONS kexec_reloc_end = .; *(.text.cold) - *(.text.unlikely) + *(.text.unlikely .text.*_unlikely .text.unlikely.*) + + *(.text) + *(.text.__x86_indirect_thunk_*) + *(.text.page_aligned) + *(.fixup) *(.gnu.warning) _etext = .; /* End of text section */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 12 17:00:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 12 Mar 2022 17:00:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.289479.491037 (Exim 4.92) (envelope-from ) id 1nT56O-0002om-6E; Sat, 12 Mar 2022 17:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 289479.491037; Sat, 12 Mar 2022 17:00:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56O-0002oX-1w; Sat, 12 Mar 2022 17:00:24 +0000 Received: by outflank-mailman (input) for mailman id 289479; Sat, 12 Mar 2022 17:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56M-0002oL-NE for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nT56M-00071D-MY for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nT56M-0001bh-LZ for xen-changelog@lists.xenproject.org; Sat, 12 Mar 2022 17:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2xGufVwHneOZjJpXMPNCNQyEl82dmCVVDR8HBh7Jrr8=; b=botmb5VyMAfSh6ydRPfevOL70y SdtJLyzbyVTgJ5m0WCPuU9VFTQdZ+QixIlAdZe+jtck6+g0LtAWqdbgBwQWbSnrIxGiIOe57PmK5r QCDmR5AWTDf/gJYAymSE8zWmK1Gj2z+FCmPBWLRRsGvRONBL5g0uMtE+PPzIsr6E1/GU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: set -f{function,data}-sections compiler option Message-Id: Date: Sat, 12 Mar 2022 17:00:22 +0000 commit 6ff9a7e62b8c43fe3e9d360fbd49d5854787bc39 Author: Roger Pau Monne AuthorDate: Wed Mar 9 13:28:46 2022 +0100 Commit: Andrew Cooper CommitDate: Thu Mar 10 18:47:55 2022 +0000 livepatch: set -f{function,data}-sections compiler option If livepatching support is enabled build the hypervisor with -f{function,data}-sections compiler options, which is required by the livepatching tools to detect changes and create livepatches. This shouldn't result in any functional change on the hypervisor binary image, but does however require some changes in the linker script in order to handle that each function and data item will now be placed into its own section in object files. As a result add catch-all for .text, .data and .bss in order to merge each individual item section into the final image. The main difference will be that .text.startup will end up being part of .text rather than .init, and thus won't be freed. .text.exit will also be part of .text rather than dropped. Overall this could make the image bigger, and package some .text code in a sub-optimal way. On Arm the .data.read_mostly needs to be moved ahead of the .data section like it's already done on x86, so the .data.* catch-all doesn't also include .data.read_mostly. The alignment of .data.read_mostly also needs to be set to PAGE_SIZE so it doesn't end up being placed at the tail of a read-only page from the previous section. While there move the alignment of the .data section ahead of the section declaration, like it's done for other sections. The benefit of having CONFIG_LIVEPATCH enable those compiler option is that the livepatch build tools no longer need to fiddle with the build system in order to enable them. Note the current livepatch tools are broken after the recent build changes due to the way they attempt to set -f{function,data}-sections. Signed-off-by: Roger Pau Monné Acked-by: Julien Grall Reviewed-by: Jan Beulich --- xen/Kconfig | 4 ++++ xen/Makefile | 2 ++ xen/arch/arm/xen.lds.S | 41 +++++++++++++++++++++-------------------- xen/arch/x86/xen.lds.S | 11 ++++++----- xen/common/Kconfig | 1 + 5 files changed, 34 insertions(+), 25 deletions(-) diff --git a/xen/Kconfig b/xen/Kconfig index bcbd2758e5..d134397a0b 100644 --- a/xen/Kconfig +++ b/xen/Kconfig @@ -27,6 +27,10 @@ config CLANG_VERSION config CC_HAS_VISIBILITY_ATTRIBUTE def_bool $(cc-option,-fvisibility=hidden) +# Use -f{function,data}-sections compiler parameters +config CC_SPLIT_SECTIONS + bool + source "arch/$(SRCARCH)/Kconfig" config DEFCONFIG_LIST diff --git a/xen/Makefile b/xen/Makefile index 5c21492d6f..18a4f7e101 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -273,6 +273,8 @@ else CFLAGS += -fomit-frame-pointer endif +CFLAGS-$(CONFIG_CC_SPLIT_SECTIONS) += -ffunction-sections -fdata-sections + CFLAGS += -nostdinc -fno-builtin -fno-common CFLAGS += -Werror -Wredundant-decls -Wno-pointer-arith $(call cc-option-add,CFLAGS,CC,-Wvla) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 743455a5f9..7921d8fa28 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -36,6 +36,9 @@ SECTIONS *(.text.unlikely .text.*_unlikely .text.unlikely.*) *(.text) +#ifdef CONFIG_CC_SPLIT_SECTIONS + *(.text.*) +#endif *(.fixup) *(.gnu.warning) @@ -82,10 +85,24 @@ SECTIONS #endif _erodata = .; /* End of read-only data */ + . = ALIGN(PAGE_SIZE); + .data.read_mostly : { + /* Exception table */ + __start___ex_table = .; + *(.ex_table) + __stop___ex_table = .; + + /* Pre-exception table */ + __start___pre_ex_table = .; + *(.ex_table.pre) + __stop___pre_ex_table = .; + + *(.data.read_mostly) + } :text + + . = ALIGN(SMP_CACHE_BYTES); .data : { /* Data */ - . = ALIGN(PAGE_SIZE); *(.data.page_aligned) - *(.data) . = ALIGN(8); __start_schedulers_array = .; *(.data.schedulers) @@ -98,26 +115,10 @@ SECTIONS __paramhypfs_end = .; #endif - *(.data.rel) - *(.data.rel.*) + *(.data .data.*) CONSTRUCTORS } :text - . = ALIGN(SMP_CACHE_BYTES); - .data.read_mostly : { - /* Exception table */ - __start___ex_table = .; - *(.ex_table) - __stop___ex_table = .; - - /* Pre-exception table */ - __start___pre_ex_table = .; - *(.ex_table.pre) - __stop___pre_ex_table = .; - - *(.data.read_mostly) - } :text - . = ALIGN(8); .arch.info : { _splatform = .; @@ -211,7 +212,7 @@ SECTIONS *(.bss.percpu.read_mostly) . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; - *(.bss) + *(.bss .bss.*) . = ALIGN(POINTER_ALIGN); __bss_end = .; } :text diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 960c51eb4c..4103763f63 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -87,9 +87,12 @@ SECTIONS *(.text.cold) *(.text.unlikely .text.*_unlikely .text.unlikely.*) + *(.text.page_aligned) *(.text) +#ifdef CONFIG_CC_SPLIT_SECTIONS + *(.text.*) +#endif *(.text.__x86_indirect_thunk_*) - *(.text.page_aligned) *(.fixup) *(.gnu.warning) @@ -292,9 +295,7 @@ SECTIONS DECL_SECTION(.data) { *(.data.page_aligned) - *(.data) - *(.data.rel) - *(.data.rel.*) + *(.data .data.*) } PHDR(text) DECL_SECTION(.bss) { @@ -309,7 +310,7 @@ SECTIONS *(.bss.percpu.read_mostly) . = ALIGN(SMP_CACHE_BYTES); __per_cpu_data_end = .; - *(.bss) + *(.bss .bss.*) . = ALIGN(POINTER_ALIGN); __bss_end = .; } PHDR(text) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6443943889..d921c74d61 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -354,6 +354,7 @@ config LIVEPATCH bool "Live patching support" default X86 depends on "$(XEN_HAS_BUILD_ID)" = "y" + select CC_SPLIT_SECTIONS ---help--- Allows a running Xen hypervisor to be dynamically patched using binary patches without rebooting. This is primarily used to binarily -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 09:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 09:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290084.491964 (Exim 4.92) (envelope-from ) id 1nThFG-00062R-8Y; Mon, 14 Mar 2022 09:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290084.491964; Mon, 14 Mar 2022 09:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFG-00062I-5L; Mon, 14 Mar 2022 09:44:06 +0000 Received: by outflank-mailman (input) for mailman id 290084; Mon, 14 Mar 2022 09:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFE-00062C-BN for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFE-0000rN-7r for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nThFE-0002jn-6g for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yNkLRDwn8tbpi72o8wsooioYGAuIfTRUmtLu8sVBTi8=; b=sNNTixS5BoMVzxAKFLoCKptfhg FQ/ll2RyjewgDWzQyiWq6mPwGo8ncMPJFiLwRiyA6oyZ7fdeh3rOsKn+5GRcfCsGCjN5QSpofHwPc 3F2n+2GHP92Ab74bHRYeoZHcauweS4vQ7m7XAu5kIPXraFiIGfdlVvcTbdZ+2IJQdVNg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/time: further improve TSC / CPU freq calibration accuracy Message-Id: Date: Mon, 14 Mar 2022 09:44:04 +0000 commit 23658e823238742dc5a17a0bac9f38c997dedd55 Author: Jan Beulich AuthorDate: Mon Mar 14 10:27:57 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:27:57 2022 +0100 x86/time: further improve TSC / CPU freq calibration accuracy Calibration logic assumes that the platform timer (HPET or ACPI PM timer) and the TSC are read at about the same time. This assumption may not hold when a long latency event (e.g. SMI or NMI) occurs between the two reads. Reduce the risk of reading uncorrelated values by doing at least four pairs of reads, using the tuple where the delta between the enclosing TSC reads was smallest. From the fourth iteration onwards bail if the new TSC delta isn't better (smaller) than the best earlier one. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/time.c | 65 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c840f45535..c549daadcc 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -289,9 +289,47 @@ static char *freq_string(u64 freq) return s; } -static uint64_t adjust_elapsed(uint64_t elapsed, uint32_t actual, - uint32_t target) +static uint32_t __init read_pt_and_tsc(uint64_t *tsc, + const struct platform_timesource *pts) { + uint64_t tsc_prev = *tsc = rdtsc_ordered(), tsc_min = ~0; + uint32_t best = best; + unsigned int i; + + for ( i = 0; ; ++i ) + { + uint32_t pt = pts->read_counter(); + uint64_t tsc_cur = rdtsc_ordered(); + uint64_t tsc_delta = tsc_cur - tsc_prev; + + if ( tsc_delta < tsc_min ) + { + tsc_min = tsc_delta; + *tsc = tsc_cur; + best = pt; + } + else if ( i > 2 ) + break; + + tsc_prev = tsc_cur; + } + + return best; +} + +static uint64_t __init calibrate_tsc(const struct platform_timesource *pts) +{ + uint64_t start, end, elapsed; + unsigned int count = read_pt_and_tsc(&start, pts); + unsigned int target = CALIBRATE_VALUE(pts->frequency), actual; + unsigned int mask = (uint32_t)~0 >> (32 - pts->counter_bits); + + while ( ((pts->read_counter() - count) & mask) < target ) + continue; + + actual = (read_pt_and_tsc(&end, pts) - count) & mask; + elapsed = end - start; + if ( likely(actual > target) ) { /* @@ -397,8 +435,7 @@ static u64 cf_check read_hpet_count(void) static int64_t __init cf_check init_hpet(struct platform_timesource *pts) { - uint64_t hpet_rate, start; - uint32_t count, target, elapsed; + uint64_t hpet_rate; /* * Allow HPET to be setup, but report a frequency of 0 so it's not selected * as a timer source. This is required so it can be used in legacy @@ -469,13 +506,7 @@ static int64_t __init cf_check init_hpet(struct platform_timesource *pts) pts->frequency = hpet_rate; - count = hpet_read32(HPET_COUNTER); - start = rdtsc_ordered(); - target = CALIBRATE_VALUE(hpet_rate); - while ( (elapsed = hpet_read32(HPET_COUNTER) - count) < target ) - continue; - - return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); + return calibrate_tsc(pts); } static void cf_check resume_hpet(struct platform_timesource *pts) @@ -510,22 +541,12 @@ static u64 cf_check read_pmtimer_count(void) static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) { - uint64_t start; - uint32_t count, target, mask, elapsed; - if ( !pmtmr_ioport || (pmtmr_width != 24 && pmtmr_width != 32) ) return 0; pts->counter_bits = pmtmr_width; - mask = 0xffffffff >> (32 - pmtmr_width); - - count = inl(pmtmr_ioport); - start = rdtsc_ordered(); - target = CALIBRATE_VALUE(ACPI_PM_FREQUENCY); - while ( (elapsed = (inl(pmtmr_ioport) - count) & mask) < target ) - continue; - return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); + return calibrate_tsc(pts); } static struct platform_timesource __initdata_cf_clobber plt_pmtimer = -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 09:44:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 09:44:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290085.491968 (Exim 4.92) (envelope-from ) id 1nThFQ-00064Z-9r; Mon, 14 Mar 2022 09:44:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290085.491968; Mon, 14 Mar 2022 09:44:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFQ-00064S-70; Mon, 14 Mar 2022 09:44:16 +0000 Received: by outflank-mailman (input) for mailman id 290085; Mon, 14 Mar 2022 09:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFO-00064D-C6 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFO-0000rR-BH for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nThFO-0002kO-AM for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LpJES0HFVLQbVEMj13+b0D1QYG/4qhDJCwqGtZXEEJ0=; b=ddufEdqE/kAhB/xQt1ewRJXgLF QgsI+V8y8tryQvIFSvEPqeBJL6nESAoFK0kccAGHiVxC8tMKHjm+Q+gq/KlVJxCHRvA64oATMFmiD y2CVvbFjIOVOM8AeIckJ/6yt4sqQBRVkxT6hsrvs2EqcCjLUxNx5hJkZ9GqKkkRYu2Oo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vmx: remove dead code to create domains without a vLAPIC Message-Id: Date: Mon, 14 Mar 2022 09:44:14 +0000 commit 3f809886988767fff46f440f4fc6d252fb586ace Author: Roger Pau Monné AuthorDate: Mon Mar 14 10:29:24 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:29:24 2022 +0100 x86/vmx: remove dead code to create domains without a vLAPIC After the removal of PVHv1 it's no longer supported to create a domain using hardware virtualization extensions and without a local APIC: PVHv2 mandates domains to always have a LAPIC. Remove some stale code in VMCS construction and related helpers that catered for that use-case. No functional change. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/hvm/vmx/vmcs.c | 14 -------------- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index e1e1fa14e6..56fed2db03 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1123,20 +1123,6 @@ static int construct_vmcs(struct vcpu *v) /* Do not enable Monitor Trap Flag unless start single step debug */ v->arch.hvm.vmx.exec_control &= ~CPU_BASED_MONITOR_TRAP_FLAG; - if ( !has_vlapic(d) ) - { - /* Disable virtual apics, TPR */ - v->arch.hvm.vmx.secondary_exec_control &= - ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES - | SECONDARY_EXEC_APIC_REGISTER_VIRT - | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); - v->arch.hvm.vmx.exec_control &= ~CPU_BASED_TPR_SHADOW; - - /* In turn, disable posted interrupts. */ - __vmwrite(PIN_BASED_VM_EXEC_CONTROL, - vmx_pin_based_exec_control & ~PIN_BASED_POSTED_INTERRUPT); - } - vmx_update_cpu_exec_control(v); __vmwrite(VM_EXIT_CONTROLS, vmexit_ctl); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c075370f64..af9ee7cebb 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -421,7 +421,7 @@ static void cf_check domain_creation_finished(struct domain *d) gfn_t gfn = gaddr_to_gfn(APIC_DEFAULT_PHYS_BASE); bool ipat; - if ( !has_vlapic(d) || mfn_eq(apic_access_mfn, INVALID_MFN) ) + if ( mfn_eq(apic_access_mfn, INVALID_MFN) ) return; ASSERT(epte_get_entry_emt(d, gfn, apic_access_mfn, 0, &ipat, @@ -3328,7 +3328,7 @@ static void vmx_install_vlapic_mapping(struct vcpu *v) { paddr_t virt_page_ma, apic_page_ma; - if ( !has_vlapic(v->domain) || mfn_eq(apic_access_mfn, INVALID_MFN) ) + if ( mfn_eq(apic_access_mfn, INVALID_MFN) ) return; ASSERT(cpu_has_vmx_virtualize_apic_accesses); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 09:44:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 09:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290086.491972 (Exim 4.92) (envelope-from ) id 1nThFa-00067G-BU; Mon, 14 Mar 2022 09:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290086.491972; Mon, 14 Mar 2022 09:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFa-000678-8f; Mon, 14 Mar 2022 09:44:26 +0000 Received: by outflank-mailman (input) for mailman id 290086; Mon, 14 Mar 2022 09:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFY-00066i-FF for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFY-0000s7-EX for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nThFY-0002l5-DZ for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Iauv3XAcrBcbO2XY8j3SIrqNOjlzknqb8GdnUa5Yl4k=; b=P1kYMwLcLOt552Hd9mP9Sbfsem yweRmxvdII0nTRS1hTCJ+z9X6ZxX/TV2QVu8ZbpqD5WeyiaHBpM5duG3xtMh/4puPffjpNSiSTsnu 2fhtLQAGM61U+dn1h5e2SWo2BCXN4BJiF0ZarOWsTsv+1i4vRbqBfKpHvKvu9rCtzqeQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] pci/ats: do not allow broken devices to be assigned to guests Message-Id: Date: Mon, 14 Mar 2022 09:44:24 +0000 commit 7b4b36fcbabaa616b301edce8491ebbe002a71f3 Author: Roger Pau Monné AuthorDate: Mon Mar 14 10:30:02 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:30:02 2022 +0100 pci/ats: do not allow broken devices to be assigned to guests Introduce a new field to mark devices as broken: having it set prevents the device from being assigned to guests. Use the field in order to mark ATS devices that have failed a flush when using VT-d as broken, thus preventing them to be assigned to any guest. This allows the device IOMMU context entry to be cleaned up properly, as calling _pci_hide_device will just change the ownership of the device, but the IOMMU context entry of the device would be left as-is. It would also leak a VT-d Domain ID if using one, as removing the device from its previous owner will allow releasing the IOMMU DID used by the device without having cleaned up the context entry. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/pci.c | 11 +++++++---- xen/drivers/passthrough/vtd/qinval.c | 8 +++++++- xen/include/xen/pci.h | 3 +++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 22cb3872c2..c6d99af5d4 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -501,7 +501,7 @@ static void free_pdev(struct pci_seg *pseg, struct pci_dev *pdev) xfree(pdev); } -static void _pci_hide_device(struct pci_dev *pdev) +static void __init _pci_hide_device(struct pci_dev *pdev) { if ( pdev->domain ) return; @@ -1489,6 +1489,11 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) ASSERT(pdev && (pdev->domain == hardware_domain || pdev->domain == dom_io)); + /* Do not allow broken devices to be assigned to guests. */ + rc = -EBADF; + if ( pdev->broken && d != hardware_domain && d != dom_io ) + goto done; + rc = pdev_msix_assign(d, pdev); if ( rc ) goto done; @@ -1587,9 +1592,7 @@ void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev) return; } - list_del(&pdev->domain_list); - pdev->domain = NULL; - _pci_hide_device(pdev); + pdev->broken = true; if ( !d->is_shutting_down && printk_ratelimit() ) printk(XENLOG_ERR "dom%d: ATS device %pp flush failed\n", diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index beeb65f0de..6a1c6bd7a9 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -227,7 +227,7 @@ static int __must_check dev_invalidate_sync(struct vtd_iommu *iommu, ASSERT(iommu->qinval_maddr); rc = queue_invalidate_wait(iommu, 0, 1, 1, 1); - if ( rc == -ETIMEDOUT ) + if ( rc == -ETIMEDOUT && !pdev->broken ) { struct domain *d = rcu_lock_domain_by_id(did_to_domain_id(iommu, did)); @@ -241,6 +241,12 @@ static int __must_check dev_invalidate_sync(struct vtd_iommu *iommu, iommu_dev_iotlb_flush_timeout(d, pdev); rcu_unlock_domain(d); } + else if ( rc == -ETIMEDOUT ) + /* + * The device is already marked as broken, ignore the error in order to + * allow {de,}assign to succeed. + */ + rc = 0; return rc; } diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h index b6d7e454f8..02b31f7259 100644 --- a/xen/include/xen/pci.h +++ b/xen/include/xen/pci.h @@ -108,6 +108,9 @@ struct pci_dev { /* Device with errata, ignore the BARs. */ bool ignore_bars; + /* Device misbehaving, prevent assigning it to guests. */ + bool broken; + enum pdev_type { DEV_TYPE_PCI_UNKNOWN, DEV_TYPE_PCIe_ENDPOINT, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 09:44:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 09:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290087.491975 (Exim 4.92) (envelope-from ) id 1nThFk-0006Bn-D2; Mon, 14 Mar 2022 09:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290087.491975; Mon, 14 Mar 2022 09:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFk-0006Bf-AB; Mon, 14 Mar 2022 09:44:36 +0000 Received: by outflank-mailman (input) for mailman id 290087; Mon, 14 Mar 2022 09:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFi-0006BW-Ig for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFi-0000sI-Hq for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nThFi-0002lZ-Gx for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=w7sZb+/8WSyVIhGv+tjvu63owq5rV0SvUdAdONthsIM=; b=2B8GhylXLJe+77MigHgHfacbQ7 LfHTuxsRvFf4xCYnMiKTkM3ubFRavc/9v/p0Fu/V8CRb9nIkWNCXOPt/P3fxOibPEMe9MqUmmZlkg W+0Ny5hcf2/7CJpQg87KPA5mLVFWBqIZIOTY/aQNHAyNrWpp3yCybafBHjylKj6yKAQE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] IOMMU/x86: tidy adjust_irq_affinities hook Message-Id: Date: Mon, 14 Mar 2022 09:44:34 +0000 commit e2589ef65283f475b3c980020a2d1d79ab593d65 Author: Jan Beulich AuthorDate: Mon Mar 14 10:32:40 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:32:40 2022 +0100 IOMMU/x86: tidy adjust_irq_affinities hook As of 3e56754b0887 ("xen/cet: Fix __initconst_cf_clobber") there's no need for a non-void return value anymore, as the hook functions are no longer themselves passed to __initcall(). For the same reason the iommu_enabled checks can now move from the individual functions to the wrapper. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Kevin Tian --- xen/arch/x86/include/asm/iommu.h | 7 +++---- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 7 +------ xen/drivers/passthrough/vtd/iommu.c | 7 +------ xen/drivers/passthrough/x86/iommu.c | 4 +++- xen/include/xen/iommu.h | 2 +- 6 files changed, 10 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index d38c334087..e3484ca023 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -101,11 +101,10 @@ void iommu_update_ire_from_apic(unsigned int apic, unsigned int reg, unsigned in unsigned int iommu_read_apic_from_ire(unsigned int apic, unsigned int reg); int iommu_setup_hpet_msi(struct msi_desc *); -static inline int iommu_adjust_irq_affinities(void) +static inline void iommu_adjust_irq_affinities(void) { - return iommu_ops.adjust_irq_affinities - ? iommu_call(&iommu_ops, adjust_irq_affinities) - : 0; + if ( iommu_enabled && iommu_ops.adjust_irq_affinities ) + iommu_vcall(&iommu_ops, adjust_irq_affinities); } static inline bool iommu_supports_x2apic(void) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 03811fedea..0665deeab5 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -234,7 +234,7 @@ int amd_iommu_prepare(bool xt); int amd_iommu_init(bool xt); int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int cf_check iov_adjust_irq_affinities(void); +void cf_check iov_adjust_irq_affinities(void); int cf_check amd_iommu_quarantine_init(struct domain *d); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 2e5bffa732..c7a49a4fdb 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -809,13 +809,10 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) return 1; } -int cf_check iov_adjust_irq_affinities(void) +void cf_check iov_adjust_irq_affinities(void) { const struct amd_iommu *iommu; - if ( !iommu_enabled ) - return 0; - for_each_amd_iommu ( iommu ) { struct irq_desc *desc = irq_to_desc(iommu->msi.irq); @@ -828,8 +825,6 @@ int cf_check iov_adjust_irq_affinities(void) set_msi_affinity(desc, NULL); spin_unlock_irqrestore(&desc->lock, flags); } - - return 0; } /* diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f70d515806..82b485e7d4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2107,17 +2107,12 @@ static void adjust_irq_affinity(struct acpi_drhd_unit *drhd) spin_unlock_irqrestore(&desc->lock, flags); } -static int cf_check adjust_vtd_irq_affinities(void) +static void cf_check adjust_vtd_irq_affinities(void) { struct acpi_drhd_unit *drhd; - if ( !iommu_enabled ) - return 0; - for_each_drhd_unit ( drhd ) adjust_irq_affinity(drhd); - - return 0; } static int __must_check init_vtd_hw(bool resume) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 57c7b26c1a..65a622f26d 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -464,7 +464,9 @@ bool arch_iommu_use_permitted(const struct domain *d) static int __init cf_check adjust_irq_affinities(void) { - return iommu_adjust_irq_affinities(); + iommu_adjust_irq_affinities(); + + return 0; } __initcall(adjust_irq_affinities); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index b18e7760a2..e4d526052d 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -267,7 +267,7 @@ struct iommu_ops { int (*setup_hpet_msi)(struct msi_desc *); - int (*adjust_irq_affinities)(void); + void (*adjust_irq_affinities)(void); void (*clear_root_pgtable)(struct domain *d); int (*update_ire_from_msi)(struct msi_desc *msi_desc, struct msi_msg *msg); #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 09:44:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 09:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290088.491980 (Exim 4.92) (envelope-from ) id 1nThFu-0006FB-FN; Mon, 14 Mar 2022 09:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290088.491980; Mon, 14 Mar 2022 09:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFu-0006F3-BZ; Mon, 14 Mar 2022 09:44:46 +0000 Received: by outflank-mailman (input) for mailman id 290088; Mon, 14 Mar 2022 09:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFs-0006Eo-Ly for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nThFs-0000sU-L5 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nThFs-0002m7-Jv for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 09:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0O9bMSplLVJe7V0PAfMYwSl0rlWpol35uJFbhpiQ6yA=; b=oKBbkri2NI48UCvhjAqvpJ82NE bbUP0OBsmKDvzuRSTTeNQnSYUM1kKo2+h7ug+ALpf6p2kic4vPF62JbHYKVrydwaXqs2lKtpp369E rn8/bEfvMURm5TWzic9u5Y9dRuIR7WEPZS9bsd2exQ42eKOXCncbN2TtqOMksGL43T58=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/build: use --orphan-handling linker option if available Message-Id: Date: Mon, 14 Mar 2022 09:44:44 +0000 commit dedb0aa42c6d1ee31805dfc61630db2c41117330 Author: Jan Beulich AuthorDate: Mon Mar 14 10:33:35 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:33:35 2022 +0100 x86/build: use --orphan-handling linker option if available As was e.g. making necessary 4b7fd8153ddf ("x86: fold sections in final binaries"), arbitrary sections appearing without our linker script placing them explicitly can be a problem. Have the linker make us aware of such sections, so we would know that the script needs adjusting. To deal with the resulting warnings: - Retain .note.* explicitly for ELF, and discard all of them (except the earlier consumed .note.gnu.build-id) for PE/COFF. - Have explicit statements for .got, .plt, and alike and add assertions that they're empty. No output sections will be created for these as long as they remain empty (or else the assertions would cause early failure anyway). - Collect all .rela.* into a single section, with again an assertion added for the resulting section to be empty. - Extend the enumerating of .debug_* to ELF. Note that for Clang adding of .debug_macinfo is necessary. Amend this by its Dwarf5 counterpart, .debug_macro, then as well (albeit more may need adding for full coverage). - For LLVM ld also enumerate .symtab, .strtab, and .shstrtab. Suggested-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/Makefile | 6 +- xen/arch/x86/xen.lds.S | 168 +++++++++++++++++++++++++++++-------------------- 2 files changed, 105 insertions(+), 69 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 04065a7310..b6b082ee1d 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -119,6 +119,8 @@ syms-warn-dup-y := --warn-dup syms-warn-dup-$(CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS) := syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) := --error-dup +orphan-handling-$(call ld-option,--orphan-handling=warn) += --orphan-handling=warn + $(TARGET): TMP = $(@D)/.$(@F).elf32 $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ @@ -145,7 +147,7 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ - $(@D)/.$(@F).1.o -o $@ + $(orphan-handling-y) $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map @@ -219,7 +221,7 @@ endif | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ - $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ + $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(orphan-handling-y) $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 4103763f63..7aa1f82df9 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -12,6 +12,13 @@ #undef __XEN_VIRT_START #define __XEN_VIRT_START __image_base__ #define DECL_SECTION(x) x : +/* + * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld + * for PE output, in order to record that we'd prefer these sections to not + * be loaded into memory. + */ +#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } +#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } ENTRY(efi_start) @@ -19,6 +26,8 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define DECL_SECTION(x) #x : AT(ADDR(#x) - __XEN_VIRT_START) +#define DECL_DEBUG(x, a) #x 0 : { *(x) } +#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } ENTRY(start_pa) @@ -158,6 +167,10 @@ SECTIONS } PHDR(text) #if defined(CONFIG_PVH_GUEST) && !defined(EFI) + /* + * In principle this should be fine to live in .note (below), but let's keep + * it separate in case anyone decided to find these notes by section name. + */ DECL_SECTION(.note.Xen) { *(.note.Xen) } PHDR(note) PHDR(text) @@ -185,6 +198,13 @@ SECTIONS #endif #endif +#ifndef EFI + /* Retain these just for the purpose of possible analysis tools. */ + DECL_SECTION(.note) { + *(.note.*) + } PHDR(note) PHDR(text) +#endif + _erodata = .; . = ALIGN(SECTION_ALIGN); @@ -272,6 +292,34 @@ SECTIONS __ctors_end = .; } PHDR(text) +#ifndef EFI + /* + * With --orphan-sections=warn (or =error) we need to handle certain linker + * generated sections. These are all expected to be empty; respective + * ASSERT()s can be found towards the end of this file. Put them in the + * text program header, just to be on the safe side against e.g. a linker + * otherwise chosing to put them in a separate one. + */ + DECL_SECTION(.got) { + *(.got) + } PHDR(text) + DECL_SECTION(.got.plt) { + *(.got.plt) + } PHDR(text) + DECL_SECTION(.igot.plt) { + *(.igot.plt) + } PHDR(text) + DECL_SECTION(.iplt) { + *(.iplt) + } PHDR(text) + DECL_SECTION(.plt) { + *(.plt) + } PHDR(text) + DECL_SECTION(.rela) { + *(.rela.*) + } PHDR(text) +#endif + . = ALIGN(SECTION_ALIGN); __init_end = .; __2M_init_end = .; @@ -324,71 +372,6 @@ SECTIONS *(.reloc) __base_relocs_end = .; } - /* - * Explicitly list debug section for the PE output so that they don't end - * up at VA 0 which is below image base and thus invalid. Also use the - * NOLOAD directive, despite currently ignored by ld for PE output, in - * order to record that we'd prefer these sections to not be loaded into - * memory. - * - * Note that we're past _end here, so if these sections get loaded they'll - * be discarded at runtime anyway. - */ - .debug_abbrev ALIGN(1) (NOLOAD) : { - *(.debug_abbrev) - } - .debug_info ALIGN(1) (NOLOAD) : { - *(.debug_info) - *(.gnu.linkonce.wi.*) - } - .debug_types ALIGN(1) (NOLOAD) : { - *(.debug_types) - } - .debug_str ALIGN(1) (NOLOAD) : { - *(.debug_str) - } - .debug_line ALIGN(1) (NOLOAD) : { - *(.debug_line) - *(.debug_line.*) - } - .debug_line_str ALIGN(1) (NOLOAD) : { - *(.debug_line_str) - } - .debug_names ALIGN(4) (NOLOAD) : { - *(.debug_names) - } - .debug_frame ALIGN(4) (NOLOAD) : { - *(.debug_frame) - } - .debug_loc ALIGN(1) (NOLOAD) : { - *(.debug_loc) - } - .debug_loclists ALIGN(4) (NOLOAD) : { - *(.debug_loclists) - } - .debug_ranges ALIGN(8) (NOLOAD) : { - *(.debug_ranges) - } - .debug_rnglists ALIGN(4) (NOLOAD) : { - *(.debug_rnglists) - } - .debug_addr ALIGN(8) (NOLOAD) : { - *(.debug_addr) - } - .debug_aranges ALIGN(1) (NOLOAD) : { - *(.debug_aranges) - } - .debug_pubnames ALIGN(1) (NOLOAD) : { - *(.debug_pubnames) - } - .debug_pubtypes ALIGN(1) (NOLOAD) : { - *(.debug_pubtypes) - } - /* Trick the linker into setting the image size to no less than 16Mb. */ - __image_end__ = .; - .pad ALIGN(__section_alignment__) : { - . = __image_end__ < __image_base__ + MB(16) ? ALIGN(MB(16)) : .; - } #elif defined(XEN_BUILD_EFI) /* * Due to the way EFI support is currently implemented, these two symbols @@ -403,6 +386,42 @@ SECTIONS efi = .; #endif + /* + * Explicitly list debug sections, first of all to avoid these sections being + * viewed as "orphan" by the linker. + * + * For the PE output this is further necessary so that they don't end up at + * VA 0, which is below image base and thus invalid. Note that we're past + * _end here, so if these sections get loaded they'll be discarded at runtime + * anyway. + */ + DECL_DEBUG(.debug_abbrev, 1) + DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) + DECL_DEBUG(.debug_types, 1) + DECL_DEBUG(.debug_str, 1) + DECL_DEBUG2(.debug_line, .debug_line.*, 1) + DECL_DEBUG(.debug_line_str, 1) + DECL_DEBUG(.debug_names, 4) + DECL_DEBUG(.debug_frame, 4) + DECL_DEBUG(.debug_loc, 1) + DECL_DEBUG(.debug_loclists, 4) + DECL_DEBUG(.debug_macinfo, 1) + DECL_DEBUG(.debug_macro, 1) + DECL_DEBUG(.debug_ranges, 8) + DECL_DEBUG(.debug_rnglists, 4) + DECL_DEBUG(.debug_addr, 8) + DECL_DEBUG(.debug_aranges, 1) + DECL_DEBUG(.debug_pubnames, 1) + DECL_DEBUG(.debug_pubtypes, 1) + +#ifdef EFI + /* Trick the linker into setting the image size to no less than 16Mb. */ + __image_end__ = .; + .pad ALIGN(__section_alignment__) : { + . = __image_end__ < __image_base__ + MB(16) ? ALIGN(MB(16)) : .; + } +#endif + #ifdef CONFIG_HYPERV_GUEST hv_hcall_page = ABSOLUTE(HV_HCALL_PAGE - XEN_VIRT_START + __XEN_VIRT_START); #endif @@ -423,8 +442,7 @@ SECTIONS #ifdef EFI *(.comment) *(.comment.*) - *(.note.Xen) - *(.note.gnu.*) + *(.note.*) #endif } @@ -437,6 +455,13 @@ SECTIONS .stab.index 0 : { *(.stab.index) } .stab.indexstr 0 : { *(.stab.indexstr) } .comment 0 : { *(.comment) } + /* + * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to + * be benign to GNU ld, so we can have them here unconditionally. + */ + .symtab 0 : { *(.symtab) } + .strtab 0 : { *(.strtab) } + .shstrtab 0 : { *(.shstrtab) } #endif } @@ -470,6 +495,15 @@ ASSERT(IS_ALIGNED(trampoline_end, 4), "trampoline_end misaligned") ASSERT(IS_ALIGNED(__bss_start, 8), "__bss_start misaligned") ASSERT(IS_ALIGNED(__bss_end, 8), "__bss_end misaligned") +#ifndef EFI +ASSERT(!SIZEOF(.got), ".got non-empty") +ASSERT(!SIZEOF(.got.plt), ".got.plt non-empty") +ASSERT(!SIZEOF(.igot.plt), ".igot.plt non-empty") +ASSERT(!SIZEOF(.iplt), ".iplt non-empty") +ASSERT(!SIZEOF(.plt), ".plt non-empty") +ASSERT(!SIZEOF(.rela), "leftover relocations") +#endif + ASSERT((trampoline_end - trampoline_start) < TRAMPOLINE_SPACE - MBI_SPACE_MIN, "not enough room for trampoline and mbi data") ASSERT((wakeup_stack - wakeup_stack_start) >= WAKEUP_STACK_MIN, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 18:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 18:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290410.492490 (Exim 4.92) (envelope-from ) id 1nTp9t-0001BD-Oz; Mon, 14 Mar 2022 18:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290410.492490; Mon, 14 Mar 2022 18:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTp9t-0001B5-Lt; Mon, 14 Mar 2022 18:11:05 +0000 Received: by outflank-mailman (input) for mailman id 290410; Mon, 14 Mar 2022 18:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTp9s-0001Az-U2 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTp9s-0001uf-T4 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTp9s-0000bi-SC for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rzdWHcDZ6VN+Lj5M0MsOTAr88WfD1Va4eNQ4yRUofOc=; b=v5tp7pgh2MWYmg63xOxc1Dz39C EaNQbUjkPAE1fgX3b0r/NdU57v1Ax1W7cMr+u2NpYbdEGVdkQUi2bWBxRsG3nUokF0STfTW7Fc3m/ b5SHu5El+rwkz2oVfo4onmd/ZTHjSjD63UguELhQYWhaUR2dQtS37gyYnnfOugTsccxg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: Decode ldr/str post increment operations Message-Id: Date: Mon, 14 Mar 2022 18:11:04 +0000 commit f9dd8436e3b826e4ca2284effa4c0285527ea763 Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:44:58 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 17:58:04 2022 +0000 xen/arm64: Decode ldr/str post increment operations At the moment, Xen does not decode any of the arm64 instructions. This means that when hsr_dabt.isv == 0, Xen cannot handle those instructions. This will lead to Xen to abort the guests (from which those instructions originate). With this patch, Xen is able to decode ldr/str post indexing instructions. These are a subset of instructions for which hsr_dabt.isv == 0. The following instructions are now supported by Xen :- 1. ldr x2, [x1], #8 2. ldr w2, [x1], #-4 3. ldr x2, [x1], #-8 4. ldr w2, [x1], #4 5. ldrh w2, [x1], #2 6. ldrb w2, [x1], #1 7. str x2, [x1], #8 8. str w2, [x1], #-4 9. strh w2, [x1], #2 10. strb w2, [x1], #1 In the subsequent patch, decode_arm64() will get invoked when hsr_dabt.isv == 0. Signed-off-by: Ayan Kumar Halder Reviewed-by: Stefano Stabellini --- xen/arch/arm/decode.c | 79 +++++++++++++++++++++++++++++++++++++++-- xen/arch/arm/decode.h | 48 +++++++++++++++++++++---- xen/arch/arm/include/asm/mmio.h | 4 +++ xen/arch/arm/io.c | 2 +- 4 files changed, 124 insertions(+), 9 deletions(-) diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 792c2e92a7..3add87e83a 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -84,6 +84,78 @@ bad_thumb2: return 1; } +static int decode_arm64(register_t pc, mmio_info_t *info) +{ + union instr opcode = {0}; + struct hsr_dabt *dabt = &info->dabt; + struct instr_details *dabt_instr = &info->dabt_instr; + + if ( raw_copy_from_guest(&opcode.value, (void * __user)pc, sizeof (opcode)) ) + { + gprintk(XENLOG_ERR, "Could not copy the instruction from PC\n"); + return 1; + } + + /* + * Refer Arm v8 ARM DDI 0487G.b, Page - C6-1107 + * "Shared decode for all encodings" (under ldr immediate) + * If n == t && n != 31, then the return value is implementation defined + * (can be WBSUPPRESS, UNKNOWN, UNDEFINED or NOP). Thus, we do not support + * this. This holds true for ldrb/ldrh immediate as well. + * + * Also refer, Page - C6-1384, the above described behaviour is same for + * str immediate. This holds true for strb/strh immediate as well + */ + if ( (opcode.ldr_str.rn == opcode.ldr_str.rt) && (opcode.ldr_str.rn != 31) ) + { + gprintk(XENLOG_ERR, "Rn should not be equal to Rt except for r31\n"); + goto bad_loadstore; + } + + /* First, let's check for the fixed values */ + if ( (opcode.value & POST_INDEX_FIXED_MASK) != POST_INDEX_FIXED_VALUE ) + { + gprintk(XENLOG_ERR, + "Decoding instruction 0x%x is not supported\n", opcode.value); + goto bad_loadstore; + } + + if ( opcode.ldr_str.v != 0 ) + { + gprintk(XENLOG_ERR, + "ldr/str post indexing for vector types are not supported\n"); + goto bad_loadstore; + } + + /* Check for STR (immediate) */ + if ( opcode.ldr_str.opc == 0 ) + dabt->write = 1; + /* Check for LDR (immediate) */ + else if ( opcode.ldr_str.opc == 1 ) + dabt->write = 0; + else + { + gprintk(XENLOG_ERR, + "Decoding ldr/str post indexing is not supported for this variant\n"); + goto bad_loadstore; + } + + gprintk(XENLOG_INFO, + "opcode->ldr_str.rt = 0x%x, opcode->ldr_str.size = 0x%x, opcode->ldr_str.imm9 = %d\n", + opcode.ldr_str.rt, opcode.ldr_str.size, opcode.ldr_str.imm9); + + update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + + dabt_instr->rn = opcode.ldr_str.rn; + dabt_instr->imm9 = opcode.ldr_str.imm9; + + return 0; + + bad_loadstore: + gprintk(XENLOG_ERR, "unhandled Arm instruction 0x%x\n", opcode.value); + return 1; +} + static int decode_thumb(register_t pc, struct hsr_dabt *dabt) { uint16_t instr; @@ -150,10 +222,13 @@ bad_thumb: return 1; } -int decode_instruction(const struct cpu_user_regs *regs, struct hsr_dabt *dabt) +int decode_instruction(const struct cpu_user_regs *regs, mmio_info_t *info) { if ( is_32bit_domain(current->domain) && regs->cpsr & PSR_THUMB ) - return decode_thumb(regs->pc, dabt); + return decode_thumb(regs->pc, &info->dabt); + + if ( !regs_mode_is_32bit(regs) ) + return decode_arm64(regs->pc, info); /* TODO: Handle ARM instruction */ gprintk(XENLOG_ERR, "unhandled ARM instruction\n"); diff --git a/xen/arch/arm/decode.h b/xen/arch/arm/decode.h index 4613763bdb..13db8ac968 100644 --- a/xen/arch/arm/decode.h +++ b/xen/arch/arm/decode.h @@ -23,19 +23,55 @@ #include #include -/** +/* + * Refer to the ARMv8 ARM (DDI 0487G.b), Section C4.1.4 Loads and Stores + * Page 318 specifies the following bit pattern for + * "load/store register (immediate post-indexed)". + * + * 31 30 29 27 26 25 23 21 20 11 9 4 0 + * ___________________________________________________________________ + * |size|1 1 1 |V |0 0 |opc |0 | imm9 |0 1 | Rn | Rt | + * |____|______|__|____|____|__|_______________|____|_________|_______| + */ +union instr { + uint32_t value; + struct { + unsigned int rt:5; /* Rt register */ + unsigned int rn:5; /* Rn register */ + unsigned int fixed1:2; /* value == 01b */ + signed int imm9:9; /* imm9 */ + unsigned int fixed2:1; /* value == 0b */ + unsigned int opc:2; /* opc */ + unsigned int fixed3:2; /* value == 00b */ + unsigned int v:1; /* vector */ + unsigned int fixed4:3; /* value == 111b */ + unsigned int size:2; /* size */ + } ldr_str; +}; + +#define POST_INDEX_FIXED_MASK 0x3B200C00 +#define POST_INDEX_FIXED_VALUE 0x38000400 + +/* * Decode an instruction from pc - * /!\ This function is not intended to fully decode an instruction. It - * considers that the instruction is valid. + * /!\ This function is intended to decode an instruction. It considers that the + * instruction is valid. * - * This function will get: - * - The transfer register + * In case of thumb mode, this function will get: + * - The transfer register (ie Rt) * - Sign bit * - Size + * + * In case of arm64 mode, this function will get: + * - The transfer register (ie Rt) + * - The source register (ie Rn) + * - Size + * - Immediate offset + * - Read or write */ int decode_instruction(const struct cpu_user_regs *regs, - struct hsr_dabt *dabt); + mmio_info_t *info); #endif /* __ARCH_ARM_DECODE_H_ */ diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 7ab873cb8f..3354d9c635 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -29,6 +29,10 @@ typedef struct { struct hsr_dabt dabt; + struct instr_details { + unsigned long rn:5; + signed int imm9:9; + } dabt_instr; paddr_t gpa; } mmio_info_t; diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 1a066f9ae5..fad103bdbd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -141,7 +141,7 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, { int rc; - rc = decode_instruction(regs, &info.dabt); + rc = decode_instruction(regs, &info); if ( rc ) { gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 18:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 18:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290411.492494 (Exim 4.92) (envelope-from ) id 1nTpA3-0001D6-QJ; Mon, 14 Mar 2022 18:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290411.492494; Mon, 14 Mar 2022 18:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpA3-0001Cy-NM; Mon, 14 Mar 2022 18:11:15 +0000 Received: by outflank-mailman (input) for mailman id 290411; Mon, 14 Mar 2022 18:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpA3-0001Cq-17 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpA3-0001un-0G for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTpA2-0000cL-Vc for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v/joO5eK5UkgvWLISeNzsg7DzCflm0RnXAPPZkVX8Ws=; b=iYe3YuLP10yadyovZ8VIGu7qCb P5r1dqb34dkVnYa45avcemSoUMWu/F1fCIBOFNAaMF4q5rgKcappQNbIGO5pCWe9xsViFCbkElIXU 4jrVR6YkzLgCoOnvnOGvDpU/PFPc5ldarBM8x7WmLDvvwgFkbl2jcuBb1Mpvy1MXdmqI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler Message-Id: Date: Mon, 14 Mar 2022 18:11:14 +0000 commit 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5 Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:44:59 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 17:58:40 2022 +0000 xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler When an instruction is trapped in Xen due to translation fault, Xen checks if the ISS is invalid (for data abort) or it is an instruction abort. If so, Xen tries to resolve the translation fault using p2m page tables. In case of data abort, Xen will try to map the mmio region to the guest (ie tries to emulate the mmio region). If the ISS is not valid and it is a data abort, then Xen tries to decode the instruction. In case of ioreq, Xen saves the decoding state, rn and imm9 to vcpu_io. Whenever the vcpu handles the ioreq successfully, it will read the decoding state to determine if the instruction decoded was a ldr/str post indexing (ie INSTR_LDR_STR_POSTINDEXING). If so, it uses these details to post increment rn. In case of mmio handler, if the mmio operation was successful, then Xen retrives the decoding state, rn and imm9. For state == INSTR_LDR_STR_POSTINDEXING, Xen will update rn. If there is an error encountered while decoding/executing the instruction, Xen will forward the abort to the guest. Also, the logic to infer the type of instruction has been moved from try_handle_mmio() to try_decode_instruction() which is called before. try_handle_mmio() is solely responsible for handling the mmio operation. Signed-off-by: Ayan Kumar Halder Acked-by: Julien Grall Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm32/traps.c | 11 +++++ xen/arch/arm/arm64/traps.c | 52 ++++++++++++++++++++++ xen/arch/arm/decode.c | 2 + xen/arch/arm/include/asm/domain.h | 4 ++ xen/arch/arm/include/asm/mmio.h | 17 +++++++- xen/arch/arm/include/asm/traps.h | 2 + xen/arch/arm/io.c | 90 ++++++++++++++++++++++++--------------- xen/arch/arm/ioreq.c | 8 +++- xen/arch/arm/traps.c | 77 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/ioreq.h | 3 ++ xen/include/xen/sched.h | 2 + 11 files changed, 214 insertions(+), 54 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 9c9790a6d1..159e3cef8b 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,9 +18,11 @@ #include #include +#include #include +#include #include #include @@ -82,6 +84,15 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } +void post_increment_register(const struct instr_details *instr) +{ + /* + * We have not implemented decoding of post indexing instructions for 32 bit. + * Thus, this should be unreachable. + */ + domain_crash(current->domain); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 9113a15c7a..6ce4a1fa8c 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,6 +17,7 @@ */ #include +#include #include #include @@ -44,6 +45,57 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } +void post_increment_register(const struct instr_details *instr) +{ + struct cpu_user_regs *regs = guest_cpu_user_regs(); + register_t val = 0; + uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); + + /* Currently, we handle only ldr/str post indexing instructions */ + if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) + return; + + /* + * Handle when rn = SP + * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register + * selection" + * t = SP_EL0 + * h = SP_ELx + * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") + */ + if ( instr->rn == 31 ) + { + switch ( psr_mode ) + { + case PSR_MODE_EL1h: + val = regs->sp_el1; + break; + case PSR_MODE_EL1t: + case PSR_MODE_EL0t: + val = regs->sp_el0; + break; + + default: + domain_crash(current->domain); + return; + } + } + else + val = get_user_reg(regs, instr->rn); + + val += instr->imm9; + + if ( instr->rn == 31 ) + { + if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) + regs->sp_el1 = val; + else + regs->sp_el0 = val; + } + else + set_user_reg(regs, instr->rn, val); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 3add87e83a..f5f6562600 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,8 +146,10 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; + dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index c56f6e4398..ed63c2b6f9 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,6 +281,10 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) +struct arch_vcpu_io { + struct instr_details dabt_instr; /* when the instruction is decoded */ +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 3354d9c635..ca259a79c2 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,12 +26,24 @@ #define MAX_IO_HANDLER 16 +enum instr_decode_state +{ + INSTR_ERROR, /* Error encountered while decoding instr */ + INSTR_VALID, /* ISS is valid, so no need to decode */ + /* + * Instruction is decoded successfully. It is a ldr/str post indexing + * instruction. + */ + INSTR_LDR_STR_POSTINDEXING, +}; + typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; + enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -69,14 +81,15 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa); + mmio_info_t *info); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 2ed2b85c6f..95c46ad391 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,6 +109,8 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } +void post_increment_register(const struct instr_details *instr); + #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fad103bdbd..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,57 +102,79 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info) +{ + int rc; + + if ( info->dabt.valid ) + { + info->dabt_instr.state = INSTR_VALID; + + /* + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. + */ + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + info->dabt.write ) + { + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } + } + return; + } + + /* + * Armv8 processor does not provide a valid syndrome for decoding some + * instructions. So in order to process these instructions, Xen must + * decode them. + */ + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_ERR, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } +} + enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa) + mmio_info_t *info) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - const struct hsr_dabt dabt = hsr.dabt; - mmio_info_t info = { - .gpa = gpa, - .dabt = dabt - }; + int rc; - ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - handler = find_mmio_handler(v->domain, info.gpa); - if ( !handler ) + if ( !info->dabt.valid ) { - int rc; + ASSERT_UNREACHABLE(); + return IO_ABORT; + } - rc = try_fwd_ioserv(regs, v, &info); + handler = find_mmio_handler(v->domain, info->gpa); + if ( !handler ) + { + rc = try_fwd_ioserv(regs, v, info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } - /* All the instructions used on emulated MMIO region should be valid */ - if ( !dabt.valid ) - return IO_ABORT; - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. + * At this point, we know that the instruction is either valid or has been + * decoded successfully. Thus, Xen should be allowed to execute the + * instruction on the emulated MMIO region. */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - dabt.write ) - { - int rc; - - rc = decode_instruction(regs, &info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - return IO_ABORT; - } - } - - if ( info.dabt.write ) - return handle_write(handler, v, &info); + if ( info->dabt.write ) + return handle_write(handler, v, info); else - return handle_read(handler, v, &info); + return handle_read(handler, v, info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 308650b400..cc9bf23213 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,6 +47,8 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; + struct instr_details instr = info->dabt_instr; + struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -76,10 +78,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - if ( !info->dabt.valid ) - return IO_ABORT; + ASSERT(dabt.valid); vio->req = p; + vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -95,6 +97,7 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; + struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -106,6 +109,7 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { + post_increment_register(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 7a1b679b8c..53652d7781 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,6 +1893,21 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } +static inline bool check_p2m(bool is_data, paddr_t gpa) +{ + /* + * First check if the translation fault can be resolved by the P2M subsystem. + * If that's the case nothing else to do. + */ + if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) + return true; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + return true; + + return false; +} + static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1906,6 +1921,8 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + mmio_info_t info; + enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1959,21 +1976,52 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: + { + info.gpa = gpa; + info.dabt = hsr.dabt; + /* - * Attempt first to emulate the MMIO as the data abort will - * likely happen in an emulated region. - * - * Note that emulated region cannot be executed + * Assumption :- Most of the times when we get a data abort and the ISS + * is invalid or an instruction abort, the underlying cause is that the + * page tables have not been set up correctly. */ - if ( is_data ) + if ( !is_data || !info.dabt.valid ) { - enum io_state state = try_handle_mmio(regs, hsr, gpa); + if ( check_p2m(is_data, gpa) ) + return; - switch ( state ) - { + /* + * If the instruction abort could not be resolved by setting the + * appropriate bits in the translation table, then Xen should + * forward the abort to the guest. + */ + if ( !is_data ) + goto inject_abt; + } + + try_decode_instruction(regs, &info); + + /* + * If Xen could not decode the instruction or encountered an error + * while decoding, then it should forward the abort to the guest. + */ + if ( info.dabt_instr.state == INSTR_ERROR ) + goto inject_abt; + + state = try_handle_mmio(regs, &info); + + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: + /* + * If the instruction was decoded and has executed successfully + * on the MMIO region, then Xen should execute the next part of + * the instruction. (for eg increment the rn if it is a + * post-indexing instruction. + */ + post_increment_register(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -1982,21 +2030,18 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; - } } /* - * First check if the translation fault can be resolved by the - * P2M subsystem. If that's the case nothing else to do. + * If the instruction syndrome was invalid, then we already checked if + * this was due to a P2M fault. So no point to check again as the result + * will be the same. */ - if ( p2m_resolve_translation_fault(current->domain, - gaddr_to_gfn(gpa)) ) - return; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) return; break; + } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/ioreq.h b/xen/arch/x86/include/asm/ioreq.h index d06ce9a6ea..ecfe7f9fdb 100644 --- a/xen/arch/x86/include/asm/ioreq.h +++ b/xen/arch/x86/include/asm/ioreq.h @@ -26,6 +26,9 @@ #include #endif +struct arch_vcpu_io { +}; + #endif /* __ASM_X86_IOREQ_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 10ea969c7a..406d9bc610 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,6 +160,8 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; + /* Arch specific info pertaining to the io request */ + struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 18:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 18:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290412.492498 (Exim 4.92) (envelope-from ) id 1nTpAD-0001Fv-S3; Mon, 14 Mar 2022 18:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290412.492498; Mon, 14 Mar 2022 18:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpAD-0001Fn-Or; Mon, 14 Mar 2022 18:11:25 +0000 Received: by outflank-mailman (input) for mailman id 290412; Mon, 14 Mar 2022 18:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpAD-0001FV-4y for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTpAD-0001v2-4H for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTpAD-0000cq-2M for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 18:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xEf7bAHvyA1yrzzIrP6ibFmJCT5H+gMk7+aMQRvjU8A=; b=6vUs70ZM3LLlKFiJyOQTrhTo4c EEhUqqbP903oFO8Pv8LM1qTByy54fKQcXRaRGeIIdJctUlsG8+sFlwL6Tjwi/04hgB7TMSSpnBrU3 ODCsdOXHEl3EkKm3rOQtB9vYkJnjKjG09bL0SVtSC0djqvLlBCXjFdikgL1YO64jzJbw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: io: Handle the abort due to access to stage1 translation table Message-Id: Date: Mon, 14 Mar 2022 18:11:25 +0000 commit fef5531fd8f311b347970568d77e7bf4feffd7fb Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:45:00 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 18:02:16 2022 +0000 xen/arm64: io: Handle the abort due to access to stage1 translation table If the abort was caused due to access to stage1 translation table, Xen will try to set the p2m entry (assuming that the Stage 1 translation table is in the non MMIO region). If there is no such entry found, then Xen will try to map the address as a MMIO region (assuming that the Stage 1 translation table is in the direct MMIO region). If that fails as well, then there are the two following scenarios:- 1. Stage 1 translation table being in an emulated MMIO region - Xen can read the region, but it has no way to return the value read to the CPU page table walker (which tries to go through the stage1 tables to resolve the translation fault). 2. Stage 1 translation table address is invalid. In both the above scenarios, Xen will forward the abort to the guest. Signed-off-by: Ayan Kumar Halder Reviewed-by: Julien Grall --- xen/arch/arm/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..53729a342b 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,6 +128,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * At this point, we know that the stage1 translation table is either in + * an emulated MMIO region or its address is invalid. This is not + * expected by Xen and thus it forwards the abort to the guest. + */ + if ( info->dabt.s1ptw ) + { + info->dabt_instr.state = INSTR_ERROR; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 23:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 23:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290509.492703 (Exim 4.92) (envelope-from ) id 1nTtqC-0000ej-Uo; Mon, 14 Mar 2022 23:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290509.492703; Mon, 14 Mar 2022 23:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqC-0000ec-Ry; Mon, 14 Mar 2022 23:11:04 +0000 Received: by outflank-mailman (input) for mailman id 290509; Mon, 14 Mar 2022 23:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqC-0000eS-7T for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqC-0007Ag-6e for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTtqC-00040R-5W for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KghwcJLvwO0Lp0k8T9lahQOz73vfETb6lcfa1PMCzdM=; b=hndhWqgSBX69zK5zw2C2+2BUMh JRnpDMVddh242tzk03bSx8vXtrzvaokw4t9GkQP2whpuNM46NDvoJulpoSqD5DUdqbtTRWl9Vv7gC kGOdeEdR0PpPGFRPIsLY7njC3XD6Ovd/76WSsZn8G6kBua1XPnj/q3bphfHVEtD99dVY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "xen/arm64: io: Handle the abort due to access to stage1 translation table" Message-Id: Date: Mon, 14 Mar 2022 23:11:04 +0000 commit 133ba7ae7619290964025b5fedd1ee940a37f374 Author: Julien Grall AuthorDate: Mon Mar 14 22:57:54 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 23:00:05 2022 +0000 Revert "xen/arm64: io: Handle the abort due to access to stage1 translation table" This reverts commit fef5531fd8f311b347970568d77e7bf4feffd7fb. This depends on patch 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5 which will need to be reverted as it break boot on arm32. https://lore.kernel.org/xen-devel/osstest-168589-mainreport@xen.org/T/#u Signed-off-by: Julien Grall --- xen/arch/arm/io.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 53729a342b..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,17 +128,6 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } - /* - * At this point, we know that the stage1 translation table is either in - * an emulated MMIO region or its address is invalid. This is not - * expected by Xen and thus it forwards the abort to the guest. - */ - if ( info->dabt.s1ptw ) - { - info->dabt_instr.state = INSTR_ERROR; - return; - } - /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 14 23:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 14 Mar 2022 23:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290510.492708 (Exim 4.92) (envelope-from ) id 1nTtqN-0000hB-1N; Mon, 14 Mar 2022 23:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290510.492708; Mon, 14 Mar 2022 23:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqM-0000h1-TX; Mon, 14 Mar 2022 23:11:14 +0000 Received: by outflank-mailman (input) for mailman id 290510; Mon, 14 Mar 2022 23:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqM-0000gt-Aw for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTtqM-0007B7-A7 for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTtqM-000410-8y for xen-changelog@lists.xenproject.org; Mon, 14 Mar 2022 23:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9n5V5FLPkU49bKk/akUUxnzx3Y4R44hRxULSoSfAkzQ=; b=3SRrrY/+uSJkyd+Bj5GnCeWZRs lz6Id6aD4Cpm2WQzjKGy+BdvvfOrl8k0NSFT6Ho8c7SegBYvfc9OOv+8uRcvgjVuLdJEwS5EfE1o5 vk2uJkCpB1GgcYRxHyaO8qPMLeSPlS0gH1EkyeCJQ592s4RLlILU3HXQQgzBxqz4XVgw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler" Message-Id: Date: Mon, 14 Mar 2022 23:11:14 +0000 commit 07aebcd55fd2f7997e9fe50a6c849c8a12ec2e68 Author: Julien Grall AuthorDate: Mon Mar 14 22:58:33 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 23:01:02 2022 +0000 Revert "xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler" This reverts commit 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5. This breaks boot on arm32: https://lore.kernel.org/xen-devel/osstest-168589-mainreport@xen.org/T/#u --- xen/arch/arm/arm32/traps.c | 11 ----- xen/arch/arm/arm64/traps.c | 52 ---------------------- xen/arch/arm/decode.c | 2 - xen/arch/arm/include/asm/domain.h | 4 -- xen/arch/arm/include/asm/mmio.h | 17 +------- xen/arch/arm/include/asm/traps.h | 2 - xen/arch/arm/io.c | 90 +++++++++++++++------------------------ xen/arch/arm/ioreq.c | 8 +--- xen/arch/arm/traps.c | 77 +++++++-------------------------- xen/arch/x86/include/asm/ioreq.h | 3 -- xen/include/xen/sched.h | 2 - 11 files changed, 54 insertions(+), 214 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 159e3cef8b..9c9790a6d1 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,11 +18,9 @@ #include #include -#include #include -#include #include #include @@ -84,15 +82,6 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } -void post_increment_register(const struct instr_details *instr) -{ - /* - * We have not implemented decoding of post indexing instructions for 32 bit. - * Thus, this should be unreachable. - */ - domain_crash(current->domain); -} - /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 6ce4a1fa8c..9113a15c7a 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,7 +17,6 @@ */ #include -#include #include #include @@ -45,57 +44,6 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } -void post_increment_register(const struct instr_details *instr) -{ - struct cpu_user_regs *regs = guest_cpu_user_regs(); - register_t val = 0; - uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); - - /* Currently, we handle only ldr/str post indexing instructions */ - if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) - return; - - /* - * Handle when rn = SP - * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register - * selection" - * t = SP_EL0 - * h = SP_ELx - * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") - */ - if ( instr->rn == 31 ) - { - switch ( psr_mode ) - { - case PSR_MODE_EL1h: - val = regs->sp_el1; - break; - case PSR_MODE_EL1t: - case PSR_MODE_EL0t: - val = regs->sp_el0; - break; - - default: - domain_crash(current->domain); - return; - } - } - else - val = get_user_reg(regs, instr->rn); - - val += instr->imm9; - - if ( instr->rn == 31 ) - { - if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) - regs->sp_el1 = val; - else - regs->sp_el0 = val; - } - else - set_user_reg(regs, instr->rn, val); -} - /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index f5f6562600..3add87e83a 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,10 +146,8 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); - dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; - dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index ed63c2b6f9..c56f6e4398 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,10 +281,6 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) -struct arch_vcpu_io { - struct instr_details dabt_instr; /* when the instruction is decoded */ -}; - #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index ca259a79c2..3354d9c635 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,24 +26,12 @@ #define MAX_IO_HANDLER 16 -enum instr_decode_state -{ - INSTR_ERROR, /* Error encountered while decoding instr */ - INSTR_VALID, /* ISS is valid, so no need to decode */ - /* - * Instruction is decoded successfully. It is a ldr/str post indexing - * instruction. - */ - INSTR_LDR_STR_POSTINDEXING, -}; - typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; - enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -81,15 +69,14 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - mmio_info_t *info); + const union hsr hsr, + paddr_t gpa); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); -void try_decode_instruction(const struct cpu_user_regs *regs, - mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 95c46ad391..2ed2b85c6f 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,8 +109,6 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } -void post_increment_register(const struct instr_details *instr); - #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..fad103bdbd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,79 +102,57 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } -void try_decode_instruction(const struct cpu_user_regs *regs, - mmio_info_t *info) -{ - int rc; - - if ( info->dabt.valid ) - { - info->dabt_instr.state = INSTR_VALID; - - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. - */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - info->dabt.write ) - { - rc = decode_instruction(regs, info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - info->dabt_instr.state = INSTR_ERROR; - } - } - return; - } - - /* - * Armv8 processor does not provide a valid syndrome for decoding some - * instructions. So in order to process these instructions, Xen must - * decode them. - */ - rc = decode_instruction(regs, info); - if ( rc ) - { - gprintk(XENLOG_ERR, "Unable to decode instruction\n"); - info->dabt_instr.state = INSTR_ERROR; - } -} - enum io_state try_handle_mmio(struct cpu_user_regs *regs, - mmio_info_t *info) + const union hsr hsr, + paddr_t gpa) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - int rc; + const struct hsr_dabt dabt = hsr.dabt; + mmio_info_t info = { + .gpa = gpa, + .dabt = dabt + }; - ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); - if ( !info->dabt.valid ) - { - ASSERT_UNREACHABLE(); - return IO_ABORT; - } - - handler = find_mmio_handler(v->domain, info->gpa); + handler = find_mmio_handler(v->domain, info.gpa); if ( !handler ) { - rc = try_fwd_ioserv(regs, v, info); + int rc; + + rc = try_fwd_ioserv(regs, v, &info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } + /* All the instructions used on emulated MMIO region should be valid */ + if ( !dabt.valid ) + return IO_ABORT; + /* - * At this point, we know that the instruction is either valid or has been - * decoded successfully. Thus, Xen should be allowed to execute the - * instruction on the emulated MMIO region. + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. */ - if ( info->dabt.write ) - return handle_write(handler, v, info); + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + dabt.write ) + { + int rc; + + rc = decode_instruction(regs, &info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + return IO_ABORT; + } + } + + if ( info.dabt.write ) + return handle_write(handler, v, &info); else - return handle_read(handler, v, info); + return handle_read(handler, v, &info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index cc9bf23213..308650b400 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,8 +47,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; - struct instr_details instr = info->dabt_instr; - struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -78,10 +76,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - ASSERT(dabt.valid); + if ( !info->dabt.valid ) + return IO_ABORT; vio->req = p; - vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -97,7 +95,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; - struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -109,7 +106,6 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { - post_increment_register(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 53652d7781..7a1b679b8c 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,21 +1893,6 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } -static inline bool check_p2m(bool is_data, paddr_t gpa) -{ - /* - * First check if the translation fault can be resolved by the P2M subsystem. - * If that's the case nothing else to do. - */ - if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) - return true; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) - return true; - - return false; -} - static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1921,8 +1906,6 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); - mmio_info_t info; - enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1976,52 +1959,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: - { - info.gpa = gpa; - info.dabt = hsr.dabt; - /* - * Assumption :- Most of the times when we get a data abort and the ISS - * is invalid or an instruction abort, the underlying cause is that the - * page tables have not been set up correctly. + * Attempt first to emulate the MMIO as the data abort will + * likely happen in an emulated region. + * + * Note that emulated region cannot be executed */ - if ( !is_data || !info.dabt.valid ) + if ( is_data ) { - if ( check_p2m(is_data, gpa) ) - return; - - /* - * If the instruction abort could not be resolved by setting the - * appropriate bits in the translation table, then Xen should - * forward the abort to the guest. - */ - if ( !is_data ) - goto inject_abt; - } - - try_decode_instruction(regs, &info); - - /* - * If Xen could not decode the instruction or encountered an error - * while decoding, then it should forward the abort to the guest. - */ - if ( info.dabt_instr.state == INSTR_ERROR ) - goto inject_abt; - - state = try_handle_mmio(regs, &info); + enum io_state state = try_handle_mmio(regs, hsr, gpa); - switch ( state ) - { + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: - /* - * If the instruction was decoded and has executed successfully - * on the MMIO region, then Xen should execute the next part of - * the instruction. (for eg increment the rn if it is a - * post-indexing instruction. - */ - post_increment_register(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -2030,18 +1982,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; + } } /* - * If the instruction syndrome was invalid, then we already checked if - * this was due to a P2M fault. So no point to check again as the result - * will be the same. + * First check if the translation fault can be resolved by the + * P2M subsystem. If that's the case nothing else to do. */ - if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) + if ( p2m_resolve_translation_fault(current->domain, + gaddr_to_gfn(gpa)) ) + return; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) return; break; - } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/ioreq.h b/xen/arch/x86/include/asm/ioreq.h index ecfe7f9fdb..d06ce9a6ea 100644 --- a/xen/arch/x86/include/asm/ioreq.h +++ b/xen/arch/x86/include/asm/ioreq.h @@ -26,9 +26,6 @@ #include #endif -struct arch_vcpu_io { -}; - #endif /* __ASM_X86_IOREQ_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 406d9bc610..10ea969c7a 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,8 +160,6 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; - /* Arch specific info pertaining to the io request */ - struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 02:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 02:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290572.492845 (Exim 4.92) (envelope-from ) id 1nTweN-0005LD-6g; Tue, 15 Mar 2022 02:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290572.492845; Tue, 15 Mar 2022 02:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweN-0005L4-3V; Tue, 15 Mar 2022 02:11:03 +0000 Received: by outflank-mailman (input) for mailman id 290572; Tue, 15 Mar 2022 02:11:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweL-0005Ky-LL for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweL-00085C-Jb for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTweL-0007mI-IY for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FUoQtwfZMxijPTkkh1rFxvN882M2/GR2WMR3P92D504=; b=YtHjrhSrRRTF3ULw16EMa5gpIs Ovzkmsb5Pmdqgu7gR6qJYJ0WSskkC1WWVnxE/rIYzyZjuHev/aIjEHoRTkoe5z47RCrTq37zIUMJF 3mLqWeUphn8FLnOI5W9YrHaaYqebx5v3zVstMoyM0gSgN/2weGuFoRj4uRKDb+A3bGls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/time: further improve TSC / CPU freq calibration accuracy Message-Id: Date: Tue, 15 Mar 2022 02:11:01 +0000 commit 23658e823238742dc5a17a0bac9f38c997dedd55 Author: Jan Beulich AuthorDate: Mon Mar 14 10:27:57 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:27:57 2022 +0100 x86/time: further improve TSC / CPU freq calibration accuracy Calibration logic assumes that the platform timer (HPET or ACPI PM timer) and the TSC are read at about the same time. This assumption may not hold when a long latency event (e.g. SMI or NMI) occurs between the two reads. Reduce the risk of reading uncorrelated values by doing at least four pairs of reads, using the tuple where the delta between the enclosing TSC reads was smallest. From the fourth iteration onwards bail if the new TSC delta isn't better (smaller) than the best earlier one. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/time.c | 65 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index c840f45535..c549daadcc 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -289,9 +289,47 @@ static char *freq_string(u64 freq) return s; } -static uint64_t adjust_elapsed(uint64_t elapsed, uint32_t actual, - uint32_t target) +static uint32_t __init read_pt_and_tsc(uint64_t *tsc, + const struct platform_timesource *pts) { + uint64_t tsc_prev = *tsc = rdtsc_ordered(), tsc_min = ~0; + uint32_t best = best; + unsigned int i; + + for ( i = 0; ; ++i ) + { + uint32_t pt = pts->read_counter(); + uint64_t tsc_cur = rdtsc_ordered(); + uint64_t tsc_delta = tsc_cur - tsc_prev; + + if ( tsc_delta < tsc_min ) + { + tsc_min = tsc_delta; + *tsc = tsc_cur; + best = pt; + } + else if ( i > 2 ) + break; + + tsc_prev = tsc_cur; + } + + return best; +} + +static uint64_t __init calibrate_tsc(const struct platform_timesource *pts) +{ + uint64_t start, end, elapsed; + unsigned int count = read_pt_and_tsc(&start, pts); + unsigned int target = CALIBRATE_VALUE(pts->frequency), actual; + unsigned int mask = (uint32_t)~0 >> (32 - pts->counter_bits); + + while ( ((pts->read_counter() - count) & mask) < target ) + continue; + + actual = (read_pt_and_tsc(&end, pts) - count) & mask; + elapsed = end - start; + if ( likely(actual > target) ) { /* @@ -397,8 +435,7 @@ static u64 cf_check read_hpet_count(void) static int64_t __init cf_check init_hpet(struct platform_timesource *pts) { - uint64_t hpet_rate, start; - uint32_t count, target, elapsed; + uint64_t hpet_rate; /* * Allow HPET to be setup, but report a frequency of 0 so it's not selected * as a timer source. This is required so it can be used in legacy @@ -469,13 +506,7 @@ static int64_t __init cf_check init_hpet(struct platform_timesource *pts) pts->frequency = hpet_rate; - count = hpet_read32(HPET_COUNTER); - start = rdtsc_ordered(); - target = CALIBRATE_VALUE(hpet_rate); - while ( (elapsed = hpet_read32(HPET_COUNTER) - count) < target ) - continue; - - return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); + return calibrate_tsc(pts); } static void cf_check resume_hpet(struct platform_timesource *pts) @@ -510,22 +541,12 @@ static u64 cf_check read_pmtimer_count(void) static s64 __init cf_check init_pmtimer(struct platform_timesource *pts) { - uint64_t start; - uint32_t count, target, mask, elapsed; - if ( !pmtmr_ioport || (pmtmr_width != 24 && pmtmr_width != 32) ) return 0; pts->counter_bits = pmtmr_width; - mask = 0xffffffff >> (32 - pmtmr_width); - - count = inl(pmtmr_ioport); - start = rdtsc_ordered(); - target = CALIBRATE_VALUE(ACPI_PM_FREQUENCY); - while ( (elapsed = (inl(pmtmr_ioport) - count) & mask) < target ) - continue; - return adjust_elapsed(rdtsc_ordered() - start, elapsed, target); + return calibrate_tsc(pts); } static struct platform_timesource __initdata_cf_clobber plt_pmtimer = -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 02:11:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 02:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290573.492849 (Exim 4.92) (envelope-from ) id 1nTweX-0005N0-8k; Tue, 15 Mar 2022 02:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290573.492849; Tue, 15 Mar 2022 02:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweX-0005Ms-5B; Tue, 15 Mar 2022 02:11:13 +0000 Received: by outflank-mailman (input) for mailman id 290573; Tue, 15 Mar 2022 02:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweV-0005Mi-OD for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweV-00085T-NR for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTweV-0007mz-MI for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V3FGJLPGpWFhf7XUYHQIAH6jpy/E2b5FjT/H3CsUO68=; b=tL7p9dFqJXVSnEVAOzNicL7N7P FCCivvd2RAXO3ZyckmcGt3WHZqDCYv/9+IJLpmdRtZJfauDtRy8dAjGbaieALL0tFIAvY7CdwCaNk 6ztB91pJ6xhLnCaNWOviGDAFOySqTSJLRl3AkMYVEwfF/oE5msadAOs1TSx6ippXQRBQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vmx: remove dead code to create domains without a vLAPIC Message-Id: Date: Tue, 15 Mar 2022 02:11:11 +0000 commit 3f809886988767fff46f440f4fc6d252fb586ace Author: Roger Pau Monné AuthorDate: Mon Mar 14 10:29:24 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:29:24 2022 +0100 x86/vmx: remove dead code to create domains without a vLAPIC After the removal of PVHv1 it's no longer supported to create a domain using hardware virtualization extensions and without a local APIC: PVHv2 mandates domains to always have a LAPIC. Remove some stale code in VMCS construction and related helpers that catered for that use-case. No functional change. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/arch/x86/hvm/vmx/vmcs.c | 14 -------------- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index e1e1fa14e6..56fed2db03 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1123,20 +1123,6 @@ static int construct_vmcs(struct vcpu *v) /* Do not enable Monitor Trap Flag unless start single step debug */ v->arch.hvm.vmx.exec_control &= ~CPU_BASED_MONITOR_TRAP_FLAG; - if ( !has_vlapic(d) ) - { - /* Disable virtual apics, TPR */ - v->arch.hvm.vmx.secondary_exec_control &= - ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES - | SECONDARY_EXEC_APIC_REGISTER_VIRT - | SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY); - v->arch.hvm.vmx.exec_control &= ~CPU_BASED_TPR_SHADOW; - - /* In turn, disable posted interrupts. */ - __vmwrite(PIN_BASED_VM_EXEC_CONTROL, - vmx_pin_based_exec_control & ~PIN_BASED_POSTED_INTERRUPT); - } - vmx_update_cpu_exec_control(v); __vmwrite(VM_EXIT_CONTROLS, vmexit_ctl); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c075370f64..af9ee7cebb 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -421,7 +421,7 @@ static void cf_check domain_creation_finished(struct domain *d) gfn_t gfn = gaddr_to_gfn(APIC_DEFAULT_PHYS_BASE); bool ipat; - if ( !has_vlapic(d) || mfn_eq(apic_access_mfn, INVALID_MFN) ) + if ( mfn_eq(apic_access_mfn, INVALID_MFN) ) return; ASSERT(epte_get_entry_emt(d, gfn, apic_access_mfn, 0, &ipat, @@ -3328,7 +3328,7 @@ static void vmx_install_vlapic_mapping(struct vcpu *v) { paddr_t virt_page_ma, apic_page_ma; - if ( !has_vlapic(v->domain) || mfn_eq(apic_access_mfn, INVALID_MFN) ) + if ( mfn_eq(apic_access_mfn, INVALID_MFN) ) return; ASSERT(cpu_has_vmx_virtualize_apic_accesses); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 02:11:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 02:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290574.492853 (Exim 4.92) (envelope-from ) id 1nTweh-0005Q8-BY; Tue, 15 Mar 2022 02:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290574.492853; Tue, 15 Mar 2022 02:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTweh-0005Q0-8X; Tue, 15 Mar 2022 02:11:23 +0000 Received: by outflank-mailman (input) for mailman id 290574; Tue, 15 Mar 2022 02:11:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwef-0005Pe-RS for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwef-00085p-Qh for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTwef-0007ni-Pc for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0kgkdg1kvFxehjRjuLnRn5BUOvrDbuaJ5U3sXSu1ruM=; b=s/fz4OYu64oh5eFeA4FBgGOYIh rNIhEc90CwmThkEtFOL0YNXFfFh3CARirS7uKFgoMYdLItbM9F7CIAEu/MXJ/03CIjNqxRMp5iads VnZ803ZQSVOjZ2uj5flYzsoUfLuo+IsMn02T3V6R+H5v3DVPDqV30eMqC/W0UExN19qs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] pci/ats: do not allow broken devices to be assigned to guests Message-Id: Date: Tue, 15 Mar 2022 02:11:21 +0000 commit 7b4b36fcbabaa616b301edce8491ebbe002a71f3 Author: Roger Pau Monné AuthorDate: Mon Mar 14 10:30:02 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:30:02 2022 +0100 pci/ats: do not allow broken devices to be assigned to guests Introduce a new field to mark devices as broken: having it set prevents the device from being assigned to guests. Use the field in order to mark ATS devices that have failed a flush when using VT-d as broken, thus preventing them to be assigned to any guest. This allows the device IOMMU context entry to be cleaned up properly, as calling _pci_hide_device will just change the ownership of the device, but the IOMMU context entry of the device would be left as-is. It would also leak a VT-d Domain ID if using one, as removing the device from its previous owner will allow releasing the IOMMU DID used by the device without having cleaned up the context entry. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- xen/drivers/passthrough/pci.c | 11 +++++++---- xen/drivers/passthrough/vtd/qinval.c | 8 +++++++- xen/include/xen/pci.h | 3 +++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 22cb3872c2..c6d99af5d4 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -501,7 +501,7 @@ static void free_pdev(struct pci_seg *pseg, struct pci_dev *pdev) xfree(pdev); } -static void _pci_hide_device(struct pci_dev *pdev) +static void __init _pci_hide_device(struct pci_dev *pdev) { if ( pdev->domain ) return; @@ -1489,6 +1489,11 @@ static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn, u32 flag) ASSERT(pdev && (pdev->domain == hardware_domain || pdev->domain == dom_io)); + /* Do not allow broken devices to be assigned to guests. */ + rc = -EBADF; + if ( pdev->broken && d != hardware_domain && d != dom_io ) + goto done; + rc = pdev_msix_assign(d, pdev); if ( rc ) goto done; @@ -1587,9 +1592,7 @@ void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev) return; } - list_del(&pdev->domain_list); - pdev->domain = NULL; - _pci_hide_device(pdev); + pdev->broken = true; if ( !d->is_shutting_down && printk_ratelimit() ) printk(XENLOG_ERR "dom%d: ATS device %pp flush failed\n", diff --git a/xen/drivers/passthrough/vtd/qinval.c b/xen/drivers/passthrough/vtd/qinval.c index beeb65f0de..6a1c6bd7a9 100644 --- a/xen/drivers/passthrough/vtd/qinval.c +++ b/xen/drivers/passthrough/vtd/qinval.c @@ -227,7 +227,7 @@ static int __must_check dev_invalidate_sync(struct vtd_iommu *iommu, ASSERT(iommu->qinval_maddr); rc = queue_invalidate_wait(iommu, 0, 1, 1, 1); - if ( rc == -ETIMEDOUT ) + if ( rc == -ETIMEDOUT && !pdev->broken ) { struct domain *d = rcu_lock_domain_by_id(did_to_domain_id(iommu, did)); @@ -241,6 +241,12 @@ static int __must_check dev_invalidate_sync(struct vtd_iommu *iommu, iommu_dev_iotlb_flush_timeout(d, pdev); rcu_unlock_domain(d); } + else if ( rc == -ETIMEDOUT ) + /* + * The device is already marked as broken, ignore the error in order to + * allow {de,}assign to succeed. + */ + rc = 0; return rc; } diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h index b6d7e454f8..02b31f7259 100644 --- a/xen/include/xen/pci.h +++ b/xen/include/xen/pci.h @@ -108,6 +108,9 @@ struct pci_dev { /* Device with errata, ignore the BARs. */ bool ignore_bars; + /* Device misbehaving, prevent assigning it to guests. */ + bool broken; + enum pdev_type { DEV_TYPE_PCI_UNKNOWN, DEV_TYPE_PCIe_ENDPOINT, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 02:11:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 02:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290575.492857 (Exim 4.92) (envelope-from ) id 1nTwer-0005TP-Cu; Tue, 15 Mar 2022 02:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290575.492857; Tue, 15 Mar 2022 02:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwer-0005TH-9y; Tue, 15 Mar 2022 02:11:33 +0000 Received: by outflank-mailman (input) for mailman id 290575; Tue, 15 Mar 2022 02:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwep-0005Sy-Uh for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwep-00086G-Tw for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTwep-0007oL-T7 for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2Gi2FJ+HDZTLRY5+FirkAQOlBgTNxKB1HydJBXpsca8=; b=2Ng3CsW61MjUPuZ1Ei5R1u856V iEaTQF4tzWXINAPpwlxrqvZf2LwKyT8ExALJSofZpk6jO1Z7GO+iU3xqppOJLQCFZ610/+nyJio6o pHjwgPWXBLj762bNQ2nVWxlgEsd6BZarUZusZHYOGvzkZQvbqJheuOBwo0Bwsa/q9SkM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] IOMMU/x86: tidy adjust_irq_affinities hook Message-Id: Date: Tue, 15 Mar 2022 02:11:31 +0000 commit e2589ef65283f475b3c980020a2d1d79ab593d65 Author: Jan Beulich AuthorDate: Mon Mar 14 10:32:40 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:32:40 2022 +0100 IOMMU/x86: tidy adjust_irq_affinities hook As of 3e56754b0887 ("xen/cet: Fix __initconst_cf_clobber") there's no need for a non-void return value anymore, as the hook functions are no longer themselves passed to __initcall(). For the same reason the iommu_enabled checks can now move from the individual functions to the wrapper. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Kevin Tian --- xen/arch/x86/include/asm/iommu.h | 7 +++---- xen/drivers/passthrough/amd/iommu.h | 2 +- xen/drivers/passthrough/amd/iommu_init.c | 7 +------ xen/drivers/passthrough/vtd/iommu.c | 7 +------ xen/drivers/passthrough/x86/iommu.c | 4 +++- xen/include/xen/iommu.h | 2 +- 6 files changed, 10 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h index d38c334087..e3484ca023 100644 --- a/xen/arch/x86/include/asm/iommu.h +++ b/xen/arch/x86/include/asm/iommu.h @@ -101,11 +101,10 @@ void iommu_update_ire_from_apic(unsigned int apic, unsigned int reg, unsigned in unsigned int iommu_read_apic_from_ire(unsigned int apic, unsigned int reg); int iommu_setup_hpet_msi(struct msi_desc *); -static inline int iommu_adjust_irq_affinities(void) +static inline void iommu_adjust_irq_affinities(void) { - return iommu_ops.adjust_irq_affinities - ? iommu_call(&iommu_ops, adjust_irq_affinities) - : 0; + if ( iommu_enabled && iommu_ops.adjust_irq_affinities ) + iommu_vcall(&iommu_ops, adjust_irq_affinities); } static inline bool iommu_supports_x2apic(void) diff --git a/xen/drivers/passthrough/amd/iommu.h b/xen/drivers/passthrough/amd/iommu.h index 03811fedea..0665deeab5 100644 --- a/xen/drivers/passthrough/amd/iommu.h +++ b/xen/drivers/passthrough/amd/iommu.h @@ -234,7 +234,7 @@ int amd_iommu_prepare(bool xt); int amd_iommu_init(bool xt); int amd_iommu_init_late(void); int amd_iommu_update_ivrs_mapping_acpi(void); -int cf_check iov_adjust_irq_affinities(void); +void cf_check iov_adjust_irq_affinities(void); int cf_check amd_iommu_quarantine_init(struct domain *d); diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 2e5bffa732..c7a49a4fdb 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -809,13 +809,10 @@ static bool_t __init set_iommu_interrupt_handler(struct amd_iommu *iommu) return 1; } -int cf_check iov_adjust_irq_affinities(void) +void cf_check iov_adjust_irq_affinities(void) { const struct amd_iommu *iommu; - if ( !iommu_enabled ) - return 0; - for_each_amd_iommu ( iommu ) { struct irq_desc *desc = irq_to_desc(iommu->msi.irq); @@ -828,8 +825,6 @@ int cf_check iov_adjust_irq_affinities(void) set_msi_affinity(desc, NULL); spin_unlock_irqrestore(&desc->lock, flags); } - - return 0; } /* diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index f70d515806..82b485e7d4 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2107,17 +2107,12 @@ static void adjust_irq_affinity(struct acpi_drhd_unit *drhd) spin_unlock_irqrestore(&desc->lock, flags); } -static int cf_check adjust_vtd_irq_affinities(void) +static void cf_check adjust_vtd_irq_affinities(void) { struct acpi_drhd_unit *drhd; - if ( !iommu_enabled ) - return 0; - for_each_drhd_unit ( drhd ) adjust_irq_affinity(drhd); - - return 0; } static int __must_check init_vtd_hw(bool resume) diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c index 57c7b26c1a..65a622f26d 100644 --- a/xen/drivers/passthrough/x86/iommu.c +++ b/xen/drivers/passthrough/x86/iommu.c @@ -464,7 +464,9 @@ bool arch_iommu_use_permitted(const struct domain *d) static int __init cf_check adjust_irq_affinities(void) { - return iommu_adjust_irq_affinities(); + iommu_adjust_irq_affinities(); + + return 0; } __initcall(adjust_irq_affinities); diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index b18e7760a2..e4d526052d 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -267,7 +267,7 @@ struct iommu_ops { int (*setup_hpet_msi)(struct msi_desc *); - int (*adjust_irq_affinities)(void); + void (*adjust_irq_affinities)(void); void (*clear_root_pgtable)(struct domain *d); int (*update_ire_from_msi)(struct msi_desc *msi_desc, struct msi_msg *msg); #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 02:11:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 02:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290576.492861 (Exim 4.92) (envelope-from ) id 1nTwf1-0005WJ-EF; Tue, 15 Mar 2022 02:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290576.492861; Tue, 15 Mar 2022 02:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwf1-0005WB-BM; Tue, 15 Mar 2022 02:11:43 +0000 Received: by outflank-mailman (input) for mailman id 290576; Tue, 15 Mar 2022 02:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwf0-0005Vu-1Y for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nTwf0-00086S-0l for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nTwez-0007ow-W2 for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 02:11:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ff5mA8ZUu6LDM0RDENSqK1a9rUGc+bmzGsvrcKXJMzA=; b=HB+UrQZPa/cr2TCgiqHKXvwnK8 L5U+9ZJz4eAxN6YZx0aTsqErIqpoO4l6lV2a9mvrcyR+P4WiVC2h8qYbYZEUSWp2CeYtxDrQc/HCZ t4w6ZgP/BeZiUli909HBpMY7UXyD0kfaZTSQfifP/lCUxmcRdyDZi5f/iSUzS7b9Bwd0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/build: use --orphan-handling linker option if available Message-Id: Date: Tue, 15 Mar 2022 02:11:41 +0000 commit dedb0aa42c6d1ee31805dfc61630db2c41117330 Author: Jan Beulich AuthorDate: Mon Mar 14 10:33:35 2022 +0100 Commit: Jan Beulich CommitDate: Mon Mar 14 10:33:35 2022 +0100 x86/build: use --orphan-handling linker option if available As was e.g. making necessary 4b7fd8153ddf ("x86: fold sections in final binaries"), arbitrary sections appearing without our linker script placing them explicitly can be a problem. Have the linker make us aware of such sections, so we would know that the script needs adjusting. To deal with the resulting warnings: - Retain .note.* explicitly for ELF, and discard all of them (except the earlier consumed .note.gnu.build-id) for PE/COFF. - Have explicit statements for .got, .plt, and alike and add assertions that they're empty. No output sections will be created for these as long as they remain empty (or else the assertions would cause early failure anyway). - Collect all .rela.* into a single section, with again an assertion added for the resulting section to be empty. - Extend the enumerating of .debug_* to ELF. Note that for Clang adding of .debug_macinfo is necessary. Amend this by its Dwarf5 counterpart, .debug_macro, then as well (albeit more may need adding for full coverage). - For LLVM ld also enumerate .symtab, .strtab, and .shstrtab. Suggested-by: Roger Pau Monné Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/Makefile | 6 +- xen/arch/x86/xen.lds.S | 168 +++++++++++++++++++++++++++++-------------------- 2 files changed, 105 insertions(+), 69 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 04065a7310..b6b082ee1d 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -119,6 +119,8 @@ syms-warn-dup-y := --warn-dup syms-warn-dup-$(CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS) := syms-warn-dup-$(CONFIG_ENFORCE_UNIQUE_SYMBOLS) := --error-dup +orphan-handling-$(call ld-option,--orphan-handling=warn) += --orphan-handling=warn + $(TARGET): TMP = $(@D)/.$(@F).elf32 $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 $(obj)/boot/mkelf32 $(notes_phdrs) $(TARGET)-syms $(TMP) $(XEN_IMG_OFFSET) \ @@ -145,7 +147,7 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds >$(@D)/.$(@F).1.S $(MAKE) $(build)=$(@D) $(@D)/.$(@F).1.o $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds -N $< $(build_id_linker) \ - $(@D)/.$(@F).1.o -o $@ + $(orphan-handling-y) $(@D)/.$(@F).1.o -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort \ >$(@D)/$(@F).map @@ -219,7 +221,7 @@ endif | $(BASEDIR)/tools/symbols $(all_symbols) --sysv --sort >$(@D)/.$(@F).1s.S $(MAKE) $(build)=$(@D) .$(@F).1r.o .$(@F).1s.o $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds -N $< \ - $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(note_file_option) -o $@ + $(@D)/.$(@F).1r.o $(@D)/.$(@F).1s.o $(orphan-handling-y) $(note_file_option) -o $@ $(NM) -pa --format=sysv $(@D)/$(@F) \ | $(BASEDIR)/tools/symbols --all-symbols --xensyms --sysv --sort >$(@D)/$(@F).map rm -f $(@D)/.$(@F).[0-9]* $(@D)/..$(@F).[0-9]* diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 4103763f63..7aa1f82df9 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -12,6 +12,13 @@ #undef __XEN_VIRT_START #define __XEN_VIRT_START __image_base__ #define DECL_SECTION(x) x : +/* + * Use the NOLOAD directive, despite currently ignored by (at least) GNU ld + * for PE output, in order to record that we'd prefer these sections to not + * be loaded into memory. + */ +#define DECL_DEBUG(x, a) #x ALIGN(a) (NOLOAD) : { *(x) } +#define DECL_DEBUG2(x, y, a) #x ALIGN(a) (NOLOAD) : { *(x) *(y) } ENTRY(efi_start) @@ -19,6 +26,8 @@ ENTRY(efi_start) #define FORMAT "elf64-x86-64" #define DECL_SECTION(x) #x : AT(ADDR(#x) - __XEN_VIRT_START) +#define DECL_DEBUG(x, a) #x 0 : { *(x) } +#define DECL_DEBUG2(x, y, a) #x 0 : { *(x) *(y) } ENTRY(start_pa) @@ -158,6 +167,10 @@ SECTIONS } PHDR(text) #if defined(CONFIG_PVH_GUEST) && !defined(EFI) + /* + * In principle this should be fine to live in .note (below), but let's keep + * it separate in case anyone decided to find these notes by section name. + */ DECL_SECTION(.note.Xen) { *(.note.Xen) } PHDR(note) PHDR(text) @@ -185,6 +198,13 @@ SECTIONS #endif #endif +#ifndef EFI + /* Retain these just for the purpose of possible analysis tools. */ + DECL_SECTION(.note) { + *(.note.*) + } PHDR(note) PHDR(text) +#endif + _erodata = .; . = ALIGN(SECTION_ALIGN); @@ -272,6 +292,34 @@ SECTIONS __ctors_end = .; } PHDR(text) +#ifndef EFI + /* + * With --orphan-sections=warn (or =error) we need to handle certain linker + * generated sections. These are all expected to be empty; respective + * ASSERT()s can be found towards the end of this file. Put them in the + * text program header, just to be on the safe side against e.g. a linker + * otherwise chosing to put them in a separate one. + */ + DECL_SECTION(.got) { + *(.got) + } PHDR(text) + DECL_SECTION(.got.plt) { + *(.got.plt) + } PHDR(text) + DECL_SECTION(.igot.plt) { + *(.igot.plt) + } PHDR(text) + DECL_SECTION(.iplt) { + *(.iplt) + } PHDR(text) + DECL_SECTION(.plt) { + *(.plt) + } PHDR(text) + DECL_SECTION(.rela) { + *(.rela.*) + } PHDR(text) +#endif + . = ALIGN(SECTION_ALIGN); __init_end = .; __2M_init_end = .; @@ -324,71 +372,6 @@ SECTIONS *(.reloc) __base_relocs_end = .; } - /* - * Explicitly list debug section for the PE output so that they don't end - * up at VA 0 which is below image base and thus invalid. Also use the - * NOLOAD directive, despite currently ignored by ld for PE output, in - * order to record that we'd prefer these sections to not be loaded into - * memory. - * - * Note that we're past _end here, so if these sections get loaded they'll - * be discarded at runtime anyway. - */ - .debug_abbrev ALIGN(1) (NOLOAD) : { - *(.debug_abbrev) - } - .debug_info ALIGN(1) (NOLOAD) : { - *(.debug_info) - *(.gnu.linkonce.wi.*) - } - .debug_types ALIGN(1) (NOLOAD) : { - *(.debug_types) - } - .debug_str ALIGN(1) (NOLOAD) : { - *(.debug_str) - } - .debug_line ALIGN(1) (NOLOAD) : { - *(.debug_line) - *(.debug_line.*) - } - .debug_line_str ALIGN(1) (NOLOAD) : { - *(.debug_line_str) - } - .debug_names ALIGN(4) (NOLOAD) : { - *(.debug_names) - } - .debug_frame ALIGN(4) (NOLOAD) : { - *(.debug_frame) - } - .debug_loc ALIGN(1) (NOLOAD) : { - *(.debug_loc) - } - .debug_loclists ALIGN(4) (NOLOAD) : { - *(.debug_loclists) - } - .debug_ranges ALIGN(8) (NOLOAD) : { - *(.debug_ranges) - } - .debug_rnglists ALIGN(4) (NOLOAD) : { - *(.debug_rnglists) - } - .debug_addr ALIGN(8) (NOLOAD) : { - *(.debug_addr) - } - .debug_aranges ALIGN(1) (NOLOAD) : { - *(.debug_aranges) - } - .debug_pubnames ALIGN(1) (NOLOAD) : { - *(.debug_pubnames) - } - .debug_pubtypes ALIGN(1) (NOLOAD) : { - *(.debug_pubtypes) - } - /* Trick the linker into setting the image size to no less than 16Mb. */ - __image_end__ = .; - .pad ALIGN(__section_alignment__) : { - . = __image_end__ < __image_base__ + MB(16) ? ALIGN(MB(16)) : .; - } #elif defined(XEN_BUILD_EFI) /* * Due to the way EFI support is currently implemented, these two symbols @@ -403,6 +386,42 @@ SECTIONS efi = .; #endif + /* + * Explicitly list debug sections, first of all to avoid these sections being + * viewed as "orphan" by the linker. + * + * For the PE output this is further necessary so that they don't end up at + * VA 0, which is below image base and thus invalid. Note that we're past + * _end here, so if these sections get loaded they'll be discarded at runtime + * anyway. + */ + DECL_DEBUG(.debug_abbrev, 1) + DECL_DEBUG2(.debug_info, .gnu.linkonce.wi.*, 1) + DECL_DEBUG(.debug_types, 1) + DECL_DEBUG(.debug_str, 1) + DECL_DEBUG2(.debug_line, .debug_line.*, 1) + DECL_DEBUG(.debug_line_str, 1) + DECL_DEBUG(.debug_names, 4) + DECL_DEBUG(.debug_frame, 4) + DECL_DEBUG(.debug_loc, 1) + DECL_DEBUG(.debug_loclists, 4) + DECL_DEBUG(.debug_macinfo, 1) + DECL_DEBUG(.debug_macro, 1) + DECL_DEBUG(.debug_ranges, 8) + DECL_DEBUG(.debug_rnglists, 4) + DECL_DEBUG(.debug_addr, 8) + DECL_DEBUG(.debug_aranges, 1) + DECL_DEBUG(.debug_pubnames, 1) + DECL_DEBUG(.debug_pubtypes, 1) + +#ifdef EFI + /* Trick the linker into setting the image size to no less than 16Mb. */ + __image_end__ = .; + .pad ALIGN(__section_alignment__) : { + . = __image_end__ < __image_base__ + MB(16) ? ALIGN(MB(16)) : .; + } +#endif + #ifdef CONFIG_HYPERV_GUEST hv_hcall_page = ABSOLUTE(HV_HCALL_PAGE - XEN_VIRT_START + __XEN_VIRT_START); #endif @@ -423,8 +442,7 @@ SECTIONS #ifdef EFI *(.comment) *(.comment.*) - *(.note.Xen) - *(.note.gnu.*) + *(.note.*) #endif } @@ -437,6 +455,13 @@ SECTIONS .stab.index 0 : { *(.stab.index) } .stab.indexstr 0 : { *(.stab.indexstr) } .comment 0 : { *(.comment) } + /* + * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to + * be benign to GNU ld, so we can have them here unconditionally. + */ + .symtab 0 : { *(.symtab) } + .strtab 0 : { *(.strtab) } + .shstrtab 0 : { *(.shstrtab) } #endif } @@ -470,6 +495,15 @@ ASSERT(IS_ALIGNED(trampoline_end, 4), "trampoline_end misaligned") ASSERT(IS_ALIGNED(__bss_start, 8), "__bss_start misaligned") ASSERT(IS_ALIGNED(__bss_end, 8), "__bss_end misaligned") +#ifndef EFI +ASSERT(!SIZEOF(.got), ".got non-empty") +ASSERT(!SIZEOF(.got.plt), ".got.plt non-empty") +ASSERT(!SIZEOF(.igot.plt), ".igot.plt non-empty") +ASSERT(!SIZEOF(.iplt), ".iplt non-empty") +ASSERT(!SIZEOF(.plt), ".plt non-empty") +ASSERT(!SIZEOF(.rela), "leftover relocations") +#endif + ASSERT((trampoline_end - trampoline_start) < TRAMPOLINE_SPACE - MBI_SPACE_MIN, "not enough room for trampoline and mbi data") ASSERT((wakeup_stack - wakeup_stack_start) >= WAKEUP_STACK_MIN, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 11:11:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 11:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290742.493195 (Exim 4.92) (envelope-from ) id 1nU54z-0003Bd-Mx; Tue, 15 Mar 2022 11:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290742.493195; Tue, 15 Mar 2022 11:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU54z-0003BV-K4; Tue, 15 Mar 2022 11:11:05 +0000 Received: by outflank-mailman (input) for mailman id 290742; Tue, 15 Mar 2022 11:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU54y-0003BP-Hm for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU54y-0001gG-EB for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nU54y-0001sR-D1 for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xDmLUbGfj6oEWdceJ2nl/GEJ21mgOy7llLsyR+7qMG0=; b=X11Ob1uQRQpXpVDfFl1KhS4TEl /IoPtK0NIpjWrB8JMt1TSpAIAOPI+c/zkD6EfGSBZk1AS33S/GnIuMKWwAuzjBHTwAaurxqDsBLAt 91WMOr/680SUgsR0lpzo8EPYCUMntkw3Si0v4RtazlVpdWfLieai3ncetnO0q6RD0m1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/APIC: skip unnecessary parts of __setup_APIC_LVTT() Message-Id: Date: Tue, 15 Mar 2022 11:11:04 +0000 commit 0be65a773df00ef6e14ef61f390b05de2149a5f9 Author: Jan Beulich AuthorDate: Tue Mar 15 12:08:04 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:08:04 2022 +0100 x86/APIC: skip unnecessary parts of __setup_APIC_LVTT() In TDT mode there's no point writing TDCR or TMICT, while outside of that mode there's no need for the MFENCE. No change intended to overall functioning. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/apic.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 5a7a58dc98..96d73a7449 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1059,24 +1059,25 @@ static void __setup_APIC_LVTT(unsigned int clocks) { unsigned int lvtt_value, tmp_value; - /* NB. Xen uses local APIC timer in one-shot mode. */ - lvtt_value = /*APIC_TIMER_MODE_PERIODIC |*/ LOCAL_TIMER_VECTOR; - if ( tdt_enabled ) { - lvtt_value &= (~APIC_TIMER_MODE_MASK); - lvtt_value |= APIC_TIMER_MODE_TSC_DEADLINE; + lvtt_value = APIC_TIMER_MODE_TSC_DEADLINE | LOCAL_TIMER_VECTOR; + apic_write(APIC_LVTT, lvtt_value); + + /* + * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode, + * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized. + * According to Intel, MFENCE can do the serialization here. + */ + asm volatile( "mfence" : : : "memory" ); + + return; } + /* NB. Xen uses local APIC timer in one-shot mode. */ + lvtt_value = APIC_TIMER_MODE_ONESHOT | LOCAL_TIMER_VECTOR; apic_write(APIC_LVTT, lvtt_value); - /* - * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode, - * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized. - * According to Intel, MFENCE can do the serialization here. - */ - asm volatile( "mfence" : : : "memory" ); - tmp_value = apic_read(APIC_TDCR); apic_write(APIC_TDCR, tmp_value | APIC_TDR_DIV_1); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 11:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 11:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290743.493199 (Exim 4.92) (envelope-from ) id 1nU559-0003Do-Oo; Tue, 15 Mar 2022 11:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290743.493199; Tue, 15 Mar 2022 11:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU559-0003Dg-Le; Tue, 15 Mar 2022 11:11:15 +0000 Received: by outflank-mailman (input) for mailman id 290743; Tue, 15 Mar 2022 11:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU558-0003DY-IG for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU558-0001gO-HR for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nU558-0001tA-GD for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ajR8hPMKQcb1XW2uB0pqU/0JiDQ/IWrXU+c4govPPjs=; b=b7l29hs6baX2NgjR5ilNlzerhD WiVeH1rCWjsJNy20172Ry3YdYimWxAyL9/KBpJ+GT0F3NEbrQb7HF97ywV5/pUy+eOpV2uWoqBtob W5AcFQ7vQvbNpTToZXhDoxa2LxMenDElbMnbH0gEmu6vzZ0zNMzsXh8WKmrdiEvoSzBg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] ns16550: add support for Intel LPSS UART Message-Id: Date: Tue, 15 Mar 2022 11:11:14 +0000 commit 46d5cec7e03d01a480ffdb6a50a576c7fe503df0 Author: Marek Marczykowski-Górecki AuthorDate: Tue Mar 15 12:09:01 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:09:01 2022 +0100 ns16550: add support for Intel LPSS UART This adds support for serial console as found in a laptop with TGL-LP (StarBook MkV). Since the device is on the bus 0, it needs to be enabled via "com1=...,amt", not just "...,pci". Device specification is in Intel docs 631119-007 and 631120-001. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index e5b4a90855..fb75cee4a1 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -91,6 +91,7 @@ struct ns16550_config { param_exar_xr17v352, param_exar_xr17v354, param_exar_xr17v358, + param_intel_lpss, } param; }; @@ -822,6 +823,16 @@ static const struct ns16550_config_param __initconst uart_param[] = { .mmio = 1, .max_ports = 8, }, + [param_intel_lpss] = { + .uart_offset = 0x000, + .reg_shift = 2, + .reg_width = 1, + .fifo_size = 64, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 1, + }, }; static const struct ns16550_config __initconst uart_config[] = @@ -1066,6 +1077,12 @@ static const struct ns16550_config __initconst uart_config[] = .dev_id = 0x0358, .param = param_exar_xr17v358 }, + /* Intel Corp. TGL-LP LPSS PCI */ + { + .vendor_id = PCI_VENDOR_ID_INTEL, + .dev_id = 0xa0c7, + .param = param_intel_lpss + }, }; static int __init -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 15 11:11:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 15 Mar 2022 11:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290744.493203 (Exim 4.92) (envelope-from ) id 1nU55J-0003Gn-RW; Tue, 15 Mar 2022 11:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290744.493203; Tue, 15 Mar 2022 11:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU55J-0003Ge-OU; Tue, 15 Mar 2022 11:11:25 +0000 Received: by outflank-mailman (input) for mailman id 290744; Tue, 15 Mar 2022 11:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU55I-0003GU-LH for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nU55I-0001ga-KV for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nU55I-0001tu-JU for xen-changelog@lists.xenproject.org; Tue, 15 Mar 2022 11:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Nq8pV8kK9eLkQo2pfbz6r2X9Ae8Z+wGTf90seR0AebA=; b=6eM04NdbLH7szsZo29T4hoSej0 ylxR/4B8Ow+2DbKuzDpXt7FU+H5CfUGEjOtK4ei+QnDB8Q57BGMGUxUFtAQcNp70K2GkxKS3eLd+7 SPn3RuuYY0ufgrjpoeW99cMfzloXcKt1vtygCY9Fsq9IlyuD2/kq/KrQTC15ryBwgTqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Arm: arrange to have linker script honor dependencies (again) Message-Id: Date: Tue, 15 Mar 2022 11:11:24 +0000 commit c7a80bc50ac768b4eecaad85b77ae45790c93c73 Author: Jan Beulich AuthorDate: Tue Mar 15 12:09:56 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:09:56 2022 +0100 Arm: arrange to have linker script honor dependencies (again) The if_changed macro leads to dependencies being recorded in .*.d, which aren't loaded anymore. Use if_changed_dep instead, like x86 does. Fixes: 06ef696c85a7 ("build: introduce if_changed_deps") Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index cecfaf4f3c..51ec2ba928 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -112,7 +112,7 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds include: $(obj)/xen.lds: $(src)/xen.lds.S FORCE - $(call if_changed,cpp_lds_S) + $(call if_changed_dep,cpp_lds_S) $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 00:33:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 00:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290989.493680 (Exim 4.92) (envelope-from ) id 1nUHb5-0001hV-JQ; Wed, 16 Mar 2022 00:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290989.493680; Wed, 16 Mar 2022 00:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHb5-0001hN-GP; Wed, 16 Mar 2022 00:33:03 +0000 Received: by outflank-mailman (input) for mailman id 290989; Wed, 16 Mar 2022 00:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHb4-0001gZ-6s for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHb4-0008No-62 for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUHb4-0003fj-4v for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zs8DcrjrzZocMwbcE5yn9s23PF111yPj7kL7LF8gLoE=; b=kbFhx183jkUGc5p9pYUqZp9DMR Av+B9I2edov4w3QP9MPshwu7pyWlQxtWKA+Z/YgCj7EMGk1EWr7YN9uhtr/j22ENhhN2Ep9zb8FmH 6+Unv6ygC6LS/z2IP17lLrJ0bTU4gZObsCuaoRFG/8ZckDyRyQ2LtEPPEVED2xCEEcTw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: Decode ldr/str post increment operations Message-Id: Date: Wed, 16 Mar 2022 00:33:02 +0000 commit f9dd8436e3b826e4ca2284effa4c0285527ea763 Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:44:58 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 17:58:04 2022 +0000 xen/arm64: Decode ldr/str post increment operations At the moment, Xen does not decode any of the arm64 instructions. This means that when hsr_dabt.isv == 0, Xen cannot handle those instructions. This will lead to Xen to abort the guests (from which those instructions originate). With this patch, Xen is able to decode ldr/str post indexing instructions. These are a subset of instructions for which hsr_dabt.isv == 0. The following instructions are now supported by Xen :- 1. ldr x2, [x1], #8 2. ldr w2, [x1], #-4 3. ldr x2, [x1], #-8 4. ldr w2, [x1], #4 5. ldrh w2, [x1], #2 6. ldrb w2, [x1], #1 7. str x2, [x1], #8 8. str w2, [x1], #-4 9. strh w2, [x1], #2 10. strb w2, [x1], #1 In the subsequent patch, decode_arm64() will get invoked when hsr_dabt.isv == 0. Signed-off-by: Ayan Kumar Halder Reviewed-by: Stefano Stabellini --- xen/arch/arm/decode.c | 79 +++++++++++++++++++++++++++++++++++++++-- xen/arch/arm/decode.h | 48 +++++++++++++++++++++---- xen/arch/arm/include/asm/mmio.h | 4 +++ xen/arch/arm/io.c | 2 +- 4 files changed, 124 insertions(+), 9 deletions(-) diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 792c2e92a7..3add87e83a 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -84,6 +84,78 @@ bad_thumb2: return 1; } +static int decode_arm64(register_t pc, mmio_info_t *info) +{ + union instr opcode = {0}; + struct hsr_dabt *dabt = &info->dabt; + struct instr_details *dabt_instr = &info->dabt_instr; + + if ( raw_copy_from_guest(&opcode.value, (void * __user)pc, sizeof (opcode)) ) + { + gprintk(XENLOG_ERR, "Could not copy the instruction from PC\n"); + return 1; + } + + /* + * Refer Arm v8 ARM DDI 0487G.b, Page - C6-1107 + * "Shared decode for all encodings" (under ldr immediate) + * If n == t && n != 31, then the return value is implementation defined + * (can be WBSUPPRESS, UNKNOWN, UNDEFINED or NOP). Thus, we do not support + * this. This holds true for ldrb/ldrh immediate as well. + * + * Also refer, Page - C6-1384, the above described behaviour is same for + * str immediate. This holds true for strb/strh immediate as well + */ + if ( (opcode.ldr_str.rn == opcode.ldr_str.rt) && (opcode.ldr_str.rn != 31) ) + { + gprintk(XENLOG_ERR, "Rn should not be equal to Rt except for r31\n"); + goto bad_loadstore; + } + + /* First, let's check for the fixed values */ + if ( (opcode.value & POST_INDEX_FIXED_MASK) != POST_INDEX_FIXED_VALUE ) + { + gprintk(XENLOG_ERR, + "Decoding instruction 0x%x is not supported\n", opcode.value); + goto bad_loadstore; + } + + if ( opcode.ldr_str.v != 0 ) + { + gprintk(XENLOG_ERR, + "ldr/str post indexing for vector types are not supported\n"); + goto bad_loadstore; + } + + /* Check for STR (immediate) */ + if ( opcode.ldr_str.opc == 0 ) + dabt->write = 1; + /* Check for LDR (immediate) */ + else if ( opcode.ldr_str.opc == 1 ) + dabt->write = 0; + else + { + gprintk(XENLOG_ERR, + "Decoding ldr/str post indexing is not supported for this variant\n"); + goto bad_loadstore; + } + + gprintk(XENLOG_INFO, + "opcode->ldr_str.rt = 0x%x, opcode->ldr_str.size = 0x%x, opcode->ldr_str.imm9 = %d\n", + opcode.ldr_str.rt, opcode.ldr_str.size, opcode.ldr_str.imm9); + + update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + + dabt_instr->rn = opcode.ldr_str.rn; + dabt_instr->imm9 = opcode.ldr_str.imm9; + + return 0; + + bad_loadstore: + gprintk(XENLOG_ERR, "unhandled Arm instruction 0x%x\n", opcode.value); + return 1; +} + static int decode_thumb(register_t pc, struct hsr_dabt *dabt) { uint16_t instr; @@ -150,10 +222,13 @@ bad_thumb: return 1; } -int decode_instruction(const struct cpu_user_regs *regs, struct hsr_dabt *dabt) +int decode_instruction(const struct cpu_user_regs *regs, mmio_info_t *info) { if ( is_32bit_domain(current->domain) && regs->cpsr & PSR_THUMB ) - return decode_thumb(regs->pc, dabt); + return decode_thumb(regs->pc, &info->dabt); + + if ( !regs_mode_is_32bit(regs) ) + return decode_arm64(regs->pc, info); /* TODO: Handle ARM instruction */ gprintk(XENLOG_ERR, "unhandled ARM instruction\n"); diff --git a/xen/arch/arm/decode.h b/xen/arch/arm/decode.h index 4613763bdb..13db8ac968 100644 --- a/xen/arch/arm/decode.h +++ b/xen/arch/arm/decode.h @@ -23,19 +23,55 @@ #include #include -/** +/* + * Refer to the ARMv8 ARM (DDI 0487G.b), Section C4.1.4 Loads and Stores + * Page 318 specifies the following bit pattern for + * "load/store register (immediate post-indexed)". + * + * 31 30 29 27 26 25 23 21 20 11 9 4 0 + * ___________________________________________________________________ + * |size|1 1 1 |V |0 0 |opc |0 | imm9 |0 1 | Rn | Rt | + * |____|______|__|____|____|__|_______________|____|_________|_______| + */ +union instr { + uint32_t value; + struct { + unsigned int rt:5; /* Rt register */ + unsigned int rn:5; /* Rn register */ + unsigned int fixed1:2; /* value == 01b */ + signed int imm9:9; /* imm9 */ + unsigned int fixed2:1; /* value == 0b */ + unsigned int opc:2; /* opc */ + unsigned int fixed3:2; /* value == 00b */ + unsigned int v:1; /* vector */ + unsigned int fixed4:3; /* value == 111b */ + unsigned int size:2; /* size */ + } ldr_str; +}; + +#define POST_INDEX_FIXED_MASK 0x3B200C00 +#define POST_INDEX_FIXED_VALUE 0x38000400 + +/* * Decode an instruction from pc - * /!\ This function is not intended to fully decode an instruction. It - * considers that the instruction is valid. + * /!\ This function is intended to decode an instruction. It considers that the + * instruction is valid. * - * This function will get: - * - The transfer register + * In case of thumb mode, this function will get: + * - The transfer register (ie Rt) * - Sign bit * - Size + * + * In case of arm64 mode, this function will get: + * - The transfer register (ie Rt) + * - The source register (ie Rn) + * - Size + * - Immediate offset + * - Read or write */ int decode_instruction(const struct cpu_user_regs *regs, - struct hsr_dabt *dabt); + mmio_info_t *info); #endif /* __ARCH_ARM_DECODE_H_ */ diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 7ab873cb8f..3354d9c635 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -29,6 +29,10 @@ typedef struct { struct hsr_dabt dabt; + struct instr_details { + unsigned long rn:5; + signed int imm9:9; + } dabt_instr; paddr_t gpa; } mmio_info_t; diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 1a066f9ae5..fad103bdbd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -141,7 +141,7 @@ enum io_state try_handle_mmio(struct cpu_user_regs *regs, { int rc; - rc = decode_instruction(regs, &info.dabt); + rc = decode_instruction(regs, &info); if ( rc ) { gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 00:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 00:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290992.493686 (Exim 4.92) (envelope-from ) id 1nUHbF-0001oW-Lv; Wed, 16 Mar 2022 00:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290992.493686; Wed, 16 Mar 2022 00:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbF-0001oL-IT; Wed, 16 Mar 2022 00:33:13 +0000 Received: by outflank-mailman (input) for mailman id 290992; Wed, 16 Mar 2022 00:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbE-0001nr-AT for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbE-0008Nw-9g for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUHbE-0003gT-8m for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yq3KbF3NVIwHkTQEzxqGOgxDBpNol/pK1u+JworkErI=; b=pfRFgZa/4bm4sB9nQ942tL5EvY WEoVTE27GiTSt02jCzFCUiopeR75SVAN1gSzmV1vnRKfzcLZhHWPWqHlSiAnjqEK0Z0gsK25Z8SK2 QmXBM142Co7B/N5oeo0rOIAg3nhsstJEiGBBIuqs4vzW5Uweik3OMEZATO/tpZ5gXaMo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler Message-Id: Date: Wed, 16 Mar 2022 00:33:12 +0000 commit 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5 Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:44:59 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 17:58:40 2022 +0000 xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler When an instruction is trapped in Xen due to translation fault, Xen checks if the ISS is invalid (for data abort) or it is an instruction abort. If so, Xen tries to resolve the translation fault using p2m page tables. In case of data abort, Xen will try to map the mmio region to the guest (ie tries to emulate the mmio region). If the ISS is not valid and it is a data abort, then Xen tries to decode the instruction. In case of ioreq, Xen saves the decoding state, rn and imm9 to vcpu_io. Whenever the vcpu handles the ioreq successfully, it will read the decoding state to determine if the instruction decoded was a ldr/str post indexing (ie INSTR_LDR_STR_POSTINDEXING). If so, it uses these details to post increment rn. In case of mmio handler, if the mmio operation was successful, then Xen retrives the decoding state, rn and imm9. For state == INSTR_LDR_STR_POSTINDEXING, Xen will update rn. If there is an error encountered while decoding/executing the instruction, Xen will forward the abort to the guest. Also, the logic to infer the type of instruction has been moved from try_handle_mmio() to try_decode_instruction() which is called before. try_handle_mmio() is solely responsible for handling the mmio operation. Signed-off-by: Ayan Kumar Halder Acked-by: Julien Grall Reviewed-by: Stefano Stabellini --- xen/arch/arm/arm32/traps.c | 11 +++++ xen/arch/arm/arm64/traps.c | 52 ++++++++++++++++++++++ xen/arch/arm/decode.c | 2 + xen/arch/arm/include/asm/domain.h | 4 ++ xen/arch/arm/include/asm/mmio.h | 17 +++++++- xen/arch/arm/include/asm/traps.h | 2 + xen/arch/arm/io.c | 90 ++++++++++++++++++++++++--------------- xen/arch/arm/ioreq.c | 8 +++- xen/arch/arm/traps.c | 77 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/ioreq.h | 3 ++ xen/include/xen/sched.h | 2 + 11 files changed, 214 insertions(+), 54 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 9c9790a6d1..159e3cef8b 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,9 +18,11 @@ #include #include +#include #include +#include #include #include @@ -82,6 +84,15 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } +void post_increment_register(const struct instr_details *instr) +{ + /* + * We have not implemented decoding of post indexing instructions for 32 bit. + * Thus, this should be unreachable. + */ + domain_crash(current->domain); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 9113a15c7a..6ce4a1fa8c 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,6 +17,7 @@ */ #include +#include #include #include @@ -44,6 +45,57 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } +void post_increment_register(const struct instr_details *instr) +{ + struct cpu_user_regs *regs = guest_cpu_user_regs(); + register_t val = 0; + uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); + + /* Currently, we handle only ldr/str post indexing instructions */ + if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) + return; + + /* + * Handle when rn = SP + * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register + * selection" + * t = SP_EL0 + * h = SP_ELx + * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") + */ + if ( instr->rn == 31 ) + { + switch ( psr_mode ) + { + case PSR_MODE_EL1h: + val = regs->sp_el1; + break; + case PSR_MODE_EL1t: + case PSR_MODE_EL0t: + val = regs->sp_el0; + break; + + default: + domain_crash(current->domain); + return; + } + } + else + val = get_user_reg(regs, instr->rn); + + val += instr->imm9; + + if ( instr->rn == 31 ) + { + if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) + regs->sp_el1 = val; + else + regs->sp_el0 = val; + } + else + set_user_reg(regs, instr->rn, val); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 3add87e83a..f5f6562600 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,8 +146,10 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; + dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index c56f6e4398..ed63c2b6f9 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,6 +281,10 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) +struct arch_vcpu_io { + struct instr_details dabt_instr; /* when the instruction is decoded */ +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 3354d9c635..ca259a79c2 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,12 +26,24 @@ #define MAX_IO_HANDLER 16 +enum instr_decode_state +{ + INSTR_ERROR, /* Error encountered while decoding instr */ + INSTR_VALID, /* ISS is valid, so no need to decode */ + /* + * Instruction is decoded successfully. It is a ldr/str post indexing + * instruction. + */ + INSTR_LDR_STR_POSTINDEXING, +}; + typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; + enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -69,14 +81,15 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa); + mmio_info_t *info); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 2ed2b85c6f..95c46ad391 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,6 +109,8 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } +void post_increment_register(const struct instr_details *instr); + #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fad103bdbd..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,57 +102,79 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info) +{ + int rc; + + if ( info->dabt.valid ) + { + info->dabt_instr.state = INSTR_VALID; + + /* + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. + */ + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + info->dabt.write ) + { + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } + } + return; + } + + /* + * Armv8 processor does not provide a valid syndrome for decoding some + * instructions. So in order to process these instructions, Xen must + * decode them. + */ + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_ERR, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } +} + enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa) + mmio_info_t *info) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - const struct hsr_dabt dabt = hsr.dabt; - mmio_info_t info = { - .gpa = gpa, - .dabt = dabt - }; + int rc; - ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - handler = find_mmio_handler(v->domain, info.gpa); - if ( !handler ) + if ( !info->dabt.valid ) { - int rc; + ASSERT_UNREACHABLE(); + return IO_ABORT; + } - rc = try_fwd_ioserv(regs, v, &info); + handler = find_mmio_handler(v->domain, info->gpa); + if ( !handler ) + { + rc = try_fwd_ioserv(regs, v, info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } - /* All the instructions used on emulated MMIO region should be valid */ - if ( !dabt.valid ) - return IO_ABORT; - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. + * At this point, we know that the instruction is either valid or has been + * decoded successfully. Thus, Xen should be allowed to execute the + * instruction on the emulated MMIO region. */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - dabt.write ) - { - int rc; - - rc = decode_instruction(regs, &info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - return IO_ABORT; - } - } - - if ( info.dabt.write ) - return handle_write(handler, v, &info); + if ( info->dabt.write ) + return handle_write(handler, v, info); else - return handle_read(handler, v, &info); + return handle_read(handler, v, info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 308650b400..cc9bf23213 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,6 +47,8 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; + struct instr_details instr = info->dabt_instr; + struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -76,10 +78,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - if ( !info->dabt.valid ) - return IO_ABORT; + ASSERT(dabt.valid); vio->req = p; + vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -95,6 +97,7 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; + struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -106,6 +109,7 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { + post_increment_register(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 7a1b679b8c..53652d7781 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,6 +1893,21 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } +static inline bool check_p2m(bool is_data, paddr_t gpa) +{ + /* + * First check if the translation fault can be resolved by the P2M subsystem. + * If that's the case nothing else to do. + */ + if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) + return true; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + return true; + + return false; +} + static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1906,6 +1921,8 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + mmio_info_t info; + enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1959,21 +1976,52 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: + { + info.gpa = gpa; + info.dabt = hsr.dabt; + /* - * Attempt first to emulate the MMIO as the data abort will - * likely happen in an emulated region. - * - * Note that emulated region cannot be executed + * Assumption :- Most of the times when we get a data abort and the ISS + * is invalid or an instruction abort, the underlying cause is that the + * page tables have not been set up correctly. */ - if ( is_data ) + if ( !is_data || !info.dabt.valid ) { - enum io_state state = try_handle_mmio(regs, hsr, gpa); + if ( check_p2m(is_data, gpa) ) + return; - switch ( state ) - { + /* + * If the instruction abort could not be resolved by setting the + * appropriate bits in the translation table, then Xen should + * forward the abort to the guest. + */ + if ( !is_data ) + goto inject_abt; + } + + try_decode_instruction(regs, &info); + + /* + * If Xen could not decode the instruction or encountered an error + * while decoding, then it should forward the abort to the guest. + */ + if ( info.dabt_instr.state == INSTR_ERROR ) + goto inject_abt; + + state = try_handle_mmio(regs, &info); + + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: + /* + * If the instruction was decoded and has executed successfully + * on the MMIO region, then Xen should execute the next part of + * the instruction. (for eg increment the rn if it is a + * post-indexing instruction. + */ + post_increment_register(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -1982,21 +2030,18 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; - } } /* - * First check if the translation fault can be resolved by the - * P2M subsystem. If that's the case nothing else to do. + * If the instruction syndrome was invalid, then we already checked if + * this was due to a P2M fault. So no point to check again as the result + * will be the same. */ - if ( p2m_resolve_translation_fault(current->domain, - gaddr_to_gfn(gpa)) ) - return; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) return; break; + } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/ioreq.h b/xen/arch/x86/include/asm/ioreq.h index d06ce9a6ea..ecfe7f9fdb 100644 --- a/xen/arch/x86/include/asm/ioreq.h +++ b/xen/arch/x86/include/asm/ioreq.h @@ -26,6 +26,9 @@ #include #endif +struct arch_vcpu_io { +}; + #endif /* __ASM_X86_IOREQ_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 10ea969c7a..406d9bc610 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,6 +160,8 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; + /* Arch specific info pertaining to the io request */ + struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 00:33:23 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 00:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290995.493689 (Exim 4.92) (envelope-from ) id 1nUHbP-0001zu-NU; Wed, 16 Mar 2022 00:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290995.493689; Wed, 16 Mar 2022 00:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbP-0001zm-K8; Wed, 16 Mar 2022 00:33:23 +0000 Received: by outflank-mailman (input) for mailman id 290995; Wed, 16 Mar 2022 00:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbO-0001zL-DQ for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbO-0008OA-Cf for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUHbO-0003hE-Bl for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kjWjlRQwPZ1qVJe874aU59y0pUBmbZ5v46/bkIvKMGw=; b=2eAyPrZlvgPBSWPuBoPBE3hfi7 UkG+cJSI0Ixgdgl9voVADYoAx2ABeKz0UFRCstez7N1anIYoGqAOKeB956iZML2kBEyzMwIVnSH2I XuzIlRKOXhDLuspx8zxz3hvyVmkC9E55v5NOypkCeT2CKl+K3VZtaVziR8bTmJhfhoUQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: io: Handle the abort due to access to stage1 translation table Message-Id: Date: Wed, 16 Mar 2022 00:33:22 +0000 commit fef5531fd8f311b347970568d77e7bf4feffd7fb Author: Ayan Kumar Halder AuthorDate: Thu Mar 10 17:45:00 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 18:02:16 2022 +0000 xen/arm64: io: Handle the abort due to access to stage1 translation table If the abort was caused due to access to stage1 translation table, Xen will try to set the p2m entry (assuming that the Stage 1 translation table is in the non MMIO region). If there is no such entry found, then Xen will try to map the address as a MMIO region (assuming that the Stage 1 translation table is in the direct MMIO region). If that fails as well, then there are the two following scenarios:- 1. Stage 1 translation table being in an emulated MMIO region - Xen can read the region, but it has no way to return the value read to the CPU page table walker (which tries to go through the stage1 tables to resolve the translation fault). 2. Stage 1 translation table address is invalid. In both the above scenarios, Xen will forward the abort to the guest. Signed-off-by: Ayan Kumar Halder Reviewed-by: Julien Grall --- xen/arch/arm/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..53729a342b 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,6 +128,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * At this point, we know that the stage1 translation table is either in + * an emulated MMIO region or its address is invalid. This is not + * expected by Xen and thus it forwards the abort to the guest. + */ + if ( info->dabt.s1ptw ) + { + info->dabt_instr.state = INSTR_ERROR; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 00:33:33 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 00:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290997.493692 (Exim 4.92) (envelope-from ) id 1nUHbZ-00027g-Q5; Wed, 16 Mar 2022 00:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290997.493692; Wed, 16 Mar 2022 00:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbZ-00027W-NG; Wed, 16 Mar 2022 00:33:33 +0000 Received: by outflank-mailman (input) for mailman id 290997; Wed, 16 Mar 2022 00:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbY-00027E-GV for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbY-0008OK-Fd for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUHbY-0003hr-Ep for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vFGXGEdCqDJtQ8WZqcP5vW5BU+CV6tuS1AnizBRGB+w=; b=TtDZ0E81payGDYfxh+PuutnAr3 6x5nQvwTMRMw9W/Ce7oAnNemkCzvu0WkJWLtO9FNBxai1od1ligMqr+5VXnYTSBtxfjmsennO7kXz 5Oi4Yy1/Zc6OvS4TILzVMLZpc2xDZA1AoAYjW85C3nRX5oJmDvOJ9PWy0xWvZvIwvXM8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "xen/arm64: io: Handle the abort due to access to stage1 translation table" Message-Id: Date: Wed, 16 Mar 2022 00:33:32 +0000 commit 133ba7ae7619290964025b5fedd1ee940a37f374 Author: Julien Grall AuthorDate: Mon Mar 14 22:57:54 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 23:00:05 2022 +0000 Revert "xen/arm64: io: Handle the abort due to access to stage1 translation table" This reverts commit fef5531fd8f311b347970568d77e7bf4feffd7fb. This depends on patch 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5 which will need to be reverted as it break boot on arm32. https://lore.kernel.org/xen-devel/osstest-168589-mainreport@xen.org/T/#u Signed-off-by: Julien Grall --- xen/arch/arm/io.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index 53729a342b..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,17 +128,6 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } - /* - * At this point, we know that the stage1 translation table is either in - * an emulated MMIO region or its address is invalid. This is not - * expected by Xen and thus it forwards the abort to the guest. - */ - if ( info->dabt.s1ptw ) - { - info->dabt_instr.state = INSTR_ERROR; - return; - } - /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 00:33:43 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 00:33:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.290998.493696 (Exim 4.92) (envelope-from ) id 1nUHbj-0002Bn-Rh; Wed, 16 Mar 2022 00:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 290998.493696; Wed, 16 Mar 2022 00:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbj-0002Bf-Ol; Wed, 16 Mar 2022 00:33:43 +0000 Received: by outflank-mailman (input) for mailman id 290998; Wed, 16 Mar 2022 00:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbi-0002BO-Jy for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUHbi-0008OU-J8 for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUHbi-0003id-IB for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 00:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/P7J602y4zUUsb/7QvqMjy7ycp69H0r2yk4tVZRmgTE=; b=PwhbGi8ECi34yFWPYAlXct392Q P2rJJRnYgcqbQylf23/4Tv4p+ZMiOQkFLKsz5DtkPvZhAPKMjwJ7FvOWrxRXJvyn3T6hRjntqrsqh eq9Tr+ju5a3mBKrl5V7I4fdo+cjNkgMkBRcrbj8p3glmYex74bq7sHV6eNP2t/F3OlqM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler" Message-Id: Date: Wed, 16 Mar 2022 00:33:42 +0000 commit 07aebcd55fd2f7997e9fe50a6c849c8a12ec2e68 Author: Julien Grall AuthorDate: Mon Mar 14 22:58:33 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 14 23:01:02 2022 +0000 Revert "xen/arm64: io: Support instructions (for which ISS is not valid) on emulated MMIO region using MMIO/ioreq handler" This reverts commit 9e5a68a6652cc54ce3cb3b0ce208eeed79d5aeb5. This breaks boot on arm32: https://lore.kernel.org/xen-devel/osstest-168589-mainreport@xen.org/T/#u --- xen/arch/arm/arm32/traps.c | 11 ----- xen/arch/arm/arm64/traps.c | 52 ---------------------- xen/arch/arm/decode.c | 2 - xen/arch/arm/include/asm/domain.h | 4 -- xen/arch/arm/include/asm/mmio.h | 17 +------- xen/arch/arm/include/asm/traps.h | 2 - xen/arch/arm/io.c | 90 +++++++++++++++------------------------ xen/arch/arm/ioreq.c | 8 +--- xen/arch/arm/traps.c | 77 +++++++-------------------------- xen/arch/x86/include/asm/ioreq.h | 3 -- xen/include/xen/sched.h | 2 - 11 files changed, 54 insertions(+), 214 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 159e3cef8b..9c9790a6d1 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,11 +18,9 @@ #include #include -#include #include -#include #include #include @@ -84,15 +82,6 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } -void post_increment_register(const struct instr_details *instr) -{ - /* - * We have not implemented decoding of post indexing instructions for 32 bit. - * Thus, this should be unreachable. - */ - domain_crash(current->domain); -} - /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 6ce4a1fa8c..9113a15c7a 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,7 +17,6 @@ */ #include -#include #include #include @@ -45,57 +44,6 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } -void post_increment_register(const struct instr_details *instr) -{ - struct cpu_user_regs *regs = guest_cpu_user_regs(); - register_t val = 0; - uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); - - /* Currently, we handle only ldr/str post indexing instructions */ - if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) - return; - - /* - * Handle when rn = SP - * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register - * selection" - * t = SP_EL0 - * h = SP_ELx - * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") - */ - if ( instr->rn == 31 ) - { - switch ( psr_mode ) - { - case PSR_MODE_EL1h: - val = regs->sp_el1; - break; - case PSR_MODE_EL1t: - case PSR_MODE_EL0t: - val = regs->sp_el0; - break; - - default: - domain_crash(current->domain); - return; - } - } - else - val = get_user_reg(regs, instr->rn); - - val += instr->imm9; - - if ( instr->rn == 31 ) - { - if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) - regs->sp_el1 = val; - else - regs->sp_el0 = val; - } - else - set_user_reg(regs, instr->rn, val); -} - /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index f5f6562600..3add87e83a 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,10 +146,8 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); - dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; - dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index ed63c2b6f9..c56f6e4398 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,10 +281,6 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) -struct arch_vcpu_io { - struct instr_details dabt_instr; /* when the instruction is decoded */ -}; - #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index ca259a79c2..3354d9c635 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,24 +26,12 @@ #define MAX_IO_HANDLER 16 -enum instr_decode_state -{ - INSTR_ERROR, /* Error encountered while decoding instr */ - INSTR_VALID, /* ISS is valid, so no need to decode */ - /* - * Instruction is decoded successfully. It is a ldr/str post indexing - * instruction. - */ - INSTR_LDR_STR_POSTINDEXING, -}; - typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; - enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -81,15 +69,14 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - mmio_info_t *info); + const union hsr hsr, + paddr_t gpa); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); -void try_decode_instruction(const struct cpu_user_regs *regs, - mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 95c46ad391..2ed2b85c6f 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,8 +109,6 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } -void post_increment_register(const struct instr_details *instr); - #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..fad103bdbd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,79 +102,57 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } -void try_decode_instruction(const struct cpu_user_regs *regs, - mmio_info_t *info) -{ - int rc; - - if ( info->dabt.valid ) - { - info->dabt_instr.state = INSTR_VALID; - - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. - */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - info->dabt.write ) - { - rc = decode_instruction(regs, info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - info->dabt_instr.state = INSTR_ERROR; - } - } - return; - } - - /* - * Armv8 processor does not provide a valid syndrome for decoding some - * instructions. So in order to process these instructions, Xen must - * decode them. - */ - rc = decode_instruction(regs, info); - if ( rc ) - { - gprintk(XENLOG_ERR, "Unable to decode instruction\n"); - info->dabt_instr.state = INSTR_ERROR; - } -} - enum io_state try_handle_mmio(struct cpu_user_regs *regs, - mmio_info_t *info) + const union hsr hsr, + paddr_t gpa) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - int rc; + const struct hsr_dabt dabt = hsr.dabt; + mmio_info_t info = { + .gpa = gpa, + .dabt = dabt + }; - ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); - if ( !info->dabt.valid ) - { - ASSERT_UNREACHABLE(); - return IO_ABORT; - } - - handler = find_mmio_handler(v->domain, info->gpa); + handler = find_mmio_handler(v->domain, info.gpa); if ( !handler ) { - rc = try_fwd_ioserv(regs, v, info); + int rc; + + rc = try_fwd_ioserv(regs, v, &info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } + /* All the instructions used on emulated MMIO region should be valid */ + if ( !dabt.valid ) + return IO_ABORT; + /* - * At this point, we know that the instruction is either valid or has been - * decoded successfully. Thus, Xen should be allowed to execute the - * instruction on the emulated MMIO region. + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. */ - if ( info->dabt.write ) - return handle_write(handler, v, info); + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + dabt.write ) + { + int rc; + + rc = decode_instruction(regs, &info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + return IO_ABORT; + } + } + + if ( info.dabt.write ) + return handle_write(handler, v, &info); else - return handle_read(handler, v, info); + return handle_read(handler, v, &info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index cc9bf23213..308650b400 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,8 +47,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; - struct instr_details instr = info->dabt_instr; - struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -78,10 +76,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - ASSERT(dabt.valid); + if ( !info->dabt.valid ) + return IO_ABORT; vio->req = p; - vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -97,7 +95,6 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; - struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -109,7 +106,6 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { - post_increment_register(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 53652d7781..7a1b679b8c 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,21 +1893,6 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } -static inline bool check_p2m(bool is_data, paddr_t gpa) -{ - /* - * First check if the translation fault can be resolved by the P2M subsystem. - * If that's the case nothing else to do. - */ - if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) - return true; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) - return true; - - return false; -} - static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1921,8 +1906,6 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); - mmio_info_t info; - enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1976,52 +1959,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: - { - info.gpa = gpa; - info.dabt = hsr.dabt; - /* - * Assumption :- Most of the times when we get a data abort and the ISS - * is invalid or an instruction abort, the underlying cause is that the - * page tables have not been set up correctly. + * Attempt first to emulate the MMIO as the data abort will + * likely happen in an emulated region. + * + * Note that emulated region cannot be executed */ - if ( !is_data || !info.dabt.valid ) + if ( is_data ) { - if ( check_p2m(is_data, gpa) ) - return; - - /* - * If the instruction abort could not be resolved by setting the - * appropriate bits in the translation table, then Xen should - * forward the abort to the guest. - */ - if ( !is_data ) - goto inject_abt; - } - - try_decode_instruction(regs, &info); - - /* - * If Xen could not decode the instruction or encountered an error - * while decoding, then it should forward the abort to the guest. - */ - if ( info.dabt_instr.state == INSTR_ERROR ) - goto inject_abt; - - state = try_handle_mmio(regs, &info); + enum io_state state = try_handle_mmio(regs, hsr, gpa); - switch ( state ) - { + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: - /* - * If the instruction was decoded and has executed successfully - * on the MMIO region, then Xen should execute the next part of - * the instruction. (for eg increment the rn if it is a - * post-indexing instruction. - */ - post_increment_register(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -2030,18 +1982,21 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; + } } /* - * If the instruction syndrome was invalid, then we already checked if - * this was due to a P2M fault. So no point to check again as the result - * will be the same. + * First check if the translation fault can be resolved by the + * P2M subsystem. If that's the case nothing else to do. */ - if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) + if ( p2m_resolve_translation_fault(current->domain, + gaddr_to_gfn(gpa)) ) + return; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) return; break; - } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/ioreq.h b/xen/arch/x86/include/asm/ioreq.h index ecfe7f9fdb..d06ce9a6ea 100644 --- a/xen/arch/x86/include/asm/ioreq.h +++ b/xen/arch/x86/include/asm/ioreq.h @@ -26,9 +26,6 @@ #include #endif -struct arch_vcpu_io { -}; - #endif /* __ASM_X86_IOREQ_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 406d9bc610..10ea969c7a 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,8 +160,6 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; - /* Arch specific info pertaining to the io request */ - struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 09:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 09:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291107.493888 (Exim 4.92) (envelope-from ) id 1nUPgM-0008Co-Sr; Wed, 16 Mar 2022 09:11:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291107.493888; Wed, 16 Mar 2022 09:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgM-0008Cg-Pq; Wed, 16 Mar 2022 09:11:02 +0000 Received: by outflank-mailman (input) for mailman id 291107; Wed, 16 Mar 2022 09:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgM-0008CY-8X for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgM-0007Jn-7l for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUPgM-0007MW-6h for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oPBTmS2cQRDQJXlRLPfKJZkSFmJE5B0et+OxP6CZjFg=; b=j7k2dNsphL3kNTJ4uss9rTVpWD 7CRpg4U6DMAR4IRL4kvlCZKWm/2TQL2PwzxXzks7gLuZSXis5bvi1/bnfwUIQS8lYcwe2Te9VVxTW PaPk3u4r3pYLpkQJy+pQJ5MZWg3au6gMTYe68szq9H0wocz02oCyDoTu8xD5gpXcjji8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/APIC: skip unnecessary parts of __setup_APIC_LVTT() Message-Id: Date: Wed, 16 Mar 2022 09:11:02 +0000 commit 0be65a773df00ef6e14ef61f390b05de2149a5f9 Author: Jan Beulich AuthorDate: Tue Mar 15 12:08:04 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:08:04 2022 +0100 x86/APIC: skip unnecessary parts of __setup_APIC_LVTT() In TDT mode there's no point writing TDCR or TMICT, while outside of that mode there's no need for the MFENCE. No change intended to overall functioning. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/apic.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/apic.c b/xen/arch/x86/apic.c index 5a7a58dc98..96d73a7449 100644 --- a/xen/arch/x86/apic.c +++ b/xen/arch/x86/apic.c @@ -1059,24 +1059,25 @@ static void __setup_APIC_LVTT(unsigned int clocks) { unsigned int lvtt_value, tmp_value; - /* NB. Xen uses local APIC timer in one-shot mode. */ - lvtt_value = /*APIC_TIMER_MODE_PERIODIC |*/ LOCAL_TIMER_VECTOR; - if ( tdt_enabled ) { - lvtt_value &= (~APIC_TIMER_MODE_MASK); - lvtt_value |= APIC_TIMER_MODE_TSC_DEADLINE; + lvtt_value = APIC_TIMER_MODE_TSC_DEADLINE | LOCAL_TIMER_VECTOR; + apic_write(APIC_LVTT, lvtt_value); + + /* + * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode, + * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized. + * According to Intel, MFENCE can do the serialization here. + */ + asm volatile( "mfence" : : : "memory" ); + + return; } + /* NB. Xen uses local APIC timer in one-shot mode. */ + lvtt_value = APIC_TIMER_MODE_ONESHOT | LOCAL_TIMER_VECTOR; apic_write(APIC_LVTT, lvtt_value); - /* - * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode, - * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized. - * According to Intel, MFENCE can do the serialization here. - */ - asm volatile( "mfence" : : : "memory" ); - tmp_value = apic_read(APIC_TDCR); apic_write(APIC_TDCR, tmp_value | APIC_TDR_DIV_1); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 09:11:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 09:11:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291108.493892 (Exim 4.92) (envelope-from ) id 1nUPgW-0008FW-Ui; Wed, 16 Mar 2022 09:11:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291108.493892; Wed, 16 Mar 2022 09:11:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgW-0008FO-RX; Wed, 16 Mar 2022 09:11:12 +0000 Received: by outflank-mailman (input) for mailman id 291108; Wed, 16 Mar 2022 09:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgW-0008FI-Be for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgW-0007K9-Aw for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUPgW-0007NU-9x for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4/9H5MpVH+ryy9aheXOsaR+HEu6YeGGZXAaCjkAZMX0=; b=n8CHJpLjzBqwT+CJ/EaR1PyB/K jFcdroRA592GG1yJHHeIbUCNHrRDM9x8HAtDKWMUK+gpEFm2Fvb++qrkO3ymo/IHiNT1BfQs4W2kf SDYeTvTnw/K1+MvDWqrvWY2Vgo7zjD0XuFvxWmOjv/yE2L8+mXM70ep1gibC1LhXjjhc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] ns16550: add support for Intel LPSS UART Message-Id: Date: Wed, 16 Mar 2022 09:11:12 +0000 commit 46d5cec7e03d01a480ffdb6a50a576c7fe503df0 Author: Marek Marczykowski-Górecki AuthorDate: Tue Mar 15 12:09:01 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:09:01 2022 +0100 ns16550: add support for Intel LPSS UART This adds support for serial console as found in a laptop with TGL-LP (StarBook MkV). Since the device is on the bus 0, it needs to be enabled via "com1=...,amt", not just "...,pci". Device specification is in Intel docs 631119-007 and 631120-001. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich --- xen/drivers/char/ns16550.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c index e5b4a90855..fb75cee4a1 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -91,6 +91,7 @@ struct ns16550_config { param_exar_xr17v352, param_exar_xr17v354, param_exar_xr17v358, + param_intel_lpss, } param; }; @@ -822,6 +823,16 @@ static const struct ns16550_config_param __initconst uart_param[] = { .mmio = 1, .max_ports = 8, }, + [param_intel_lpss] = { + .uart_offset = 0x000, + .reg_shift = 2, + .reg_width = 1, + .fifo_size = 64, + .lsr_mask = UART_LSR_THRE, + .bar0 = 1, + .mmio = 1, + .max_ports = 1, + }, }; static const struct ns16550_config __initconst uart_config[] = @@ -1066,6 +1077,12 @@ static const struct ns16550_config __initconst uart_config[] = .dev_id = 0x0358, .param = param_exar_xr17v358 }, + /* Intel Corp. TGL-LP LPSS PCI */ + { + .vendor_id = PCI_VENDOR_ID_INTEL, + .dev_id = 0xa0c7, + .param = param_intel_lpss + }, }; static int __init -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 16 09:11:24 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 16 Mar 2022 09:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291109.493896 (Exim 4.92) (envelope-from ) id 1nUPgi-0008JI-1P; Wed, 16 Mar 2022 09:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291109.493896; Wed, 16 Mar 2022 09:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgh-0008J9-UQ; Wed, 16 Mar 2022 09:11:23 +0000 Received: by outflank-mailman (input) for mailman id 291109; Wed, 16 Mar 2022 09:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgg-0008Iw-Ew for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUPgg-0007KS-EA for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUPgg-0007Os-DD for xen-changelog@lists.xenproject.org; Wed, 16 Mar 2022 09:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7v6b7ja+n6jjTyvan9DeuRGZpnnVWPh0NYhPPYZsCOU=; b=t9gWEua9ke3JQYmKVC+H0LUKyG N14gtP3JoGqRF8pj5dNfgV/POLdwKMeHYfyIRgYiD21j9JdwWlSdCPACcWKEjvd8E/LkTrDpcKNEJ Qt77zUrzMlmN+IG74UcUJ1SVBN6/7upyy6fUso7d+o88ASLU5PQzb2uY+fCfPNYE0nR4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Arm: arrange to have linker script honor dependencies (again) Message-Id: Date: Wed, 16 Mar 2022 09:11:22 +0000 commit c7a80bc50ac768b4eecaad85b77ae45790c93c73 Author: Jan Beulich AuthorDate: Tue Mar 15 12:09:56 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 15 12:09:56 2022 +0100 Arm: arrange to have linker script honor dependencies (again) The if_changed macro leads to dependencies being recorded in .*.d, which aren't loaded anymore. Use if_changed_dep instead, like x86 does. Fixes: 06ef696c85a7 ("build: introduce if_changed_deps") Signed-off-by: Jan Beulich Acked-by: Julien Grall --- xen/arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index cecfaf4f3c..51ec2ba928 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -112,7 +112,7 @@ $(TARGET)-syms: $(BASEDIR)/prelink.o $(obj)/xen.lds include: $(obj)/xen.lds: $(src)/xen.lds.S FORCE - $(call if_changed,cpp_lds_S) + $(call if_changed_dep,cpp_lds_S) $(obj)/dtb.o: $(patsubst "%",%,$(CONFIG_DTB_FILE)) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 10:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 10:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291489.494734 (Exim 4.92) (envelope-from ) id 1nUnmc-0005nF-4X; Thu, 17 Mar 2022 10:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291489.494734; Thu, 17 Mar 2022 10:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnmc-0005n7-1a; Thu, 17 Mar 2022 10:55:06 +0000 Received: by outflank-mailman (input) for mailman id 291489; Thu, 17 Mar 2022 10:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnma-0005n1-FC for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnma-0008W5-95 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUnma-0007tq-7m for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/jBEk4cJBJvvHYwB+j8RVd3PsxiIkRef68xG+ZcYrpc=; b=Vf6kwoXqYesALpv84FUEyiS036 FkSNR9ljbZudLJzxaqUolZiao0BACLHwgyXkHyYE3n2N6SfUblseZnMCO7m00k9mn4/bL1UW1UllY icJ7qj3oY9EPIqZHZekL+Geg75mMinyq/QQb5r5m4rIhLXP8M/91a0anHa6EykhkyFcQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.16] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 10:55:04 +0000 commit 0edf9af9fce2612239e24e56b09da82d095f4860 Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:40:32 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index 9b432773f0..91efb1f7cf 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1085,10 +1085,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1142,9 +1143,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); qatomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 10:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 10:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291490.494738 (Exim 4.92) (envelope-from ) id 1nUnmm-0005p8-5p; Thu, 17 Mar 2022 10:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291490.494738; Thu, 17 Mar 2022 10:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnmm-0005p0-2z; Thu, 17 Mar 2022 10:55:16 +0000 Received: by outflank-mailman (input) for mailman id 291490; Thu, 17 Mar 2022 10:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnmk-0005oo-DF for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUnmk-0008WS-CU for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUnmk-0007uV-BK for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 10:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ULtz/fLUozvftbvGBVhJPo0Ir3YFH9Q6T1vyLFE2sXs=; b=mhzp/9g5xVorfbOTdlfgR11wtp bPDoNabqSF33bAzbiR1oanCE7iMMWauRwMtriC7uvhlMTkgCMf/iieyndtFsC0hx0NMLAmlgKTjHH aF8e2LpZVGZnLpP4lp86tHeDq55G/WKAEcSDBHjRMQhO1v2YN8SisAnovtMA1floJkLk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.16] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 10:55:14 +0000 commit 107951211a8d17658e1aaa0c23a8cf29f8806ad8 Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:40:32 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index bd47c3d672..f2ef977963 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -355,6 +355,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 11:11:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 11:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291516.494808 (Exim 4.92) (envelope-from ) id 1nUo26-0002mK-5X; Thu, 17 Mar 2022 11:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291516.494808; Thu, 17 Mar 2022 11:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo26-0002mC-2Q; Thu, 17 Mar 2022 11:11:06 +0000 Received: by outflank-mailman (input) for mailman id 291516; Thu, 17 Mar 2022 11:11:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo25-0002ly-03 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo24-0000S0-Uu for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUo24-0000tv-Tv for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z13HaBn6aUjLCk0OWedzm7nSgqCirPfVRs9o1IdCyU8=; b=3GBKaXodqPiFJg94VCJ6LkEDK6 kRAxjvx9ANsk755RebyI0MG59p7AC46vz3k/HJyrj+KlL2MgaBGBvCfKo+q7X/t/OHn4lasUwMCZg cI/CUBubw7NXdExd+ZOoixZ8peNqbPbukUYqKGUb/U4Nhml8oAWz6qeFPoSXHNjD1Rzg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.15] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 11:11:04 +0000 commit 29d18e3c0713d3b81e7a6fa05c524786969c612b Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:51:33 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) [perard: fix context] --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index cde981bad6..cb5140f833 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1084,10 +1084,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1141,9 +1142,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); atomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 11:11:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 11:11:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291517.494814 (Exim 4.92) (envelope-from ) id 1nUo2G-0002py-7S; Thu, 17 Mar 2022 11:11:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291517.494814; Thu, 17 Mar 2022 11:11:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2G-0002pp-3o; Thu, 17 Mar 2022 11:11:16 +0000 Received: by outflank-mailman (input) for mailman id 291517; Thu, 17 Mar 2022 11:11:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2F-0002pR-2L for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2F-0000SQ-1d for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUo2F-0000ug-0m for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Npt+E845G6IKBGmNqyJba2YRY1WIcS6gd01t+OrHYkY=; b=SQCta+rLb5aAcQ4d4otPBkniHJ jzapdSgGZwPf862M6ONAabcmXxjvSet9zf+EFHAX0hhcE6Taq8cu1YrBjpQV37foqR7uu/mSykN3b UofbIJVnzTsH5t2wHKXmoB2sn/dcCbSAdP0N6Lll2W+uyiTFL90eFeeM+ug3pUEE6ZJs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.15] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 11:11:15 +0000 commit 6503bd6a1b5364ffd346a8a475e1eb91b9f756e5 Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:52:15 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index 5b120ed44b..c66f582da1 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -341,6 +341,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 11:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 11:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291518.494815 (Exim 4.92) (envelope-from ) id 1nUo2Q-0002st-8G; Thu, 17 Mar 2022 11:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291518.494815; Thu, 17 Mar 2022 11:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2Q-0002sk-5N; Thu, 17 Mar 2022 11:11:26 +0000 Received: by outflank-mailman (input) for mailman id 291518; Thu, 17 Mar 2022 11:11:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2P-0002sa-FV for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2P-0000Sc-EU for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUo2P-0000vt-Dh for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oXZJT+pXFmtqDQEWX9/kGt/YrNWQ0U+b5eFdD/a9SCM=; b=ucIGNUvUEYQiCYYtwoxkEr6Cws R+/4PFme71BfZQFQ4GBt78YiXenMoywCL1Z7y9XsEYtuHkv/6h80ZElagEYFVPQq4epEUb1/bZLB2 iCM48GgAV8ZDfK5+VlmU+s3HXIFpTKxBHNbovSQuK4UpU40EcpdIgSZ7xiZ5jflIWC5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.14] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 11:11:25 +0000 commit d5956424bd4afcd101f74347e7f0ee4910b5b9ba Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 11:04:59 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) [perard: fix context] (cherry picked from commit 29d18e3c0713d3b81e7a6fa05c524786969c612b) --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index 82ece6b9e7..564aa5d116 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1082,10 +1082,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1139,9 +1140,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); atomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 11:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 11:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291519.494820 (Exim 4.92) (envelope-from ) id 1nUo2a-0002wy-9p; Thu, 17 Mar 2022 11:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291519.494820; Thu, 17 Mar 2022 11:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2a-0002wq-6u; Thu, 17 Mar 2022 11:11:36 +0000 Received: by outflank-mailman (input) for mailman id 291519; Thu, 17 Mar 2022 11:11:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2Z-0002wf-I4 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUo2Z-0000Sh-HO for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUo2Z-0000wg-Gc for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 11:11:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=629ozA75EDlI7doFuRIWbG43OaCh54COf1d2U/lfnPo=; b=szK3rbeLzcgTn1/t7OB0yYK215 5UtGYjTJUhCFzoLf5tqxj5WeVFCWc6rnZc/avftjPqbfkif0IFWylwcfjVdolznuzVcS1xcZf7SiW dAFuOVJQZ1/UtcZAaS4aLOj6jsrLhIYwuAmBlnzDvvQUG+cDnXbbfzBzKNz2to9Qmjvo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen staging-4.14] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 11:11:35 +0000 commit 83aebe33dc76760f911162f9e7a4b98a4929776b Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 11:04:59 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index 5b120ed44b..c66f582da1 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -341,6 +341,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 12:33:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 12:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291540.494873 (Exim 4.92) (envelope-from ) id 1nUpJS-0004BW-5v; Thu, 17 Mar 2022 12:33:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291540.494873; Thu, 17 Mar 2022 12:33:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUpJS-0004BO-3A; Thu, 17 Mar 2022 12:33:06 +0000 Received: by outflank-mailman (input) for mailman id 291540; Thu, 17 Mar 2022 12:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUpJQ-0004BI-U8 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 12:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUpJQ-0001ov-SS for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 12:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUpJQ-0007RF-RK for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 12:33:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Enmdwzb8dRmR3OpfUGoKPOZhwpegI6xEYaDPa5t1jys=; b=PWYl9bGgKEw6HQ3BgYRZxMCHq1 NbyxVvaXXhlH5bAyHk9v+du8DcetVInOjicrMLgvoJ6xJY3rHR375A39oppcx4YzsaZ0gOwSfH+7g wLRe5EGCTzc1DUXZiSp+6BNNEDuK9Z2UJJwuuScb1J+lVkwCEI5khsPEGflLDR14bD2w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Propose Henry Wang as the new release manager Message-Id: Date: Thu, 17 Mar 2022 12:33:04 +0000 commit a3ba3ed0f45d3226320fd051c2066feaf7160d7a Author: George Dunlap AuthorDate: Thu Mar 10 21:37:05 2022 +0000 Commit: George Dunlap CommitDate: Thu Mar 17 12:27:56 2022 +0000 MAINTAINERS: Propose Henry Wang as the new release manager ARM has proposed Henry Wang as a release manager for 4.17. Signify this by giving him maintainership over CHANGELOG.md. Below is an introduction given by Bertrand Marquis: Henry Wang is an open-source software engineer at Arm focusing on the hypervisor and virtualization technology. Before joining the AIS-Hypervisor team, he was one of the leading Arm contributors of the Rust-VMM and the Cloud Hypervisor community. He is the Arm reviewer of the Cloud Hypervisor project. His work includes basic project enabling on Arm platform, Arm device emulation, advanced features support on Arm and bug fixes. After joining the AIS-Hypervisor team at Arm, he has been involved in Xen feature development on Arm in various areas, including: 1. Xen Arm MPAM extension research and PoC: Ongoing, the design will share in xen-devel soon. 2. Port of Xen to Arm MPU systems: Working together with Penny Zheng on coding and testing, will be soon sent to xen-devel. 3. Static Xen heap on Arm: Work done but depend on the direct mapping series from Penny Zheng, will be upstreamed in the next weeks. 4. Virtio PoC for Xen on Arm using kvmtool as the Xen virtio backend: Work done, including the enabling of the virtio and the virtio performance tuning. 5. Participated in code reviews and discussions in xen-devel, including the foreign memory mapping series from EPAM, etc. Signed-off-by: George Dunlap Acked-by: Henry Wang Acked-by: Julien Grall Acked-by: Stefano Stabellini --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index d4b06f5bfb..6a097b43eb 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -255,6 +255,7 @@ S: Supported F: xen/drivers/passthrough/arm/smmu-v3.c Change Log +M: Henry Wang R: Community Manager S: Maintained F: CHANGELOG.md -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 16:44:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 16:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291688.495266 (Exim 4.92) (envelope-from ) id 1nUtEN-0005zE-0F; Thu, 17 Mar 2022 16:44:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291688.495266; Thu, 17 Mar 2022 16:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEM-0005z6-Th; Thu, 17 Mar 2022 16:44:06 +0000 Received: by outflank-mailman (input) for mailman id 291688; Thu, 17 Mar 2022 16:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEL-0005z0-67 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEK-00077M-Vc for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUtEK-0008AY-UC for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WshuCxBE0AZxgNDHnMXuxKclgHAgp8N3pxI806Z8VzQ=; b=KnmvhY00BaWNmwMOXo/Krxp/9R 5KE4gF8nFU1ogFV04oHg0J87rtvfNPvKK61/TBGDQ4l6GNhQZTSaF2f2Jv2qvbaEzyd/slJEcy78b kOuQSc8bIAwJ+um619gWXFmaGJBkI8059fzAQr/afoCxF468cdC9839EzaToJSw2CwIs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: switch non style compliant hypercall handler parameter types Message-Id: Date: Thu, 17 Mar 2022 16:44:04 +0000 commit 4a07bab33b70f6df3c93b443cdb76691bccc4d23 Author: Juergen Gross AuthorDate: Thu Mar 17 17:41:03 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:41:03 2022 +0100 xen: switch non style compliant hypercall handler parameter types Switch some non style compliant types (u32, s32, s64) of hypercall handler parameters to style compliant ones. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hypercall.h | 10 +++++----- xen/include/xen/hypercall.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 16d8418b57..61bf897147 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -94,7 +94,7 @@ do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); extern long cf_check do_update_va_mapping( unsigned long va, - u64 val64, + uint64_t val64, unsigned long flags); extern long cf_check @@ -104,7 +104,7 @@ do_physdev_op( extern long cf_check do_update_va_mapping_otherdomain( unsigned long va, - u64 val64, + uint64_t val64, unsigned long flags, domid_t domid); @@ -162,10 +162,10 @@ extern long cf_check compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); extern int cf_check compat_update_va_mapping( - unsigned int va, u32 lo, u32 hi, unsigned int flags); + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); extern int cf_check compat_update_va_mapping_otherdomain( - unsigned int va, u32 lo, u32 hi, unsigned int flags, domid_t domid); + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid); DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); extern int cf_check compat_set_trap_table( @@ -175,7 +175,7 @@ extern int cf_check compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); extern int cf_check compat_update_descriptor( - u32 pa_lo, u32 pa_hi, u32 desc_lo, u32 desc_hi); + uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); extern unsigned int cf_check compat_iret(void); diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 4dfd64cf71..a1b6575976 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -198,8 +198,8 @@ compat_sched_op( extern int cf_check compat_set_timer_op( - u32 lo, - s32 hi); + uint32_t lo, + int32_t hi); extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 16:44:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 16:44:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291689.495270 (Exim 4.92) (envelope-from ) id 1nUtEX-00061G-1w; Thu, 17 Mar 2022 16:44:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291689.495270; Thu, 17 Mar 2022 16:44:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEW-000617-V7; Thu, 17 Mar 2022 16:44:16 +0000 Received: by outflank-mailman (input) for mailman id 291689; Thu, 17 Mar 2022 16:44:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEV-00060u-3b for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEV-00077h-2m for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUtEV-0008BJ-1o for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z/603IC/OnNcscQd6zGFrZXRkKiTNl01h2gj1bxBcCQ=; b=No0d0VfjfIY89gQx+p5JaNKOwL VaROnXgZLJVIMwRa75HsTEgjYmYilBaGPIXD1/Hwd9GUfGptvFh3wgu5z8ePTjzwsTyYVzwLalyes zQ7MCJKe+36WkEJ4kvTDPqcq1O6n4y9NAOeGjyUb0e7nTn9uOzh0FAr6oaJtCryIE/X0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul/test: correct VSCALEF{P,S}{S,D} entries in predicates test Message-Id: Date: Thu, 17 Mar 2022 16:44:15 +0000 commit 59d434195054e5e0feb1878e8360ef0591881844 Author: Jan Beulich AuthorDate: Thu Mar 17 17:42:13 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:42:13 2022 +0100 x86emul/test: correct VSCALEF{P,S}{S,D} entries in predicates test I can't see why these would want / need to suppress testing of the register forms of the insns. Quite likely a copy-and-paste oversight when originally creating the table. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index 0d10135195..ecd5b5e3a6 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1822,8 +1822,8 @@ static const struct evex { { { 0x2a }, 2, F, R, pfx_66, W0, Ln }, /* vmovntdqa */ { { 0x2a, 0xc0 }, 2, F, N, pfx_f3, W1, Ln }, /* vpbroadcastmb2q */ { { 0x2b }, 2, T, R, pfx_66, W0, Ln }, /* vpackusdw */ - { { 0x2c }, 2, F, R, pfx_66, Wn, Ln }, /* vscalefp{s,d} */ - { { 0x2d }, 2, F, R, pfx_66, Wn, LIG }, /* vscalefs{s,d} */ + { { 0x2c }, 2, T, R, pfx_66, Wn, Ln }, /* vscalefp{s,d} */ + { { 0x2d }, 2, T, R, pfx_66, Wn, LIG }, /* vscalefs{s,d} */ { { 0x30 }, 2, T, R, pfx_66, WIG, Ln }, /* vpmovzxbw */ { { 0x30 }, 2, T, W, pfx_f3, W0, Ln }, /* vpmovwb */ { { 0x31 }, 2, T, R, pfx_66, WIG, Ln }, /* vpmovzxbd */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 16:44:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 16:44:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291690.495274 (Exim 4.92) (envelope-from ) id 1nUtEh-00064b-3A; Thu, 17 Mar 2022 16:44:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291690.495274; Thu, 17 Mar 2022 16:44:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEh-00064T-0G; Thu, 17 Mar 2022 16:44:27 +0000 Received: by outflank-mailman (input) for mailman id 291690; Thu, 17 Mar 2022 16:44:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEf-000640-6f for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUtEf-000787-5o for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUtEf-0008Bu-51 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 16:44:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zxANaRrUaYt6X1eeWJmWivxrwYA9CyXJF8MAZ2uaDwU=; b=0w/VXkOF51QEMrqFNj8zVCqvA+ YQQcupuLUhPIvBEBLdJYiiOThK47b3wmh+9iR8zuDxsHbZlBAs1MC5v7dCCHIsDYX/wC56zMFcnxk JZ76Ek8vbk8KvfdY0xkKOZB2lHDzoHJHIqUMtIOCPMdp/3Q/PyTAvLrrW2buDS8u3uzI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86emul/test: correct VCVTUSI2S{S,D} comments in predicates test Message-Id: Date: Thu, 17 Mar 2022 16:44:25 +0000 commit 7b41b91fd2ecbf87b91120b468689e10296b656c Author: Jan Beulich AuthorDate: Thu Mar 17 17:42:27 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:42:27 2022 +0100 x86emul/test: correct VCVTUSI2S{S,D} comments in predicates test These were missing the size-indicating suffixes. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index ecd5b5e3a6..cf1cb73054 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1712,8 +1712,8 @@ static const struct evex { { { 0x7a }, 2, T, R, pfx_f3, Wn, Ln }, /* vcvtu{d,q}2pd */ { { 0x7a }, 2, T, R, pfx_f2, Wn, Ln }, /* vcvtu{d,q}2ps */ { { 0x7b }, 2, T, R, pfx_66, Wn, Ln }, /* vcvtp{s,d}2qq */ - { { 0x7b }, 2, T, R, pfx_f3, Wn, LIG }, /* vcvtusi2s */ - { { 0x7b }, 2, T, R, pfx_f2, Wn, LIG }, /* vcvtusi2s */ + { { 0x7b }, 2, T, R, pfx_f3, Wn, LIG }, /* vcvtusi2ss */ + { { 0x7b }, 2, T, R, pfx_f2, Wn, LIG }, /* vcvtusi2sd */ { { 0x7e }, 2, T, W, pfx_66, Wn, L0 }, /* vmov{d,q} */ { { 0x7e }, 2, T, R, pfx_f3, W1, L0 }, /* vmovq */ { { 0x7f }, 2, T, W, pfx_66, Wn, Ln }, /* vmovdqa{32,64} */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 20:00:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 20:00:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291727.495376 (Exim 4.92) (envelope-from ) id 1nUwHz-0003oo-Tu; Thu, 17 Mar 2022 20:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291727.495376; Thu, 17 Mar 2022 20:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwHz-0003oK-Qo; Thu, 17 Mar 2022 20:00:03 +0000 Received: by outflank-mailman (input) for mailman id 291727; Thu, 17 Mar 2022 20:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwHy-0003cs-Iw for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwHy-0002Fi-GE for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUwHy-0000kE-F6 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OOKetCkacjuva+HYmBGxko4YSE99/DrOMuo2eLSPM+c=; b=m5pXClwl9bDgV2fIIN6dquF3I6 a+HQC8WFO9HIgFapcLW+rLRdwE/vzzy9UfhMWY46Ws3MaJvChDZsPLp1VfC7dOf3aT7OG9QMKEhkH ExdCKnUbzy8rGKHoTbO1NgvmTZNib9qzYliNQDIj/aNkyWLCRHlBL/XrFZyEu3cH7bI0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.15] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 20:00:02 +0000 commit 29d18e3c0713d3b81e7a6fa05c524786969c612b Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:51:33 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) [perard: fix context] --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index cde981bad6..cb5140f833 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1084,10 +1084,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1141,9 +1142,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); atomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 20:00:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 20:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291731.495392 (Exim 4.92) (envelope-from ) id 1nUwI9-0004X0-Ac; Thu, 17 Mar 2022 20:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291731.495392; Thu, 17 Mar 2022 20:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwI9-0004Ws-7e; Thu, 17 Mar 2022 20:00:13 +0000 Received: by outflank-mailman (input) for mailman id 291731; Thu, 17 Mar 2022 20:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwI8-0004Wf-KA for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwI8-0002Gg-JS for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUwI8-0000li-IV for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:00:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U0aa43jWWI0W7PLIVzvygO8czB4B1EWUS5y74kD7x/U=; b=h4s22ob4fOyXgBRFICmbt5UmK+ 1rwLo26tvhXi+Ff4+9xpNo//W2i8JGxxm35fOhmQqpE5mEop8lOHGG10A04m0HdzM2MJuKBoxPQLz X5il4zfosUuHGrETNEgkJQva2iS7T6703wkiSg631m9kucxcu5C3BRhxM0z14uzwTAE4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.15] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 20:00:12 +0000 commit 6503bd6a1b5364ffd346a8a475e1eb91b9f756e5 Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:52:15 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index 5b120ed44b..c66f582da1 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -341,6 +341,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 20:11:05 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 20:11:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291742.495407 (Exim 4.92) (envelope-from ) id 1nUwSd-0006Ci-DK; Thu, 17 Mar 2022 20:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291742.495407; Thu, 17 Mar 2022 20:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSd-0006CW-AG; Thu, 17 Mar 2022 20:11:03 +0000 Received: by outflank-mailman (input) for mailman id 291742; Thu, 17 Mar 2022 20:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSb-0006CB-Vt for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSb-0002Ru-V7 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUwSb-0001iH-U1 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xR7KitOcpDv/OLsrkSmg0v3qY31bIyS+n8FeTEVF22o=; b=Sde5LS17/uJPcQHo/YlKioEiQp An1uA6Op+xafFgI0oAcOYjnJl7FT6WUFHT04W/P07yLIqI+Y+eFfdydelSEIlbSoMp+k6wJXSxLK3 l3ERhAdtYhOEyKe3IwIDSE/eLElK6hkokyqcQgdS2JkKsqJXWjKCf6+B6fqzxliD9T7c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.14] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 20:11:01 +0000 commit d5956424bd4afcd101f74347e7f0ee4910b5b9ba Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 11:04:59 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) [perard: fix context] (cherry picked from commit 29d18e3c0713d3b81e7a6fa05c524786969c612b) --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index 82ece6b9e7..564aa5d116 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1082,10 +1082,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1139,9 +1140,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); atomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 20:11:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 20:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291745.495410 (Exim 4.92) (envelope-from ) id 1nUwSn-0006JB-Fd; Thu, 17 Mar 2022 20:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291745.495410; Thu, 17 Mar 2022 20:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSn-0006Iz-CA; Thu, 17 Mar 2022 20:11:13 +0000 Received: by outflank-mailman (input) for mailman id 291745; Thu, 17 Mar 2022 20:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSm-0006IU-2m for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUwSm-0002S5-1z for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUwSm-0001iu-10 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 20:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ROTttMUcEQqZDvWUDhWBEowhYeXRyj5NLuxlKIpPUbs=; b=1m0di2IU85By7hYthKQZdtEFbP romrrrg17WQdLe8QleAEeuDdGJNVUWwLE6kmp4fG2cL1s3zneRGNuJeS/YiNmfGJzaeKAOmF2A2wm 8xhcnpDD9KZVMxW/20apPPJf/xTP4lnCyjfHwiDuEIvSUKhSYonddvs/T21ZKqCTvDFA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.14] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 20:11:12 +0000 commit 83aebe33dc76760f911162f9e7a4b98a4929776b Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 11:04:59 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index 5b120ed44b..c66f582da1 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -341,6 +341,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.14 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:44:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:44:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291786.495503 (Exim 4.92) (envelope-from ) id 1nUyqh-0007vY-9R; Thu, 17 Mar 2022 22:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291786.495503; Thu, 17 Mar 2022 22:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqh-0007vQ-6S; Thu, 17 Mar 2022 22:44:03 +0000 Received: by outflank-mailman (input) for mailman id 291786; Thu, 17 Mar 2022 22:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqg-0007vK-CH for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqg-00050E-9w for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUyqg-00056B-8j for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ozgdTh9ahMcEnhrCwOmyjImW4oscswHnSih4KBqz83s=; b=6WiAOOTY5QgYyQFg4G+o9v7+ns EQ7Oum8ngdAacIahoOXvuWFx6jR0/IFgoGnCIPWr4y2IxjJWs7drHks6OpD7DuqGhx9paPydF3+PU Y2qO5qhoz9Hq6heow7no40yzsQtfRKLkeJR1O3oaDfqdWwmR2tL2DpWC+CkNIWKVHfAU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.16] xen-hvm: Allow disabling buffer_io_timer Message-Id: Date: Thu, 17 Mar 2022 22:44:02 +0000 commit 0edf9af9fce2612239e24e56b09da82d095f4860 Author: Jason Andryuk AuthorDate: Fri Dec 10 14:34:34 2021 -0500 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:40:32 2022 +0000 xen-hvm: Allow disabling buffer_io_timer commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard coded setting req.count = 1 during initial field setup before the main loop. This missed a subtlety that an early exit from the loop when there are no ioreqs to process, would have req.count == 0 for the return value. handle_buffered_io() would then remove state->buffered_io_timer. Instead handle_buffered_iopage() is basically always returning true and handle_buffered_io() always re-setting the timer. Restore the disabling of the timer by introducing a new handled_ioreq boolean and use as the return value. The named variable will more clearly show the intent of the code. Signed-off-by: Jason Andryuk Reviewed-by: Paul Durrant Message-Id: <20211210193434.75566-1-jandryuk@gmail.com> Signed-off-by: Anthony PERARD (cherry picked from commit 9288e803e61e8d56d1c6c6aa8beb58596fb84ed9) --- hw/i386/xen/xen-hvm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c index 9b432773f0..91efb1f7cf 100644 --- a/hw/i386/xen/xen-hvm.c +++ b/hw/i386/xen/xen-hvm.c @@ -1085,10 +1085,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req) } } -static int handle_buffered_iopage(XenIOState *state) +static bool handle_buffered_iopage(XenIOState *state) { buffered_iopage_t *buf_page = state->buffered_io_page; buf_ioreq_t *buf_req = NULL; + bool handled_ioreq = false; ioreq_t req; int qw; @@ -1142,9 +1143,10 @@ static int handle_buffered_iopage(XenIOState *state) assert(!req.data_is_ptr); qatomic_add(&buf_page->read_pointer, qw + 1); + handled_ioreq = true; } - return req.count; + return handled_ioreq; } static void handle_buffered_io(void *opaque) -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:44:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291790.495519 (Exim 4.92) (envelope-from ) id 1nUyqr-0008E0-KP; Thu, 17 Mar 2022 22:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291790.495519; Thu, 17 Mar 2022 22:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqr-0008Dm-Gm; Thu, 17 Mar 2022 22:44:13 +0000 Received: by outflank-mailman (input) for mailman id 291790; Thu, 17 Mar 2022 22:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqq-0008DE-EB for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUyqq-00050T-DL for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUyqq-000576-C9 for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S4jqoO3IApP5+cRcxFzeUXyBdir/tj3mbAka4SePmT4=; b=sGprShdwb8liojx/Iz96TTTSf9 GLlHpJxenubOUtcpCnyZm6FjP28eVVy5EUKZSTgbC6sYBC0GK9tk7POaVzMyWW1XXsQtj5LrOhd/P k2q1Z/duw6sQxajoz+IgoqamSci5xoP51d/btisAphxwJwFaNTG807/FmOZ45JhJDCZY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [qemu-xen stable-4.16] xen-mapcache: Avoid entry->lock overflow Message-Id: Date: Thu, 17 Mar 2022 22:44:12 +0000 commit 107951211a8d17658e1aaa0c23a8cf29f8806ad8 Author: Ross Lagerwall AuthorDate: Mon Jan 24 10:44:50 2022 +0000 Commit: Anthony PERARD CommitDate: Thu Mar 17 10:40:32 2022 +0000 xen-mapcache: Avoid entry->lock overflow In some cases, a particular mapcache entry may be mapped 256 times causing the lock field to wrap to 0. For example, this may happen when using emulated NVME and the guest submits a large scatter-gather write. At this point, the entry map be remapped causing QEMU to write the wrong data or crash (since remap is not atomic). Avoid this overflow by increasing the lock field to a uint32_t and also detect it and abort rather than continuing regardless. Signed-off-by: Ross Lagerwall Reviewed-by: Paul Durrant Reviewed-by: Stefano Stabellini Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com> Signed-off-by: Anthony PERARD (cherry picked from commit a021a2dd8b790437d27db95774969349632f856a) --- hw/i386/xen/xen-mapcache.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c index bd47c3d672..f2ef977963 100644 --- a/hw/i386/xen/xen-mapcache.c +++ b/hw/i386/xen/xen-mapcache.c @@ -52,7 +52,7 @@ typedef struct MapCacheEntry { hwaddr paddr_index; uint8_t *vaddr_base; unsigned long *valid_mapping; - uint8_t lock; + uint32_t lock; #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0) uint8_t flags; hwaddr size; @@ -355,6 +355,12 @@ tryagain: if (lock) { MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev)); entry->lock++; + if (entry->lock == 0) { + fprintf(stderr, + "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n", + entry->paddr_index, entry->vaddr_base); + abort(); + } reventry->dma = dma; reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset; reventry->paddr_index = mapcache->last_entry->paddr_index; -- generated by git-patchbot for /home/xen/git/qemu-xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291795.495522 (Exim 4.92) (envelope-from ) id 1nUz1O-00014J-EC; Thu, 17 Mar 2022 22:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291795.495522; Thu, 17 Mar 2022 22:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1O-00014B-BC; Thu, 17 Mar 2022 22:55:06 +0000 Received: by outflank-mailman (input) for mailman id 291795; Thu, 17 Mar 2022 22:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1M-000145-OG for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1M-0005CS-LB for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUz1M-00065X-KD for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fWk6S3ALcSGUZ2L1rFlkEGGySOUgLNPW43fEBeRS4YU=; b=o7nfvanLuz8+n2OMYQY0S5xE1Y YTvuo/6h03pJcGhhLPy0X/gzujUOiekc/rWJGcg7hC8vAZRQfZAsqyWjr/utI30JUvZCds+hyJJvO Fz2tSrx+Q3h8kWocVNpb/yAZddu6l8mtBceKE/mEClipg5+rA1XoQT80Soox5apyUjZg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Thu, 17 Mar 2022 22:55:04 +0000 commit e421ed0f68488863599532bda575c03c33cde0e0 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++---- xen/arch/x86/include/asm/shstk.h | 46 ++++++++++++++++++++++++++++++++++++++++ xen/arch/x86/traps.c | 8 +++---- 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index bd2207163a..0412dbc915 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -826,15 +827,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/include/asm/shstk.h b/xen/arch/x86/include/asm/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/arch/x86/include/asm/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index a2278d9499..8659547970 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -84,6 +84,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -868,8 +869,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -898,9 +898,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291796.495526 (Exim 4.92) (envelope-from ) id 1nUz1Y-00016T-FY; Thu, 17 Mar 2022 22:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291796.495526; Thu, 17 Mar 2022 22:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1Y-00016L-Ci; Thu, 17 Mar 2022 22:55:16 +0000 Received: by outflank-mailman (input) for mailman id 291796; Thu, 17 Mar 2022 22:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1W-00016B-PC for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1W-0005Ca-OO for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUz1W-00066X-NK for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BH/bhmesHUQ7TZaAYlgqPsrtFhxiRF00DE7X2Q/KlcA=; b=taOlYiSMehxPPYdtqC4bSAGT+5 SMDW9L0Qndq4kWwiuitaGO8dWZEBN2qDCFUadptN1AKQERpRuBaLlh5rWoajQdagpMQF2ixnmoVkq Y/VfB4X7QLlgmdJoghRKXOEv9ep6UkPZyXfmtuk60PR9JMiOV4Ez81oRQkIsJYVnOdmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Use dedicated NOP4 for cf_clobber Message-Id: Date: Thu, 17 Mar 2022 22:55:14 +0000 commit 89a24719b6591b48f9953fe1bd9db67adbf74736 Author: Andrew Cooper AuthorDate: Tue Mar 8 13:47:25 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Use dedicated NOP4 for cf_clobber For livepatching, we need to look at a potentially clobbered function and determine whether it used to have an ENDBR64 instruction. Use a non-default 4-byte P6 long nop, not emitted by toolchains, and extend check-endbr.sh to look for it. The same logic can check for the absence of any endbr32 instructions, so include a check for those too. The choice of nop has some complicated consequences. nopw (%rax) has a ModRM byte of 0, which the Bourne compatible shells unconditionally strip from parameters, meaning that we can't pass it to `grep -aob`. Therefore, use nopw (%rcx) so the ModRM byte becomes 1. This then demonstrates another bug. Under perl regexes, \1 thru \9 are subpattern matches, and not octal escapes, while the behaviour of \10 and higher depend on the number of capture groups. Switch the `grep -P` runes to use hex escapes instead, which are unambiguous. The build time check then requires that the endbr64 poison have the same treatment as endbr64 to avoid placing the byte pattern in immediate operands. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 2 +- xen/arch/x86/include/asm/endbr.h | 26 ++++++++++++++++++++++++++ xen/tools/check-endbr.sh | 18 +++++++++++++----- 3 files changed, 40 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index d41eeef1bc..0c6fc7b4fb 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -362,7 +362,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, if ( !is_kernel_text(ptr) || !is_endbr64(ptr) ) continue; - add_nops(ptr, ENDBR64_LEN); + place_endbr64_poison(ptr); clobbered++; } diff --git a/xen/arch/x86/include/asm/endbr.h b/xen/arch/x86/include/asm/endbr.h index 6090afeb0b..d946fac131 100644 --- a/xen/arch/x86/include/asm/endbr.h +++ b/xen/arch/x86/include/asm/endbr.h @@ -52,4 +52,30 @@ static inline void place_endbr64(void *ptr) *(uint32_t *)ptr = gen_endbr64(); } +/* + * After clobbering ENDBR64, we may need to confirm that the site used to + * contain an ENDBR64 instruction. Use an encoding which isn't the default + * P6_NOP4. Specifically, nopw (%rcx) + */ +static inline uint32_t __attribute_const__ gen_endbr64_poison(void) +{ + uint32_t res; + + asm ( "mov $~0x011f0f66, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64_poison(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64_poison(); +} + +static inline void place_endbr64_poison(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64_poison(); +} + #endif /* XEN_ASM_ENDBR_H */ diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 9799c451a1..552f233912 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -27,7 +27,7 @@ echo "X" | grep -aob "X" -q 2>/dev/null || # Check whether grep supports Perl regexps. Older GNU grep doesn't reliably # find binary patterns otherwise. perl_re=true -echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false +echo "X" | grep -aobP "\x58" -q 2>/dev/null || perl_re=false # # First, look for all the valid endbr64 instructions. @@ -45,13 +45,15 @@ echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # -# Second, look for any endbr64 byte sequence +# Second, look for all endbr64, endbr32 and nop poison byte sequences # This has a couple of complications: # # 1) Grep binary search isn't VMA aware. Copy .text out as binary, causing # the grep offset to be from the start of .text. # # 2) dash's printf doesn't understand hex escapes, hence the use of octal. +# `grep -P` on the other hand has various ambiguities with octal-like +# escapes, so use hex escapes instead which are unambiguous. # # 3) AWK can't add 64bit integers, because internally all numbers are doubles. # When the upper bits are set, the exponents worth of precision is lost in @@ -65,11 +67,17 @@ eval $(${OBJDUMP} -j .text $1 -h | awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN + +# instruction: hex: oct: +# endbr64 f3 0f 1e fa 363 017 036 372 +# endbr32 f3 0f 1e fb 363 017 036 373 +# nopw (%rcx) 66 0f 1f 01 146 017 037 001 if $perl_re then - LC_ALL=C grep -aobP '\363\17\36\372' $TEXT_BIN + LC_ALL=C grep -aobP '\xf3\x0f\x1e(\xfa|\xfb)|\x66\x0f\x1f\x01' $TEXT_BIN else - grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN + grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ + -e "$(printf '\146\17\37\1')" $TEXT_BIN fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete @@ -90,6 +98,6 @@ nr_bad=$(wc -l < $BAD) [ "$nr_bad" -eq 0 ] && exit 0 # Failure -echo "$MSG_PFX Fail: Found ${nr_bad} embedded endbr64 instructions" >&2 +echo "$MSG_PFX Fail: Found ${nr_bad} endb32, nop poison, or embedded endbr64 instructions" >&2 ${ADDR2LINE} -afip -e $1 < $BAD >&2 exit 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:55:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:55:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291797.495531 (Exim 4.92) (envelope-from ) id 1nUz1i-00019i-Hx; Thu, 17 Mar 2022 22:55:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291797.495531; Thu, 17 Mar 2022 22:55:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1i-00019Z-E7; Thu, 17 Mar 2022 22:55:26 +0000 Received: by outflank-mailman (input) for mailman id 291797; Thu, 17 Mar 2022 22:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1g-00019L-SZ for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1g-0005DC-Rj for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUz1g-00067S-Qg for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5zDnsRZlcB0iQB5W5ndHcMFDo/FeelhMSeYhGMKg67E=; b=CTvThrotBmSib+ldoZhbAwQnes ktzU4PfDN2RrHp7uBavvUnkkbTR3n1SiMWv9OKVmOTZZowBMm1tzDscEd/DKGXVvMn/AH52PfPD89 3DdseCUF6oEOyWFis5igxeG8+utfjLo29chQt88vevt3qG9vjHosGJ0hsfSdtICwgMzs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Thu, 17 Mar 2022 22:55:24 +0000 commit 37786b23b027ab83051175cb8ce9ac86cacfc58e Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/smp.h | 2 ++ xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/include/asm/smp.h b/xen/arch/x86/include/asm/smp.h index 1747772d23..41a3b6a0da 100644 --- a/xen/arch/x86/include/asm/smp.h +++ b/xen/arch/x86/include/asm/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 22a9885dee..a0ee8d206f 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -148,7 +148,7 @@ cpumask_t __read_mostly cpu_present_map; unsigned long __read_mostly xen_phys_start; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; /* Used by the BSP/AP paths to find the higher half stack mapping to use. */ @@ -712,7 +712,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -886,6 +885,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -918,7 +919,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1703,6 +1704,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1974,17 +1979,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 709704d71a..b46fd9ab18 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1023,6 +1023,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1035,15 +1052,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7aa1f82df9..d33e295320 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -235,6 +235,7 @@ SECTIONS } PHDR(text) DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) . = ALIGN(POINTER_ALIGN); __initdata_cf_clobber_start = .; @@ -348,7 +349,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 17 22:55:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 17 Mar 2022 22:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291798.495534 (Exim 4.92) (envelope-from ) id 1nUz1s-0001Cz-KZ; Thu, 17 Mar 2022 22:55:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291798.495534; Thu, 17 Mar 2022 22:55:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1s-0001Cs-HP; Thu, 17 Mar 2022 22:55:36 +0000 Received: by outflank-mailman (input) for mailman id 291798; Thu, 17 Mar 2022 22:55:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1q-0001Ca-Vf for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nUz1q-0005DM-Un for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nUz1q-00068H-Tr for xen-changelog@lists.xenproject.org; Thu, 17 Mar 2022 22:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CGVgyNXBBf3AUqj80pBTcQk7dauEg7X1F0p9+0k/mVQ=; b=Q5CF48KaSEQXHxAdPyxobhYGk6 +0Yaz5yyU6773MxZE8YmnEFXGpVZuo9Gt34+kH2FrTQz+XQGx4wA2N2Tk8y5IhpaYY9yUyu0Vv1c5 Y7xJzw1RLpGknO3IWsrzU9STBfRM+ZzZvXsUjAiks9Fsd/KEJ/R8KIbuCLxHRCm9ckoU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Thu, 17 Mar 2022 22:55:34 +0000 commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 37c9b8435e..a3553e94d0 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -114,8 +115,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * start{s,ed} with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) || is_endbr64_poison(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -130,12 +143,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -143,14 +168,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -159,7 +185,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 55252e97f2..b0a4af8789 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -876,7 +876,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 08:33:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 08:33:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.291921.495780 (Exim 4.92) (envelope-from ) id 1nV82f-0007jM-Va; Fri, 18 Mar 2022 08:33:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 291921.495780; Fri, 18 Mar 2022 08:33:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nV82f-0007jD-Sc; Fri, 18 Mar 2022 08:33:01 +0000 Received: by outflank-mailman (input) for mailman id 291921; Fri, 18 Mar 2022 08:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nV82f-0007j7-KC for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 08:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nV82f-0005S3-I3 for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 08:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nV82f-00071B-H0 for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 08:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7KSH60HdOKFEf0CUwDT43CayxQL+C5eD6bO99DaUfEY=; b=sOx8ZT5RcoAMp9upw3M1WZ2qDc Whes9GnRuDr/ZsVukCdtO6pfGP3KBH703+EUTX9wKdhwT1nm7RmopYfSN7gx+EigNEMSV1Pi8OxJl SSQLKIXSVTE/azSOdJjYZKTXiMmK7t0FS/gtPxnZZ3lB8N74pdXhXeRSqd4eM8b1xISo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Propose Henry Wang as the new release manager Message-Id: Date: Fri, 18 Mar 2022 08:33:01 +0000 commit a3ba3ed0f45d3226320fd051c2066feaf7160d7a Author: George Dunlap AuthorDate: Thu Mar 10 21:37:05 2022 +0000 Commit: George Dunlap CommitDate: Thu Mar 17 12:27:56 2022 +0000 MAINTAINERS: Propose Henry Wang as the new release manager ARM has proposed Henry Wang as a release manager for 4.17. Signify this by giving him maintainership over CHANGELOG.md. Below is an introduction given by Bertrand Marquis: Henry Wang is an open-source software engineer at Arm focusing on the hypervisor and virtualization technology. Before joining the AIS-Hypervisor team, he was one of the leading Arm contributors of the Rust-VMM and the Cloud Hypervisor community. He is the Arm reviewer of the Cloud Hypervisor project. His work includes basic project enabling on Arm platform, Arm device emulation, advanced features support on Arm and bug fixes. After joining the AIS-Hypervisor team at Arm, he has been involved in Xen feature development on Arm in various areas, including: 1. Xen Arm MPAM extension research and PoC: Ongoing, the design will share in xen-devel soon. 2. Port of Xen to Arm MPU systems: Working together with Penny Zheng on coding and testing, will be soon sent to xen-devel. 3. Static Xen heap on Arm: Work done but depend on the direct mapping series from Penny Zheng, will be upstreamed in the next weeks. 4. Virtio PoC for Xen on Arm using kvmtool as the Xen virtio backend: Work done, including the enabling of the virtio and the virtio performance tuning. 5. Participated in code reviews and discussions in xen-devel, including the foreign memory mapping series from EPAM, etc. Signed-off-by: George Dunlap Acked-by: Henry Wang Acked-by: Julien Grall Acked-by: Stefano Stabellini --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index d4b06f5bfb..6a097b43eb 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -255,6 +255,7 @@ S: Supported F: xen/drivers/passthrough/arm/smmu-v3.c Change Log +M: Henry Wang R: Community Manager S: Maintained F: CHANGELOG.md -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292165.496204 (Exim 4.92) (envelope-from ) id 1nVGoY-0007KK-F1; Fri, 18 Mar 2022 17:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292165.496204; Fri, 18 Mar 2022 17:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoY-0007KC-C7; Fri, 18 Mar 2022 17:55:02 +0000 Received: by outflank-mailman (input) for mailman id 292165; Fri, 18 Mar 2022 17:55:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoX-0007K6-LB for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoX-0007Ou-Hs for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGoX-0004LV-FY for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I5dD0AvYELkP6bLKRP67qo6iVXWERl2RRLYHOTA6JAU=; b=7B2N3IqTyvY1cyY27qqa2sdoQf debxVIhxFPZqkmWDLJzaO/Vn7cBDGObm761cxfzRgy0e7V+5E1pZiEpTkN/RMWut8jkyCV+XL5cpV hJf4dJVJyGBfxaV9xKnVOippRM3OJU4WNMcmemYU3te0HaSVSqGgsZ5v48IlB2kLIv00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: switch non style compliant hypercall handler parameter types Message-Id: Date: Fri, 18 Mar 2022 17:55:01 +0000 commit 4a07bab33b70f6df3c93b443cdb76691bccc4d23 Author: Juergen Gross AuthorDate: Thu Mar 17 17:41:03 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:41:03 2022 +0100 xen: switch non style compliant hypercall handler parameter types Switch some non style compliant types (u32, s32, s64) of hypercall handler parameters to style compliant ones. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/hypercall.h | 10 +++++----- xen/include/xen/hypercall.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 16d8418b57..61bf897147 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -94,7 +94,7 @@ do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc); extern long cf_check do_update_va_mapping( unsigned long va, - u64 val64, + uint64_t val64, unsigned long flags); extern long cf_check @@ -104,7 +104,7 @@ do_physdev_op( extern long cf_check do_update_va_mapping_otherdomain( unsigned long va, - u64 val64, + uint64_t val64, unsigned long flags, domid_t domid); @@ -162,10 +162,10 @@ extern long cf_check compat_callback_op( int cmd, XEN_GUEST_HANDLE(void) arg); extern int cf_check compat_update_va_mapping( - unsigned int va, u32 lo, u32 hi, unsigned int flags); + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags); extern int cf_check compat_update_va_mapping_otherdomain( - unsigned int va, u32 lo, u32 hi, unsigned int flags, domid_t domid); + unsigned int va, uint32_t lo, uint32_t hi, unsigned int flags, domid_t domid); DEFINE_XEN_GUEST_HANDLE(trap_info_compat_t); extern int cf_check compat_set_trap_table( @@ -175,7 +175,7 @@ extern int cf_check compat_set_gdt( XEN_GUEST_HANDLE_PARAM(uint) frame_list, unsigned int entries); extern int cf_check compat_update_descriptor( - u32 pa_lo, u32 pa_hi, u32 desc_lo, u32 desc_hi); + uint32_t pa_lo, uint32_t pa_hi, uint32_t desc_lo, uint32_t desc_hi); extern unsigned int cf_check compat_iret(void); diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 4dfd64cf71..a1b6575976 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -198,8 +198,8 @@ compat_sched_op( extern int cf_check compat_set_timer_op( - u32 lo, - s32 hi); + uint32_t lo, + int32_t hi); extern int cf_check compat_xsm_op( XEN_GUEST_HANDLE_PARAM(void) op); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292166.496208 (Exim 4.92) (envelope-from ) id 1nVGoi-0007N4-Gd; Fri, 18 Mar 2022 17:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292166.496208; Fri, 18 Mar 2022 17:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoi-0007Mw-DY; Fri, 18 Mar 2022 17:55:12 +0000 Received: by outflank-mailman (input) for mailman id 292166; Fri, 18 Mar 2022 17:55:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoh-0007Mq-NO for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGoh-0007QV-ME for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGoh-0004M2-KO for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ap8GJhp5iaIUy8HOGoPzyHq/8G90P86YaOxjLfChyFk=; b=DKzv9See0Z0JIkxLys7doGJJI2 TiU2fEHu+4hOOM4m+xbKFkQXSDpVM6bp6akc3N8G2aJ53QfgnrKLD4sGul5Dnr6iH3hbrUHB4OBvx 7VvQfL7GC+2gAMKVJRoTlGk+eJWzOqpSkMSvgdWnvfYTx50AZapyxeXF1MbFr5ijR2k8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul/test: correct VSCALEF{P,S}{S,D} entries in predicates test Message-Id: Date: Fri, 18 Mar 2022 17:55:11 +0000 commit 59d434195054e5e0feb1878e8360ef0591881844 Author: Jan Beulich AuthorDate: Thu Mar 17 17:42:13 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:42:13 2022 +0100 x86emul/test: correct VSCALEF{P,S}{S,D} entries in predicates test I can't see why these would want / need to suppress testing of the register forms of the insns. Quite likely a copy-and-paste oversight when originally creating the table. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index 0d10135195..ecd5b5e3a6 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1822,8 +1822,8 @@ static const struct evex { { { 0x2a }, 2, F, R, pfx_66, W0, Ln }, /* vmovntdqa */ { { 0x2a, 0xc0 }, 2, F, N, pfx_f3, W1, Ln }, /* vpbroadcastmb2q */ { { 0x2b }, 2, T, R, pfx_66, W0, Ln }, /* vpackusdw */ - { { 0x2c }, 2, F, R, pfx_66, Wn, Ln }, /* vscalefp{s,d} */ - { { 0x2d }, 2, F, R, pfx_66, Wn, LIG }, /* vscalefs{s,d} */ + { { 0x2c }, 2, T, R, pfx_66, Wn, Ln }, /* vscalefp{s,d} */ + { { 0x2d }, 2, T, R, pfx_66, Wn, LIG }, /* vscalefs{s,d} */ { { 0x30 }, 2, T, R, pfx_66, WIG, Ln }, /* vpmovzxbw */ { { 0x30 }, 2, T, W, pfx_f3, W0, Ln }, /* vpmovwb */ { { 0x31 }, 2, T, R, pfx_66, WIG, Ln }, /* vpmovzxbd */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292167.496211 (Exim 4.92) (envelope-from ) id 1nVGos-0007QQ-I6; Fri, 18 Mar 2022 17:55:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292167.496211; Fri, 18 Mar 2022 17:55:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGos-0007QH-F4; Fri, 18 Mar 2022 17:55:22 +0000 Received: by outflank-mailman (input) for mailman id 292167; Fri, 18 Mar 2022 17:55:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGor-0007Q1-Qe for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGor-0007Qr-Pn for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGor-0004Mq-OS for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b+KwckFxP2+aNP3uNo60XTzKc23MJWal8wTmY2lRPEY=; b=Lfpj1VyqU4oK047GtLuhOJJWLk hNZb8B5WDW8CYucdmRFbhD8SWNDQmLqrirE9nZ16b/9h+7TAGDW/lnOqCXrstYv3AyiWiVR58W8sR RbCKI2TwWGL+XYTDmfRxCo8S6ZFuXP+T0HPUuwJjN32VwIDDrbQGigrE88AbCl21zsUs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86emul/test: correct VCVTUSI2S{S,D} comments in predicates test Message-Id: Date: Fri, 18 Mar 2022 17:55:21 +0000 commit 7b41b91fd2ecbf87b91120b468689e10296b656c Author: Jan Beulich AuthorDate: Thu Mar 17 17:42:27 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 17 17:42:27 2022 +0100 x86emul/test: correct VCVTUSI2S{S,D} comments in predicates test These were missing the size-indicating suffixes. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- tools/tests/x86_emulator/predicates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tests/x86_emulator/predicates.c b/tools/tests/x86_emulator/predicates.c index ecd5b5e3a6..cf1cb73054 100644 --- a/tools/tests/x86_emulator/predicates.c +++ b/tools/tests/x86_emulator/predicates.c @@ -1712,8 +1712,8 @@ static const struct evex { { { 0x7a }, 2, T, R, pfx_f3, Wn, Ln }, /* vcvtu{d,q}2pd */ { { 0x7a }, 2, T, R, pfx_f2, Wn, Ln }, /* vcvtu{d,q}2ps */ { { 0x7b }, 2, T, R, pfx_66, Wn, Ln }, /* vcvtp{s,d}2qq */ - { { 0x7b }, 2, T, R, pfx_f3, Wn, LIG }, /* vcvtusi2s */ - { { 0x7b }, 2, T, R, pfx_f2, Wn, LIG }, /* vcvtusi2s */ + { { 0x7b }, 2, T, R, pfx_f3, Wn, LIG }, /* vcvtusi2ss */ + { { 0x7b }, 2, T, R, pfx_f2, Wn, LIG }, /* vcvtusi2sd */ { { 0x7e }, 2, T, W, pfx_66, Wn, L0 }, /* vmov{d,q} */ { { 0x7e }, 2, T, R, pfx_f3, W1, L0 }, /* vmovq */ { { 0x7f }, 2, T, W, pfx_66, Wn, Ln }, /* vmovdqa{32,64} */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:32 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292168.496216 (Exim 4.92) (envelope-from ) id 1nVGp2-0007TN-JP; Fri, 18 Mar 2022 17:55:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292168.496216; Fri, 18 Mar 2022 17:55:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGp2-0007TF-GW; Fri, 18 Mar 2022 17:55:32 +0000 Received: by outflank-mailman (input) for mailman id 292168; Fri, 18 Mar 2022 17:55:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGp1-0007T3-UD for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGp1-0007RN-TR for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGp1-0004NZ-SC for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wkJWlbLhPOXmzyd4ew/YqOeyxAbtPValAuXKZDOj25Y=; b=f+OuIIVqE0214FFsksU7Oe1a31 s7nzfyjh2e8osXNJ4ue97Poto4deSQ/w53C7q9Df3z7sD7njQ9b/LZirz96lN4f9/WqviLzWTCnER io21Yy2FwThIaF/lzhX8XaXq7a7y3siKTMbwkRjLvlDbMytb8b4tEFkdz42lKzpLtWM0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Fri, 18 Mar 2022 17:55:31 +0000 commit e421ed0f68488863599532bda575c03c33cde0e0 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++---- xen/arch/x86/include/asm/shstk.h | 46 ++++++++++++++++++++++++++++++++++++++++ xen/arch/x86/traps.c | 8 +++---- 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index bd2207163a..0412dbc915 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -826,15 +827,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/include/asm/shstk.h b/xen/arch/x86/include/asm/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/arch/x86/include/asm/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index a2278d9499..8659547970 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -84,6 +84,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -868,8 +869,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -898,9 +898,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:42 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:42 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292169.496220 (Exim 4.92) (envelope-from ) id 1nVGpC-0007Xc-L0; Fri, 18 Mar 2022 17:55:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292169.496220; Fri, 18 Mar 2022 17:55:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpC-0007XU-I8; Fri, 18 Mar 2022 17:55:42 +0000 Received: by outflank-mailman (input) for mailman id 292169; Fri, 18 Mar 2022 17:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpC-0007XK-18 for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpC-0007RX-0M for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGpB-0004OH-Vk for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gGLXafZz9jlTixaGm7lOdmDrkKhbocT5qnvwcbXhmnw=; b=afdVWykvHlFPhn1W/QyREletHD O3AbZiIYA4b3lgdxUm1iOV7hipjCf87/8NZ/aux06r8lqEN9m9aGTJhbPbz7Xp6n374J3Tl9ruufO XQnrb27YFZwBZ00WJLTmP2pu7gLmCo/HAZ7qKSZoYEM0YHKotHBydzbOmL9FgM6wq5KI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Use dedicated NOP4 for cf_clobber Message-Id: Date: Fri, 18 Mar 2022 17:55:41 +0000 commit 89a24719b6591b48f9953fe1bd9db67adbf74736 Author: Andrew Cooper AuthorDate: Tue Mar 8 13:47:25 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Use dedicated NOP4 for cf_clobber For livepatching, we need to look at a potentially clobbered function and determine whether it used to have an ENDBR64 instruction. Use a non-default 4-byte P6 long nop, not emitted by toolchains, and extend check-endbr.sh to look for it. The same logic can check for the absence of any endbr32 instructions, so include a check for those too. The choice of nop has some complicated consequences. nopw (%rax) has a ModRM byte of 0, which the Bourne compatible shells unconditionally strip from parameters, meaning that we can't pass it to `grep -aob`. Therefore, use nopw (%rcx) so the ModRM byte becomes 1. This then demonstrates another bug. Under perl regexes, \1 thru \9 are subpattern matches, and not octal escapes, while the behaviour of \10 and higher depend on the number of capture groups. Switch the `grep -P` runes to use hex escapes instead, which are unambiguous. The build time check then requires that the endbr64 poison have the same treatment as endbr64 to avoid placing the byte pattern in immediate operands. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/alternative.c | 2 +- xen/arch/x86/include/asm/endbr.h | 26 ++++++++++++++++++++++++++ xen/tools/check-endbr.sh | 18 +++++++++++++----- 3 files changed, 40 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index d41eeef1bc..0c6fc7b4fb 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -362,7 +362,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, if ( !is_kernel_text(ptr) || !is_endbr64(ptr) ) continue; - add_nops(ptr, ENDBR64_LEN); + place_endbr64_poison(ptr); clobbered++; } diff --git a/xen/arch/x86/include/asm/endbr.h b/xen/arch/x86/include/asm/endbr.h index 6090afeb0b..d946fac131 100644 --- a/xen/arch/x86/include/asm/endbr.h +++ b/xen/arch/x86/include/asm/endbr.h @@ -52,4 +52,30 @@ static inline void place_endbr64(void *ptr) *(uint32_t *)ptr = gen_endbr64(); } +/* + * After clobbering ENDBR64, we may need to confirm that the site used to + * contain an ENDBR64 instruction. Use an encoding which isn't the default + * P6_NOP4. Specifically, nopw (%rcx) + */ +static inline uint32_t __attribute_const__ gen_endbr64_poison(void) +{ + uint32_t res; + + asm ( "mov $~0x011f0f66, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64_poison(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64_poison(); +} + +static inline void place_endbr64_poison(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64_poison(); +} + #endif /* XEN_ASM_ENDBR_H */ diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh index 9799c451a1..552f233912 100755 --- a/xen/tools/check-endbr.sh +++ b/xen/tools/check-endbr.sh @@ -27,7 +27,7 @@ echo "X" | grep -aob "X" -q 2>/dev/null || # Check whether grep supports Perl regexps. Older GNU grep doesn't reliably # find binary patterns otherwise. perl_re=true -echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false +echo "X" | grep -aobP "\x58" -q 2>/dev/null || perl_re=false # # First, look for all the valid endbr64 instructions. @@ -45,13 +45,15 @@ echo "X" | grep -aobP "\130" -q 2>/dev/null || perl_re=false ${OBJDUMP} -j .text $1 -d -w | grep ' endbr64 *$' | cut -f 1 -d ':' > $VALID & # -# Second, look for any endbr64 byte sequence +# Second, look for all endbr64, endbr32 and nop poison byte sequences # This has a couple of complications: # # 1) Grep binary search isn't VMA aware. Copy .text out as binary, causing # the grep offset to be from the start of .text. # # 2) dash's printf doesn't understand hex escapes, hence the use of octal. +# `grep -P` on the other hand has various ambiguities with octal-like +# escapes, so use hex escapes instead which are unambiguous. # # 3) AWK can't add 64bit integers, because internally all numbers are doubles. # When the upper bits are set, the exponents worth of precision is lost in @@ -65,11 +67,17 @@ eval $(${OBJDUMP} -j .text $1 -h | awk '$2 == ".text" {printf "vma_hi=%s\nvma_lo=%s\n", substr($4, 1, 8), substr($4, 9, 16)}') ${OBJCOPY} -j .text $1 -O binary $TEXT_BIN + +# instruction: hex: oct: +# endbr64 f3 0f 1e fa 363 017 036 372 +# endbr32 f3 0f 1e fb 363 017 036 373 +# nopw (%rcx) 66 0f 1f 01 146 017 037 001 if $perl_re then - LC_ALL=C grep -aobP '\363\17\36\372' $TEXT_BIN + LC_ALL=C grep -aobP '\xf3\x0f\x1e(\xfa|\xfb)|\x66\x0f\x1f\x01' $TEXT_BIN else - grep -aob "$(printf '\363\17\36\372')" $TEXT_BIN + grep -aob -e "$(printf '\363\17\36\372')" -e "$(printf '\363\17\36\373')" \ + -e "$(printf '\146\17\37\1')" $TEXT_BIN fi | awk -F':' '{printf "%s%x\n", "'$vma_hi'", int(0x'$vma_lo') + $1}' > $ALL # Wait for $VALID to become complete @@ -90,6 +98,6 @@ nr_bad=$(wc -l < $BAD) [ "$nr_bad" -eq 0 ] && exit 0 # Failure -echo "$MSG_PFX Fail: Found ${nr_bad} embedded endbr64 instructions" >&2 +echo "$MSG_PFX Fail: Found ${nr_bad} endb32, nop poison, or embedded endbr64 instructions" >&2 ${ADDR2LINE} -afip -e $1 < $BAD >&2 exit 1 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:55:53 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292170.496224 (Exim 4.92) (envelope-from ) id 1nVGpN-0007ag-Mn; Fri, 18 Mar 2022 17:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292170.496224; Fri, 18 Mar 2022 17:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpN-0007aY-Jh; Fri, 18 Mar 2022 17:55:53 +0000 Received: by outflank-mailman (input) for mailman id 292170; Fri, 18 Mar 2022 17:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpM-0007aO-4g for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpM-0007Rm-3w for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGpM-0004Ox-2g for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bkGcPqO86r5PIMZ0DJ6XWMefOn8mWs0jt3gHE9hCRGM=; b=pWTUnmS5sqYp4i5wiXa3Ce1+rw 5VYbjNJdHImmXz6CiM50Qi/Pec1vX8NPvd/OOQxU0XEq6HNSBPgQiA/Nnb+BR6oC0AIKymg6eRojC CyvUFexh6nrQTDtrgDCkhCDoVUF6OTZHM7hW1wWMvlKy64P/+e7tulLggZQgTpjU+T70=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Fri, 18 Mar 2022 17:55:52 +0000 commit 37786b23b027ab83051175cb8ce9ac86cacfc58e Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/smp.h | 2 ++ xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/include/asm/smp.h b/xen/arch/x86/include/asm/smp.h index 1747772d23..41a3b6a0da 100644 --- a/xen/arch/x86/include/asm/smp.h +++ b/xen/arch/x86/include/asm/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 22a9885dee..a0ee8d206f 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -148,7 +148,7 @@ cpumask_t __read_mostly cpu_present_map; unsigned long __read_mostly xen_phys_start; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; /* Used by the BSP/AP paths to find the higher half stack mapping to use. */ @@ -712,7 +712,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -886,6 +885,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -918,7 +919,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1703,6 +1704,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1974,17 +1979,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 709704d71a..b46fd9ab18 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1023,6 +1023,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1035,15 +1052,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 7aa1f82df9..d33e295320 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -235,6 +235,7 @@ SECTIONS } PHDR(text) DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) . = ALIGN(POINTER_ALIGN); __initdata_cf_clobber_start = .; @@ -348,7 +349,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 18 17:56:03 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 18 Mar 2022 17:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292171.496228 (Exim 4.92) (envelope-from ) id 1nVGpX-0007e0-Pb; Fri, 18 Mar 2022 17:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292171.496228; Fri, 18 Mar 2022 17:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpX-0007dq-Mb; Fri, 18 Mar 2022 17:56:03 +0000 Received: by outflank-mailman (input) for mailman id 292171; Fri, 18 Mar 2022 17:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpW-0007dV-7g for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVGpW-0007SA-72 for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVGpW-0004Pw-6G for xen-changelog@lists.xenproject.org; Fri, 18 Mar 2022 17:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UY9+q4DOr0kFluDfcYOPzbxTUE4vNtNY0OGfL3ZtsUM=; b=sH8Xf2MOmIGKw8eme1p8z+xvaP TFnESjMC31s7twyzaVjUdIbeg11/2c9BchxB6miLw7PN2bGq+3DZ/l6L3RbMkX5hLaZ6aGp7gNcMQ uJsH1zmE7ocS6OHwQezqMpjsR3FyhR0GCT9RsUcnM/2EN+w6w4DR1UOkWV4dDYEjpQQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Fri, 18 Mar 2022 17:56:02 +0000 commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Thu Mar 17 20:34:06 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 37c9b8435e..a3553e94d0 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -114,8 +115,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * start{s,ed} with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) || is_endbr64_poison(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -130,12 +143,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -143,14 +168,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -159,7 +185,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 55252e97f2..b0a4af8789 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -876,7 +876,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Mar 19 04:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Mar 2022 04:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292333.496584 (Exim 4.92) (envelope-from ) id 1nVQbO-00060r-18; Sat, 19 Mar 2022 04:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292333.496584; Sat, 19 Mar 2022 04:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbN-00060i-U2; Sat, 19 Mar 2022 04:22:05 +0000 Received: by outflank-mailman (input) for mailman id 292333; Sat, 19 Mar 2022 04:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbM-00060c-Bf for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbM-0007fj-9s for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVQbM-0001ke-8Y for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NSuCXKNgNEQ+HJkvOodeZheDfvB0tMXJGRJv87UIvv4=; b=UJzv3Wyje2AQU0kQNZXzvhE+tY SYvPp9s4ZooK5FvG8qZTLefCD0Jx9IUFS76dGHwI2+mOHk4Bc0IRb+fg2ob6+G1ul8LpS+pyptDt9 X2JA+MBAHEyHqas2aomF8PyRnw7KSpvFhkKsqY6jDIbNCe4P7IiQgY0NJnRFRyHwCnWk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: io: Emulate instructions (with invalid ISS) on MMIO region Message-Id: Date: Sat, 19 Mar 2022 04:22:04 +0000 commit 5e9c429ad41f03740817ed370119f9f9f2a3a68f Author: Ayan Kumar Halder AuthorDate: Thu Mar 17 14:00:44 2022 +0000 Commit: Stefano Stabellini CommitDate: Fri Mar 18 21:17:13 2022 -0700 xen/arm64: io: Emulate instructions (with invalid ISS) on MMIO region When an instruction is trapped in Xen due to translation fault, Xen checks if the ISS is invalid (for data abort) or it is an instruction abort. If so, Xen tries to resolve the translation fault using p2m page tables. In case of data abort, Xen will try to map the mmio region to the guest (ie tries to emulate the mmio region). If the ISS is not valid and it is a data abort, then Xen tries to decode the instruction. In case of ioreq, Xen saves the decoding state, rn and imm9 to vcpu_io. Whenever the vcpu handles the ioreq successfully, it will read the decoding state to determine if the instruction decoded was a ldr/str post indexing (ie INSTR_LDR_STR_POSTINDEXING). If so, it uses these details to post increment rn. In case of mmio handler, if the mmio operation was successful, then Xen retrives the decoding state, rn and imm9. For state == INSTR_LDR_STR_POSTINDEXING, Xen will update rn. If there is an error encountered while decoding/executing the instruction, Xen will forward the abort to the guest. Also, the logic to infer the type of instruction has been moved from try_handle_mmio() to try_decode_instruction() which is called before. try_handle_mmio() is solely responsible for handling the mmio operation. Signed-off-by: Ayan Kumar Halder Tested-by: Stefano Stabellini Reviewed-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/arm32/traps.c | 12 ++++++ xen/arch/arm/arm64/traps.c | 52 ++++++++++++++++++++++ xen/arch/arm/decode.c | 2 + xen/arch/arm/include/asm/domain.h | 4 ++ xen/arch/arm/include/asm/mmio.h | 17 +++++++- xen/arch/arm/include/asm/traps.h | 2 + xen/arch/arm/io.c | 90 ++++++++++++++++++++++++--------------- xen/arch/arm/ioreq.c | 8 +++- xen/arch/arm/traps.c | 77 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/domain.h | 3 ++ xen/include/xen/sched.h | 2 + 11 files changed, 215 insertions(+), 54 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 9c9790a6d1..a4ce2b92d9 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,9 +18,11 @@ #include #include +#include #include +#include #include #include @@ -82,6 +84,16 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } +void finalize_instr_emulation(const struct instr_details *instr) +{ + /* + * We have not implemented decoding of post indexing instructions for 32 bit. + * Thus, this should be unreachable. + */ + if ( instr->state == INSTR_LDR_STR_POSTINDEXING ) + domain_crash(current->domain); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 9113a15c7a..3f8858acec 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,6 +17,7 @@ */ #include +#include #include #include @@ -44,6 +45,57 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } +void finalize_instr_emulation(const struct instr_details *instr) +{ + struct cpu_user_regs *regs = guest_cpu_user_regs(); + register_t val = 0; + uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); + + /* Currently, we handle only ldr/str post indexing instructions */ + if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) + return; + + /* + * Handle when rn = SP + * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register + * selection" + * t = SP_EL0 + * h = SP_ELx + * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") + */ + if ( instr->rn == 31 ) + { + switch ( psr_mode ) + { + case PSR_MODE_EL1h: + val = regs->sp_el1; + break; + case PSR_MODE_EL1t: + case PSR_MODE_EL0t: + val = regs->sp_el0; + break; + + default: + domain_crash(current->domain); + return; + } + } + else + val = get_user_reg(regs, instr->rn); + + val += instr->imm9; + + if ( instr->rn == 31 ) + { + if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) + regs->sp_el1 = val; + else + regs->sp_el0 = val; + } + else + set_user_reg(regs, instr->rn, val); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 3add87e83a..f5f6562600 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,8 +146,10 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; + dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index c56f6e4398..ed63c2b6f9 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,6 +281,10 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) +struct arch_vcpu_io { + struct instr_details dabt_instr; /* when the instruction is decoded */ +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 3354d9c635..ca259a79c2 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,12 +26,24 @@ #define MAX_IO_HANDLER 16 +enum instr_decode_state +{ + INSTR_ERROR, /* Error encountered while decoding instr */ + INSTR_VALID, /* ISS is valid, so no need to decode */ + /* + * Instruction is decoded successfully. It is a ldr/str post indexing + * instruction. + */ + INSTR_LDR_STR_POSTINDEXING, +}; + typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; + enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -69,14 +81,15 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa); + mmio_info_t *info); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 2ed2b85c6f..08bc0b484c 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,6 +109,8 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } +void finalize_instr_emulation(const struct instr_details *instr); + #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fad103bdbd..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,57 +102,79 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info) +{ + int rc; + + if ( info->dabt.valid ) + { + info->dabt_instr.state = INSTR_VALID; + + /* + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. + */ + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + info->dabt.write ) + { + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } + } + return; + } + + /* + * Armv8 processor does not provide a valid syndrome for decoding some + * instructions. So in order to process these instructions, Xen must + * decode them. + */ + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_ERR, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } +} + enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa) + mmio_info_t *info) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - const struct hsr_dabt dabt = hsr.dabt; - mmio_info_t info = { - .gpa = gpa, - .dabt = dabt - }; + int rc; - ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - handler = find_mmio_handler(v->domain, info.gpa); - if ( !handler ) + if ( !info->dabt.valid ) { - int rc; + ASSERT_UNREACHABLE(); + return IO_ABORT; + } - rc = try_fwd_ioserv(regs, v, &info); + handler = find_mmio_handler(v->domain, info->gpa); + if ( !handler ) + { + rc = try_fwd_ioserv(regs, v, info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } - /* All the instructions used on emulated MMIO region should be valid */ - if ( !dabt.valid ) - return IO_ABORT; - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. + * At this point, we know that the instruction is either valid or has been + * decoded successfully. Thus, Xen should be allowed to execute the + * instruction on the emulated MMIO region. */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - dabt.write ) - { - int rc; - - rc = decode_instruction(regs, &info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - return IO_ABORT; - } - } - - if ( info.dabt.write ) - return handle_write(handler, v, &info); + if ( info->dabt.write ) + return handle_write(handler, v, info); else - return handle_read(handler, v, &info); + return handle_read(handler, v, info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 308650b400..54167aebcb 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,6 +47,8 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; + struct instr_details instr = info->dabt_instr; + struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -76,10 +78,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - if ( !info->dabt.valid ) - return IO_ABORT; + ASSERT(dabt.valid); vio->req = p; + vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -95,6 +97,7 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; + struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -106,6 +109,7 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { + finalize_instr_emulation(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 7a1b679b8c..11f970d926 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,6 +1893,21 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } +static inline bool check_p2m(bool is_data, paddr_t gpa) +{ + /* + * First check if the translation fault can be resolved by the P2M subsystem. + * If that's the case nothing else to do. + */ + if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) + return true; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + return true; + + return false; +} + static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1906,6 +1921,8 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + mmio_info_t info; + enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1959,21 +1976,52 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: + { + info.gpa = gpa; + info.dabt = hsr.dabt; + /* - * Attempt first to emulate the MMIO as the data abort will - * likely happen in an emulated region. - * - * Note that emulated region cannot be executed + * Assumption :- Most of the times when we get a data abort and the ISS + * is invalid or an instruction abort, the underlying cause is that the + * page tables have not been set up correctly. */ - if ( is_data ) + if ( !is_data || !info.dabt.valid ) { - enum io_state state = try_handle_mmio(regs, hsr, gpa); + if ( check_p2m(is_data, gpa) ) + return; - switch ( state ) - { + /* + * If the instruction abort could not be resolved by setting the + * appropriate bits in the translation table, then Xen should + * forward the abort to the guest. + */ + if ( !is_data ) + goto inject_abt; + } + + try_decode_instruction(regs, &info); + + /* + * If Xen could not decode the instruction or encountered an error + * while decoding, then it should forward the abort to the guest. + */ + if ( info.dabt_instr.state == INSTR_ERROR ) + goto inject_abt; + + state = try_handle_mmio(regs, &info); + + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: + /* + * If the instruction was decoded and has executed successfully + * on the MMIO region, then Xen should execute the next part of + * the instruction. (for eg increment the rn if it is a + * post-indexing instruction. + */ + finalize_instr_emulation(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -1982,21 +2030,18 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; - } } /* - * First check if the translation fault can be resolved by the - * P2M subsystem. If that's the case nothing else to do. + * If the instruction syndrome was invalid, then we already checked if + * this was due to a P2M fault. So no point to check again as the result + * will be the same. */ - if ( p2m_resolve_translation_fault(current->domain, - gaddr_to_gfn(gpa)) ) - return; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) return; break; + } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index e62e109598..35898d725f 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -756,6 +756,9 @@ static inline void pv_inject_sw_interrupt(unsigned int vector) : is_pv_32bit_domain(d) ? PV32_VM_ASSIST_MASK \ : PV64_VM_ASSIST_MASK) +struct arch_vcpu_io { +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 10ea969c7a..406d9bc610 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,6 +160,8 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; + /* Arch specific info pertaining to the io request */ + struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Mar 19 04:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 19 Mar 2022 04:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292334.496588 (Exim 4.92) (envelope-from ) id 1nVQbY-00062W-2e; Sat, 19 Mar 2022 04:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292334.496588; Sat, 19 Mar 2022 04:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbX-00062O-Vh; Sat, 19 Mar 2022 04:22:15 +0000 Received: by outflank-mailman (input) for mailman id 292334; Sat, 19 Mar 2022 04:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbW-00062C-Dz for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVQbW-0007ft-DC for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVQbW-0001mj-C6 for xen-changelog@lists.xenproject.org; Sat, 19 Mar 2022 04:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ByXd3YTYP3G4YKpvyt2J04Q0a4Jx732rvEbQWJu0rUs=; b=Mz9daic4nJXxsUpW9F78pA3qa/ zYWjyy12ZSGIU2lthZA4aK/QSRhgaJNwBsmvLQGymqLjw8WvSZWOoQU3PBwsW57uTmcKN9wUtrJpW 4cTX70sdlQSjv09cEXL+wdgIjA4MqNK2As6O9twkwMWG3yDTtxz4o5nWXiDLMcmtOlrU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm64: io: Handle the abort due to access to stage1 translation table Message-Id: Date: Sat, 19 Mar 2022 04:22:14 +0000 commit fdfb07eb28e42b456e5e1ce999a47cc3ea439f7f Author: Ayan Kumar Halder AuthorDate: Thu Mar 17 14:00:45 2022 +0000 Commit: Stefano Stabellini CommitDate: Fri Mar 18 21:17:34 2022 -0700 xen/arm64: io: Handle the abort due to access to stage1 translation table If the abort was caused due to access to stage1 translation table, Xen will try to set the p2m entry (assuming that the Stage 1 translation table is in a non MMIO region). If there is no such entry found, then Xen will try to map the address as a MMIO region (assuming that the Stage 1 translation table is in a direct MMIO region). If that fails as well, then there are the two following scenarios:- 1. Stage 1 translation table being in an emulated MMIO region - Xen can read the region, but it has no way to return the value read to the CPU page table walker (which tries to go through the stage1 tables to resolve the translation fault). 2. Stage 1 translation table address is invalid. In both the above scenarios, Xen will forward the abort to the guest. Signed-off-by: Ayan Kumar Halder Tested-by: Stefano Stabellini Reviewed-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..6f458ee7fd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,6 +128,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * At this point, we know that the stage1 translation table is either in an + * emulated MMIO region or its address is invalid . This is not expected by + * Xen and thus it forwards the abort to the guest. + */ + if ( info->dabt.s1ptw ) + { + info->dabt_instr.state = INSTR_ERROR; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sun Mar 20 12:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 20 Mar 2022 12:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292585.496875 (Exim 4.92) (envelope-from ) id 1nVuZP-0002oc-Ar; Sun, 20 Mar 2022 12:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292585.496875; Sun, 20 Mar 2022 12:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZP-0002oU-7t; Sun, 20 Mar 2022 12:22:03 +0000 Received: by outflank-mailman (input) for mailman id 292585; Sun, 20 Mar 2022 12:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZO-0002oO-DI for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZO-0006es-At for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVuZO-0001af-9m for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G6GoP14yHrAnXz2JpBjvyp/vFj98KFlwf5i++5FeVXs=; b=byV5Aqq3LXxEsiYqy/tGddllnv K2yTpq5FjF5oAQM545G/m9hhVLMKqTovjcv+Y+9hODLyaq/4d5c2I4IGJFbD9kH43ijbo+AxXjxB1 LstSB4M2vm/UkxOHOtvoLnqe1jFNOrsDohFOJ0aGNAa4JHzlU/QWoNEHpAOU92SFsUh8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: io: Emulate instructions (with invalid ISS) on MMIO region Message-Id: Date: Sun, 20 Mar 2022 12:22:02 +0000 commit 5e9c429ad41f03740817ed370119f9f9f2a3a68f Author: Ayan Kumar Halder AuthorDate: Thu Mar 17 14:00:44 2022 +0000 Commit: Stefano Stabellini CommitDate: Fri Mar 18 21:17:13 2022 -0700 xen/arm64: io: Emulate instructions (with invalid ISS) on MMIO region When an instruction is trapped in Xen due to translation fault, Xen checks if the ISS is invalid (for data abort) or it is an instruction abort. If so, Xen tries to resolve the translation fault using p2m page tables. In case of data abort, Xen will try to map the mmio region to the guest (ie tries to emulate the mmio region). If the ISS is not valid and it is a data abort, then Xen tries to decode the instruction. In case of ioreq, Xen saves the decoding state, rn and imm9 to vcpu_io. Whenever the vcpu handles the ioreq successfully, it will read the decoding state to determine if the instruction decoded was a ldr/str post indexing (ie INSTR_LDR_STR_POSTINDEXING). If so, it uses these details to post increment rn. In case of mmio handler, if the mmio operation was successful, then Xen retrives the decoding state, rn and imm9. For state == INSTR_LDR_STR_POSTINDEXING, Xen will update rn. If there is an error encountered while decoding/executing the instruction, Xen will forward the abort to the guest. Also, the logic to infer the type of instruction has been moved from try_handle_mmio() to try_decode_instruction() which is called before. try_handle_mmio() is solely responsible for handling the mmio operation. Signed-off-by: Ayan Kumar Halder Tested-by: Stefano Stabellini Reviewed-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/arm32/traps.c | 12 ++++++ xen/arch/arm/arm64/traps.c | 52 ++++++++++++++++++++++ xen/arch/arm/decode.c | 2 + xen/arch/arm/include/asm/domain.h | 4 ++ xen/arch/arm/include/asm/mmio.h | 17 +++++++- xen/arch/arm/include/asm/traps.h | 2 + xen/arch/arm/io.c | 90 ++++++++++++++++++++++++--------------- xen/arch/arm/ioreq.c | 8 +++- xen/arch/arm/traps.c | 77 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/domain.h | 3 ++ xen/include/xen/sched.h | 2 + 11 files changed, 215 insertions(+), 54 deletions(-) diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c index 9c9790a6d1..a4ce2b92d9 100644 --- a/xen/arch/arm/arm32/traps.c +++ b/xen/arch/arm/arm32/traps.c @@ -18,9 +18,11 @@ #include #include +#include #include +#include #include #include @@ -82,6 +84,16 @@ void do_trap_data_abort(struct cpu_user_regs *regs) do_unexpected_trap("Data Abort", regs); } +void finalize_instr_emulation(const struct instr_details *instr) +{ + /* + * We have not implemented decoding of post indexing instructions for 32 bit. + * Thus, this should be unreachable. + */ + if ( instr->state == INSTR_LDR_STR_POSTINDEXING ) + domain_crash(current->domain); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/arm64/traps.c b/xen/arch/arm/arm64/traps.c index 9113a15c7a..3f8858acec 100644 --- a/xen/arch/arm/arm64/traps.c +++ b/xen/arch/arm/arm64/traps.c @@ -17,6 +17,7 @@ */ #include +#include #include #include @@ -44,6 +45,57 @@ void do_bad_mode(struct cpu_user_regs *regs, int reason) panic("bad mode\n"); } +void finalize_instr_emulation(const struct instr_details *instr) +{ + struct cpu_user_regs *regs = guest_cpu_user_regs(); + register_t val = 0; + uint8_t psr_mode = (regs->cpsr & PSR_MODE_MASK); + + /* Currently, we handle only ldr/str post indexing instructions */ + if ( instr->state != INSTR_LDR_STR_POSTINDEXING ) + return; + + /* + * Handle when rn = SP + * Refer ArmV8 ARM DDI 0487G.b, Page - D1-2463 "Stack pointer register + * selection" + * t = SP_EL0 + * h = SP_ELx + * and M[3:0] (Page - C5-474 "When exception taken from AArch64 state:") + */ + if ( instr->rn == 31 ) + { + switch ( psr_mode ) + { + case PSR_MODE_EL1h: + val = regs->sp_el1; + break; + case PSR_MODE_EL1t: + case PSR_MODE_EL0t: + val = regs->sp_el0; + break; + + default: + domain_crash(current->domain); + return; + } + } + else + val = get_user_reg(regs, instr->rn); + + val += instr->imm9; + + if ( instr->rn == 31 ) + { + if ( (regs->cpsr & PSR_MODE_MASK) == PSR_MODE_EL1h ) + regs->sp_el1 = val; + else + regs->sp_el0 = val; + } + else + set_user_reg(regs, instr->rn, val); +} + /* * Local variables: * mode: C diff --git a/xen/arch/arm/decode.c b/xen/arch/arm/decode.c index 3add87e83a..f5f6562600 100644 --- a/xen/arch/arm/decode.c +++ b/xen/arch/arm/decode.c @@ -146,8 +146,10 @@ static int decode_arm64(register_t pc, mmio_info_t *info) update_dabt(dabt, opcode.ldr_str.rt, opcode.ldr_str.size, false); + dabt_instr->state = INSTR_LDR_STR_POSTINDEXING; dabt_instr->rn = opcode.ldr_str.rn; dabt_instr->imm9 = opcode.ldr_str.imm9; + dabt->valid = 1; return 0; diff --git a/xen/arch/arm/include/asm/domain.h b/xen/arch/arm/include/asm/domain.h index c56f6e4398..ed63c2b6f9 100644 --- a/xen/arch/arm/include/asm/domain.h +++ b/xen/arch/arm/include/asm/domain.h @@ -281,6 +281,10 @@ static inline void arch_vcpu_block(struct vcpu *v) {} /* vPCI is not available on Arm */ #define has_vpci(d) ({ (void)(d); false; }) +struct arch_vcpu_io { + struct instr_details dabt_instr; /* when the instruction is decoded */ +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/arch/arm/include/asm/mmio.h b/xen/arch/arm/include/asm/mmio.h index 3354d9c635..ca259a79c2 100644 --- a/xen/arch/arm/include/asm/mmio.h +++ b/xen/arch/arm/include/asm/mmio.h @@ -26,12 +26,24 @@ #define MAX_IO_HANDLER 16 +enum instr_decode_state +{ + INSTR_ERROR, /* Error encountered while decoding instr */ + INSTR_VALID, /* ISS is valid, so no need to decode */ + /* + * Instruction is decoded successfully. It is a ldr/str post indexing + * instruction. + */ + INSTR_LDR_STR_POSTINDEXING, +}; + typedef struct { struct hsr_dabt dabt; struct instr_details { unsigned long rn:5; signed int imm9:9; + enum instr_decode_state state; } dabt_instr; paddr_t gpa; } mmio_info_t; @@ -69,14 +81,15 @@ struct vmmio { }; enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa); + mmio_info_t *info); void register_mmio_handler(struct domain *d, const struct mmio_handler_ops *ops, paddr_t addr, paddr_t size, void *priv); int domain_io_init(struct domain *d, int max_count); void domain_io_free(struct domain *d); +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info); #endif /* __ASM_ARM_MMIO_H__ */ diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h index 2ed2b85c6f..08bc0b484c 100644 --- a/xen/arch/arm/include/asm/traps.h +++ b/xen/arch/arm/include/asm/traps.h @@ -109,6 +109,8 @@ static inline register_t sign_extend(const struct hsr_dabt dabt, register_t r) return r; } +void finalize_instr_emulation(const struct instr_details *instr); + #endif /* __ASM_ARM_TRAPS__ */ /* * Local variables: diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fad103bdbd..fd903b7b03 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -102,57 +102,79 @@ static const struct mmio_handler *find_mmio_handler(struct domain *d, return handler; } +void try_decode_instruction(const struct cpu_user_regs *regs, + mmio_info_t *info) +{ + int rc; + + if ( info->dabt.valid ) + { + info->dabt_instr.state = INSTR_VALID; + + /* + * Erratum 766422: Thumb store translation fault to Hypervisor may + * not have correct HSR Rt value. + */ + if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && + info->dabt.write ) + { + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } + } + return; + } + + /* + * Armv8 processor does not provide a valid syndrome for decoding some + * instructions. So in order to process these instructions, Xen must + * decode them. + */ + rc = decode_instruction(regs, info); + if ( rc ) + { + gprintk(XENLOG_ERR, "Unable to decode instruction\n"); + info->dabt_instr.state = INSTR_ERROR; + } +} + enum io_state try_handle_mmio(struct cpu_user_regs *regs, - const union hsr hsr, - paddr_t gpa) + mmio_info_t *info) { struct vcpu *v = current; const struct mmio_handler *handler = NULL; - const struct hsr_dabt dabt = hsr.dabt; - mmio_info_t info = { - .gpa = gpa, - .dabt = dabt - }; + int rc; - ASSERT(hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + ASSERT(info->dabt.ec == HSR_EC_DATA_ABORT_LOWER_EL); - handler = find_mmio_handler(v->domain, info.gpa); - if ( !handler ) + if ( !info->dabt.valid ) { - int rc; + ASSERT_UNREACHABLE(); + return IO_ABORT; + } - rc = try_fwd_ioserv(regs, v, &info); + handler = find_mmio_handler(v->domain, info->gpa); + if ( !handler ) + { + rc = try_fwd_ioserv(regs, v, info); if ( rc == IO_HANDLED ) return handle_ioserv(regs, v); return rc; } - /* All the instructions used on emulated MMIO region should be valid */ - if ( !dabt.valid ) - return IO_ABORT; - /* - * Erratum 766422: Thumb store translation fault to Hypervisor may - * not have correct HSR Rt value. + * At this point, we know that the instruction is either valid or has been + * decoded successfully. Thus, Xen should be allowed to execute the + * instruction on the emulated MMIO region. */ - if ( check_workaround_766422() && (regs->cpsr & PSR_THUMB) && - dabt.write ) - { - int rc; - - rc = decode_instruction(regs, &info); - if ( rc ) - { - gprintk(XENLOG_DEBUG, "Unable to decode instruction\n"); - return IO_ABORT; - } - } - - if ( info.dabt.write ) - return handle_write(handler, v, &info); + if ( info->dabt.write ) + return handle_write(handler, v, info); else - return handle_read(handler, v, &info); + return handle_read(handler, v, info); } void register_mmio_handler(struct domain *d, diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 308650b400..54167aebcb 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -47,6 +47,8 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu *v, mmio_info_t *info) { struct vcpu_io *vio = &v->io; + struct instr_details instr = info->dabt_instr; + struct hsr_dabt dabt = info->dabt; ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -76,10 +78,10 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, if ( !s ) return IO_UNHANDLED; - if ( !info->dabt.valid ) - return IO_ABORT; + ASSERT(dabt.valid); vio->req = p; + vio->info.dabt_instr = instr; rc = ioreq_send(s, &p, 0); if ( rc != IO_RETRY || v->domain->is_shutting_down ) @@ -95,6 +97,7 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, bool arch_ioreq_complete_mmio(void) { struct vcpu *v = current; + struct instr_details dabt_instr = v->io.info.dabt_instr; struct cpu_user_regs *regs = guest_cpu_user_regs(); const union hsr hsr = { .bits = regs->hsr }; @@ -106,6 +109,7 @@ bool arch_ioreq_complete_mmio(void) if ( handle_ioserv(regs, v) == IO_HANDLED ) { + finalize_instr_emulation(&dabt_instr); advance_pc(regs, hsr); return true; } diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 7a1b679b8c..11f970d926 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1893,6 +1893,21 @@ static bool try_map_mmio(gfn_t gfn) return !map_regions_p2mt(d, gfn, 1, mfn, p2m_mmio_direct_c); } +static inline bool check_p2m(bool is_data, paddr_t gpa) +{ + /* + * First check if the translation fault can be resolved by the P2M subsystem. + * If that's the case nothing else to do. + */ + if ( p2m_resolve_translation_fault(current->domain , gaddr_to_gfn(gpa)) ) + return true; + + if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + return true; + + return false; +} + static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, const union hsr hsr) { @@ -1906,6 +1921,8 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, paddr_t gpa; uint8_t fsc = xabt.fsc & ~FSC_LL_MASK; bool is_data = (hsr.ec == HSR_EC_DATA_ABORT_LOWER_EL); + mmio_info_t info; + enum io_state state; /* * If this bit has been set, it means that this stage-2 abort is caused @@ -1959,21 +1976,52 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, return; } case FSC_FLT_TRANS: + { + info.gpa = gpa; + info.dabt = hsr.dabt; + /* - * Attempt first to emulate the MMIO as the data abort will - * likely happen in an emulated region. - * - * Note that emulated region cannot be executed + * Assumption :- Most of the times when we get a data abort and the ISS + * is invalid or an instruction abort, the underlying cause is that the + * page tables have not been set up correctly. */ - if ( is_data ) + if ( !is_data || !info.dabt.valid ) { - enum io_state state = try_handle_mmio(regs, hsr, gpa); + if ( check_p2m(is_data, gpa) ) + return; - switch ( state ) - { + /* + * If the instruction abort could not be resolved by setting the + * appropriate bits in the translation table, then Xen should + * forward the abort to the guest. + */ + if ( !is_data ) + goto inject_abt; + } + + try_decode_instruction(regs, &info); + + /* + * If Xen could not decode the instruction or encountered an error + * while decoding, then it should forward the abort to the guest. + */ + if ( info.dabt_instr.state == INSTR_ERROR ) + goto inject_abt; + + state = try_handle_mmio(regs, &info); + + switch ( state ) + { case IO_ABORT: goto inject_abt; case IO_HANDLED: + /* + * If the instruction was decoded and has executed successfully + * on the MMIO region, then Xen should execute the next part of + * the instruction. (for eg increment the rn if it is a + * post-indexing instruction. + */ + finalize_instr_emulation(&info.dabt_instr); advance_pc(regs, hsr); return; case IO_RETRY: @@ -1982,21 +2030,18 @@ static void do_trap_stage2_abort_guest(struct cpu_user_regs *regs, case IO_UNHANDLED: /* IO unhandled, try another way to handle it. */ break; - } } /* - * First check if the translation fault can be resolved by the - * P2M subsystem. If that's the case nothing else to do. + * If the instruction syndrome was invalid, then we already checked if + * this was due to a P2M fault. So no point to check again as the result + * will be the same. */ - if ( p2m_resolve_translation_fault(current->domain, - gaddr_to_gfn(gpa)) ) - return; - - if ( is_data && try_map_mmio(gaddr_to_gfn(gpa)) ) + if ( (info.dabt_instr.state == INSTR_VALID) && check_p2m(is_data, gpa) ) return; break; + } default: gprintk(XENLOG_WARNING, "Unsupported FSC: HSR=%#"PRIregister" DFSC=%#x\n", diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index e62e109598..35898d725f 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -756,6 +756,9 @@ static inline void pv_inject_sw_interrupt(unsigned int vector) : is_pv_32bit_domain(d) ? PV32_VM_ASSIST_MASK \ : PV64_VM_ASSIST_MASK) +struct arch_vcpu_io { +}; + #endif /* __ASM_DOMAIN_H__ */ /* diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 10ea969c7a..406d9bc610 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -160,6 +160,8 @@ struct vcpu_io { /* I/O request in flight to device model. */ enum vio_completion completion; ioreq_t req; + /* Arch specific info pertaining to the io request */ + struct arch_vcpu_io info; }; struct vcpu -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sun Mar 20 12:22:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sun, 20 Mar 2022 12:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292586.496879 (Exim 4.92) (envelope-from ) id 1nVuZZ-0002q8-CA; Sun, 20 Mar 2022 12:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292586.496879; Sun, 20 Mar 2022 12:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZZ-0002q0-9M; Sun, 20 Mar 2022 12:22:13 +0000 Received: by outflank-mailman (input) for mailman id 292586; Sun, 20 Mar 2022 12:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZY-0002pk-F4 for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nVuZY-0006f2-EB for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nVuZY-0001b9-D7 for xen-changelog@lists.xenproject.org; Sun, 20 Mar 2022 12:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b/0ups/JfNiUwBAJ19HlfZ4xWc1g1QWx1KeC9P/5sk0=; b=hGBYAnjp2Bnkx4Lo4aRjNgr4ru Tt2cI3uJsx5hz3xjqofJ1bv1Npb2nC5l+EN63iqVOXKEryZVH4BBpG+vQl4PQNu2NyH8fsbqqlkj3 zXT+ieO7ggVHL4ZFzUUe+7wpJWHZJpPs8EAl0yhBxeNn0nUepmOLIvN+GU1jPSykJYrw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm64: io: Handle the abort due to access to stage1 translation table Message-Id: Date: Sun, 20 Mar 2022 12:22:12 +0000 commit fdfb07eb28e42b456e5e1ce999a47cc3ea439f7f Author: Ayan Kumar Halder AuthorDate: Thu Mar 17 14:00:45 2022 +0000 Commit: Stefano Stabellini CommitDate: Fri Mar 18 21:17:34 2022 -0700 xen/arm64: io: Handle the abort due to access to stage1 translation table If the abort was caused due to access to stage1 translation table, Xen will try to set the p2m entry (assuming that the Stage 1 translation table is in a non MMIO region). If there is no such entry found, then Xen will try to map the address as a MMIO region (assuming that the Stage 1 translation table is in a direct MMIO region). If that fails as well, then there are the two following scenarios:- 1. Stage 1 translation table being in an emulated MMIO region - Xen can read the region, but it has no way to return the value read to the CPU page table walker (which tries to go through the stage1 tables to resolve the translation fault). 2. Stage 1 translation table address is invalid. In both the above scenarios, Xen will forward the abort to the guest. Signed-off-by: Ayan Kumar Halder Tested-by: Stefano Stabellini Reviewed-by: Stefano Stabellini Reviewed-by: Julien Grall --- xen/arch/arm/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index fd903b7b03..6f458ee7fd 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -128,6 +128,17 @@ void try_decode_instruction(const struct cpu_user_regs *regs, return; } + /* + * At this point, we know that the stage1 translation table is either in an + * emulated MMIO region or its address is invalid . This is not expected by + * Xen and thus it forwards the abort to the guest. + */ + if ( info->dabt.s1ptw ) + { + info->dabt_instr.state = INSTR_ERROR; + return; + } + /* * Armv8 processor does not provide a valid syndrome for decoding some * instructions. So in order to process these instructions, Xen must -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 21 11:33:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Mar 2022 11:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.292939.497504 (Exim 4.92) (envelope-from ) id 1nWGHZ-0002z0-7g; Mon, 21 Mar 2022 11:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 292939.497504; Mon, 21 Mar 2022 11:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWGHZ-0002ys-4i; Mon, 21 Mar 2022 11:33:05 +0000 Received: by outflank-mailman (input) for mailman id 292939; Mon, 21 Mar 2022 11:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWGHX-0002yk-TN for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 11:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWGHX-0005ZP-Rp for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 11:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nWGHX-0003cj-Qg for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 11:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AZNhGVE27S7ToIY2SL3oEu1AceocXkE25pywtA0l1Q4=; b=PT9oXsumTWWEpM0BUti632OhV4 4Aie0ew7xghVIgQfaZRz7D9GKimtaZEFc2v/gO5k8bOPpXVir/T0l4uWQHQq3nKLzAhgmjRNIkMCz pM+mx2/Glgfd4NnddQ9IwjM5iVnuHVfR9s2scm5crZTvML8wsz1U8HjmjByU2pDMga0M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] evtchn/fifo: Don't set PENDING bit if guest misbehaves Message-Id: Date: Mon, 21 Mar 2022 11:33:03 +0000 commit 8aa0e9d2d1a4815516607eabe9b2e850f284a2f8 Author: Raphael Ning AuthorDate: Wed Mar 16 18:38:41 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 21 10:28:33 2022 +0000 evtchn/fifo: Don't set PENDING bit if guest misbehaves Currently, evtchn_fifo_set_pending() will mark the event as PENDING even if it fails to lock the FIFO event queue(s), or if the guest has not initialized the FIFO control block for the target vCPU. A well-behaved guest should never trigger either of these cases. There is no good reason to set the PENDING bit (the guest should not depend on this behaviour anyway) or check for pollers in such corner cases, so skip that. In fact, both the comment above the for loop and the commit message for 41a822c39263 xen/events: rework fifo queue locking suggest that the bit should be set after the FIFO queue(s) are locked. Take the opportunity to rename the was_pending variable (flipping its sense) and switch to the standard bool type. Suggested-by: David Vrabel Signed-off-by: Raphael Ning Acked-by: Andrew Cooper Reviewed-by: David Vrabel Tested-by: Luca Fancellu --- xen/common/event_fifo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index ed4d3beb10..0766358e9e 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -165,7 +165,7 @@ static void cf_check evtchn_fifo_set_pending( unsigned int port; event_word_t *word; unsigned long flags; - bool_t was_pending; + bool check_pollers = false; struct evtchn_fifo_queue *q, *old_q; unsigned int try; bool linked = true; @@ -226,8 +226,6 @@ static void cf_check evtchn_fifo_set_pending( spin_unlock_irqrestore(&q->lock, flags); } - was_pending = guest_test_and_set_bit(d, EVTCHN_FIFO_PENDING, word); - /* If we didn't get the lock bail out. */ if ( try == 3 ) { @@ -249,6 +247,8 @@ static void cf_check evtchn_fifo_set_pending( goto unlock; } + check_pollers = !guest_test_and_set_bit(d, EVTCHN_FIFO_PENDING, word); + /* * Link the event if it unmasked and not already linked. */ @@ -314,7 +314,7 @@ static void cf_check evtchn_fifo_set_pending( &v->evtchn_fifo->control_block->ready) ) vcpu_mark_events_pending(v); - if ( !was_pending ) + if ( check_pollers ) evtchn_check_pollers(d, port); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Mar 21 23:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 21 Mar 2022 23:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293245.498121 (Exim 4.92) (envelope-from ) id 1nWRrc-000360-5l; Mon, 21 Mar 2022 23:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293245.498121; Mon, 21 Mar 2022 23:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWRrc-00035s-2k; Mon, 21 Mar 2022 23:55:04 +0000 Received: by outflank-mailman (input) for mailman id 293245; Mon, 21 Mar 2022 23:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWRra-00035m-8Q for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 23:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWRra-0001zN-7Z for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 23:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nWRra-0004V7-6N for xen-changelog@lists.xenproject.org; Mon, 21 Mar 2022 23:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OI80HRM0dBMJatsRmrbV3rzq6b7T57mlu4E88Kgzpgs=; b=l6PnwU816GNhTwnrIu43NTe8QQ hOHhESxaivGDzaGnzxFJ/CBKM8FfZZVU7yAS9fsKaxj16Tvxpf5jG4OmBCR82CtY3dYwruUvrvybn r66SD/oUxFsnck51zkEUznvDt16LFTFPvJK+SAFNydUn+24yWVkJnSjbzLTy6tsyZiUo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] evtchn/fifo: Don't set PENDING bit if guest misbehaves Message-Id: Date: Mon, 21 Mar 2022 23:55:02 +0000 commit 8aa0e9d2d1a4815516607eabe9b2e850f284a2f8 Author: Raphael Ning AuthorDate: Wed Mar 16 18:38:41 2022 +0000 Commit: Julien Grall CommitDate: Mon Mar 21 10:28:33 2022 +0000 evtchn/fifo: Don't set PENDING bit if guest misbehaves Currently, evtchn_fifo_set_pending() will mark the event as PENDING even if it fails to lock the FIFO event queue(s), or if the guest has not initialized the FIFO control block for the target vCPU. A well-behaved guest should never trigger either of these cases. There is no good reason to set the PENDING bit (the guest should not depend on this behaviour anyway) or check for pollers in such corner cases, so skip that. In fact, both the comment above the for loop and the commit message for 41a822c39263 xen/events: rework fifo queue locking suggest that the bit should be set after the FIFO queue(s) are locked. Take the opportunity to rename the was_pending variable (flipping its sense) and switch to the standard bool type. Suggested-by: David Vrabel Signed-off-by: Raphael Ning Acked-by: Andrew Cooper Reviewed-by: David Vrabel Tested-by: Luca Fancellu --- xen/common/event_fifo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/event_fifo.c b/xen/common/event_fifo.c index ed4d3beb10..0766358e9e 100644 --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -165,7 +165,7 @@ static void cf_check evtchn_fifo_set_pending( unsigned int port; event_word_t *word; unsigned long flags; - bool_t was_pending; + bool check_pollers = false; struct evtchn_fifo_queue *q, *old_q; unsigned int try; bool linked = true; @@ -226,8 +226,6 @@ static void cf_check evtchn_fifo_set_pending( spin_unlock_irqrestore(&q->lock, flags); } - was_pending = guest_test_and_set_bit(d, EVTCHN_FIFO_PENDING, word); - /* If we didn't get the lock bail out. */ if ( try == 3 ) { @@ -249,6 +247,8 @@ static void cf_check evtchn_fifo_set_pending( goto unlock; } + check_pollers = !guest_test_and_set_bit(d, EVTCHN_FIFO_PENDING, word); + /* * Link the event if it unmasked and not already linked. */ @@ -314,7 +314,7 @@ static void cf_check evtchn_fifo_set_pending( &v->evtchn_fifo->control_block->ready) ) vcpu_mark_events_pending(v); - if ( !was_pending ) + if ( check_pollers ) evtchn_check_pollers(d, port); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Mar 22 12:22:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Mar 2022 12:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293430.498495 (Exim 4.92) (envelope-from ) id 1nWdWY-0005mP-M2; Tue, 22 Mar 2022 12:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293430.498495; Tue, 22 Mar 2022 12:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWY-0005mH-J0; Tue, 22 Mar 2022 12:22:06 +0000 Received: by outflank-mailman (input) for mailman id 293430; Tue, 22 Mar 2022 12:22:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWX-0005mB-0s for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWW-0005P7-VS for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nWdWW-0002bt-UR for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NgrnL4NY6pMwDYYOT6C3ChnRYXyBjZ5ZN2VZwOPbwXI=; b=AWOAA3f62Zk4FL6kMgK7h24Ik3 w2IbUw8S2b4nkRZIjlHvfQAbi9tLIyp5uyQpCp2kJsUBmGwGu+IWyz/aW6xsaqvU+2WVRs3y7s/IT WJqnOrxyVeKWI1g2YzQilByBV1X9US002VbnrJjTcGm4Cbvy6d6Dmr5ibwxLZT8dc8Hk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Annotate hvm_physdev_op() with cf_check Message-Id: Date: Tue, 22 Mar 2022 12:22:04 +0000 commit b68664ab8954fd6aecbc579fc7444aa6e07f5581 Author: Andrew Cooper AuthorDate: Tue Mar 22 13:07:24 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:07:24 2022 +0100 x86/hvm: Annotate hvm_physdev_op() with cf_check This was missed previously, and would yield a fatal #CP for any HVM domain which issues a physdevop hypercall. Fixes: cdbe2b0a1aec ("x86: Enable CET Indirect Branch Tracking") Reported-by: Juergen Gross Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 030243810e..62b5349e7d 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -78,7 +78,7 @@ static long cf_check hvm_grant_table_op( } #endif -static long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 22 12:22:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Mar 2022 12:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293431.498499 (Exim 4.92) (envelope-from ) id 1nWdWi-0005oG-NN; Tue, 22 Mar 2022 12:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293431.498499; Tue, 22 Mar 2022 12:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWi-0005o8-KV; Tue, 22 Mar 2022 12:22:16 +0000 Received: by outflank-mailman (input) for mailman id 293431; Tue, 22 Mar 2022 12:22:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWh-0005nx-3D for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWh-0005PH-2O for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nWdWh-0002eD-1O for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OhFQUmEcD2Cw4c3ZUvdi7U2xYEkQ6KYn39rLjAsBGlA=; b=IZDxpXwWV4cDUbgQnmw4rvpI7Z Iz9KECgzWqF38R0E+YNUtlNdbQzhGp6IT7k0h7rDoiEb9GfVhnx+nWZAr6zatSubtN8MN68ApWtTT CXWjJvvBn8uTle1p1X46E06JerQY70FD66PahA7w4WKhdEnym/eZEyGXG5LilUE3zLBQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/build: work around older GNU ld not leaving .got.plt empty Message-Id: Date: Tue, 22 Mar 2022 12:22:15 +0000 commit a2b8da2574586270207c6eb8e7aa8cd19eb74947 Author: Jan Beulich AuthorDate: Tue Mar 22 13:10:59 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:10:59 2022 +0100 x86/build: work around older GNU ld not leaving .got.plt empty The initial three entries in .got.plt are "static", i.e. present independent of actual entries allocation of which is triggered by respective relocations. When no real entries are needed, halfway recent ld discards the "static" portion of the table as well, but older GNU ld fails to do so. Fixes: dedb0aa42c6d ("x86/build: use --orphan-handling linker option if available") Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Tested-by: Julien Grall --- xen/arch/x86/xen.lds.S | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index d33e295320..db2aaf7781 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -497,7 +497,13 @@ ASSERT(IS_ALIGNED(__bss_end, 8), "__bss_end misaligned") #ifndef EFI ASSERT(!SIZEOF(.got), ".got non-empty") -ASSERT(!SIZEOF(.got.plt), ".got.plt non-empty") +/* + * At least GNU ld 2.30 and earlier fail to discard the generic part of + * .got.plt when no actual entries were allocated. Permit this case alongside + * the section being empty. + */ +ASSERT(!SIZEOF(.got.plt) || SIZEOF(.got.plt) == 3 * 8, + "unexpected .got.plt size") ASSERT(!SIZEOF(.igot.plt), ".igot.plt non-empty") ASSERT(!SIZEOF(.iplt), ".iplt non-empty") ASSERT(!SIZEOF(.plt), ".plt non-empty") -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 22 12:22:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 22 Mar 2022 12:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293432.498503 (Exim 4.92) (envelope-from ) id 1nWdWs-0005ra-Os; Tue, 22 Mar 2022 12:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293432.498503; Tue, 22 Mar 2022 12:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWs-0005rS-Lw; Tue, 22 Mar 2022 12:22:26 +0000 Received: by outflank-mailman (input) for mailman id 293432; Tue, 22 Mar 2022 12:22:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWr-0005qx-6Q for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nWdWr-0005Ps-5d for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nWdWr-0002ey-4W for xen-changelog@lists.xenproject.org; Tue, 22 Mar 2022 12:22:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nUdzHRDXK4M+7HADzf1vaI8BTsEItfcavtawGrv3Qkk=; b=OyQcLdLjwkTe2mnXQDaAmwFxYl g9xiAo6ZX5jEdYfQFewO+UC3V1pNpmQjyHdZvxxWzE45wc3ekHSnW2RZkOK29G1O08jKxIOTYqRUA pwUXfzaUanqCvrK+SPNLnTqFCfrTE/wM5O4OP+XTobpv9VV6N/E321dX5gVX17Uc/Kh4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/build: also handle .comment.* in linker script Message-Id: Date: Tue, 22 Mar 2022 12:22:25 +0000 commit 69e46280937526db9cf78259cd8a0a9ec62dc847 Author: Jan Beulich AuthorDate: Tue Mar 22 13:11:40 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:11:40 2022 +0100 x86/build: also handle .comment.* in linker script Oldish SUSE compilers generate .comment.SUSE.OPTS sections. Just like we already discard such for xen.efi, fold them into .comment for xen-syms. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index db2aaf7781..3f9f633f55 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -454,7 +454,7 @@ SECTIONS .stab.exclstr 0 : { *(.stab.exclstr) } .stab.index 0 : { *(.stab.index) } .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + .comment 0 : { *(.comment) *(.comment.*) } /* * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to * be benign to GNU ld, so we can have them here unconditionally. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 23 13:55:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Mar 2022 13:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293894.499441 (Exim 4.92) (envelope-from ) id 1nX1S2-0000oK-MN; Wed, 23 Mar 2022 13:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293894.499441; Wed, 23 Mar 2022 13:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1S2-0000oC-JW; Wed, 23 Mar 2022 13:55:02 +0000 Received: by outflank-mailman (input) for mailman id 293894; Wed, 23 Mar 2022 13:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1S2-0000o6-6B for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1S1-00060u-UU for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nX1S1-0004vW-TG for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=epGPKpbzHRC5nkaYVnQJbSO/MxTKAsHDUWgWio2ff74=; b=5JfjvE2+D2oFlyzh8C3EYK9WGv t3sDNVsZDnInR9p+Ap88anNJRo/NDYEx9zfgiXL+54jMdBLGzWNXBQIHKnniuwis7407JfpK/izaj 7Y08p/LnYRUtbMiPjIJsTMrnaAs8ORsSkil77gbX7D3brGn9wIe4uXp/uvG5NNje2xNo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: Annotate hvm_physdev_op() with cf_check Message-Id: Date: Wed, 23 Mar 2022 13:55:01 +0000 commit b68664ab8954fd6aecbc579fc7444aa6e07f5581 Author: Andrew Cooper AuthorDate: Tue Mar 22 13:07:24 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:07:24 2022 +0100 x86/hvm: Annotate hvm_physdev_op() with cf_check This was missed previously, and would yield a fatal #CP for any HVM domain which issues a physdevop hypercall. Fixes: cdbe2b0a1aec ("x86: Enable CET Indirect Branch Tracking") Reported-by: Juergen Gross Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index 030243810e..62b5349e7d 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -78,7 +78,7 @@ static long cf_check hvm_grant_table_op( } #endif -static long hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +static long cf_check hvm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { const struct vcpu *curr = current; const struct domain *currd = curr->domain; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 23 13:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Mar 2022 13:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293895.499445 (Exim 4.92) (envelope-from ) id 1nX1SC-0000qP-Nx; Wed, 23 Mar 2022 13:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293895.499445; Wed, 23 Mar 2022 13:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SC-0000qH-Ky; Wed, 23 Mar 2022 13:55:12 +0000 Received: by outflank-mailman (input) for mailman id 293895; Wed, 23 Mar 2022 13:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SC-0000q9-2V for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SC-00062b-1P for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nX1SC-0004w3-0Q for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sHagRgkL+AHc6ceg5sA4s4Ev3bJyy+kGCGGF6RxJH4g=; b=WfvNlfSSDnYWJ2qG6nfPbsouE3 INC6tEnps050AWO1cMLQvfRpfj1cTpkr8t6XoM3riZcpb1xCrOsKIQXOjG6gLTeT6+zeDtJYduxqX R2T5D0iJj3NRW1laMPl9W+ZSfMMNaJB7UCWix4GJDoQ0yVRS4GqMkpOMgCkdFniNFtDA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/build: work around older GNU ld not leaving .got.plt empty Message-Id: Date: Wed, 23 Mar 2022 13:55:12 +0000 commit a2b8da2574586270207c6eb8e7aa8cd19eb74947 Author: Jan Beulich AuthorDate: Tue Mar 22 13:10:59 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:10:59 2022 +0100 x86/build: work around older GNU ld not leaving .got.plt empty The initial three entries in .got.plt are "static", i.e. present independent of actual entries allocation of which is triggered by respective relocations. When no real entries are needed, halfway recent ld discards the "static" portion of the table as well, but older GNU ld fails to do so. Fixes: dedb0aa42c6d ("x86/build: use --orphan-handling linker option if available") Reported-by: Julien Grall Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné Tested-by: Julien Grall --- xen/arch/x86/xen.lds.S | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index d33e295320..db2aaf7781 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -497,7 +497,13 @@ ASSERT(IS_ALIGNED(__bss_end, 8), "__bss_end misaligned") #ifndef EFI ASSERT(!SIZEOF(.got), ".got non-empty") -ASSERT(!SIZEOF(.got.plt), ".got.plt non-empty") +/* + * At least GNU ld 2.30 and earlier fail to discard the generic part of + * .got.plt when no actual entries were allocated. Permit this case alongside + * the section being empty. + */ +ASSERT(!SIZEOF(.got.plt) || SIZEOF(.got.plt) == 3 * 8, + "unexpected .got.plt size") ASSERT(!SIZEOF(.igot.plt), ".igot.plt non-empty") ASSERT(!SIZEOF(.iplt), ".iplt non-empty") ASSERT(!SIZEOF(.plt), ".plt non-empty") -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Mar 23 13:55:22 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 23 Mar 2022 13:55:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.293896.499449 (Exim 4.92) (envelope-from ) id 1nX1SM-0000tF-Pe; Wed, 23 Mar 2022 13:55:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 293896.499449; Wed, 23 Mar 2022 13:55:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SM-0000t8-MV; Wed, 23 Mar 2022 13:55:22 +0000 Received: by outflank-mailman (input) for mailman id 293896; Wed, 23 Mar 2022 13:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SM-0000sv-5D for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nX1SM-00062s-4P for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nX1SM-0004wY-3Z for xen-changelog@lists.xenproject.org; Wed, 23 Mar 2022 13:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=M0puUMXkgBslrXnJlz/dPTKfmAO4R3TBWFOCh7PecaU=; b=vFtrBj5cG2VyatiEoA51aa1xio 8n1pQ87hhXjbUjVWHwPT06LUBzAs18E1C1wKjOWLHSBsO3qHdq8Ab0tP2cgiUR/nGXbbYdFgu5e5a CgCvgTv6awvzHJT4pAThY9+n6PzpUldpp0E1CBWuL06xGtpsnv9le4C0xn7JusvfCsMw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/build: also handle .comment.* in linker script Message-Id: Date: Wed, 23 Mar 2022 13:55:22 +0000 commit 69e46280937526db9cf78259cd8a0a9ec62dc847 Author: Jan Beulich AuthorDate: Tue Mar 22 13:11:40 2022 +0100 Commit: Jan Beulich CommitDate: Tue Mar 22 13:11:40 2022 +0100 x86/build: also handle .comment.* in linker script Oldish SUSE compilers generate .comment.SUSE.OPTS sections. Just like we already discard such for xen.efi, fold them into .comment for xen-syms. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/xen.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index db2aaf7781..3f9f633f55 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -454,7 +454,7 @@ SECTIONS .stab.exclstr 0 : { *(.stab.exclstr) } .stab.index 0 : { *(.stab.index) } .stab.indexstr 0 : { *(.stab.indexstr) } - .comment 0 : { *(.comment) } + .comment 0 : { *(.comment) *(.comment.*) } /* * LLVM ld also wants .symtab, .strtab, and .shstrtab placed. These look to * be benign to GNU ld, so we can have them here unconditionally. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 24 10:55:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Mar 2022 10:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294236.500193 (Exim 4.92) (envelope-from ) id 1nXL7R-0004F4-HH; Thu, 24 Mar 2022 10:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294236.500193; Thu, 24 Mar 2022 10:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7R-0004Ev-E8; Thu, 24 Mar 2022 10:55:05 +0000 Received: by outflank-mailman (input) for mailman id 294236; Thu, 24 Mar 2022 10:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7Q-0004Ep-Jt for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7Q-0001gU-Fu for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXL7Q-0001xn-Ex for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G9D0XhNiRM1cJKzHss0A/P2CME2n4Hlew05ldlj0lwo=; b=IWkkQg2ZYhHVZkk/D+R7zs+xeX 19P7xjz76zid73+77LMk9EDs20aCLQOPm4OxwBFMDaNOodLD6Yxf0VDYPsTtVi0uCQ5asVPYeqdPY 8sOf8QBJSEitITuPQ8dQcbQ37z4IvTbsknJHvRQB3qb1e1b3rO1FqwK2Jfy4jUiotr1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: rename do_phydev_op() to do_arm_physdev_op() Message-Id: Date: Thu, 24 Mar 2022 10:55:04 +0000 commit a62ebaf3c9522051a7a0333f324e5cedd840f392 Author: Juergen Gross AuthorDate: Thu Mar 24 11:45:37 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 24 11:45:37 2022 +0100 xen/arm: rename do_phydev_op() to do_arm_physdev_op() do_physdev_op() prototypes on Arm and x86 differ in their return type, so rename the Arm one in order to prepare using a common generated header file. Signed-off-by: Juergen Gross Acked-by: Julien Grall --- xen/arch/arm/include/asm/hypercall.h | 2 +- xen/arch/arm/physdev.c | 2 +- xen/arch/arm/traps.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index a0c5a31a2f..39d2e7889d 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -2,7 +2,7 @@ #define __ASM_ARM_HYPERCALL_H__ #include /* for arch_do_domctl */ -int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); +int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); long do_arm_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg); diff --git a/xen/arch/arm/physdev.c b/xen/arch/arm/physdev.c index f9aa274dda..95a8cdc0ee 100644 --- a/xen/arch/arm/physdev.c +++ b/xen/arch/arm/physdev.c @@ -11,7 +11,7 @@ #include -int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { #ifdef CONFIG_HAS_PCI return pci_physdev_op(cmd, arg); diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 11f970d926..43f30747cf 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1371,7 +1371,7 @@ static arm_hypercall_t arm_hypercall_table[] = { HYPERCALL(xsm_op, 1), HYPERCALL(event_channel_op, 2), HYPERCALL_DEPRECATED(event_channel_op_compat, 1), - HYPERCALL(physdev_op, 2), + HYPERCALL_ARM(physdev_op, 2), HYPERCALL_DEPRECATED(physdev_op_compat, 1), HYPERCALL(sysctl, 2), HYPERCALL(hvm_op, 2), -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 24 10:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Mar 2022 10:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294237.500197 (Exim 4.92) (envelope-from ) id 1nXL7b-0004Gu-IS; Thu, 24 Mar 2022 10:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294237.500197; Thu, 24 Mar 2022 10:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7b-0004Gm-Fa; Thu, 24 Mar 2022 10:55:15 +0000 Received: by outflank-mailman (input) for mailman id 294237; Thu, 24 Mar 2022 10:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7a-0004GZ-Jx for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXL7a-0001i5-JA for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXL7a-0001yS-I3 for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 10:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y0d+BNBf8OW6m5IdgC8e+ahNqCPVOVMWybaJwio8Ic0=; b=VteX6GqT/D3M4q8vWLESEn2C5s C5hbZpXT+kF3Xogj9U7tVgYAg8mDeu3IsMryhCl5OYCHfzmgHJreNCIsBBRuLZeZ2JgRjp18r/5yH jhUuKOQDmNuom/uqwNb6YUpXQyb9zTiQPwGZXSPjAZylDK1ZBynDftebeRnGeKeU0lS0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: provide and export ADDR2LINE Message-Id: Date: Thu, 24 Mar 2022 10:55:14 +0000 commit 1c80f13a6efdc832878d7a431e2c216039d063bc Author: Jan Beulich AuthorDate: Thu Mar 24 11:51:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 24 11:51:26 2022 +0100 build: provide and export ADDR2LINE Now that x86'es check-endbr.sh script uses it, also make it available consistently with other tool chain components. Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu --- config/StdGNU.mk | 1 + config/SunOS.mk | 1 + xen/Makefile | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/StdGNU.mk b/config/StdGNU.mk index 039274ea61..aaa0d007f7 100644 --- a/config/StdGNU.mk +++ b/config/StdGNU.mk @@ -10,6 +10,7 @@ CXX = $(CROSS_COMPILE)g++ LD_LTO = $(CROSS_COMPILE)ld endif CPP = $(CC) -E +ADDR2LINE = $(CROSS_COMPILE)addr2line AR = $(CROSS_COMPILE)ar RANLIB = $(CROSS_COMPILE)ranlib NM = $(CROSS_COMPILE)nm diff --git a/config/SunOS.mk b/config/SunOS.mk index 0fe5f45590..f1088e3833 100644 --- a/config/SunOS.mk +++ b/config/SunOS.mk @@ -3,6 +3,7 @@ LD = $(CROSS_COMPILE)gld CC = $(CROSS_COMPILE)gcc CPP = $(CROSS_COMPILE)gcc -E CXX = $(CROSS_COMPILE)g++ +ADDR2LINE = $(CROSS_COMPILE)gaddr2line AR = $(CROSS_COMPILE)gar RANLIB = $(CROSS_COMPILE)granlib NM = $(CROSS_COMPILE)gnm diff --git a/xen/Makefile b/xen/Makefile index 18a4f7e101..ad9bfc2506 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -55,7 +55,7 @@ export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ # Allow someone to change their config file export KCONFIG_CONFIG ?= .config -export CC CXX LD NM OBJCOPY OBJDUMP +export CC CXX LD NM OBJCOPY OBJDUMP ADDR2LINE export TARGET := xen -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 24 23:33:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Mar 2022 23:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294522.500835 (Exim 4.92) (envelope-from ) id 1nXWwx-0000GL-Ge; Thu, 24 Mar 2022 23:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294522.500835; Thu, 24 Mar 2022 23:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWwx-0000GC-DL; Thu, 24 Mar 2022 23:33:03 +0000 Received: by outflank-mailman (input) for mailman id 294522; Thu, 24 Mar 2022 23:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWww-0000G6-C4 for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWww-0006rD-A8 for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXWww-00029g-7Q for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4sD7+jQ7t557llyt5+nw62GRR1DlDA7nkDbtZdRRRJ4=; b=wy54/btvNgn+9dyeOby4S/8D6f KLOZTaHOXK3lyB5ZUZS92Mp3wucj1t/7/MmPYqBwmSa/G+C2yqnSaitZ92bvGWhQ5bMCfc7fWlw6l grVpvEH1furexQVovPbDQircF0/xfV50bkotxRfjkR9FY6vrtxd+9pbeuZWOqm8lE0+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: rename do_phydev_op() to do_arm_physdev_op() Message-Id: Date: Thu, 24 Mar 2022 23:33:02 +0000 commit a62ebaf3c9522051a7a0333f324e5cedd840f392 Author: Juergen Gross AuthorDate: Thu Mar 24 11:45:37 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 24 11:45:37 2022 +0100 xen/arm: rename do_phydev_op() to do_arm_physdev_op() do_physdev_op() prototypes on Arm and x86 differ in their return type, so rename the Arm one in order to prepare using a common generated header file. Signed-off-by: Juergen Gross Acked-by: Julien Grall --- xen/arch/arm/include/asm/hypercall.h | 2 +- xen/arch/arm/physdev.c | 2 +- xen/arch/arm/traps.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index a0c5a31a2f..39d2e7889d 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -2,7 +2,7 @@ #define __ASM_ARM_HYPERCALL_H__ #include /* for arch_do_domctl */ -int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); +int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg); long do_arm_vcpu_op(int cmd, unsigned int vcpuid, XEN_GUEST_HANDLE_PARAM(void) arg); diff --git a/xen/arch/arm/physdev.c b/xen/arch/arm/physdev.c index f9aa274dda..95a8cdc0ee 100644 --- a/xen/arch/arm/physdev.c +++ b/xen/arch/arm/physdev.c @@ -11,7 +11,7 @@ #include -int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) +int do_arm_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) { #ifdef CONFIG_HAS_PCI return pci_physdev_op(cmd, arg); diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 11f970d926..43f30747cf 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1371,7 +1371,7 @@ static arm_hypercall_t arm_hypercall_table[] = { HYPERCALL(xsm_op, 1), HYPERCALL(event_channel_op, 2), HYPERCALL_DEPRECATED(event_channel_op_compat, 1), - HYPERCALL(physdev_op, 2), + HYPERCALL_ARM(physdev_op, 2), HYPERCALL_DEPRECATED(physdev_op_compat, 1), HYPERCALL(sysctl, 2), HYPERCALL(hvm_op, 2), -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 24 23:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 24 Mar 2022 23:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294523.500840 (Exim 4.92) (envelope-from ) id 1nXWx7-0000IT-I1; Thu, 24 Mar 2022 23:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294523.500840; Thu, 24 Mar 2022 23:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWx7-0000I8-Eo; Thu, 24 Mar 2022 23:33:13 +0000 Received: by outflank-mailman (input) for mailman id 294523; Thu, 24 Mar 2022 23:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWx6-0000I2-E7 for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXWx6-0006rH-DN for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXWx6-0002Ay-CM for xen-changelog@lists.xenproject.org; Thu, 24 Mar 2022 23:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sl4qBJRw1xNZSIQuGiKFvTEm8FXmDMjhC1yHtglVza8=; b=JDY2Xzs9DyDf63Ptzt6S5IWtvC M0iTRisMmFCZgwJTOl/5xaU22RoOK4ogV30kX/eYzADyuQQUqJ3A2yOce0lX8KmrrkZ4/fAzmyulV LvWQAgcopxbfMv0rrjGKwidJvKueLNnCdBR8LGJ6dEOeiuZ4QCS14qA/Xpnt9xzrJQAk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: provide and export ADDR2LINE Message-Id: Date: Thu, 24 Mar 2022 23:33:12 +0000 commit 1c80f13a6efdc832878d7a431e2c216039d063bc Author: Jan Beulich AuthorDate: Thu Mar 24 11:51:26 2022 +0100 Commit: Jan Beulich CommitDate: Thu Mar 24 11:51:26 2022 +0100 build: provide and export ADDR2LINE Now that x86'es check-endbr.sh script uses it, also make it available consistently with other tool chain components. Signed-off-by: Jan Beulich Reviewed-by: Luca Fancellu --- config/StdGNU.mk | 1 + config/SunOS.mk | 1 + xen/Makefile | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/StdGNU.mk b/config/StdGNU.mk index 039274ea61..aaa0d007f7 100644 --- a/config/StdGNU.mk +++ b/config/StdGNU.mk @@ -10,6 +10,7 @@ CXX = $(CROSS_COMPILE)g++ LD_LTO = $(CROSS_COMPILE)ld endif CPP = $(CC) -E +ADDR2LINE = $(CROSS_COMPILE)addr2line AR = $(CROSS_COMPILE)ar RANLIB = $(CROSS_COMPILE)ranlib NM = $(CROSS_COMPILE)nm diff --git a/config/SunOS.mk b/config/SunOS.mk index 0fe5f45590..f1088e3833 100644 --- a/config/SunOS.mk +++ b/config/SunOS.mk @@ -3,6 +3,7 @@ LD = $(CROSS_COMPILE)gld CC = $(CROSS_COMPILE)gcc CPP = $(CROSS_COMPILE)gcc -E CXX = $(CROSS_COMPILE)g++ +ADDR2LINE = $(CROSS_COMPILE)gaddr2line AR = $(CROSS_COMPILE)gar RANLIB = $(CROSS_COMPILE)granlib NM = $(CROSS_COMPILE)gnm diff --git a/xen/Makefile b/xen/Makefile index 18a4f7e101..ad9bfc2506 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -55,7 +55,7 @@ export TARGET_ARCH := $(shell echo $(XEN_TARGET_ARCH) | \ # Allow someone to change their config file export KCONFIG_CONFIG ?= .config -export CC CXX LD NM OBJCOPY OBJDUMP +export CC CXX LD NM OBJCOPY OBJDUMP ADDR2LINE export TARGET := xen -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 09:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 09:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294636.501063 (Exim 4.92) (envelope-from ) id 1nXgew-0001QY-Bn; Fri, 25 Mar 2022 09:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294636.501063; Fri, 25 Mar 2022 09:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXgew-0001QQ-8y; Fri, 25 Mar 2022 09:55:06 +0000 Received: by outflank-mailman (input) for mailman id 294636; Fri, 25 Mar 2022 09:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXgeu-0001QG-K7 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 09:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXgeu-0007fg-JI for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 09:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXgeu-0005SS-IF for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 09:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/5E56gnQdXCs9lmEigu2VNz5zdg71X2QOFqsljjzgKo=; b=Eo/oxy41fa1bvgnt5JEZkii9JK UH2a+Bpojc+40nMjrYOKo7RoMYYs2rDd++dPOt7P3S6qfYzwwTbIfg4Ru3OxQ23FDbsjv5oNOU3wm RjjTxtixL2vevpSFF/lGRPwYviZt3uBMr9m1J5IO8mzqzytJuAqtm7r006W2Rg54vcbE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: set CPSR Z bit when creating aarch32 guests Message-Id: Date: Fri, 25 Mar 2022 09:55:04 +0000 commit 0e03ff97def12b121b5313094a76e5db7bb5c93c Author: Stefano Stabellini AuthorDate: Thu Mar 24 18:00:52 2022 -0700 Commit: Julien Grall CommitDate: Fri Mar 25 09:50:02 2022 +0000 xen/arm: set CPSR Z bit when creating aarch32 guests The first 32 bytes of zImage are NOPs. When CONFIG_EFI is enabled in the kernel, certain versions of Linux will use an UNPREDICTABLE NOP encoding, sometimes resulting in an unbootable kernel. Whether the resulting kernel is bootable or not depends on the processor. See commit a92882a4d270 in the Linux kernel for all the details. All kernel releases starting from Linux 4.9 without commit a92882a4d270 are affected. Fortunately there is a simple workaround: setting the "Z" bit in CPSR make it so those invalid NOP instructions are never executed. That is because the instruction is conditional (not equal). So, on QEMU at least, the instruction will end up to be ignored and not generate an exception. Setting the "Z" bit makes those kernel versions bootable again and it is harmless in the other cases. Note that both U-Boot and QEMU -kernel set the "Z" bit in CPSR when booting a zImage kernel on aarch32. Signed-off-by: Stefano Stabellini Reviewed-by: Wei Chen Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/include/public/arch-arm.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index 94b31511dd..ab05fe12b0 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -361,6 +361,7 @@ typedef uint64_t xen_callback_t; #define PSR_DBG_MASK (1<<9) /* arm64: Debug Exception mask */ #define PSR_IT_MASK (0x0600fc00) /* Thumb If-Then Mask */ #define PSR_JAZELLE (1<<24) /* Jazelle Mode */ +#define PSR_Z (1<<30) /* Zero condition flag */ /* 32 bit modes */ #define PSR_MODE_USR 0x10 @@ -383,7 +384,15 @@ typedef uint64_t xen_callback_t; #define PSR_MODE_EL1t 0x04 #define PSR_MODE_EL0t 0x00 -#define PSR_GUEST32_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_SVC) +/* + * We set PSR_Z to be able to boot Linux kernel versions with an invalid + * encoding of the first 8 NOP instructions. See commit a92882a4d270 in + * Linux. + * + * Note that PSR_Z is also set by U-Boot and QEMU -kernel when loading + * zImage kernels on aarch32. + */ +#define PSR_GUEST32_INIT (PSR_Z|PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_SVC) #define PSR_GUEST64_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_EL1h) #define SCTLR_GUEST_INIT xen_mk_ullong(0x00c50078) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 16:44:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 16:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294851.501564 (Exim 4.92) (envelope-from ) id 1nXn2k-0008OI-14; Fri, 25 Mar 2022 16:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294851.501564; Fri, 25 Mar 2022 16:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXn2j-0008OA-UK; Fri, 25 Mar 2022 16:44:05 +0000 Received: by outflank-mailman (input) for mailman id 294851; Fri, 25 Mar 2022 16:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXn2i-0008O4-Sl for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 16:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXn2i-00078p-QF for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 16:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXn2i-0007Li-Nx for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 16:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tKbnCS4F+UCDQ3lFATfiajKb56GhWSL6ti8ycTJ9O+w=; b=SOaPFUl5d0gd0WgFwkUZebh+jr nt3ncMm0SdlHhWz3JeRdfWDZP4we1cXLLrIDT0UlUNKsVSNMUUGkDqbVQxvG9HYdD1kynz5FP1c5R Q4LccmvlhlNwPLHoGswpKfCqjs3XL62sgEGdDeFSq84RgOpuSRLunP/xL71xNdT8cbn8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Fri, 25 Mar 2022 16:44:04 +0000 commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 16:35:56 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 83d0f317ec..06d6fbc864 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -117,8 +117,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294865.501601 (Exim 4.92) (envelope-from ) id 1nXndV-0005W2-L8; Fri, 25 Mar 2022 17:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294865.501601; Fri, 25 Mar 2022 17:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndV-0005Vs-I5; Fri, 25 Mar 2022 17:22:05 +0000 Received: by outflank-mailman (input) for mailman id 294865; Fri, 25 Mar 2022 17:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndU-0005Vm-56 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndU-0007wr-4I for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXndU-0006LK-3Q for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TS699wzrff1O4hIydBEJfQB+oAzhvd+WsqOPBh3O+eI=; b=3c0WiRQV73Ij+VCVz7jrknbg5u XH44oi4RwXeijJie6ivnVf3bMTWsFTbqC/8cuM4NU996yURNFQCQ4598wow0MoObLJSqWnTgfvovn r5HnzhnHUwN2mWzGo2e3JiTKuhGcloERpMWzo2X3y/7Ltcy95yhajX9L4ZPB8a0aqfcU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: Introduce support for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:22:04 +0000 commit 917b6ef91b9372dc09ba9a56740590c0b6cda6ca Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/asm-defns.h | 6 ++++++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 8f9bc05f8c..32b6637b4d 100644 --- a/Config.mk +++ b/Config.mk @@ -199,7 +199,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index b4abfca46f..be343218de 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -39,6 +39,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -124,6 +129,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 1109595fbc..456e5d5c1a 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 787376df5a..d0e92c2ded 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -8,6 +8,7 @@ CONFIG_NR_CPUS=32 CONFIG_EXPERT=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 0ff6d899f9..35fae5d649 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -151,6 +151,7 @@ #define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index b10154fc44..7413febd7a 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294866.501605 (Exim 4.92) (envelope-from ) id 1nXndf-0005YQ-Mb; Fri, 25 Mar 2022 17:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294866.501605; Fri, 25 Mar 2022 17:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndf-0005YI-Ji; Fri, 25 Mar 2022 17:22:15 +0000 Received: by outflank-mailman (input) for mailman id 294866; Fri, 25 Mar 2022 17:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnde-0005Xw-8H for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnde-0007xK-7V for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnde-0006NN-6a for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ne+kE/HInE/lMTVziMfyhWCfAcf3VTYmmU71GF0p+lQ=; b=bSKidlraTNL0q34ZKRqeUFlceN yjL9GtIZ8B1LhoIg+jBfs6oNtScFMQvr90Myh/reerzgulm+vf2LS1EcZ/FCC6b4XLKurVs6ibyRK g9XSWThKi0sXFicxhL8HSu8Ri6bNZNhpjUKBfsyz82YHTl4CG2xXOqX6TqY5K8n1Xt84=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Fri, 25 Mar 2022 17:22:14 +0000 commit 875830393a420eedd2fb0cdba3e8512532c7daee Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 369691dd13..9eba93b139 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -873,6 +873,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -919,9 +922,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:25 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294867.501609 (Exim 4.92) (envelope-from ) id 1nXndp-0005bf-O5; Fri, 25 Mar 2022 17:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294867.501609; Fri, 25 Mar 2022 17:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndp-0005bX-LB; Fri, 25 Mar 2022 17:22:25 +0000 Received: by outflank-mailman (input) for mailman id 294867; Fri, 25 Mar 2022 17:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndo-0005b9-BW for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndo-0007xf-Aj for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXndo-0006Nx-9n for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4rXVYDqF6IFyOFskyiTGH3B2vOxBLCFZixewQy0oBQQ=; b=3HFDPCbtbDCcA61Zr5Epnzkrof VOLxacBpy+36ICCvaegEcIXxqb8zUcJbmh2mdmGtBkgmjWMUpp0fhxN8BPMbggSLnFy7rM+NL262z d7SFreSuSeMEBy5EOMu9pPfIfc+MlZiHeLfHSzIepVb++E1OgA2kT/yFiVn1AzUo/EOA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Fri, 25 Mar 2022 17:22:24 +0000 commit 9c8a0179039e523cee6de194073c7e3731b952e9 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1cb531c9df..f8023312f2 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -333,9 +333,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -345,6 +349,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:35 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294868.501613 (Exim 4.92) (envelope-from ) id 1nXndz-0005eo-PY; Fri, 25 Mar 2022 17:22:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294868.501613; Fri, 25 Mar 2022 17:22:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndz-0005eg-Ma; Fri, 25 Mar 2022 17:22:35 +0000 Received: by outflank-mailman (input) for mailman id 294868; Fri, 25 Mar 2022 17:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndy-0005eU-El for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXndy-0007xt-Dv for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXndy-0006OX-D0 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oVkqnvnNl714ZOj99gDPzSqVENrHrNKNM2f+tRiC598=; b=ffb5g69jGtj5NXNwhCm8iC1j6G sHCrQh7I0gnm2wMuEH1qiMzgLburiIQAc3U49WaDtVyBVPljwsWEewNGcl4G96Azy1Qm/dLWVdTY6 XUuOKUe+LQvwbMHu0UrjzLknVudHZY9LetRL8kxeRb/w+X29YjFyC9BCBzFLAe4z/e8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Fri, 25 Mar 2022 17:22:34 +0000 commit f18d3a07a84d1c9c06e2cbf10da2f6f15d55431a Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index d661d7ffca..edc6820b85 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -293,30 +293,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:45 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294869.501617 (Exim 4.92) (envelope-from ) id 1nXne9-0005i2-RE; Fri, 25 Mar 2022 17:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294869.501617; Fri, 25 Mar 2022 17:22:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXne9-0005hu-O7; Fri, 25 Mar 2022 17:22:45 +0000 Received: by outflank-mailman (input) for mailman id 294869; Fri, 25 Mar 2022 17:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXne8-0005he-HX for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXne8-0007y7-Gn for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXne8-0006P2-G5 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=C4tLNoIKDLvoVber62fXawJTLOH+roEOXfMp5DaKwIA=; b=o/4o0P914FlE5br5xOagl2SJMf 1Ncuxb4ruLG1l1jSr+yuk0IwxsBWFFczOuYunljUYcPxIrNDC2uA/CddBJIEk1jU4mJP8UXSTsdd7 sk1OPYh3IVPV47rEP+HXK/G09b1R0ezsL4Jr1/fxY0+VPqVlxfsXMyR/ynaRge+3OYEY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Fri, 25 Mar 2022 17:22:44 +0000 commit 1857cff82c5ff3ae4971e644aad3a6e1391f0280 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:22:55 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:22:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294870.501622 (Exim 4.92) (envelope-from ) id 1nXneJ-0005kd-U3; Fri, 25 Mar 2022 17:22:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294870.501622; Fri, 25 Mar 2022 17:22:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneJ-0005kV-Py; Fri, 25 Mar 2022 17:22:55 +0000 Received: by outflank-mailman (input) for mailman id 294870; Fri, 25 Mar 2022 17:22:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneI-0005kE-Kb for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneI-0007yL-Jr for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXneI-0006PX-J0 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:22:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sOd28q1sfde4ALv1d8HIhSQSaarmeYJhMvwHAaLF2+s=; b=Okmt0lo+go0pBWgGrLBaowOuaH lyIi1yBYzf9SrLENlpLliAhjpbdRKUzsXmlCtTdZwm+uENVrxgMcixLyqq+TPUAglj6UbOK4Ul6l1 qA2PbsiZjBYpeCHWOlYzjZ5VqbaRuDo26QYKLc5b/LRZGtBcYI3Rq113LqvyXwhxjouY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:22:54 +0000 commit 135521e6d7bcb5ccf98f0698307df4f945ca7950 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 109ab7da98..0d30595ea1 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -127,20 +127,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 7f4279a051..b73e698cbc 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -111,6 +112,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294871.501625 (Exim 4.92) (envelope-from ) id 1nXneU-0005oA-0M; Fri, 25 Mar 2022 17:23:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294871.501625; Fri, 25 Mar 2022 17:23:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneT-0005o2-T8; Fri, 25 Mar 2022 17:23:05 +0000 Received: by outflank-mailman (input) for mailman id 294871; Fri, 25 Mar 2022 17:23:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneS-0005nr-O1 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneS-0007yq-N9 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXneS-0006QB-MC for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uagasAjbMKi96hTbp2yT3JielJpJnjnPAm7eV4MiSTw=; b=JMhdehsXe6Lxhn+E/iAkMF8sqB VFYOcDaiXmzWuZydLT1aQ41mBy9Ia6SUS8Y1o9jxgbBw47COfS0ts7Is+mpoorhswOzN6Le1HBDE4 P3iIWCU56lAfOB1wY+3BrmuI+11MIMoA47bRt/0MjIJRro+K2kMA8+ITUL3yBjNsyXDE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:23:04 +0000 commit c253b7794b341212b2d5d3b9f3c750a93c964817 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/entry.S | 18 +++++++++--------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index d5998acf88..f2e4b457f4 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -288,9 +287,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp), %rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 @@ -323,6 +322,7 @@ ENTRY(cstar_enter) jmp switch_to_kernel ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index edc6820b85..fccfb7c172 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -295,6 +296,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -315,10 +322,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294872.501629 (Exim 4.92) (envelope-from ) id 1nXnee-0005qq-1q; Fri, 25 Mar 2022 17:23:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294872.501629; Fri, 25 Mar 2022 17:23:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXned-0005qi-VA; Fri, 25 Mar 2022 17:23:15 +0000 Received: by outflank-mailman (input) for mailman id 294872; Fri, 25 Mar 2022 17:23:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnec-0005qV-Qv for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnec-0007zN-Q5 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnec-0006Qr-PJ for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4r/Yx8QH7IgzeWqtKYRX9iozY1mIL2wGYkJE8vrXw7I=; b=XfVnOaDIqZm0jDAPaWkPmoMZ8V 7Ojmj5zHOirn4tSQrpLIUmS+t3lf4rnXJhSYPibac0hJpJTrSSR/3+l4fyDkr0URkbIo0tjXs/5Ij /k+AGu7IOVbuR64uL/Xy2EPx8i5Z+iS5VSiegKZEqLZAx9lZYA1f5cLwYgAMUi5ZSbZs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:23:14 +0000 commit 9cd9650377d564f56126b2974097f54e0318dd27 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c84ff7ea64..5fd6dbbd45 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index f2e4b457f4..2a86938f1f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -386,6 +386,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -625,6 +626,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) @@ -697,6 +699,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -837,75 +840,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -931,6 +950,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -939,6 +959,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -1041,12 +1062,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1075,7 +1098,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1085,7 +1110,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294873.501633 (Exim 4.92) (envelope-from ) id 1nXneo-0005tf-3L; Fri, 25 Mar 2022 17:23:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294873.501633; Fri, 25 Mar 2022 17:23:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXneo-0005tX-0T; Fri, 25 Mar 2022 17:23:26 +0000 Received: by outflank-mailman (input) for mailman id 294873; Fri, 25 Mar 2022 17:23:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnem-0005tN-Tg for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnem-0007zZ-Su for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnem-0006RY-SH for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2WZojzmkgYW03ZyXcrorQw8EImqxJ+Nsie+wxSDCtPQ=; b=bdS7RR3PcS2HJ8t7505xcfUEXf w5nqLi/yGL2xcpxqUK/DIhsWFfcdqTy7M5CUhlJyqId//E4zU30kbcRvj9f84JjfJxiF4DBLKC1zB 3DOIOqL1MGDnA5WWuKgj7JNHYawiqpEzuoJaOc8OWvzRj5ns6zg/h+9aXyTZwQrYNn1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:23:24 +0000 commit 86a98948b9f8236de30651e5588f592bc5468da2 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 9eba93b139..c61d6b53cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -662,6 +662,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -685,7 +700,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 9df1959fe5..3e038db618 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -117,6 +117,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294874.501637 (Exim 4.92) (envelope-from ) id 1nXney-0005wN-5H; Fri, 25 Mar 2022 17:23:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294874.501637; Fri, 25 Mar 2022 17:23:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXney-0005wF-1w; Fri, 25 Mar 2022 17:23:36 +0000 Received: by outflank-mailman (input) for mailman id 294874; Fri, 25 Mar 2022 17:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnex-0005w7-0N for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnew-0007zn-Vo for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnew-0006Rz-Uz for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VhFwUiB7xH17/BebTtCFmwIb5OgN9VEhtf2QlOdJYdk=; b=aK9OXzaZqYKyQkewxx8EOrAlY7 ELcA4xQbo0J2e32076SWSDaKNLVpBLJnOn3wUHRGita0mRrQZdAoLsgZ8YVSIJ1yR8k8vaJlt9LCV kofvXd/Zn/of3Wd/O2GDz/AovlBDiM1RiZeluQ2q03czkS5GhuijFK8rKlyRbIfrrc8Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Fri, 25 Mar 2022 17:23:34 +0000 commit d457f1ee88602e784644e0bcc562ff17f2d1af34 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index d2fdc28df3..5060a17811 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(mfn_to_maddr(efi_l4_mfn), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294875.501641 (Exim 4.92) (envelope-from ) id 1nXnf8-0005zb-6O; Fri, 25 Mar 2022 17:23:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294875.501641; Fri, 25 Mar 2022 17:23:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnf8-0005zT-3X; Fri, 25 Mar 2022 17:23:46 +0000 Received: by outflank-mailman (input) for mailman id 294875; Fri, 25 Mar 2022 17:23:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnf7-0005zK-3d for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnf7-0007zz-2s for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnf7-0006SU-1x for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xs6cw+KlhfddiZvV2OAwEsAg3i91VKy2E/4Jv7tOZiM=; b=FTiQDVjj5pmPRMwsfukLrw+Mjj QGGTBeShr6JWOL6TG9hA4uugfO7kROe7VrrzlfT3n8JXCqVf+6BqDjPkw/UCn6FcCsWxG+/a414AF t5CKRr7sbxmrlS4ehihx1WkDi1jXKBpmzSg1/GwACGyt8vVBIioqrEAiv0Nnpw5VlvrU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Fri, 25 Mar 2022 17:23:45 +0000 commit 04d65ced04b263519d58dc3bd499ee61d7232054 Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index f606dc0e14..1d08fb7e9a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index c4f07f2d1d..5c5e05e6e6 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -345,6 +345,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index c61d6b53cf..9e5ccebbab 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -104,6 +104,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -120,6 +126,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1103,11 +1117,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1864,10 +1900,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:23:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:23:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294876.501645 (Exim 4.92) (envelope-from ) id 1nXnfI-000631-9c; Fri, 25 Mar 2022 17:23:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294876.501645; Fri, 25 Mar 2022 17:23:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfI-00062q-6K; Fri, 25 Mar 2022 17:23:56 +0000 Received: by outflank-mailman (input) for mailman id 294876; Fri, 25 Mar 2022 17:23:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfH-00062f-6g for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfH-00080A-5n for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnfH-0006T3-53 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:23:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ETnwAWq3m2cn0VX9v1GSWOidJiva4+DhMGbNlduPHRw=; b=WDBNRGLD3Guz79FdgumDIDm5kj WbK+xcbQpqo2OOLpoSq9MFZQU9Qa3l5SsCePYM1cbW2kjG9Tlh9D3D3jKYQjsoq9gXOGZmt/DpffM TPt4nd1K50EYZTLFxB3/MRrlh+hLEQas0cNpQSid2k+7Qj+9CW45wuRiqjrDSuc6PUzc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Fri, 25 Mar 2022 17:23:55 +0000 commit 766252b3ec3dd8af3d9a44ca2940143fce937c96 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:06 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294877.501649 (Exim 4.92) (envelope-from ) id 1nXnfS-00065i-B5; Fri, 25 Mar 2022 17:24:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294877.501649; Fri, 25 Mar 2022 17:24:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfS-00065b-7l; Fri, 25 Mar 2022 17:24:06 +0000 Received: by outflank-mailman (input) for mailman id 294877; Fri, 25 Mar 2022 17:24:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfR-00065F-9f for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfR-00080T-8m for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnfR-0006Tp-82 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RjBu8HXOcneYhqMNJolBdqNg4gD7YfHdC26o1U+DkTQ=; b=RJj4RgL9RNf75E30p+x+1jMRGr yUKiPwWMvLknqPxjr9Ffg8MAejyzJGz8LhkVompFOnZQW3Sznkac5uqdm5UUijLWjPvvcOAeDQoYE EwzwCSBYmCHzzOTKua/G9KrDOYa2QKrj1caEMx8a6gEbPkfZ46PyIUuGddvl6Ddixn08=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:24:05 +0000 commit 351428de6feee3769a0ba69fdab3f521be85e891 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ae076bec3a..c19464da70 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -948,13 +948,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294878.501653 (Exim 4.92) (envelope-from ) id 1nXnfc-00068g-CB; Fri, 25 Mar 2022 17:24:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294878.501653; Fri, 25 Mar 2022 17:24:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfc-00068Y-9K; Fri, 25 Mar 2022 17:24:16 +0000 Received: by outflank-mailman (input) for mailman id 294878; Fri, 25 Mar 2022 17:24:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfb-00068P-Fi for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfb-00080r-Bs for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnfb-0006UW-Ay for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EVI3WqgNuOBvI2tFM4nhIDdfFSfzlInpvW0IcBhzpfU=; b=RGcih3KjKJDFF12QpJOd7PuOjB 2opAhd09JlQn81gKzZiQPGQ7knUhKh1x5ofW+H9KeACVWuscNHHmBI5yXb+BoeI/YtRlZXUW7uvip +JugXKSJ25+1TyONLkNvWIgnqiLmbjq2VX5hexSUBq4SNvwitzknb1Jo4rkanzZAJqII=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Fri, 25 Mar 2022 17:24:15 +0000 commit 89262602e2d0deab5be5efddd27caa2a813c49ff Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..bc2c76c6b9 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294879.501657 (Exim 4.92) (envelope-from ) id 1nXnfm-0006BQ-E9; Fri, 25 Mar 2022 17:24:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294879.501657; Fri, 25 Mar 2022 17:24:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfm-0006BH-Au; Fri, 25 Mar 2022 17:24:26 +0000 Received: by outflank-mailman (input) for mailman id 294879; Fri, 25 Mar 2022 17:24:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfl-0006B7-Fs for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfl-000811-FD for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnfl-0006VK-EE for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BDX64l/RWoFGKmSpqXwaqsJq6WlK9wc075TahL/c/3g=; b=H3G9JovKiezcCGF6OM7FZj2qww im+DmH1BmimMarIz6dy2ptnwOOW+dGB7NhWxbemE9QSJZUuAeESMMGdK5G360HQV3Q1zEOiSg8BDq V7NvQhllOSbMIAqti6AI1bHLyaRZPLREJbLk6yBaBXD4yP0Io5CA2oOiXOnI47DtZWWg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Fri, 25 Mar 2022 17:24:25 +0000 commit cd48561b55d091205aa32996689c72e3057bbd42 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 5c5e05e6e6..9ce148a666 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -824,15 +825,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d483aa91f2..6dd923a9fb 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -84,6 +84,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -900,8 +901,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -930,9 +930,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294880.501661 (Exim 4.92) (envelope-from ) id 1nXnfw-0006Dj-FI; Fri, 25 Mar 2022 17:24:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294880.501661; Fri, 25 Mar 2022 17:24:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfw-0006Db-CQ; Fri, 25 Mar 2022 17:24:36 +0000 Received: by outflank-mailman (input) for mailman id 294880; Fri, 25 Mar 2022 17:24:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfv-0006DT-Is for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnfv-000819-I9 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnfv-0006WB-HS for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tB8QHWdDIhfKsxJu3yyyLtoXOpYnyaOABUcKWuxX9kU=; b=UDM7RTtSxpt/E0Qft1PXNPs6PU +bQPMU6oIOPC9yk+ueL1T/2bGSpK/jeXxLzT5PWsisDYp1LEyuQTZNvNb2eb4LPvDttKeUr4Fvh5T lxyNyYOr7KRpjXX0UHJWcLXcYkCFWlVUPuTHhN2L7IjSVHehkuB/SvCo+Zn+KNbFL9Eg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Fri, 25 Mar 2022 17:24:35 +0000 commit 27dc916a39e8be9de331a580a43f10ef85633133 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 9e5ccebbab..70b37d8afe 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -152,7 +152,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -704,7 +704,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -871,6 +870,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -903,7 +904,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1733,6 +1734,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1991,17 +1996,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2596e4374b..0694173173 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1024,6 +1024,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1036,15 +1053,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 87e344d4dd..4c58f3209c 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -199,6 +199,7 @@ SECTIONS } PHDR(text) DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -280,7 +281,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294881.501665 (Exim 4.92) (envelope-from ) id 1nXng6-0006Hs-IB; Fri, 25 Mar 2022 17:24:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294881.501665; Fri, 25 Mar 2022 17:24:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXng6-0006Hl-FC; Fri, 25 Mar 2022 17:24:46 +0000 Received: by outflank-mailman (input) for mailman id 294881; Fri, 25 Mar 2022 17:24:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXng5-0006Hd-Lm for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXng5-00081H-L4 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXng5-0006Wn-KK for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u9ZwQkgi8XobqMPiVSncO5WyqVqAoHfQSZ8Ree9dRhU=; b=Ayn1TMAatHWQ/E8T9pRQcFMWsM FgS9/GWI7TOFgaQULifGjTV/RAzJMLz9g3ZttEOukVhFxpzJ4NL7+gni6Wv1lVo4fedCOUjXJrSzw LNgzbyzBc5KvBA9cmL2/5Ixthb/xK09mTyIBvtsnEOp+/XU0eJZlLb3xygcTjT6mOJ3k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Fri, 25 Mar 2022 17:24:45 +0000 commit dcd44e3b9ad2f0491bd7f4751232a389e4ee57e7 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 55252e97f2..b0a4af8789 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -876,7 +876,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:24:56 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:24:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294882.501669 (Exim 4.92) (envelope-from ) id 1nXngG-0006Kb-Js; Fri, 25 Mar 2022 17:24:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294882.501669; Fri, 25 Mar 2022 17:24:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngG-0006KS-Gr; Fri, 25 Mar 2022 17:24:56 +0000 Received: by outflank-mailman (input) for mailman id 294882; Fri, 25 Mar 2022 17:24:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngF-0006KF-Oc for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngF-00081Q-Nu for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXngF-0006XQ-NB for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:24:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3Jso+5bB39A+Tl3g604KDlRRgVQCZtJW4X14mYQRc78=; b=4MZM4IP0B2cK5ENhkOTk+4GWjY QXdlrmFjJkE9ID6P8Td1Rk23/OcwoKH+2sdIJsybNAqaQs7l3HL/1Q2HtQiKdB70pj4ZWkiSVRdWq uYathb2wzNhUi+fLo7keVs5zPSgcc3N3YTY9Auz7M5rJkwwYwl4DaSV2kg9UKv8yy0Eg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Fri, 25 Mar 2022 17:24:55 +0000 commit c7a861b2d065e7c26f9d499df32eb99f546e1671 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:06:38 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index be343218de..ef72e7821b 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -116,8 +116,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:07 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294883.501673 (Exim 4.92) (envelope-from ) id 1nXngR-0006NR-LS; Fri, 25 Mar 2022 17:25:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294883.501673; Fri, 25 Mar 2022 17:25:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngR-0006NJ-IL; Fri, 25 Mar 2022 17:25:07 +0000 Received: by outflank-mailman (input) for mailman id 294883; Fri, 25 Mar 2022 17:25:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngQ-0006N6-9w for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngQ-00083B-9A for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXngQ-0006aa-8M for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VofqbYOOU21C2LNoG9mmbe9+7PC+jUGd9zP4RD1D+4I=; b=CWubiJPoKZKpcyT6/01hhnpi8K OlAx4T1q+inOST/JanGjORRII0v91x9vI48PCnFhMPhfHjPGGpJ49EfGoJMx42pCeAZADEFPhpMXN p/ZQkxCjTbJDrFH8JDeEVj3fsWhrXRnGDnAD6iPtHyi8Hu6fjjsadJDOznORv2q9cn6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: Introduce support for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:25:06 +0000 commit 96233cf87b4ead3f6480ed21c3ed2836dcc29418 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/asm-defns.h | 6 ++++++ xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index f467b43beb..ae5eaecd62 100644 --- a/Config.mk +++ b/Config.mk @@ -205,7 +205,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 27cb793165..4fdb39af3e 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -38,6 +38,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -119,6 +124,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default !PV_SHIM_EXCLUSIVE diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index ce0c1a0e7f..033048ab6b 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index cdf5776610..23ba51e728 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -9,6 +9,7 @@ CONFIG_EXPERT=y CONFIG_SCHED_NULL=y # Disable features not used by the PV shim # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_GRANT_TABLE is not set # CONFIG_HYPFS is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 505f39ad5f..8bd9007731 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -57,6 +57,12 @@ INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + .macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req #if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS) /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index fe04d98fa1..460d38356c 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -153,6 +153,7 @@ #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6c8f432aee..fe2f97354f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:17 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294884.501676 (Exim 4.92) (envelope-from ) id 1nXngb-0006QA-Mf; Fri, 25 Mar 2022 17:25:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294884.501676; Fri, 25 Mar 2022 17:25:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngb-0006Q2-Js; Fri, 25 Mar 2022 17:25:17 +0000 Received: by outflank-mailman (input) for mailman id 294884; Fri, 25 Mar 2022 17:25:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnga-0006Ph-Cy for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnga-00083j-CG for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnga-0006bS-BN for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E1UeoFa5y5Vjngw6q4mQE9TrXRdTwxAOIFjgN+MWcuQ=; b=bf05Lm2Xc35FsaiC7Vy1UluOJS ghf5TqWIjpzv1F0jWEwasz2ZLz4rSPX0Pk3VYfKp+ucgdcHNfUby7vNt1RnZHW2vFHjL8sgg3SNEI cZVRRP/X+kAlwY0gNoWANrBT2YuFCAc1S6y4vocFur9Ffrm7TkDJPHtfDq+aDNASvpX4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Fri, 25 Mar 2022 17:25:16 +0000 commit 473f7cb1a1a0299ebbc243e52d407a990936f79a Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index b1f96f71b6..467dcfc4cf 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -870,6 +870,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -916,9 +919,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:27 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294885.501681 (Exim 4.92) (envelope-from ) id 1nXngl-0006TE-OD; Fri, 25 Mar 2022 17:25:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294885.501681; Fri, 25 Mar 2022 17:25:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngl-0006T6-LK; Fri, 25 Mar 2022 17:25:27 +0000 Received: by outflank-mailman (input) for mailman id 294885; Fri, 25 Mar 2022 17:25:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngk-0006Sz-Fo for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngk-00083w-F7 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXngk-0006cS-EO for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4vV7D+c7dbf00k11ndbl96dlJtmmopoLoTcGvYoeiMA=; b=DGpWDIpazsPF58c4NuTTMKTC27 pDrlGuYOO+GRErPqLUzI/vk+nBd8LCu8q51VoR8G0pXQpPY760Fw8heLUUA2bKqTDH2eR+S018fC4 CU4k8WFJXLjr2ksTFLf9EKQsoDYk/tAznZLcwYmQ1htIbyLSt4F/KnYdNQvpSkfBXBeA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Fri, 25 Mar 2022 17:25:26 +0000 commit aa53c1299b5c53005bd2ffedbfe397413197e6f1 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 004e9ede25..41415db08c 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -334,9 +334,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -346,6 +350,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:37 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294886.501684 (Exim 4.92) (envelope-from ) id 1nXngv-0006W3-Pq; Fri, 25 Mar 2022 17:25:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294886.501684; Fri, 25 Mar 2022 17:25:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngv-0006Vw-Mq; Fri, 25 Mar 2022 17:25:37 +0000 Received: by outflank-mailman (input) for mailman id 294886; Fri, 25 Mar 2022 17:25:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngu-0006Vm-Im for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXngu-000842-I3 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXngu-0006dS-HG for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=engrvMNvB8Oa9qJvz5StPF+C8hhE7yjJX4M38FZNX2M=; b=tH7lIjGRAGoXDD/DASnfNh06ma DiMhUjaAhjDTqFR5qaNFXF0Cb/AG4WNrx3/34Nj6ZClz8pIpBcEqEGYwgz0x7tizQ/NCAtM6Tj+ql FsJnbhqQIdVnCkg6iEqqJYL7u9ga61+cU6Ng5DMkaelVtbYfzUHIhrUGqNsPr3joX0uc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Fri, 25 Mar 2022 17:25:36 +0000 commit c8879601975365156aa148576bf4e5a271fdf252 Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 4116ecb9c0..66b8986dd9 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -268,30 +268,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:47 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294887.501689 (Exim 4.92) (envelope-from ) id 1nXnh5-0006b9-Sm; Fri, 25 Mar 2022 17:25:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294887.501689; Fri, 25 Mar 2022 17:25:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnh5-0006b1-Pv; Fri, 25 Mar 2022 17:25:47 +0000 Received: by outflank-mailman (input) for mailman id 294887; Fri, 25 Mar 2022 17:25:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnh4-0006ar-Lh for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnh4-000848-Ky for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnh4-0006eU-KB for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=71SWprhCQeJGxnqsnyXh3I99QsICS96dcxKLkVmh6Wg=; b=NYhcO9zaNLWRuKoOEakZEipw7a c6jtvBcV6UhbHq9npM8xFffOA6cFc2DUgd1+qJUMvE/6N/+d+M5h3zQYQmr43Ldp4viTMauJX9BJ1 lKTfWf68rYuWOSTtGHL4bOwlbp9Z5QKWaWE3mkTy6Bg9t5wqQAxIx/itBwnuwDXiCQ3k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Fri, 25 Mar 2022 17:25:46 +0000 commit 86a3a18552fa2b480f6827e81e4c759513a51845 Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:25:57 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:25:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294888.501693 (Exim 4.92) (envelope-from ) id 1nXnhF-0006dq-Ud; Fri, 25 Mar 2022 17:25:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294888.501693; Fri, 25 Mar 2022 17:25:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhF-0006di-RN; Fri, 25 Mar 2022 17:25:57 +0000 Received: by outflank-mailman (input) for mailman id 294888; Fri, 25 Mar 2022 17:25:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhE-0006dY-Oq for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhE-00084L-O2 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnhE-0006fU-ND for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:25:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4yF0t4WvvG9VGiaGx74DMuIVjJj0UjXzRIumY3gqKnQ=; b=lG9HrKjRmCKHrUeLoolHJByfg3 6anQTohBAoE6HlgbLJ2vLkyL31yMypEaFSg6i1J20abi95I0b3c1v/8nEoKt/WSonTXsS263BFwHx SNedaZk2OqNsrHTlFBNpqIWHs5LfxIu7gyrCDFxfFYXEJ4+jHIYrwP97EmriPoktX6Eg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:25:56 +0000 commit ddeebb5f09b7a0c168395e919078c616a0965a49 Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 109ab7da98..0d30595ea1 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -127,20 +127,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 11467a1e3a..274a717979 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -110,6 +111,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294889.501697 (Exim 4.92) (envelope-from ) id 1nXnhP-0006gs-W2; Fri, 25 Mar 2022 17:26:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294889.501697; Fri, 25 Mar 2022 17:26:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhP-0006gk-T3; Fri, 25 Mar 2022 17:26:07 +0000 Received: by outflank-mailman (input) for mailman id 294889; Fri, 25 Mar 2022 17:26:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhO-0006gd-Rg for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhO-00084f-Qx for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnhO-0006gq-QL for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bUHIpBkcIR3OxWHWEhtbjZbcQPnEeCQAu+IVrZg+/OI=; b=nZBm+kwvqeBgpQp/+Qjtu0ofNu YCjBpIjoXzsHn5GE20XxbIm7U8mj1kLuxKdka3KmwQNWmB4oG6OCaaUOPtvuwqqK3YYxETW7UQqoX Ut7rQQJcLPe1jH6iRmvvxKz2IlpbI2flmLWkNhe8QCbXTNoUVrXCXMvzY6GowVRxOSjw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:26:06 +0000 commit b75e78f1ece4ec23e4534cf2f2ac24cbd8771c29 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 14 +++++++------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index c2c73cc732..5297583120 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -204,9 +204,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp),%rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index e2ff4a9018..3327b4a646 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,18 +241,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -284,6 +283,7 @@ ENTRY(lstar_enter) jmp test_all_events ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 66b8986dd9..05a4a0bacf 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -270,6 +271,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -290,10 +297,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:18 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294890.501701 (Exim 4.92) (envelope-from ) id 1nXnha-0006jm-18; Fri, 25 Mar 2022 17:26:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294890.501701; Fri, 25 Mar 2022 17:26:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhZ-0006je-UZ; Fri, 25 Mar 2022 17:26:17 +0000 Received: by outflank-mailman (input) for mailman id 294890; Fri, 25 Mar 2022 17:26:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhY-0006jT-Uw for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhY-000854-UD for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnhY-0006hh-TO for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HCDvl3oW3VxC6o1tXQDDtiuVR3ZC2EcnWbAP33T4KxI=; b=7MQ1DxSV/i1g4+1Y0nWvgWcOjM iCnXjfpRSAKIyUOQxeA4Nxr2130HVSaMuECOcpPNwoorG6TEHkciXC8IMJm1QNvRlqkZ1S/auhGlv gYrYSErUL2LA/RzD+yTHB4uw006yTGP9YYJ9hq8Xj68Gcs8gpkS86XBGZQzvttstBkQQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:26:16 +0000 commit c3fed31049240de3583e0e1bbea2b3b6278afa2a Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 5297583120..0cfe953142 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -14,6 +14,7 @@ #ifdef CONFIG_PV32 ENTRY(entry_int82) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 3327b4a646..2f3f48ff27 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -345,6 +345,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ALTERNATIVE "", clac, X86_FEATURE_XEN_SMAP pushq $0 movl $0x80, 4(%rsp) @@ -573,6 +574,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ #ifdef CONFIG_PV ENTRY(continue_pv_domain) + ENDBR64 call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) @@ -641,6 +643,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -779,75 +782,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ ALTERNATIVE "", stac, X86_FEATURE_XEN_SMAP @@ -873,6 +892,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -881,6 +901,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -978,12 +999,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -1012,7 +1035,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -1022,7 +1047,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:28 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294891.501705 (Exim 4.92) (envelope-from ) id 1nXnhk-0006mW-3C; Fri, 25 Mar 2022 17:26:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294891.501705; Fri, 25 Mar 2022 17:26:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhj-0006mO-W9; Fri, 25 Mar 2022 17:26:27 +0000 Received: by outflank-mailman (input) for mailman id 294891; Fri, 25 Mar 2022 17:26:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhj-0006mD-1V for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhj-00085C-0n for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnhj-0006ib-0D for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G7ka48TRLiINyxTDnxH39RjubLuE/2OVihBERypKMQ8=; b=LEbaQLJHLyQZXzd0rBkSxQNbhH VhKViZDiJypJQvXL28iW+BmLl8bmXMVQnFTTCIFtcqJvIKNb8681k7fTBB8Q0SLrLQKwJ0m3lRVx1 wWo0I2VbO3U294dZOveE8gIjq8ZpQF/YYmhVU7+vAhlubpdCddbSHFqkBYAZxGj0CUeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:26:27 +0000 commit 368cffb5be40a8b1d97ea5a557c578ae30b65134 Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 467dcfc4cf..a9cc6c2955 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -660,6 +660,21 @@ static void noreturn init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -683,7 +698,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index e2d4ebead0..3ea30aab75 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -110,6 +110,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:38 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294892.501709 (Exim 4.92) (envelope-from ) id 1nXnhu-0006pv-5w; Fri, 25 Mar 2022 17:26:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294892.501709; Fri, 25 Mar 2022 17:26:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnhu-0006pm-2u; Fri, 25 Mar 2022 17:26:38 +0000 Received: by outflank-mailman (input) for mailman id 294892; Fri, 25 Mar 2022 17:26:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnht-0006pa-4R for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnht-00085L-3e for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnht-0006jT-2w for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mXMw4/Vr3U7h1CxY9aT4DFUk1Gf905yYj6lLV8tlSRI=; b=ermd6cbcR/6+75ohTF0aq6GXs0 WbuhDpvPcTTmffAeF4Q4Wp85adLKT3pL/zBDU26ALcPbiTMXW7oIzwgEXY1bk2WsNQR7OEMd2SAmI 8dewOeWl3lOCe48DapYugp5nBh8/PObSsXezXiLd46QI1sepWJF67Kr3JPzKMlwgF6ag=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Fri, 25 Mar 2022 17:26:37 +0000 commit cf7bd0919fd4cff1fbdad882eea24b3d323a5dd3 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index bbcc756f57..a8fc2b99ae 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(virt_to_maddr(efi_l4_pgtable), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294893.501712 (Exim 4.92) (envelope-from ) id 1nXni5-0006t1-7G; Fri, 25 Mar 2022 17:26:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294893.501712; Fri, 25 Mar 2022 17:26:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXni5-0006st-4O; Fri, 25 Mar 2022 17:26:49 +0000 Received: by outflank-mailman (input) for mailman id 294893; Fri, 25 Mar 2022 17:26:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXni3-0006sV-7a for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXni3-00085a-6p for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXni3-0006kL-5z for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SoVQiFVB8hrnhNCbzZMP+l74LwvCuzXR+41pssV4zBc=; b=fSGoZbZ+nrHHWtAHUGFvP+T1Z2 jIZ3FWVKLKbSjXb3G/P0mT54zREPVCIIfsPE4oTLl4XMUBBGYaEXhabuUqs7w9vW6Hei8eTtStIXp +/k0+IG0lvUUD2z5XOOnHXk4vX0CX+aUGYKifP6g7xkcthwL6T3Q5vEatqaQbDFQyEh8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Fri, 25 Mar 2022 17:26:47 +0000 commit 7f35c1f34b59b6b50518d3ff5b0d04b391ebf92e Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 2392537954..1cab26fef6 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0ded3148d3..b9cb8ffbe3 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,6 +332,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a9cc6c2955..c8cf9ce7b1 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -102,6 +102,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -118,6 +124,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1100,11 +1114,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1856,10 +1892,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:26:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:26:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294894.501716 (Exim 4.92) (envelope-from ) id 1nXniF-0006vs-8u; Fri, 25 Mar 2022 17:26:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294894.501716; Fri, 25 Mar 2022 17:26:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniF-0006vk-5z; Fri, 25 Mar 2022 17:26:59 +0000 Received: by outflank-mailman (input) for mailman id 294894; Fri, 25 Mar 2022 17:26:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniD-0006vU-AA for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniD-00085l-9V for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXniD-0006lD-8u for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:26:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=d/O0h/R9kKchOXBKLiF8kPKbhhM2bwNutZRN/hoM0Zc=; b=1+DWK8wku560XWzOkSfX/c1FBR BlyLZC5xN64QmsRdJoDunRgdQTG3DEQKhmmij/TS6EWFGG7ExfiuNFQ+kQhepjyX6GiWdxMsq4SV/ F/Ry1CkxqTtANg0bDPzkHAJuiGC2i6Q6iTYII6g6KHOYqdIp8fneIaFpzbqdpj8q7uEc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Fri, 25 Mar 2022 17:26:57 +0000 commit 82fc15285634bb56125a5b321402d7d52c440646 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294895.501721 (Exim 4.92) (envelope-from ) id 1nXniP-0006yi-AE; Fri, 25 Mar 2022 17:27:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294895.501721; Fri, 25 Mar 2022 17:27:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniP-0006ya-7Q; Fri, 25 Mar 2022 17:27:09 +0000 Received: by outflank-mailman (input) for mailman id 294895; Fri, 25 Mar 2022 17:27:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniN-0006yG-D9 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniN-00086E-CQ for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXniN-0006mQ-Bc for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dyOJMSkRv0pWU1pQzy3yQ0+NChJ72B3aBP4d+U72wdo=; b=BmEhkDJP1lJj1T7OLaRWoxeTC3 UJV2JyMu8ZFhVC516rZ7HxvGNWS0EHn08AVIJdze8mBZUpg7euQqOCA/jJEy2UM6P4B51Up7nqL8T pQYA+PcHhtPc0w/PfW+qZt+cgHBYFwYeSc06t0rooDsJ7YsxyjPbJ7e2ZGK2KYfbo0ng=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:27:07 +0000 commit 67fa16fbc29ebc127372450fcb09a022269f556f Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7ded6ecba1..1e226102d3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -919,13 +919,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294896.501725 (Exim 4.92) (envelope-from ) id 1nXniZ-00071D-Bq; Fri, 25 Mar 2022 17:27:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294896.501725; Fri, 25 Mar 2022 17:27:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniZ-000715-8t; Fri, 25 Mar 2022 17:27:19 +0000 Received: by outflank-mailman (input) for mailman id 294896; Fri, 25 Mar 2022 17:27:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniX-00070l-G3 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXniX-00086j-FL for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXniX-0006oa-Eb for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ddW4S0xx9xIgSqc1olAPX71Q8wPduxXwKPqCOQSoN18=; b=hK/+0s42ZcFiItCSl5C5x5HEwc 3TcM+wWj4WQzIn+GXqJQULpVjk/44pKOw1tV+Ldcum4v6yUXiuV996l7e7Pvcx9CngAiQl8PHDYTe WRHpxNUMjJoXFvJq9GDiPuy22QhYfrrNcJGnqwq6UQrrbHab3tnugzby8ap4vjjQJu3g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Fri, 25 Mar 2022 17:27:17 +0000 commit c0b7bbed60428ebb4be5492468868bf288290ec2 Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index 08ec9fd43b..bc2c76c6b9 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -173,6 +173,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294897.501729 (Exim 4.92) (envelope-from ) id 1nXnij-00074M-E2; Fri, 25 Mar 2022 17:27:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294897.501729; Fri, 25 Mar 2022 17:27:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnij-00074E-AL; Fri, 25 Mar 2022 17:27:29 +0000 Received: by outflank-mailman (input) for mailman id 294897; Fri, 25 Mar 2022 17:27:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnih-00073w-JB for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnih-00086x-IW for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnih-0006pD-Hi for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TK+9HpE6AJaXupHj7nEydBFZ8CU/x+U/NAFNd76doY8=; b=Xq22RBt4lVbU1RU+1No96k5SAo 3ff3dPsCUAu9qBITOEMmEGFOzQRdBsn69rgKDYGo/aFACbTHJSpavfLrA1acU528z5MipTScEQSGF XYCbmcWl9JscgxfytgL6EyqOc8ts2ZeXCWnZmQZv4HZZJiKLWHxtyOzpglQHbLVixLJs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Fri, 25 Mar 2022 17:27:27 +0000 commit c3407c77a02eb9077ce2360df6240a9b0e9cb7db Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index b9cb8ffbe3..40a81d63e2 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -811,15 +812,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 10efcc6585..963989be95 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -83,6 +83,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -788,8 +789,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -818,9 +818,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294898.501733 (Exim 4.92) (envelope-from ) id 1nXnit-00077e-HF; Fri, 25 Mar 2022 17:27:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294898.501733; Fri, 25 Mar 2022 17:27:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnit-00077V-Dr; Fri, 25 Mar 2022 17:27:39 +0000 Received: by outflank-mailman (input) for mailman id 294898; Fri, 25 Mar 2022 17:27:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnir-000772-ML for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnir-000879-Lc for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnir-0006po-Kp for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NMLduv6b1gYVCPTfT1SckO7HfVwXb0xVUJLDI4k81R8=; b=Z82IuJ9BE0uyCKhXsB/s8p23EE pzo2mS7VZVhWeD3yOa4ibU6r7tOgHNR4VVsWSeMie7SYxLylaCiFIecyLicwEl25uF5VyQF7C934r 9fJYOmgj6nGS3F5ZtfzvmbCK7vasoRl82ajqzaTGdkxyi1bWu7iJdvz51ZMxMcDvEWok=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Fri, 25 Mar 2022 17:27:37 +0000 commit 74aeb555745b27575c3f82051a83942ee05bd842 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index c8cf9ce7b1..30d028af6d 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -150,7 +150,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -702,7 +702,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -868,6 +867,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -900,7 +901,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1728,6 +1729,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1983,17 +1988,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 2a2e093cff..7bb54c2207 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -1008,6 +1008,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1020,15 +1037,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index fcc6646487..7c9758c8cc 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -205,6 +205,7 @@ SECTIONS } :text DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -293,7 +294,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294899.501737 (Exim 4.92) (envelope-from ) id 1nXnj3-0007D4-IB; Fri, 25 Mar 2022 17:27:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294899.501737; Fri, 25 Mar 2022 17:27:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnj3-0007Cw-FE; Fri, 25 Mar 2022 17:27:49 +0000 Received: by outflank-mailman (input) for mailman id 294899; Fri, 25 Mar 2022 17:27:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnj1-0007Cd-PR for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnj1-00087F-Oh for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnj1-0006qF-Nq for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Db2p+wiAiYlHlkVumbxAeWXvA+YID1yrkzeuw178wg8=; b=TiR8qzVoPZOm9HR5HNmkD5NWCw tc+CSeEnGa796ChM2MZf7txeuqFS//NwofvqoNZdXHqjJYZMtcGYmpiG5R3RC3mXOA6quTViNLRB6 4+W0+0DHgK+lcH+oX+VKMkxRvd4N3/23y8UykImb11h/azGWj8tYilj9F8SgjKu55Azg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Fri, 25 Mar 2022 17:27:47 +0000 commit be9facf323b40b5a18c5e3f70fce5b245818c42f Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 039ccf885c..3145aff95b 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -870,7 +870,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:27:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:27:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294900.501741 (Exim 4.92) (envelope-from ) id 1nXnjD-0007Fy-Jr; Fri, 25 Mar 2022 17:27:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294900.501741; Fri, 25 Mar 2022 17:27:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjD-0007Fp-Gi; Fri, 25 Mar 2022 17:27:59 +0000 Received: by outflank-mailman (input) for mailman id 294900; Fri, 25 Mar 2022 17:27:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjB-0007FZ-Sf for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjB-00087R-S0 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnjB-0006qo-Qt for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:27:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OIU/kp4MilXANuDFLv2vvFKBoUv46H/jWkslRZQTXx8=; b=YLW1dqHOu/2r+AjHh1HkfPtGoB GEjhc+vHuPmT68MBcpksXrd11YKbF6SBYneJ2KwxmhciZ7g0eBmKNvsBR/QsUhRNlaWvflJhedzpg UWWgJup+VHWi1cHwNGnOVVMEI2NeHfeAEWraJ5AS5+SEFgeJ0YtthOwSMub5fbz5yK2Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Fri, 25 Mar 2022 17:27:57 +0000 commit 3c8e7395e2d01140c862c78fa9483e46c0dbd343 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:10:38 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 4fdb39af3e..51763450e4 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -111,8 +111,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294901.501745 (Exim 4.92) (envelope-from ) id 1nXnjO-0007In-LH; Fri, 25 Mar 2022 17:28:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294901.501745; Fri, 25 Mar 2022 17:28:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjO-0007Id-I9; Fri, 25 Mar 2022 17:28:10 +0000 Received: by outflank-mailman (input) for mailman id 294901; Fri, 25 Mar 2022 17:28:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjM-0007IS-FC for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjM-00087m-EN for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnjM-0006ts-Dg for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MayoOYr5GoC06AMct6RKCPYfh7slYgBGcN3I6J69I7I=; b=oZqJ7piOgGiluZoActkBffAcc4 n1WDQsnFyN1cMv9vt7MO1tQnaQRk9+An4GS7tUUVr84oSkPmPRWobclAOcqMEeyFvJgJaaF9b9q3K ZwVM+hqQCWun5qE7AJGXcqwh4cHqSFRzS0h0eknpQPVKpaGfl5JTRc3xRDVfmzjSrSTo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86: Introduce support for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:28:08 +0000 commit d220178b3cad69a4d9a6bd0ec80bca75ff701586 Author: Andrew Cooper AuthorDate: Thu Oct 21 18:38:50 2021 +0100 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Introduce support for CET-IBT CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of endbr{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. It is necessary to check for both compiler and assembler support, as the notrack prefix can be emitted in certain cases. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 3667f7f8f7c471e94e58cf35a95f09a0fe5c1290) Note: For backports to 4.14 thru 4.16, we are deliberately not using -mmanual-endbr as done in staging, as an intermediate approach which is not too invasive to backport. x86/cet: Force -fno-jump-tables for CET-IBT Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9d4a44380d273de22d5753883cbf5581795ff24d) --- Config.mk | 1 - xen/arch/x86/Kconfig | 17 +++++++++++++++++ xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/configs/pvshim_defconfig | 1 + xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/cpufeatures.h | 1 + xen/include/asm-x86/indirect_thunk_asm.h | 6 ++++++ 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Config.mk b/Config.mk index 1356e6e151..69ea750856 100644 --- a/Config.mk +++ b/Config.mk @@ -205,7 +205,6 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 8af5d6be80..950deaa032 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -38,6 +38,11 @@ config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) +config HAS_CC_CET_IBT + # GCC >= 9 and binutils >= 2.29 + # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654 + def_bool $(cc-option,-fcf-protection=branch -mindirect-branch=thunk-extern) && $(as-instr,endbr64) + menu "Architecture Features" source "arch/Kconfig" @@ -118,6 +123,18 @@ config XEN_SHSTK When CET-SS is active, 32bit PV guests cannot be used. Backwards compatiblity can be provided via the PV Shim mechanism. +config XEN_IBT + bool "Supervisor Indirect Branch Tracking" + depends on HAS_CC_CET_IBT + default y + help + Control-flow Enforcement Technology (CET) is a set of features in + hardware designed to combat Return-oriented Programming (ROP, also + call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET + feature designed to provide function pointer protection. + + This option arranges for Xen to use CET-IBT for its own protection. + config SHADOW_PAGING bool "Shadow Paging" default y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 04e967436b..7a7ff7dd7d 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -45,6 +45,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifdef CONFIG_XEN_IBT +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -fno-jump-tables +else +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +endif + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/configs/pvshim_defconfig b/xen/arch/x86/configs/pvshim_defconfig index 3af48d6c06..6da7ecb595 100644 --- a/xen/arch/x86/configs/pvshim_defconfig +++ b/xen/arch/x86/configs/pvshim_defconfig @@ -10,6 +10,7 @@ CONFIG_SCHED_NULL=y # Disable features not used by the PV shim # CONFIG_HVM is not set # CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set # CONFIG_HYPFS is not set # CONFIG_SHADOW_PAGING is not set # CONFIG_BIGMEM is not set diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 004cbdcb10..e93e72bbbd 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -149,6 +149,7 @@ #define cpu_has_lfence_dispatch boot_cpu_has(X86_FEATURE_LFENCE_DISPATCH) #define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR) #define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK) +#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT) #define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid) diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6c8f432aee..fe2f97354f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -39,6 +39,7 @@ XEN_CPUFEATURE(SC_VERW_PV, X86_SYNTH(23)) /* VERW used by Xen for PV */ XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */ XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ +XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ /* Bug words follow the synthetic words. */ #define X86_NR_BUG 1 diff --git a/xen/include/asm-x86/indirect_thunk_asm.h b/xen/include/asm-x86/indirect_thunk_asm.h index 71e6de5bf7..26874bb0d8 100644 --- a/xen/include/asm-x86/indirect_thunk_asm.h +++ b/xen/include/asm-x86/indirect_thunk_asm.h @@ -50,4 +50,10 @@ asm ( "\t.include \"asm/indirect_thunk_asm.h\"" ); INDIRECT_BRANCH jmp \arg .endm +#ifdef CONFIG_XEN_IBT +# define ENDBR64 endbr64 +#else +# define ENDBR64 +#endif + #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:19 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294902.501749 (Exim 4.92) (envelope-from ) id 1nXnjX-0007LS-Mi; Fri, 25 Mar 2022 17:28:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294902.501749; Fri, 25 Mar 2022 17:28:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjX-0007LI-Ja; Fri, 25 Mar 2022 17:28:19 +0000 Received: by outflank-mailman (input) for mailman id 294902; Fri, 25 Mar 2022 17:28:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjW-0007L9-I8 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjW-000888-HT for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnjW-0006uU-Gi for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ztM7Ry3xfNDinf9ZEtsNhy9DZn66lsOQ8MUmjgREee4=; b=yZlNC0aNLxyaHvyFOWGf94W03b NP6cVDvoUew0hXspw2gUc6k/OAowSkWqKDfS6uR5kZHGy8cqgN7IQXyNGUUmgZJsEAa7FogPeqQnm RdZIxX11D6Dkypm+9ByZW40IL/Q+QHl49a6UL2o6S//EYvRjU1AJJB8CpyON9TGKPBbE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/setup: Read CR4 earlier in __start_xen() Message-Id: Date: Fri, 25 Mar 2022 17:28:18 +0000 commit 6c932a788cdca15494e1c9d06c7befacf1583a2a Author: Andrew Cooper AuthorDate: Mon Nov 1 10:19:57 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/setup: Read CR4 earlier in __start_xen() This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9851bc4939101828d2ad7634b93c0d9ccaef5b7e) --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index d5274f8c21..297845d691 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -851,6 +851,9 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ + rdmsrl(MSR_EFER, this_cpu(efer)); + asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -897,9 +900,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) parse_video_info(); - rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); - /* We initialise the serial devices very early so we can get debugging. */ ns16550.io_base = 0x3f8; ns16550.irq = 4; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:29 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294903.501753 (Exim 4.92) (envelope-from ) id 1nXnjh-0007Os-Pk; Fri, 25 Mar 2022 17:28:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294903.501753; Fri, 25 Mar 2022 17:28:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjh-0007Oi-Mb; Fri, 25 Mar 2022 17:28:29 +0000 Received: by outflank-mailman (input) for mailman id 294903; Fri, 25 Mar 2022 17:28:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjg-0007Ob-L2 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjg-00088H-KJ for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnjg-0006v3-Jd for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hhFgAiJsl/zEVpTw2OAzG7bQ2MKnnPirA9/xGpZz+iE=; b=KuduGFvQ5b0qWBKaTLumXLNPuu zeIBgJnxjtYPYmDsoJkVKUhZQFCiJYhiYbJQvUBb6iUpHyQooE2drPVKHA20K9+fMRxOzfcIFrpSh tDXkKaC9mUKeRXQbETsAs4YNGoSf0EWvBDS7TQRKeTqOvcAzz0wD9aX+HimXKFY/uJ34=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/alternatives: Clear CR4.CET when clearing CR0.WP Message-Id: Date: Fri, 25 Mar 2022 17:28:28 +0000 commit 5e7db069bde7ce50fe15e42dbd2468d294ae78db Author: Andrew Cooper AuthorDate: Mon Nov 1 10:17:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/alternatives: Clear CR4.CET when clearing CR0.WP This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 48cdc15a424f9fadad7f9aed00e7dc8ef16a2196) --- xen/arch/x86/alternative.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 004e9ede25..41415db08c 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -334,9 +334,13 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, */ if ( !(alt_done & alt_todo) ) { - unsigned long cr0; + unsigned long cr0, cr4; cr0 = read_cr0(); + cr4 = read_cr4(); + + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4 & ~X86_CR4_CET); /* Disable WP to allow patching read-only pages. */ write_cr0(cr0 & ~X86_CR0_WP); @@ -346,6 +350,9 @@ static int __init nmi_apply_alternatives(const struct cpu_user_regs *regs, write_cr0(cr0); + if ( cr4 & X86_CR4_CET ) + write_cr4(cr4); + alt_done |= alt_todo; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:39 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294904.501757 (Exim 4.92) (envelope-from ) id 1nXnjr-0007RW-R8; Fri, 25 Mar 2022 17:28:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294904.501757; Fri, 25 Mar 2022 17:28:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjr-0007RO-OE; Fri, 25 Mar 2022 17:28:39 +0000 Received: by outflank-mailman (input) for mailman id 294904; Fri, 25 Mar 2022 17:28:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjq-0007RG-O1 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnjq-00088Y-NI for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnjq-0006ve-MV for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MYdabB88BKPOV3FuoM6sfjK4+j8abeWT1/suj/YCmZI=; b=BF3FiNTPiBJi8qEhJXTUN9IxMB skrQqLI3s+1S1q1743Z77bY5cW9nLUskI77J0LpTLk2TUe0/qSJGGudZtIV9ukyHtNsaHbYpH3WuA 4MwfY7cyYIcNHcYX2NSB3uH08mVlRZyc0+AvN5rDKBvVpx9PYL9tIS/mmmqaldjq8dkA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp Message-Id: Date: Fri, 25 Mar 2022 17:28:38 +0000 commit 334120359d575b35ceeb261a1c854749e440217d Author: Andrew Cooper AuthorDate: Mon Nov 1 12:36:33 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/traps: Rework write_stub_trampoline() to not hardcode the jmp For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 809beac3e7fdfd20000386453c64a1e2a3d93075) --- xen/arch/x86/x86_64/traps.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 93af0c5e87..9695a30050 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -271,30 +271,39 @@ static unsigned int write_stub_trampoline( unsigned char *stub, unsigned long stub_va, unsigned long stack_bottom, unsigned long target_va) { + unsigned char *p = stub; + + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ - stub[0] = 0x48; - stub[1] = 0xa3; - *(uint64_t *)&stub[2] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xa3; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp in %rax */ /* movq %rsp, %rax */ - stub[10] = 0x48; - stub[11] = 0x89; - stub[12] = 0xe0; + *p++ = 0x48; + *p++ = 0x89; + *p++ = 0xe0; + /* Switch to Xen stack */ /* movabsq $stack_bottom - 8, %rsp */ - stub[13] = 0x48; - stub[14] = 0xbc; - *(uint64_t *)&stub[15] = stack_bottom - 8; + *p++ = 0x48; + *p++ = 0xbc; + *(uint64_t *)p = stack_bottom - 8; + p += 8; + /* Store guest %rsp into %rsp slot */ /* pushq %rax */ - stub[23] = 0x50; + *p++ = 0x50; /* jmp target_va */ - stub[24] = 0xe9; - *(int32_t *)&stub[25] = target_va - (stub_va + 29); + *p++ = 0xe9; + *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); + p += 4; /* Round up to a multiple of 16 bytes. */ - return 32; + return ROUNDUP(p - stub, 16); } DEFINE_PER_CPU(struct stubs, stubs); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:49 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294905.501761 (Exim 4.92) (envelope-from ) id 1nXnk1-0007Uo-Sc; Fri, 25 Mar 2022 17:28:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294905.501761; Fri, 25 Mar 2022 17:28:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnk1-0007Ug-Pg; Fri, 25 Mar 2022 17:28:49 +0000 Received: by outflank-mailman (input) for mailman id 294905; Fri, 25 Mar 2022 17:28:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnk0-0007UU-R8 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnk0-00088h-QN for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnk0-0006wD-PY for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=S3ktNEupBbtna4Bq40OTNEv5MYs0zgCYCnqNnqzPeEY=; b=Q7bmVkG1SbAXGBXGVLcZuDS4Eb JRkxnuZrv0tC9bzQ3N6eKhCGjJGTMW1XwkQLShybBoo/6IqLs662MZhVVlBkSlZ6J4ImFOsBlUhYd YHYF/LtVBXLzblXcSBsx86S7HzZzCvq8UQaAXfaBCho+gSGc8gH6MGHHJ1gWWJKMG514=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86: Introduce helpers/checks for endbr64 instructions Message-Id: Date: Fri, 25 Mar 2022 17:28:48 +0000 commit fbc882c026334c62432f12d31f0f987d7fd5ed1c Author: Andrew Cooper AuthorDate: Fri Nov 26 15:34:08 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Introduce helpers/checks for endbr64 instructions ... to prevent the optimiser creating unsafe code. See the code comment for full details. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 4046ba97446e3974a4411db227263a9f11e0aeb4) Note: For the backport to 4.14 thru 4.16, we don't care for embedded endbr64 specifically, but place_endbr64() is a prerequisite for other parts of the series. --- xen/include/asm-x86/endbr.h | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/xen/include/asm-x86/endbr.h b/xen/include/asm-x86/endbr.h new file mode 100644 index 0000000000..6090afeb0b --- /dev/null +++ b/xen/include/asm-x86/endbr.h @@ -0,0 +1,55 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2021-2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_ENDBR_H +#define XEN_ASM_ENDBR_H + +#include + +#define ENDBR64_LEN 4 + +/* + * In some cases we need to inspect/insert endbr64 instructions. + * + * The naive way, mem{cmp,cpy}(ptr, "\xf3\x0f\x1e\xfa", 4), optimises unsafely + * by placing 0xfa1e0ff3 in an imm32 operand, and marks a legal indirect + * branch target as far as the CPU is concerned. + * + * gen_endbr64() is written deliberately to avoid the problematic operand, and + * marked __const__ as it is safe for the optimiser to hoist/merge/etc. + */ +static inline uint32_t __attribute_const__ gen_endbr64(void) +{ + uint32_t res; + + asm ( "mov $~0xfa1e0ff3, %[res]\n\t" + "not %[res]\n\t" + : [res] "=&r" (res) ); + + return res; +} + +static inline bool is_endbr64(const void *ptr) +{ + return *(const uint32_t *)ptr == gen_endbr64(); +} + +static inline void place_endbr64(void *ptr) +{ + *(uint32_t *)ptr = gen_endbr64(); +} + +#endif /* XEN_ASM_ENDBR_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:28:59 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:28:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294906.501765 (Exim 4.92) (envelope-from ) id 1nXnkB-0007Xd-U4; Fri, 25 Mar 2022 17:28:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294906.501765; Fri, 25 Mar 2022 17:28:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkB-0007XV-RA; Fri, 25 Mar 2022 17:28:59 +0000 Received: by outflank-mailman (input) for mailman id 294906; Fri, 25 Mar 2022 17:28:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkA-0007XN-U2 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkA-00088p-TG for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkA-0006wv-Sd for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:28:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nOkGvDpP0SoVYtw4Pv4G50bmA/Ys8EKqmnDGG+oRHPc=; b=yO/4yrm3u+2PgujNMZGnzHN6d7 Yx1WanLBfqLi7d03I0ekMnZkbGcHEJHL6nDsmBQuD3/fpytT5++1ZTjEICC/aozifasZLqVOFRyAH 2fnHH+fQl4TfYbMVVGAacoMTF7qYQ58ir10noTtxO1rL6nXpjOEmq5D2kvZN9J4WDoRQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/emul: Update emulation stubs to be CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:28:58 +0000 commit 56bf74df512c6feb20cecc12106b915ffc80bbbf Author: Andrew Cooper AuthorDate: Mon Nov 1 10:09:59 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/emul: Update emulation stubs to be CET-IBT compatible All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0d101568d29e8b4bfd33f20031fedec2652aa0cf) --- xen/arch/x86/extable.c | 12 +++++++----- xen/arch/x86/pv/emul-priv-op.c | 7 +++++++ xen/arch/x86/x86_emulate.c | 13 +++++++++++-- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 70972f1085..878f9dae49 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -129,20 +129,22 @@ search_exception_table(const struct cpu_user_regs *regs) static int __init stub_selftest(void) { static const struct { - uint8_t opc[4]; + uint8_t opc[8]; uint64_t rax; union stub_exception_token res; } tests[] __initconst = { - { .opc = { 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ +#define endbr64 0xf3, 0x0f, 0x1e, 0xfa + { .opc = { endbr64, 0x0f, 0xb9, 0xc3, 0xc3 }, /* ud1 */ .res.fields.trapnr = TRAP_invalid_op }, - { .opc = { 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ + { .opc = { endbr64, 0x90, 0x02, 0x00, 0xc3 }, /* nop; add (%rax),%al */ .rax = 0x0123456789abcdef, .res.fields.trapnr = TRAP_gp_fault }, - { .opc = { 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ + { .opc = { endbr64, 0x02, 0x04, 0x04, 0xc3 }, /* add (%rsp,%rax),%al */ .rax = 0xfedcba9876543210, .res.fields.trapnr = TRAP_stack_error }, - { .opc = { 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ + { .opc = { endbr64, 0xcc, 0xc3, 0xc3, 0xc3 }, /* int3 */ .res.fields.trapnr = TRAP_int3 }, +#undef endbr64 }; unsigned long addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; unsigned int i; diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 5399fe382f..6a69af46ba 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -110,6 +111,12 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, p = ctxt->io_emul_stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + APPEND_BUFF(prologue); APPEND_CALL(load_guest_gprs); diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c index 1e082e6f3b..379e889768 100644 --- a/xen/arch/x86/x86_emulate.c +++ b/xen/arch/x86/x86_emulate.c @@ -17,6 +17,7 @@ #include #include /* cpu_has_amd_erratum() */ #include +#include /* Avoid namespace pollution. */ #undef cmpxchg @@ -29,11 +30,19 @@ cpu_has_amd_erratum(¤t_cpu_data, AMD_ERRATUM_##nr) #define get_stub(stb) ({ \ + void *ptr; \ BUILD_BUG_ON(STUB_BUF_SIZE / 2 < MAX_INST_LEN + 1); \ ASSERT(!(stb).ptr); \ (stb).addr = this_cpu(stubs.addr) + STUB_BUF_SIZE / 2; \ - memset(((stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn)))) + \ - ((stb).addr & ~PAGE_MASK), 0xcc, STUB_BUF_SIZE / 2); \ + (stb).ptr = map_domain_page(_mfn(this_cpu(stubs.mfn))) + \ + ((stb).addr & ~PAGE_MASK); \ + ptr = memset((stb).ptr, 0xcc, STUB_BUF_SIZE / 2); \ + if ( cpu_has_xen_ibt ) \ + { \ + place_endbr64(ptr); \ + ptr += 4; \ + } \ + ptr; \ }) #define put_stub(stb) ({ \ if ( (stb).ptr ) \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:29:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:29:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294907.501768 (Exim 4.92) (envelope-from ) id 1nXnkL-0007aO-VY; Fri, 25 Mar 2022 17:29:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294907.501768; Fri, 25 Mar 2022 17:29:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkL-0007aH-Sh; Fri, 25 Mar 2022 17:29:09 +0000 Received: by outflank-mailman (input) for mailman id 294907; Fri, 25 Mar 2022 17:29:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkL-0007a4-0e for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkK-00089B-WC for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkK-0006xd-VV for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XTry4dSUbOnkAD1x7Nvr4NGLRjbDxpwkBltBSw5KkBs=; b=AEtQwn6vHJmfAn+wd3AKNEvr47 lnWOraho0CmjkBXnrTSsxqaxTeNHhrGnPgOvTAK7NmAUQXfvJsmGefbh+7P9PQXzisvugm1YBWBna ukJsgQvB84LB5pnHzO02OKXgJrv1XECorTpJpNRX5cmOUd6xJ/jToYn2JmVffZ3coB0g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:29:08 +0000 commit ae18093e2093549e83164a90dd261b94fe8555a0 Author: Andrew Cooper AuthorDate: Mon Nov 1 09:51:16 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main handlers. Move the push %rax out of the stub and into {l,c}star_entry(), allowing room for the endbr64 instruction when appropriate. Update the comment describing the entry state. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 17d77ec62a299f4299883ec79ab10cacafd0b2f5) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 14 +++++++------- xen/arch/x86/x86_64/traps.c | 11 +++++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2136b272..f657c96ae6 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -200,9 +200,9 @@ ENTRY(cstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ + push %rax /* Guest %rsp */ CR4_PV32_RESTORE - movq 8(%rsp),%rax /* Restore %rax. */ + movq 8(%rsp), %rax /* Restore guest %rax. */ movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */ pushq %r11 pushq $FLAT_USER_CS32 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 000eb9722b..c26de0ec7c 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -229,18 +229,17 @@ iret_exit_to_guest: * When entering SYSCALL from user mode: * Vector directly to the registered arch.syscall_addr. * - * Initial work is done by per-CPU trampolines. At this point %rsp has been - * initialised to point at the correct Xen stack, %rsp has been saved, and - * %rax needs to be restored from the %ss save slot. All other registers are - * still to be saved onto the stack, starting with RFLAGS, and an appropriate - * %ss must be saved into the space left by the trampoline. + * Initial work is done by per-CPU trampolines. + * - Guest %rax stored in the %ss slot + * - Guest %rsp stored in %rax + * - Xen stack loaded, pointing at the %ss slot */ ENTRY(lstar_enter) #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif - /* sti could live here when we don't switch page tables below. */ - movq 8(%rsp),%rax /* Restore %rax. */ + push %rax /* Guest %rsp */ + movq 8(%rsp), %rax /* Restore guest %rax */ movq $FLAT_KERNEL_SS,8(%rsp) pushq %r11 pushq $FLAT_KERNEL_CS64 @@ -272,6 +271,7 @@ ENTRY(lstar_enter) jmp test_all_events ENTRY(sysenter_entry) + ENDBR64 #ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK #endif diff --git a/xen/arch/x86/x86_64/traps.c b/xen/arch/x86/x86_64/traps.c index 9695a30050..957127ac4a 100644 --- a/xen/arch/x86/x86_64/traps.c +++ b/xen/arch/x86/x86_64/traps.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -273,6 +274,12 @@ static unsigned int write_stub_trampoline( { unsigned char *p = stub; + if ( cpu_has_xen_ibt ) + { + place_endbr64(p); + p += 4; + } + /* Store guest %rax into %ss slot */ /* movabsq %rax, stack_bottom - 8 */ *p++ = 0x48; @@ -293,10 +300,6 @@ static unsigned int write_stub_trampoline( *(uint64_t *)p = stack_bottom - 8; p += 8; - /* Store guest %rsp into %rsp slot */ - /* pushq %rax */ - *p++ = 0x50; - /* jmp target_va */ *p++ = 0xe9; *(int32_t *)p = target_va - (stub_va + (p - stub) + 4); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:29:20 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:29:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294908.501773 (Exim 4.92) (envelope-from ) id 1nXnkW-0007dE-0u; Fri, 25 Mar 2022 17:29:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294908.501773; Fri, 25 Mar 2022 17:29:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkV-0007d4-UE; Fri, 25 Mar 2022 17:29:19 +0000 Received: by outflank-mailman (input) for mailman id 294908; Fri, 25 Mar 2022 17:29:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkV-0007cx-4X for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkV-00089e-2w for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkV-0006yK-2A for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IlOEK5bRsmMX5NGufyJiZIZBCvw7+snpBwqp0VN2x6Y=; b=euzTUr9uRSW3DIetVI2ukLGDXX bZdL1l5kJG/d8+8wH7HX+tXwj3WI7LUj/0xOl+H9dC7RQLFTfNLvvCnC22nWr+qpUTMnXpMUWowk8 pf5a7/Rdd/A5xHYLNxjDWWt7xrREZHfOtCro9ccZ5v6C9ZKRombyicXKQ5z5u5IADLRw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/entry: Make IDT entrypoints CET-IBT compatible Message-Id: Date: Fri, 25 Mar 2022 17:29:19 +0000 commit 3e010879f3ba4d4d455b554593e9c037338508d3 Author: Andrew Cooper AuthorDate: Mon Nov 1 17:08:24 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/entry: Make IDT entrypoints CET-IBT compatible Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will recurse indefinitely if the endbr64 is missing, eventually escalating to #DF if guard pages are active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e702e36d1d519f4b66086650c1c47d6bac96d4b9) Also include the continue_pv_domain() change from c/s 954bb07fdb5fad which is also in entry.S --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen/arch/x86/x86_64/entry.S | 31 +++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index f657c96ae6..b67468f7c9 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -12,6 +12,7 @@ #include ENTRY(entry_int82) + ENDBR64 ASM_CLAC pushq $0 movl $HYPERCALL_VECTOR, 4(%rsp) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c26de0ec7c..cbf332e752 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -333,6 +333,7 @@ UNLIKELY_END(sysenter_gpf) jmp .Lbounce_exception ENTRY(int80_direct_trap) + ENDBR64 ASM_CLAC pushq $0 movl $0x80, 4(%rsp) @@ -559,6 +560,7 @@ ENTRY(dom_crash_sync_extable) /* No special register assumptions. */ ENTRY(ret_from_intr) #ifdef CONFIG_PV + ENDBR64 GET_CURRENT(bx) testb $3, UREGS_cs(%rsp) jz restore_all_xen @@ -623,6 +625,7 @@ ENTRY(common_interrupt) jmp ret_from_intr ENTRY(page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) /* No special register assumptions. */ GLOBAL(handle_exception) @@ -760,75 +763,91 @@ FATAL_exception_with_ints_disabled: BUG /* fatal_trap() shouldn't return. */ ENTRY(divide_error) + ENDBR64 pushq $0 movl $TRAP_divide_error,4(%rsp) jmp handle_exception ENTRY(coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_copro_error,4(%rsp) jmp handle_exception ENTRY(simd_coprocessor_error) + ENDBR64 pushq $0 movl $TRAP_simd_error,4(%rsp) jmp handle_exception ENTRY(device_not_available) + ENDBR64 pushq $0 movl $TRAP_no_device,4(%rsp) jmp handle_exception ENTRY(debug) + ENDBR64 pushq $0 movl $TRAP_debug,4(%rsp) jmp handle_ist_exception ENTRY(int3) + ENDBR64 pushq $0 movl $TRAP_int3,4(%rsp) jmp handle_exception ENTRY(overflow) + ENDBR64 pushq $0 movl $TRAP_overflow,4(%rsp) jmp handle_exception ENTRY(bounds) + ENDBR64 pushq $0 movl $TRAP_bounds,4(%rsp) jmp handle_exception ENTRY(invalid_op) + ENDBR64 pushq $0 movl $TRAP_invalid_op,4(%rsp) jmp handle_exception ENTRY(invalid_TSS) + ENDBR64 movl $TRAP_invalid_tss,4(%rsp) jmp handle_exception ENTRY(segment_not_present) + ENDBR64 movl $TRAP_no_segment,4(%rsp) jmp handle_exception ENTRY(stack_segment) + ENDBR64 movl $TRAP_stack_error,4(%rsp) jmp handle_exception ENTRY(general_protection) + ENDBR64 movl $TRAP_gp_fault,4(%rsp) jmp handle_exception ENTRY(alignment_check) + ENDBR64 movl $TRAP_alignment_check,4(%rsp) jmp handle_exception ENTRY(entry_CP) + ENDBR64 movl $X86_EXC_CP, 4(%rsp) jmp handle_exception ENTRY(double_fault) + ENDBR64 movl $TRAP_double_fault,4(%rsp) /* Set AC to reduce chance of further SMAP faults */ SAVE_ALL STAC @@ -853,6 +872,7 @@ ENTRY(double_fault) .pushsection .init.text, "ax", @progbits ENTRY(early_page_fault) + ENDBR64 movl $TRAP_page_fault,4(%rsp) SAVE_ALL movq %rsp,%rdi @@ -861,6 +881,7 @@ ENTRY(early_page_fault) .popsection ENTRY(nmi) + ENDBR64 pushq $0 movl $TRAP_nmi,4(%rsp) handle_ist_exception: @@ -957,12 +978,14 @@ handle_ist_exception: #endif ENTRY(machine_check) + ENDBR64 pushq $0 movl $TRAP_machine_check,4(%rsp) jmp handle_ist_exception /* No op trap handler. Required for kexec crash path. */ GLOBAL(trap_nop) + ENDBR64 iretq /* Table of automatically generated entry points. One per vector. */ @@ -989,7 +1012,9 @@ autogen_stubs: /* Automatically generated stubs. */ #endif ALIGN -1: pushq $0 +1: + ENDBR64 + pushq $0 movb $vec,4(%rsp) jmp common_interrupt @@ -999,7 +1024,9 @@ autogen_stubs: /* Automatically generated stubs. */ .elseif vec == X86_EXC_CSO || vec == X86_EXC_SPV || \ vec == X86_EXC_VE || (vec > X86_EXC_CP && vec < TRAP_nr) -1: test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ +1: + ENDBR64 + test $8,%spl /* 64bit exception frames are 16 byte aligned, but the word */ jz 2f /* size is 8 bytes. Check whether the processor gave us an */ pushq $0 /* error code, and insert an empty one if not. */ 2: movb $vec,4(%rsp) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:29:30 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:29:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294909.501777 (Exim 4.92) (envelope-from ) id 1nXnkg-0007gZ-3n; Fri, 25 Mar 2022 17:29:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294909.501777; Fri, 25 Mar 2022 17:29:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkg-0007gR-0n; Fri, 25 Mar 2022 17:29:30 +0000 Received: by outflank-mailman (input) for mailman id 294909; Fri, 25 Mar 2022 17:29:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkf-0007gH-6x for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkf-00089m-6D for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkf-0006yw-5K for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/vCHXhka0eJWHfyN+xno/fnfcVakzgNF2jz5G97mswE=; b=UncPYtHEFeO1CgJVjIKMv5HcOX vvXTRmcFXwYTORDWyU8Arwxoff5vKpqzHrA+Uik9Cr9a9DVWjnVD3ytC9BNjNnNR6AEmg0PWwBmk1 mP7XGbjvAjT+lVoPTM5Mv6ssUmVdTF5pOtL18VscvjDZBDCreLMCTc5CQv7SfUFP0ltQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/setup: Rework MSR_S_CET handling for CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:29:29 +0000 commit 9bdbbf1b46e465adcd066a88d33d47824d2f788c Author: Andrew Cooper AuthorDate: Mon Nov 1 16:13:29 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/setup: Rework MSR_S_CET handling for CET-IBT CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constant any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potentially active. To active CET-IBT, we only need CR4.CET and MSR_S_CET.ENDBR_EN. This is common with the CET-SS setup, so reorder the operations to set up CR4 and MSR_S_CET for any nonzero result from xen_msr_s_cet_value(), and set up MSR_PL0_SSP and SSP if SHSTK_EN was also set. Adjust the crash path to disable CET-IBT too. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 311434bfc9d10615adbd340d7fb08c05cd14f4c7) --- xen/arch/x86/acpi/wakeup_prot.S | 38 +++++++++++++++++++++++--------------- xen/arch/x86/boot/x86_64.S | 30 +++++++++++++++++++----------- xen/arch/x86/crash.c | 4 ++-- xen/arch/x86/setup.c | 17 ++++++++++++++++- xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_prot.S index 15052c300f..3855ff1ddb 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,7 +63,26 @@ ENTRY(s3_resume) pushq %rax lretq 1: -#ifdef CONFIG_XEN_SHSTK +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_cet_done + + /* Set up MSR_S_CET. */ + mov $MSR_S_CET, %ecx + xor %edx, %edx + wrmsr + + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_cet_done + /* * Restoring SSP is a little complicated, because we are intercepting * an in-use shadow stack. Write a temporary token under the stack, @@ -71,14 +90,6 @@ ENTRY(s3_resume) * reset MSR_PL0_SSP to its usual value and pop the temporary token. */ mov saved_ssp(%rip), %rdi - cmpq $1, %rdi - je .L_shstk_done - - /* Set up MSR_S_CET. */ - mov $MSR_S_CET, %ecx - xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax - wrmsr /* Construct the temporary supervisor token under SSP. */ sub $8, %rdi @@ -90,10 +101,6 @@ ENTRY(s3_resume) mov %edi, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ebx - mov %rbx, %cr4 - /* Write the temporary token onto the shadow stack, and activate it. */ wrssq %rdi, (%rdi) setssbsy @@ -106,8 +113,9 @@ ENTRY(s3_resume) /* Pop the temporary token off the stack. */ mov $2, %eax incsspd %eax -.L_shstk_done: -#endif +#endif /* CONFIG_XEN_SHSTK */ +.L_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ call load_system_tables diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d61048c583..94b1d984cf 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -30,18 +30,27 @@ ENTRY(__high_start) test %ebx,%ebx jz .L_bsp - /* APs. Set up shadow stacks before entering C. */ -#ifdef CONFIG_XEN_SHSTK - testl $cpufeat_mask(X86_FEATURE_XEN_SHSTK), \ - CPUINFO_FEATURE_OFFSET(X86_FEATURE_XEN_SHSTK) + boot_cpu_data(%rip) - je .L_ap_shstk_done + /* APs. Set up CET before entering C properly. */ +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) + call xen_msr_s_cet_value + test %eax, %eax + jz .L_ap_cet_done /* Set up MSR_S_CET. */ mov $MSR_S_CET, %ecx xor %edx, %edx - mov $CET_SHSTK_EN | CET_WRSS_EN, %eax wrmsr + /* Enable CR4.CET. */ + mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov %rcx, %cr4 + + /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SSP */ + +#if defined(CONFIG_XEN_SHSTK) + test $CET_SHSTK_EN, %al + jz .L_ap_cet_done + /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ mov $MSR_PL0_SSP, %ecx mov %rsp, %rdx @@ -51,13 +60,12 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr - /* Enable CET. MSR_INTERRUPT_SSP_TABLE is set up later in load_system_tables(). */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx - mov %rcx, %cr4 setssbsy -#endif -.L_ap_shstk_done: +#endif /* CONFIG_XEN_SHSTK */ +.L_ap_cet_done: +#endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ + call start_secondary BUG /* start_secondary() shouldn't return. */ diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 0611b4fb9b..cfc6bdab7b 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -200,8 +200,8 @@ void machine_crash_shutdown(void) /* Reset CPUID masking and faulting to the host's default. */ ctxt_switch_levelling(NULL); - /* Disable shadow stacks. */ - if ( cpu_has_xen_shstk ) + /* Disable CET. */ + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) { wrmsrl(MSR_S_CET, 0); write_cr4(read_cr4() & ~X86_CR4_CET); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 297845d691..b80b933ddb 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -654,6 +654,21 @@ static void noinline init_done(void) startup_cpu_idle_loop(); } +#if defined(CONFIG_XEN_SHSTK) || defined(CONFIG_XEN_IBT) +/* + * Used by AP and S3 asm code to calcualte the appropriate MSR_S_CET setting. + * Do not use on the BSP before reinit_bsp_stack(), or it may turn SHSTK on + * too early. + */ +unsigned int xen_msr_s_cet_value(void) +{ + return ((cpu_has_xen_shstk ? CET_SHSTK_EN | CET_WRSS_EN : 0) | + (cpu_has_xen_ibt ? CET_ENDBR_EN : 0)); +} +#else +unsigned int xen_msr_s_cet_value(void); /* To avoid ifdefary */ +#endif + /* Reinitalise all state referring to the old virtual address of the stack. */ static void __init noreturn reinit_bsp_stack(void) { @@ -677,7 +692,7 @@ static void __init noreturn reinit_bsp_stack(void) { wrmsrl(MSR_PL0_SSP, (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8); - wrmsrl(MSR_S_CET, CET_SHSTK_EN | CET_WRSS_EN); + wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 93f96e2ace..7a39d94b9a 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -118,6 +118,7 @@ #define MSR_S_CET 0x000006a2 #define CET_SHSTK_EN (_AC(1, ULL) << 0) #define CET_WRSS_EN (_AC(1, ULL) << 1) +#define CET_ENDBR_EN (_AC(1, ULL) << 2) #define MSR_PL0_SSP 0x000006a4 #define MSR_PL1_SSP 0x000006a5 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:29:40 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:29:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294911.501780 (Exim 4.92) (envelope-from ) id 1nXnkq-0007jO-5X; Fri, 25 Mar 2022 17:29:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294911.501780; Fri, 25 Mar 2022 17:29:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkq-0007jE-2b; Fri, 25 Mar 2022 17:29:40 +0000 Received: by outflank-mailman (input) for mailman id 294911; Fri, 25 Mar 2022 17:29:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkp-0007j4-AH for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkp-00089v-9X for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkp-0006zt-8g for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oSq6Cqu6DdMLrcnHGo6O57XO8C9lIIJfRIkOnlUCXVw=; b=Zngyrv4NeO82fow/kl0QeZjggV 3QVg03O51HIQXmDaUMtn7GMi4aJOj+FNNw4PCnoVoogUtr09Dw4W11RbhW4bBFwXYDNfdMZwBXMS1 NAH/mxUL9MXpQtx9EPU3WoC1C3fSjFQCO3HMENbiEdeAS4ktvSrai5h34aLuXds3NxdU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/EFI: Disable CET-IBT around Runtime Services calls Message-Id: Date: Fri, 25 Mar 2022 17:29:39 +0000 commit cc080e630fa105d6924142be5ddb430756779528 Author: Andrew Cooper AuthorDate: Mon Nov 1 21:54:26 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/EFI: Disable CET-IBT around Runtime Services calls UEFI Runtime services, at the time of writing, aren't CET-IBT compatible. Work is ongoing to address this. In the meantime, unconditionally disable IBT. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit d37a8a067e62e3b6709d224c22f740fdda9d0078) --- xen/common/efi/runtime.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index bbcc756f57..a8fc2b99ae 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -21,6 +21,7 @@ struct efi_rs_state { * don't strictly need that. */ unsigned long __aligned(32) cr3; + unsigned long msr_s_cet; #endif }; @@ -113,6 +114,19 @@ struct efi_rs_state efi_rs_enter(void) switch_cr3_cr4(virt_to_maddr(efi_l4_pgtable), read_cr4()); + /* + * At the time of writing (2022), no UEFI firwmare is CET-IBT compatible. + * Work is under way to remedy this. + * + * Stash MSR_S_CET and clobber ENDBR_EN. This is necessary because + * SHSTK_EN isn't configured until very late on the BSP. + */ + if ( cpu_has_xen_ibt ) + { + rdmsrl(MSR_S_CET, state.msr_s_cet); + wrmsrl(MSR_S_CET, state.msr_s_cet & ~CET_ENDBR_EN); + } + return state; } @@ -122,6 +136,10 @@ void efi_rs_leave(struct efi_rs_state *state) if ( !state->cr3 ) return; + + if ( state->msr_s_cet ) + wrmsrl(MSR_S_CET, state->msr_s_cet); + switch_cr3_cr4(state->cr3, read_cr4()); if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:29:50 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:29:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294912.501785 (Exim 4.92) (envelope-from ) id 1nXnl0-0007mU-7A; Fri, 25 Mar 2022 17:29:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294912.501785; Fri, 25 Mar 2022 17:29:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnl0-0007mK-45; Fri, 25 Mar 2022 17:29:50 +0000 Received: by outflank-mailman (input) for mailman id 294912; Fri, 25 Mar 2022 17:29:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkz-0007mC-DH for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnkz-0008A4-CZ for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnkz-00070b-Bs for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aWK+xRZwSViR2pn2QG0h3Dz6fJN4aE8tIfyhezSgBVg=; b=FIPqGN/EQ4w4Pt3P45zICYHqLz ZFxxmRRpnCgThMd1t546WK6lP0z3pnn92jIIYy+2M0WyP4idGn1y3eWKVK+IF+K+wHd1v5gpHJm20 WVzTud+QzuOb7ZTONUBkGbWoljPXwnwns5cfI1VatsaQjZkRZyOXzV+DX/Auyax/70AI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86: Enable CET Indirect Branch Tracking Message-Id: Date: Fri, 25 Mar 2022 17:29:49 +0000 commit e56827aa689e57d485fe3b40c71c0061ce1ded3e Author: Andrew Cooper AuthorDate: Mon Nov 1 15:17:20 2021 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86: Enable CET Indirect Branch Tracking With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropriate. Introduce a cet=no-ibt command line option to allow the admin to disable IBT even when everything else is configured correctly. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6) --- docs/misc/xen-command-line.pandoc | 16 +++++++++++---- xen/arch/x86/cpu/common.c | 1 + xen/arch/x86/setup.c | 42 ++++++++++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index c0bfbb7a5c..5467ae7168 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -271,7 +271,7 @@ enough. Setting this to a high value may cause boot failure, particularly if the NMI watchdog is also enabled. ### cet - = List of [ shstk= ] + = List of [ shstk=, ibt= ] Applicability: x86 @@ -279,6 +279,10 @@ Controls for the use of Control-flow Enforcement Technology. CET is group a of hardware features designed to combat Return-oriented Programming (ROP, also call/jmp COP/JOP) attacks. +CET is incompatible with 32bit PV guests. If any CET sub-options are active, +they will override the `pv=32` boolean to `false`. Backwards compatibility +can be maintained with the pv-shim mechanism. + * The `shstk=` boolean controls whether Xen uses Shadow Stacks for its own protection. @@ -287,9 +291,13 @@ call/jmp COP/JOP) attacks. `cet=no-shstk` will cause Xen not to use Shadow Stacks even when support is available in hardware. - Shadow Stacks are incompatible with 32bit PV guests. This option will - override the `pv=32` boolean to false. Backwards compatibility can be - maintained with the `pv-shim` mechanism. +* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for + its own protection. + + The option is available when `CONFIG_XEN_IBT` is compiled in, and defaults + to `true` on hardware supporting CET-IBT. Specifying `cet=no-ibt` will + cause Xen not to use Indirect Branch Tracking even when support is + available in hardware. ### clocksource (x86) > `= pit | hpet | acpi | tsc` diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index b6672b56da..0388d720df 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -332,6 +332,7 @@ void __init early_cpu_init(void) if (c->cpuid_level >= 7) { cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; + c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; } eax = cpuid_eax(0x80000000); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index b80b933ddb..992d24ec7e 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -101,6 +101,12 @@ static bool __initdata opt_xen_shstk = true; #define opt_xen_shstk false #endif +#ifdef CONFIG_XEN_IBT +static bool __initdata opt_xen_ibt = true; +#else +#define opt_xen_ibt false +#endif + static int __init parse_cet(const char *s) { const char *ss; @@ -117,6 +123,14 @@ static int __init parse_cet(const char *s) opt_xen_shstk = val; #else no_config_param("XEN_SHSTK", "cet", s, ss); +#endif + } + else if ( (val = parse_boolean("ibt", s, ss)) >= 0 ) + { +#ifdef CONFIG_XEN_IBT + opt_xen_ibt = val; +#else + no_config_param("XEN_IBT", "cet", s, ss); #endif } else @@ -1103,11 +1117,33 @@ void __init noreturn __start_xen(unsigned long mbi_p) printk("Enabling Supervisor Shadow Stacks\n"); setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK); + } + + if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) + { + printk("Enabling Indirect Branch Tracking\n"); + + setup_force_cpu_cap(X86_FEATURE_XEN_IBT); + + if ( efi_enabled(EFI_RS) ) + printk(" - IBT disabled in UEFI Runtime Services\n"); + + /* + * Enable IBT now. Only require the endbr64 on callees, which is + * entirely build-time arrangements. + */ + wrmsrl(MSR_S_CET, CET_ENDBR_EN); + } + + if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) + { + set_in_cr4(X86_CR4_CET); + #ifdef CONFIG_PV32 if ( opt_pv32 ) { opt_pv32 = 0; - printk(" - Disabling PV32 due to Shadow Stacks\n"); + printk(" - Disabling PV32 due to CET\n"); } #endif } @@ -1848,10 +1884,6 @@ void __init noreturn __start_xen(unsigned long mbi_p) alternative_branches(); - /* Defer CR4.CET until alternatives have finished playing with CR0.WP */ - if ( cpu_has_xen_shstk ) - set_in_cr4(X86_CR4_CET); - /* * NB: when running as a PV shim VCPUOP_up/down is wired to the shim * physical cpu_add/remove functions, so launch the guest with only -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:00 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294913.501789 (Exim 4.92) (envelope-from ) id 1nXnlA-0007pE-8V; Fri, 25 Mar 2022 17:30:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294913.501789; Fri, 25 Mar 2022 17:30:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlA-0007p6-5T; Fri, 25 Mar 2022 17:30:00 +0000 Received: by outflank-mailman (input) for mailman id 294913; Fri, 25 Mar 2022 17:29:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnl9-0007ox-JE for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnl9-0008AA-IU for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnl9-00072I-Gy for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:29:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TkJuPKOm4uQzyBxll1/TP0dod2AncvJ4e3L53N7yGXg=; b=pcXQcAoTL1kZ2F2HARbenU+b3B hOiKyi2gOib5zW8a2ZbNyA7uxAh2tuDfDx66q6m9iHpgdmoIvUXnm1ezFaR4fmAE3ZqXusHB5WuiA b0r9DP0OVB6oEPTseSLzmmbivvF84u1yq6b6iuJsmHX70+TTBvpZnT/L5lRrF9w/hIf8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/CET: Fix S3 resume with shadow stacks active Message-Id: Date: Fri, 25 Mar 2022 17:29:59 +0000 commit 1bb2a88f0cb9564bfd2fe546938aeffe3d7ee460 Author: Andrew Cooper AuthorDate: Thu Feb 24 12:18:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/CET: Fix S3 resume with shadow stacks active The original shadow stack support has an error on S3 resume with very bizarre fallout. The BSP comes back up, but APs fail with: (XEN) Enabling non-boot CPUs ... (XEN) Stuck ?? (XEN) Error bringing CPU1 up: -5 and then later (on at least two Intel TigerLake platforms), the next HVM vCPU to be scheduled on the BSP dies with: (XEN) d1v0 Unexpected vmexit: reason 3 (XEN) domain_crash called from vmx.c:4304 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: The VMExit reason is EXIT_REASON_INIT, which has nothing to do with the scheduled vCPU, and will be addressed in a subsequent patch. It is a consequence of the APs triple faulting. The reason the APs triple fault is because we don't tear down the stacks on suspend. The idle/play_dead loop is killed in the middle of running, meaning that the supervisor token is left busy. On resume, SETSSBSY finds busy bit set, suffers #CP and triple faults because the IDT isn't configured this early. Rework the AP bring-up path to (re)create the supervisor token. This ensures the primary stack is non-busy before use. Note: There are potential issues with the IST shadow stacks too, but fixing those is more involved. Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Link: https://github.com/QubesOS/qubes-issues/issues/7283 Reported-by: Thiner Logoer Reported-by: Marek Marczykowski-Górecki Signed-off-by: Andrew Cooper Tested-by: Thiner Logoer Tested-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich (cherry picked from commit 7d9589239ec068c944190408b9838774d5ec1f8f) --- xen/arch/x86/boot/x86_64.S | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 94b1d984cf..f11b5d0679 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -51,13 +51,21 @@ ENTRY(__high_start) test $CET_SHSTK_EN, %al jz .L_ap_cet_done - /* Derive MSR_PL0_SSP from %rsp (token written when stack is allocated). */ - mov $MSR_PL0_SSP, %ecx + /* Derive the supervisor token address from %rsp. */ mov %rsp, %rdx + and $~(STACK_SIZE - 1), %rdx + or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx + + /* + * Write a new supervisor token. Doesn't matter on boot, but for S3 + * resume this clears the busy bit. + */ + wrssq %rdx, (%rdx) + + /* Point MSR_PL0_SSP at the token. */ + mov $MSR_PL0_SSP, %ecx + mov %edx, %eax shr $32, %rdx - mov %esp, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr setssbsy -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:11 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294914.501793 (Exim 4.92) (envelope-from ) id 1nXnlL-0000Ba-A9; Fri, 25 Mar 2022 17:30:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294914.501793; Fri, 25 Mar 2022 17:30:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlL-0000BR-6x; Fri, 25 Mar 2022 17:30:11 +0000 Received: by outflank-mailman (input) for mailman id 294914; Fri, 25 Mar 2022 17:30:09 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlJ-0000B6-NT for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlJ-0008CM-Mn for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnlJ-00073J-M9 for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UQ9sUg+HQk/lDbspziGuj9NbHS3wkRE3jcn94uvxmpE=; b=YwjWJ24OQ0Te9kUyyW/im/5rX0 +6xnqgp5a6CF3ygPVGc8bAKmJ6YKYcXPv+ByyO/Wgjv5gxK+8lnj3iWGTO1goKTmXrFq/EEhcoFS1 Kluq+7p/l0h/iTBxkD3jhk5AurkqCix72De8rCIs8FV5hSjezyZrnV4b9seP2yUo/90c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/spec-ctrl: Disable retpolines with CET-IBT Message-Id: Date: Fri, 25 Mar 2022 17:30:09 +0000 commit 631d8408bbb424aed9f5fa3579a22aa1027e9902 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:26:37 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/spec-ctrl: Disable retpolines with CET-IBT CET-IBT depend on executing indirect branches for protections to apply. Extend the clobber for CET-SS to all of CET. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 6e3f36387de566b09aa4145ea0e3bfe4814d68b4) --- xen/arch/x86/spec_ctrl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7ded6ecba1..1e226102d3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -919,13 +919,14 @@ void __init init_speculation_mitigations(void) boot_cpu_has(X86_FEATURE_IBRS)); /* - * First, disable the use of retpolines if Xen is using shadow stacks, as - * they are incompatible. + * First, disable the use of retpolines if Xen is using CET. Retpolines + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends + * on executing indirect branches for the safety properties to apply. * * In the absence of retpolines, IBRS needs to be used for speculative * safety. All CET-capable hardware has efficient IBRS. */ - if ( cpu_has_xen_shstk ) + if ( read_cr4() & X86_CR4_CET ) { if ( !has_spec_ctrl ) printk(XENLOG_WARNING "?!? CET active, but no MSR_SPEC_CTRL?\n"); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:21 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294915.501797 (Exim 4.92) (envelope-from ) id 1nXnlV-0000F5-D5; Fri, 25 Mar 2022 17:30:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294915.501797; Fri, 25 Mar 2022 17:30:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlV-0000Ex-A5; Fri, 25 Mar 2022 17:30:21 +0000 Received: by outflank-mailman (input) for mailman id 294915; Fri, 25 Mar 2022 17:30:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlT-0000Ei-QV for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlT-0008Ck-Pe for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnlT-000741-Ov for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lmCPd2MK4hFOnKfKVx0XpOlmA9DR0qwHTXFGqh3EZns=; b=XHFJmEt+Oz6eAdIjZDgjw9IRbg O4rSbzgjWMeJ5kPS9DkLyrgpb58BLG9fRLPTsHhfBkX2JLSX4n3BshXmQshO03fXXIVRxk217KK30 Nk/UV6SCXeW6GkeHbaxR8QK2F7wIp90vgR6lA5sCg6/zVduZLcUnwXqzyzOfFvrwaXIU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/kexec: Fix kexec-reboot with CET active Message-Id: Date: Fri, 25 Mar 2022 17:30:19 +0000 commit 37e594c58ff43aa2d65f49bfde106ecaffbbeeac Author: Andrew Cooper AuthorDate: Mon Mar 7 20:19:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/kexec: Fix kexec-reboot with CET active The kexec_reloc() asm has an indirect jump to relocate onto the identity trampoline. While we clear CET in machine_crash_shutdown(), we fail to clear CET for the non-crash path. This in turn highlights that the same is true of resetting the CPUID masking/faulting. Move both pieces of logic from machine_crash_shutdown() to machine_kexec(), the latter being common for all kexec transitions. Adjust the condition for CET being considered active to check in CR4, which is simpler and more robust. Fixes: 311434bfc9d1 ("x86/setup: Rework MSR_S_CET handling for CET-IBT") Fixes: b60ab42db2f0 ("x86/shstk: Activate Supervisor Shadow Stacks") Fixes: 5ab9564c6fa1 ("x86/cpu: Context switch cpuid masks and faulting state in context_switch()") Reported-by: David Vrabel Signed-off-by: Andrew Cooper Reviewed-by: David Vrabel (cherry picked from commit 7f5b2448bd724f5f24426b2595a9bdceb1e5a346) --- xen/arch/x86/crash.c | 10 ---------- xen/arch/x86/machine_kexec.c | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index cfc6bdab7b..05a6104378 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -197,16 +197,6 @@ void machine_crash_shutdown(void) nmi_shootdown_cpus(); - /* Reset CPUID masking and faulting to the host's default. */ - ctxt_switch_levelling(NULL); - - /* Disable CET. */ - if ( cpu_has_xen_shstk || cpu_has_xen_ibt ) - { - wrmsrl(MSR_S_CET, 0); - write_cr4(read_cr4() & ~X86_CR4_CET); - } - info = kexec_crash_save_info(); info->xen_phys_start = xen_phys_start; info->dom0_pfn_to_mfn_frame_list_list = diff --git a/xen/arch/x86/machine_kexec.c b/xen/arch/x86/machine_kexec.c index b70d5a6a86..eabba6aa6d 100644 --- a/xen/arch/x86/machine_kexec.c +++ b/xen/arch/x86/machine_kexec.c @@ -172,6 +172,16 @@ void machine_kexec(struct kexec_image *image) _update_gate_addr_lower(&idt_tables[i][TRAP_machine_check], &trap_nop); } + /* Reset CPUID masking and faulting to the host's default. */ + ctxt_switch_levelling(NULL); + + /* Disable CET. */ + if ( read_cr4() & X86_CR4_CET ) + { + wrmsrl(MSR_S_CET, 0); + write_cr4(read_cr4() & ~X86_CR4_CET); + } + /* Explicitly enable NMIs on this CPU. Some crashdump kernels do * not like running with NMIs disabled. */ enable_nmis(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:31 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294916.501801 (Exim 4.92) (envelope-from ) id 1nXnlf-0000IR-Ee; Fri, 25 Mar 2022 17:30:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294916.501801; Fri, 25 Mar 2022 17:30:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlf-0000I6-Bf; Fri, 25 Mar 2022 17:30:31 +0000 Received: by outflank-mailman (input) for mailman id 294916; Fri, 25 Mar 2022 17:30:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnld-0000Hs-Ua for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnld-0008Cv-Tm for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnld-000751-So for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9oRs5oSDPr75IYaZDsahqn1/bz9Rtu4MUqr2x+sl8cU=; b=TzhhGbv7YOwlWPXpvPL06Y97oE uiEgdDpwwSlN5u8j5irx0U5xbI+OeS1bgbhXQYhH+9KtTNm9RDwFgPGaA01qmzcPPVRULIj0Fn0M0 pj6Yss4I5V/0UEjx8v4nM/HCuAFAFiYvKxXia+mHDGNVYeoH+XFmqwcKaPE1Fz9bw2mU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cet: Clear IST supervisor token busy bits on S3 resume Message-Id: Date: Fri, 25 Mar 2022 17:30:29 +0000 commit c843a3030ba90f6f0982814a5f6524418c5f68d2 Author: Andrew Cooper AuthorDate: Mon Mar 14 10:30:46 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Clear IST supervisor token busy bits on S3 resume Stacks are not freed across S3. Execution just stops, leaving supervisor token busy bits active. Fixing this for the primary shadow stack was done previously, but there is a (rare) risk that an IST token is left busy too, if the platform power-off happens to intersect with an NMI/#MC arriving. This will manifest as #DF next time the IST vector gets used. Introduce rdssp() and wrss() helpers in a new shstk.h, cleaning up fixup_exception_return() and explaining the trick with the literal 1. Then this infrastructure to rewrite the IST tokens in load_system_tables() when all the other IST details are being set up. In the case that an IST token were left busy across S3, this will clear the busy bit before the stack gets used. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit e421ed0f68488863599532bda575c03c33cde0e0) --- xen/arch/x86/cpu/common.c | 25 ++++++++++++++++++++---- xen/arch/x86/traps.c | 8 +++----- xen/include/asm-x86/shstk.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 0388d720df..dd592a69c5 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include /* for XEN_INVALID_{SOCKET,CORE}_ID */ @@ -811,15 +812,31 @@ void load_system_tables(void) */ if (cpu_has_xen_shstk) { volatile uint64_t *ist_ssp = tss_page->ist_ssp; + unsigned long + mce_ssp = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, + nmi_ssp = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, + db_ssp = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, + df_ssp = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; ist_ssp[0] = 0x8600111111111111ul; - ist_ssp[IST_MCE] = stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_NMI] = stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DB] = stack_top + (IST_DB * IST_SHSTK_SIZE) - 8; - ist_ssp[IST_DF] = stack_top + (IST_DF * IST_SHSTK_SIZE) - 8; + ist_ssp[IST_MCE] = mce_ssp; + ist_ssp[IST_NMI] = nmi_ssp; + ist_ssp[IST_DB] = db_ssp; + ist_ssp[IST_DF] = df_ssp; for ( i = IST_DF + 1; i < ARRAY_SIZE(tss_page->ist_ssp); ++i ) ist_ssp[i] = 0x8600111111111111ul; + if (IS_ENABLED(CONFIG_XEN_SHSTK) && rdssp() != SSP_NO_SHSTK) { + /* + * Rewrite supervisor tokens when shadow stacks are + * active. This resets any busy bits left across S3. + */ + wrss(mce_ssp, _p(mce_ssp)); + wrss(nmi_ssp, _p(nmi_ssp)); + wrss(db_ssp, _p(db_ssp)); + wrss(df_ssp, _p(df_ssp)); + } + wrmsrl(MSR_INTERRUPT_SSP_TABLE, (unsigned long)ist_ssp); } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d8dd583a4a..de372853d1 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -81,6 +81,7 @@ #include #include #include +#include /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. @@ -782,8 +783,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, { unsigned long ssp, *ptr, *base; - asm ( "rdsspq %0" : "=r" (ssp) : "0" (1) ); - if ( ssp == 1 ) + if ( (ssp = rdssp()) == SSP_NO_SHSTK ) goto shstk_done; ptr = _p(ssp); @@ -812,9 +812,7 @@ static void fixup_exception_return(struct cpu_user_regs *regs, */ if ( ptr[0] == regs->rip && ptr[1] == regs->cs ) { - asm ( "wrssq %[fix], %[stk]" - : [stk] "=m" (ptr[0]) - : [fix] "r" (fixup) ); + wrss(fixup, ptr); goto shstk_done; } } diff --git a/xen/include/asm-x86/shstk.h b/xen/include/asm-x86/shstk.h new file mode 100644 index 0000000000..fdc9cc65a3 --- /dev/null +++ b/xen/include/asm-x86/shstk.h @@ -0,0 +1,46 @@ +/****************************************************************************** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; If not, see . + * + * Copyright (c) 2022 Citrix Systems Ltd. + */ +#ifndef XEN_ASM_SHSTK_H +#define XEN_ASM_SHSTK_H + +/* + * RDSSP is a nop when shadow stacks are inactive. Also, SSP has a minimum + * alignment of 4 which is enforced by hardware. + * + * We load 1 into a register, then RDSSP. If shadow stacks are not enabled, + * RDSSP is a nop, and the 1 is preserved. Otherwise, the 1 is clobbered with + * the real SSP, which has the bottom two bits clear. + */ +#define SSP_NO_SHSTK 1 + +static inline unsigned long rdssp(void) +{ + unsigned long ssp; + + asm volatile ( "rdsspq %0" : "=r" (ssp) : "0" (SSP_NO_SHSTK) ); + + return ssp; +} + +static inline void wrss(unsigned long val, unsigned long *ptr) +{ + asm ( "wrssq %[val], %[ptr]" + : [ptr] "=m" (*ptr) + : [val] "r" (val) ); +} + +#endif /* XEN_ASM_SHSTK_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:41 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294917.501805 (Exim 4.92) (envelope-from ) id 1nXnlp-0000Mn-GN; Fri, 25 Mar 2022 17:30:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294917.501805; Fri, 25 Mar 2022 17:30:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlp-0000Mf-DE; Fri, 25 Mar 2022 17:30:41 +0000 Received: by outflank-mailman (input) for mailman id 294917; Fri, 25 Mar 2022 17:30:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlo-0000Li-1a for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlo-0008D7-0k for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnln-00075u-WD for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kyj8uFOclhGc43Oy8+6UUaa4ZEaE75/YVlzsd7y/7Cs=; b=k+ew/jks7sizxcEe6quMNygRVP xneEvOIsgmUqtqv+o3OAuxECUKqqLGP5+udJw/ttnqy4RqmWK9D7tdqNhV5KzCrKnCN13HU+JUjVA 6EJ9hhpmP77QxsjV/+cu3I8dE8d4HfZUHltz8M7yoejD6qTrm9KeLsRSXY6M+/Sb/HBw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cet: Remove writeable mapping of the BSPs shadow stack Message-Id: Date: Fri, 25 Mar 2022 17:30:39 +0000 commit 6db64187700d6d1ce23f49e667c24f1c7ebe11f8 Author: Andrew Cooper AuthorDate: Tue Mar 15 12:07:18 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Remove writeable mapping of the BSPs shadow stack An unintended consequence of the BSP using cpu0_stack[] is that writeable mappings to the BSPs shadow stacks are retained in the bss. This renders CET-SS almost useless, as an attacker can update both return addresses and the ret will not fault. We specifically don't want to shatter the superpage mapping .data and .bss, so the only way to fix this is to not have the BSP stack in the main Xen image. Break cpu_alloc_stack() out of cpu_smpboot_alloc(), and dynamically allocate the BSP stack as early as reasonable in __start_xen(). As a consequence, there is no need to delay the BSP's memguard_guard_stack() call. Copy the top of cpu info block just before switching to use the new stack. Fix a latent bug by setting %rsp to info->guest_cpu_user_regs rather than ->es; this would be buggy if reinit_bsp_stack() called schedule() (which rewrites the GPR block) directly, but luckily it doesn't. Finally, move cpu0_stack[] into .init, so it can be reclaimed after boot. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 37786b23b027ab83051175cb8ce9ac86cacfc58e) --- xen/arch/x86/setup.c | 20 +++++++++++++------- xen/arch/x86/smpboot.c | 26 +++++++++++++++++++------- xen/arch/x86/xen.lds.S | 2 +- xen/include/asm-x86/smp.h | 2 ++ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 992d24ec7e..29d71087a7 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -149,7 +149,7 @@ unsigned long __read_mostly xen_phys_start; unsigned long __read_mostly xen_virt_end; -char __section(".bss.stack_aligned") __aligned(STACK_SIZE) +char __section(".init.bss.stack_aligned") __aligned(STACK_SIZE) cpu0_stack[STACK_SIZE]; struct cpuinfo_x86 __read_mostly boot_cpu_data = { 0, 0, 0, 0, -1 }; @@ -696,7 +696,6 @@ static void __init noreturn reinit_bsp_stack(void) percpu_traps_init(); stack_base[0] = stack; - memguard_guard_stack(stack); rc = setup_cpu_root_pgt(0); if ( rc ) @@ -850,6 +849,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) { char *memmap_type = NULL; char *cmdline, *kextra, *loader; + void *bsp_stack; + struct cpu_info *info = get_cpu_info(), *bsp_info; unsigned int initrdidx, num_parked = 0; multiboot_info_t *mbi; module_t *mod; @@ -881,7 +882,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); - asm volatile ( "mov %%cr4,%0" : "=r" (get_cpu_info()->cr4) ); + asm volatile ( "mov %%cr4,%0" : "=r" (info->cr4) ); /* Enable NMIs. Our loader (e.g. Tboot) may have left them disabled. */ enable_nmis(); @@ -1720,6 +1721,10 @@ void __init noreturn __start_xen(unsigned long mbi_p) */ vm_init(); + bsp_stack = cpu_alloc_stack(0); + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + console_init_ring(); vesa_init(); @@ -1975,17 +1980,18 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - struct cpu_info *info = get_cpu_info(); - info->spec_ctrl_flags &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; } - /* Jump to the 1:1 virtual mappings of cpu0_stack. */ + /* Copy the cpu info block, and move onto the BSP stack. */ + bsp_info = get_cpu_info_from_stack((unsigned long)bsp_stack); + *bsp_info = *info; + asm volatile ("mov %[stk], %%rsp; jmp %c[fn]" :: - [stk] "g" (__va(__pa(get_stack_bottom()))), + [stk] "g" (&bsp_info->guest_cpu_user_regs), [fn] "i" (reinit_bsp_stack) : "memory"); unreachable(); } diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 5abfae4c72..d968504539 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -988,6 +988,23 @@ static void cpu_smpboot_free(unsigned int cpu, bool remove) } } +void *cpu_alloc_stack(unsigned int cpu) +{ + nodeid_t node = cpu_to_node(cpu); + unsigned int memflags = 0; + void *stack; + + if ( node != NUMA_NO_NODE ) + memflags = MEMF_node(node); + + stack = alloc_xenheap_pages(STACK_ORDER, memflags); + + if ( stack ) + memguard_guard_stack(stack); + + return stack; +} + static int cpu_smpboot_alloc(unsigned int cpu) { struct cpu_info *info; @@ -1000,15 +1017,10 @@ static int cpu_smpboot_alloc(unsigned int cpu) if ( node != NUMA_NO_NODE ) memflags = MEMF_node(node); - if ( stack_base[cpu] == NULL ) - { - stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER, memflags); - if ( !stack_base[cpu] ) + if ( stack_base[cpu] == NULL && + (stack_base[cpu] = cpu_alloc_stack(cpu)) == NULL ) goto out; - memguard_guard_stack(stack_base[cpu]); - } - info = get_cpu_info_from_stack((unsigned long)stack_base[cpu]); info->processor_id = cpu; info->per_cpu_offset = __per_cpu_offset[cpu]; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index fcc6646487..7c9758c8cc 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -205,6 +205,7 @@ SECTIONS } :text DECL_SECTION(.init.data) { #endif + *(.init.bss.stack_aligned) *(.init.rodata) *(.init.rodata.*) @@ -293,7 +294,6 @@ SECTIONS DECL_SECTION(.bss) { __bss_start = .; - *(.bss.stack_aligned) *(.bss.page_aligned*) . = ALIGN(PAGE_SIZE); __per_cpu_start = .; diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index f7485f602e..9628d7842d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -85,6 +85,8 @@ extern cpumask_t **socket_cpumask; extern unsigned int disabled_cpus; extern bool unaccounted_cpus; +void *cpu_alloc_stack(unsigned int cpu); + #endif /* !__ASSEMBLY__ */ #endif -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:30:51 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:30:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294918.501809 (Exim 4.92) (envelope-from ) id 1nXnlz-0000Px-Hv; Fri, 25 Mar 2022 17:30:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294918.501809; Fri, 25 Mar 2022 17:30:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnlz-0000Pp-Ek; Fri, 25 Mar 2022 17:30:51 +0000 Received: by outflank-mailman (input) for mailman id 294918; Fri, 25 Mar 2022 17:30:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnly-0000Pf-4G for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnly-0008DQ-3X for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnly-00076T-2v for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:30:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WMWWLsv9kYQdYk0XTcKy9UdxaHLeOdXwRvVd8EB8lD4=; b=4GeQTszfuLcJ7jF+otN+PWuZd7 iNPRUfn62qbd/HTsP+x3AY4fW4hHSBeOXhV8kDpR9R4XKAvmMgiYN9QIKNJk5yJ+ySREM7muvyQSI yyVpcDYZr9iNORxs9bh4n13dvr9AW5fSZq0oqbNNbXq6+M8Tp0J4KuN/SwKxfYjAiq+k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] xen/x86: Livepatch: support patching CET-enhanced functions Message-Id: Date: Fri, 25 Mar 2022 17:30:50 +0000 commit 72a75b9c2ce36ed573a2eb201ac63ca22bedb889 Author: Bjoern Doebel AuthorDate: Thu Mar 10 07:35:36 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 xen/x86: Livepatch: support patching CET-enhanced functions Xen enabled CET for supporting architectures. The control flow aspect of CET require functions that can be called indirectly (i.e., via function pointers) to start with an ENDBR64 instruction. Otherwise a control flow exception is raised. This expectation breaks livepatching flows because we patch functions by overwriting their first 5 bytes with a JMP + , thus breaking the ENDBR64. We fix this by checking the start of a patched function for being ENDBR64. In the positive case we move the livepatch JMP to start behind the ENDBR64 instruction. To avoid having to guess the ENDBR64 offset again on patch reversal (which might race with other mechanisms adding/removing ENDBR dynamically), use the livepatch metadata to store the computed offset along with the saved bytes of the overwritten function. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall Tested-by: Jiamei Xie (cherry picked from commit 6974c75180f1aad44e5428eabf2396b2b50fb0e4) Note: For backports to 4.14 thru 4.16, there is no endbr-clobbering, hence no is_endbr64_poison() logic. --- xen/arch/x86/livepatch.c | 39 +++++++++++++++++++++++++++++++++------ xen/include/public/sysctl.h | 3 ++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 49f0d902e5..e94ac9b228 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,6 +14,7 @@ #include #include +#include #include #include #include @@ -113,8 +114,20 @@ int arch_livepatch_verify_func(const struct livepatch_func *func) if ( func->old_size < func->new_size ) return -EINVAL; } - else if ( func->old_size < ARCH_PATCH_INSN_SIZE ) - return -EINVAL; + else + { + /* + * Space needed now depends on whether the target function + * starts with an ENDBR64 instruction. + */ + uint8_t needed = ARCH_PATCH_INSN_SIZE; + + if ( is_endbr64(func->old_addr) ) + needed += ENDBR64_LEN; + + if ( func->old_size < needed ) + return -EINVAL; + } return 0; } @@ -129,12 +142,24 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) uint8_t insn[sizeof(func->opaque)]; unsigned int len; + func->patch_offset = 0; old_ptr = func->old_addr; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* + * CET hotpatching support: We may have functions starting with an ENDBR64 + * instruction that MUST remain the first instruction of the function, + * hence we need to move any hotpatch trampoline further into the function. + * For that we need to keep track of the patching offset used for any + * loaded hotpatch (to avoid racing against other fixups adding/removing + * ENDBR64 or similar instructions). + */ + if ( is_endbr64(old_ptr) ) + func->patch_offset += ENDBR64_LEN; + + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { int32_t val; @@ -142,14 +167,15 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) BUILD_BUG_ON(ARCH_PATCH_INSN_SIZE != (1 + sizeof(val))); insn[0] = 0xe9; /* Relative jump. */ - val = func->new_addr - func->old_addr - ARCH_PATCH_INSN_SIZE; + val = func->new_addr - (func->old_addr + func->patch_offset + + ARCH_PATCH_INSN_SIZE); memcpy(&insn[1], &val, sizeof(val)); } else add_nops(insn, len); - memcpy(old_ptr, insn, len); + memcpy(old_ptr + func->patch_offset, insn, len); } /* @@ -158,7 +184,8 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + memcpy(func->old_addr + func->patch_offset, func->opaque, + livepatch_insn_len(func)); } /* diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index a073647117..7439cc154f 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -869,7 +869,8 @@ struct livepatch_func { uint8_t version; /* MUST be LIVEPATCH_PAYLOAD_VERSION. */ uint8_t opaque[LIVEPATCH_OPAQUE_SIZE]; uint8_t applied; - uint8_t _pad[7]; + uint8_t patch_offset; + uint8_t _pad[6]; livepatch_expectation_t expect; }; typedef struct livepatch_func livepatch_func_t; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 17:31:01 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 17:31:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294919.501813 (Exim 4.92) (envelope-from ) id 1nXnm9-0000Sp-Jk; Fri, 25 Mar 2022 17:31:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294919.501813; Fri, 25 Mar 2022 17:31:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnm9-0000Sh-GD; Fri, 25 Mar 2022 17:31:01 +0000 Received: by outflank-mailman (input) for mailman id 294919; Fri, 25 Mar 2022 17:31:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnm8-0000SX-7W for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:31:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXnm8-0008Dc-6f for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:31:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXnm8-00077e-5g for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 17:31:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=45eFbArk1zNjyjnsFCCEKG6/qzuYgqiENlJkqEjrxu4=; b=XK27jVmZ3oBO73mHlsqUnSBF33 OPXU+VOhJjkpYTIHH0zbfQLBBpe7SAKYpfKV6pHpohU1bliVbAnqHQkQ5oQjlOF4z7l1S4yOQ79rm Xh5koIt5lFnJ8TqVBXjKz+3LflWBYg0mtHu+ClmFIkesqMmHQynSt0C7l8uvrJ1nH0Dw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Fri, 25 Mar 2022 17:31:00 +0000 commit 10b09aa2541de4c3c49b9343e9bc04e19f0ae4f8 Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 17:11:55 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross (cherry picked from commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb) --- xen/arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 950deaa032..9fe6226a1e 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -111,7 +111,7 @@ config HVM config XEN_SHSTK bool "Supervisor Shadow Stacks" - depends on HAS_AS_CET_SS && EXPERT + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Fri Mar 25 23:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 25 Mar 2022 23:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.294971.501916 (Exim 4.92) (envelope-from ) id 1nXtQV-00051t-G6; Fri, 25 Mar 2022 23:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 294971.501916; Fri, 25 Mar 2022 23:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXtQV-00051l-DC; Fri, 25 Mar 2022 23:33:03 +0000 Received: by outflank-mailman (input) for mailman id 294971; Fri, 25 Mar 2022 23:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXtQT-00051f-No for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 23:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nXtQT-0006H1-Mn for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 23:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nXtQT-0005OS-Lh for xen-changelog@lists.xenproject.org; Fri, 25 Mar 2022 23:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SvH2CklIroBwsS6302DEP3stvYYrJzeqYOmXUqp804A=; b=S2Z/qYF96fN3hSJowr4ZTeUA91 /e1GjaxLymVfBw2vYlkvxpGlmlwr2bRrBDWjfZ1E9xINmN9wkXecOgD095xEqKfOrBid1xbd7gpo4 atgQIvPEOy55womooA1+ORvMAu8zotOIYqSqR2V2Yy63bfIFETzl/aq5nvRBQC85DmN8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: set CPSR Z bit when creating aarch32 guests Message-Id: Date: Fri, 25 Mar 2022 23:33:01 +0000 commit 0e03ff97def12b121b5313094a76e5db7bb5c93c Author: Stefano Stabellini AuthorDate: Thu Mar 24 18:00:52 2022 -0700 Commit: Julien Grall CommitDate: Fri Mar 25 09:50:02 2022 +0000 xen/arm: set CPSR Z bit when creating aarch32 guests The first 32 bytes of zImage are NOPs. When CONFIG_EFI is enabled in the kernel, certain versions of Linux will use an UNPREDICTABLE NOP encoding, sometimes resulting in an unbootable kernel. Whether the resulting kernel is bootable or not depends on the processor. See commit a92882a4d270 in the Linux kernel for all the details. All kernel releases starting from Linux 4.9 without commit a92882a4d270 are affected. Fortunately there is a simple workaround: setting the "Z" bit in CPSR make it so those invalid NOP instructions are never executed. That is because the instruction is conditional (not equal). So, on QEMU at least, the instruction will end up to be ignored and not generate an exception. Setting the "Z" bit makes those kernel versions bootable again and it is harmless in the other cases. Note that both U-Boot and QEMU -kernel set the "Z" bit in CPSR when booting a zImage kernel on aarch32. Signed-off-by: Stefano Stabellini Reviewed-by: Wei Chen Reviewed-by: Bertrand Marquis Acked-by: Julien Grall --- xen/include/public/arch-arm.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index 94b31511dd..ab05fe12b0 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -361,6 +361,7 @@ typedef uint64_t xen_callback_t; #define PSR_DBG_MASK (1<<9) /* arm64: Debug Exception mask */ #define PSR_IT_MASK (0x0600fc00) /* Thumb If-Then Mask */ #define PSR_JAZELLE (1<<24) /* Jazelle Mode */ +#define PSR_Z (1<<30) /* Zero condition flag */ /* 32 bit modes */ #define PSR_MODE_USR 0x10 @@ -383,7 +384,15 @@ typedef uint64_t xen_callback_t; #define PSR_MODE_EL1t 0x04 #define PSR_MODE_EL0t 0x00 -#define PSR_GUEST32_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_SVC) +/* + * We set PSR_Z to be able to boot Linux kernel versions with an invalid + * encoding of the first 8 NOP instructions. See commit a92882a4d270 in + * Linux. + * + * Note that PSR_Z is also set by U-Boot and QEMU -kernel when loading + * zImage kernels on aarch32. + */ +#define PSR_GUEST32_INIT (PSR_Z|PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_SVC) #define PSR_GUEST64_INIT (PSR_ABT_MASK|PSR_FIQ_MASK|PSR_IRQ_MASK|PSR_MODE_EL1h) #define SCTLR_GUEST_INIT xen_mk_ullong(0x00c50078) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Mar 28 12:00:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Mar 2022 12:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.295413.502683 (Exim 4.92) (envelope-from ) id 1nYo2X-0004F3-Pb; Mon, 28 Mar 2022 12:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 295413.502683; Mon, 28 Mar 2022 12:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2X-0004EV-Lr; Mon, 28 Mar 2022 12:00:05 +0000 Received: by outflank-mailman (input) for mailman id 295413; Mon, 28 Mar 2022 12:00:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2W-00047g-UV for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2W-000436-S2 for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nYo2W-0007BP-R2 for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VZ+YL3ihhhQZtpCeaEIAaYX7oDxhAQp1t6MEFN+VotQ=; b=hRUDGXASd4+PVxBHc0NwXBkqh6 girC/k9b8TA9Q+7DTqCuR3HjOy2NZ7UnzmJTPhqCP6ihiGPCNomUqHikujnFh3oBQ9kPRRjM22P9B swpo1xaHCGAFcUa3wge7IS9BxzQTWEMz6VJyaM0n8auXcBOSo+jiSMUDVBH+ILC4Jmiw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] livepatch: resolve old address before function verification Message-Id: Date: Mon, 28 Mar 2022 12:00:04 +0000 commit 4dcddbba664cc91e2c1952498e80d8025891b9ad Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:49:34 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..329b01c1e8 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Mon Mar 28 12:00:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Mar 2022 12:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.295414.502685 (Exim 4.92) (envelope-from ) id 1nYo2h-0004PT-QR; Mon, 28 Mar 2022 12:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 295414.502685; Mon, 28 Mar 2022 12:00:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2h-0004PL-NM; Mon, 28 Mar 2022 12:00:15 +0000 Received: by outflank-mailman (input) for mailman id 295414; Mon, 28 Mar 2022 12:00:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2h-0004P9-4s for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2h-00043K-40 for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nYo2h-0007D0-3A for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KItUUMLRMeIBRIohX5GBUI2yUpgfyyNPTXK7oKkb0N4=; b=XOuZqDi68e1XD24nbowR+GRFRG pYROhbjHDLGNSb7s+JVXnQRwbcCrBnFCgPugjkMRa7UPbdkn/yRuQmcAnCHUcRjFpTHMRe267ls7W vB7O64Wmt/ZqyjaBddxyFq9BovFQ93gTY6DF1/Mx1OxSfZC9yyVk8TPII1r48MUPDWBI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] livepatch: resolve old address before function verification Message-Id: Date: Mon, 28 Mar 2022 12:00:15 +0000 commit bb43e0e1ca20dff14536b7c90ff870f3f50bff8f Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:50:13 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 7118551b27..329b01c1e8 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Mon Mar 28 12:00:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 28 Mar 2022 12:00:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.295415.502689 (Exim 4.92) (envelope-from ) id 1nYo2s-0004TH-Ry; Mon, 28 Mar 2022 12:00:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 295415.502689; Mon, 28 Mar 2022 12:00:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2s-0004T9-Os; Mon, 28 Mar 2022 12:00:26 +0000 Received: by outflank-mailman (input) for mailman id 295415; Mon, 28 Mar 2022 12:00:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2r-0004Sk-DF for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nYo2r-00043a-CM for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nYo2r-0007Dt-BU for xen-changelog@lists.xenproject.org; Mon, 28 Mar 2022 12:00:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g1iOT2GBUu0nSq2DnF9UkA1drRcMGpmnsVWllP+YmcU=; b=m536yC2wYQt/hwMbZuNrjK/nab oyTS+HXkrJ8LDLzzBcF65EdchFlG2iJtm2p/hlvK33xfGDGYYXcwRzqkVBMKArXQmgpggJQ3ChiHM CVkEd6GR831a0ts3pNlouLAAHAbBBrPBV7WCu8NyAB6damxtE/2R8nELFwKy17pmhx+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.14] livepatch: resolve old address before function verification Message-Id: Date: Mon, 28 Mar 2022 12:00:25 +0000 commit 1e595d9c2b8608bcef48d6a69cc2f6135780bcc0 Author: Bjoern Doebel AuthorDate: Wed Mar 9 16:22:03 2022 +0100 Commit: Andrew Cooper CommitDate: Mon Mar 28 12:50:23 2022 +0100 livepatch: resolve old address before function verification When verifying that a livepatch can be applied, we may as well want to inspect the target function to be patched. To do so, we need to resolve this function's address before running the arch-specific livepatch_verify hook. Signed-off-by: Bjoern Doebel Acked-by: Konrad Rzeszutek Wilk Reviewed-by: Ross Lagerwall (cherry picked from commit 5142dc5c25e317c208e3dc16d16b664b9f05dab5) --- xen/common/livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 81ceafce98..cc2ee9a94a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -685,11 +685,11 @@ static int prepare_payload(struct payload *payload, return -EINVAL; } - rc = arch_livepatch_verify_func(f); + rc = resolve_old_address(f, elf); if ( rc ) return rc; - rc = resolve_old_address(f, elf); + rc = arch_livepatch_verify_func(f); if ( rc ) return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.14 From xen-changelog-bounces@lists.xenproject.org Tue Mar 29 13:55:12 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 29 Mar 2022 13:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.295836.503578 (Exim 4.92) (envelope-from ) id 1nZCJN-0007Mr-OZ; Tue, 29 Mar 2022 13:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 295836.503578; Tue, 29 Mar 2022 13:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJN-0007Mj-Lb; Tue, 29 Mar 2022 13:55:05 +0000 Received: by outflank-mailman (input) for mailman id 295836; Tue, 29 Mar 2022 13:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJM-0007Md-CU for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJM-0000HX-BW for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZCJM-0006gz-AW for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XI4JCFyqOtTRBmQbGUwxS5jSQ+XbPLF1G8NsgxsKgME=; b=4PxdW7WNeRDCAphQdvX6CzzzcY JeWcVPN0S2SI3tTNX1kjKPyaDXKhXgOBjUYMZPwQR8ak8y4qZ7fPPG5EmY8QAF+F08RKfMy6eK6f+ bSTcRxpVBcqd1RCs9d3OLtlxnJ8YRZQBPKB0QGt2mcztBcadFjB7J02sdmHY88SJ3F+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: don't include asm/hypercall.h from C sources Message-Id: Date: Tue, 29 Mar 2022 13:55:04 +0000 commit 8ebee382b99e451ba1aad025f77a82bd5427efdf Author: Juergen Gross AuthorDate: Tue Mar 29 15:43:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Mar 29 15:43:31 2022 +0200 xen: don't include asm/hypercall.h from C sources Instead of including asm/hypercall.h always use xen/hypercall.h. Additionally include xen/hypercall.h from all sources containing a hypercall handler. This prepares for generating the handlers' prototypes at build time. Add a guard in asm/hypercall.h to catch direct inclusion. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Acked-by: Julien Grall # arm --- xen/arch/arm/hvm.c | 3 +-- xen/arch/arm/include/asm/hypercall.h | 4 ++++ xen/arch/arm/platform_hypercall.c | 1 + xen/arch/x86/cpu/vpmu.c | 1 + xen/arch/x86/include/asm/hypercall.h | 4 ++++ xen/arch/x86/mm.c | 1 - xen/arch/x86/platform_hypercall.c | 1 + xen/arch/x86/pv/emul-priv-op.c | 2 +- xen/arch/x86/pv/iret.c | 1 + xen/arch/x86/traps.c | 2 +- xen/arch/x86/x86_64/compat/mm.c | 1 + xen/arch/x86/x86_64/mm.c | 2 -- xen/common/compat/grant_table.c | 1 + xen/common/event_channel.c | 1 + xen/common/grant_table.c | 1 + xen/common/multicall.c | 1 + 16 files changed, 20 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c index 8951b34086..fc1a52767d 100644 --- a/xen/arch/arm/hvm.c +++ b/xen/arch/arm/hvm.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -29,8 +30,6 @@ #include #include -#include - static int hvm_allow_set_param(const struct domain *d, unsigned int param) { switch ( param ) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index 39d2e7889d..a6fdfed8de 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -1,3 +1,7 @@ +#ifndef __XEN_HYPERCALL_H__ +#error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead" +#endif + #ifndef __ASM_ARM_HYPERCALL_H__ #define __ASM_ARM_HYPERCALL_H__ diff --git a/xen/arch/arm/platform_hypercall.c b/xen/arch/arm/platform_hypercall.c index 8efac7ee60..403cc84324 100644 --- a/xen/arch/arm/platform_hypercall.c +++ b/xen/arch/arm/platform_hypercall.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 4fedc7c570..51d171615f 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 61bf897147..401e77d1e9 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -2,6 +2,10 @@ * asm-x86/hypercall.h */ +#ifndef __XEN_HYPERCALL_H__ +#error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead" +#endif + #ifndef __ASM_X86_HYPERCALL_H__ #define __ASM_X86_HYPERCALL_H__ diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 2befd0c191..6cc73187ac 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -129,7 +129,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index b91ccff589..eeb4f7a20e 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 22b10dec2a..5da00e24e4 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -22,13 +22,13 @@ #include #include #include +#include #include #include #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index dd2965d8f0..797a427ffa 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -18,6 +18,7 @@ */ #include +#include #include #include diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 8659547970..4c38f6c015 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -70,7 +71,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index b3da8fafbb..70b08a832a 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -1,4 +1,5 @@ #include +#include #include #include #include diff --git a/xen/arch/x86/x86_64/mm.c b/xen/arch/x86/x86_64/mm.c index 4f225da81e..3510a5affe 100644 --- a/xen/arch/x86/x86_64/mm.c +++ b/xen/arch/x86/x86_64/mm.c @@ -25,14 +25,12 @@ EMIT_FILE; #include #include #include -#include #include #include #include #include #include #include -#include #include #include #include diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index c6199e8918..d5787e3719 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -3,6 +3,7 @@ * */ +#include #include #define xen_grant_entry_v1 grant_entry_v1 diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index ffb042a241..0a82eb3ac2 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1e0762b064..febbe12eab 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/common/multicall.c b/xen/common/multicall.c index e48f46dbe0..9db49092b4 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Mar 29 13:55:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 29 Mar 2022 13:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.295837.503583 (Exim 4.92) (envelope-from ) id 1nZCJX-0007OY-Q9; Tue, 29 Mar 2022 13:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 295837.503583; Tue, 29 Mar 2022 13:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJX-0007OQ-N8; Tue, 29 Mar 2022 13:55:15 +0000 Received: by outflank-mailman (input) for mailman id 295837; Tue, 29 Mar 2022 13:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJW-0007OI-Fj for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZCJW-0000Hr-Eq for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZCJW-0006he-Dt for xen-changelog@lists.xenproject.org; Tue, 29 Mar 2022 13:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Itl4RmJPhmcScNhJqEfgf8hUCofs+yGeSca3wmi5RvM=; b=lZ7Qu9wYlyrOLGRe/tZfyPJWvO 3wmgh0zp8uGWhfgx2uATazdBXSSJQuDc493Ccg7Y+sc+xBsMVJ8/iS1bcI/H+Yy18h1o6X3JYZv1V hFeQmvRywmqAU6HKw6ZhA9uteKLatwsqP5vpkjTzJdScfStyrw7HBpX7czmWu/LVpMjc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] build: generic top-level rule to build individual files Message-Id: Date: Tue, 29 Mar 2022 13:55:14 +0000 commit 8eec96b7b8d937d40e2e7988edb8bbd08598c715 Author: Jan Beulich AuthorDate: Tue Mar 29 15:48:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Mar 29 15:48:15 2022 +0200 build: generic top-level rule to build individual files In particular when cross-compiling or having in place other tool chain overrides, invoking make to build individual files (e.g. object, preprocessed, or assembly ones) so far involves putting the various overrides on the command line instead of simply getting them from ./.config. Furthermore this helps working around a yet unaddressed make quirk [1]: Variables put on the command line are invisible to $(shell ...), unless invoked from a recursive make: During the recursive invocation such variables are put in the recursive make's environment and hence become "visible". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD [1] https://savannah.gnu.org/bugs/?10593 --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Makefile b/Makefile index 346d73a0dc..b93b22c752 100644 --- a/Makefile +++ b/Makefile @@ -75,6 +75,13 @@ ifeq (x86_64,$(XEN_TARGET_ARCH)) XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom pv-grub-if-enabled endif +define do-subtree +$(1)/%: FORCE + $$(MAKE) -C $(1) $$* +endef + +$(foreach m,$(wildcard */Makefile),$(eval $(call do-subtree,$(patsubst %/Makefile,%,$(m))))) + .PHONY: build-docs build-docs: $(MAKE) -C docs build @@ -334,3 +341,6 @@ uninstall: uninstall-tools-public-headers $(TARGS_UNINSTALL) .PHONY: xenversion xenversion: @$(MAKE) --no-print-directory -C xen xenversion + +.PHONY: FORCE +FORCE: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Mar 30 01:44:14 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 30 Mar 2022 01:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296002.503847 (Exim 4.92) (envelope-from ) id 1nZNNS-00005R-VE; Wed, 30 Mar 2022 01:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296002.503847; Wed, 30 Mar 2022 01:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZNNS-00005I-Rc; Wed, 30 Mar 2022 01:44:02 +0000 Received: by outflank-mailman (input) for mailman id 296002; Wed, 30 Mar 2022 01:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZNNR-00005B-RY for xen-changelog@lists.xenproject.org; Wed, 30 Mar 2022 01:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZNNR-0005u1-QZ for xen-changelog@lists.xenproject.org; Wed, 30 Mar 2022 01:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZNNR-0001Cs-PN for xen-changelog@lists.xenproject.org; Wed, 30 Mar 2022 01:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PqUieCaHoiK4N4a2wlAovY6ZGoA2vHVhbbTjnhzNaug=; b=MfER2WqmDEvxUInXtaidEFE02g 2Ay9HcMUL/YcslDCMT+pi7DwKtxlZNQ/KxtgYMP4B+H/R3XAVu5rne/qBps09kIq47OzcoQrsClcd o6cnR3L1dC4vwigc4RAizl0OteLTHNXm14mLdVvDrspm95FfqhRBFs2XWX6Nrs9w20sU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cet: Remove XEN_SHSTK's dependency on EXPERT Message-Id: Date: Wed, 30 Mar 2022 01:44:01 +0000 commit fc90d75c2b71ae15b75128e7d0d4dbe718164ecb Author: Andrew Cooper AuthorDate: Mon Feb 28 19:31:00 2022 +0000 Commit: Andrew Cooper CommitDate: Fri Mar 25 16:35:56 2022 +0000 x86/cet: Remove XEN_SHSTK's dependency on EXPERT CET-SS hardware is now available from multiple vendors, the feature has downstream users, and was declared security supported in XSA-398. Enable it by default. Signed-off-by: Andrew Cooper Reviewed-by: Juergen Gross --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 83d0f317ec..06d6fbc864 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -117,8 +117,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 08:33:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 08:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296758.505210 (Exim 4.92) (envelope-from ) id 1nZqEp-0005iX-PG; Thu, 31 Mar 2022 08:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296758.505210; Thu, 31 Mar 2022 08:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEp-0005iP-MG; Thu, 31 Mar 2022 08:33:03 +0000 Received: by outflank-mailman (input) for mailman id 296758; Thu, 31 Mar 2022 08:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEn-0005hx-Up for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEn-00011c-Tu for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqEn-0004l2-St for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zcnEkkUCA48S3CdzisQHFwMr9pxvwVHou1sRG52gm64=; b=dwNFPrzM4a1ZM9VSYzPqG3+JbP 4xKLKHt88MuSmWy1qNan17T2uGbgN9zVYqQ5gI7scYCixHB8sZrZJVkVUOj7TONunuUZ/CqLtMeqn e0zqroMvWFF/gX+Ly2BYsKQl+5pXdpkBYgn3JwlF+u+2rtmRENIRQ7kbffPTDDe390l8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: don't include asm/hypercall.h from C sources Message-Id: Date: Thu, 31 Mar 2022 08:33:01 +0000 commit 8ebee382b99e451ba1aad025f77a82bd5427efdf Author: Juergen Gross AuthorDate: Tue Mar 29 15:43:31 2022 +0200 Commit: Jan Beulich CommitDate: Tue Mar 29 15:43:31 2022 +0200 xen: don't include asm/hypercall.h from C sources Instead of including asm/hypercall.h always use xen/hypercall.h. Additionally include xen/hypercall.h from all sources containing a hypercall handler. This prepares for generating the handlers' prototypes at build time. Add a guard in asm/hypercall.h to catch direct inclusion. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Acked-by: Julien Grall # arm --- xen/arch/arm/hvm.c | 3 +-- xen/arch/arm/include/asm/hypercall.h | 4 ++++ xen/arch/arm/platform_hypercall.c | 1 + xen/arch/x86/cpu/vpmu.c | 1 + xen/arch/x86/include/asm/hypercall.h | 4 ++++ xen/arch/x86/mm.c | 1 - xen/arch/x86/platform_hypercall.c | 1 + xen/arch/x86/pv/emul-priv-op.c | 2 +- xen/arch/x86/pv/iret.c | 1 + xen/arch/x86/traps.c | 2 +- xen/arch/x86/x86_64/compat/mm.c | 1 + xen/arch/x86/x86_64/mm.c | 2 -- xen/common/compat/grant_table.c | 1 + xen/common/event_channel.c | 1 + xen/common/grant_table.c | 1 + xen/common/multicall.c | 1 + 16 files changed, 20 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/hvm.c b/xen/arch/arm/hvm.c index 8951b34086..fc1a52767d 100644 --- a/xen/arch/arm/hvm.c +++ b/xen/arch/arm/hvm.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -29,8 +30,6 @@ #include #include -#include - static int hvm_allow_set_param(const struct domain *d, unsigned int param) { switch ( param ) diff --git a/xen/arch/arm/include/asm/hypercall.h b/xen/arch/arm/include/asm/hypercall.h index 39d2e7889d..a6fdfed8de 100644 --- a/xen/arch/arm/include/asm/hypercall.h +++ b/xen/arch/arm/include/asm/hypercall.h @@ -1,3 +1,7 @@ +#ifndef __XEN_HYPERCALL_H__ +#error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead" +#endif + #ifndef __ASM_ARM_HYPERCALL_H__ #define __ASM_ARM_HYPERCALL_H__ diff --git a/xen/arch/arm/platform_hypercall.c b/xen/arch/arm/platform_hypercall.c index 8efac7ee60..403cc84324 100644 --- a/xen/arch/arm/platform_hypercall.c +++ b/xen/arch/arm/platform_hypercall.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c index 4fedc7c570..51d171615f 100644 --- a/xen/arch/x86/cpu/vpmu.c +++ b/xen/arch/x86/cpu/vpmu.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/asm/hypercall.h index 61bf897147..401e77d1e9 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -2,6 +2,10 @@ * asm-x86/hypercall.h */ +#ifndef __XEN_HYPERCALL_H__ +#error "asm/hypercall.h should not be included directly - include xen/hypercall.h instead" +#endif + #ifndef __ASM_X86_HYPERCALL_H__ #define __ASM_X86_HYPERCALL_H__ diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 2befd0c191..6cc73187ac 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -129,7 +129,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index b91ccff589..eeb4f7a20e 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 22b10dec2a..5da00e24e4 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -22,13 +22,13 @@ #include #include #include +#include #include #include #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index dd2965d8f0..797a427ffa 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -18,6 +18,7 @@ */ #include +#include #include #include diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 8659547970..4c38f6c015 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -70,7 +71,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/x86/x86_64/compat/mm.c b/xen/arch/x86/x86_64/compat/mm.c index b3da8fafbb..70b08a832a 100644 --- a/xen/arch/x86/x86_64/compat/mm.c +++ b/xen/arch/x86/x86_64/compat/mm.c @@ -1,4 +1,5 @@ #include +#include #include #include #include diff --git a/xen/arch/x86/x86_64/mm.c b/xen/arch/x86/x86_64/mm.c index 4f225da81e..3510a5affe 100644 --- a/xen/arch/x86/x86_64/mm.c +++ b/xen/arch/x86/x86_64/mm.c @@ -25,14 +25,12 @@ EMIT_FILE; #include #include #include -#include #include #include #include #include #include #include -#include #include #include #include diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c index c6199e8918..d5787e3719 100644 --- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -3,6 +3,7 @@ * */ +#include #include #define xen_grant_entry_v1 grant_entry_v1 diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index ffb042a241..0a82eb3ac2 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 1e0762b064..febbe12eab 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/common/multicall.c b/xen/common/multicall.c index e48f46dbe0..9db49092b4 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 08:33:13 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 08:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296761.505215 (Exim 4.92) (envelope-from ) id 1nZqEz-0005ov-RH; Thu, 31 Mar 2022 08:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296761.505215; Thu, 31 Mar 2022 08:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEz-0005om-Nt; Thu, 31 Mar 2022 08:33:13 +0000 Received: by outflank-mailman (input) for mailman id 296761; Thu, 31 Mar 2022 08:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEy-0005oF-1h for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqEy-00011g-0u for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqEx-0004ln-WD for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uO1Wn8JFGIyzwu0d0nUNyfNfiS0l4QwW42oWqeyiIOg=; b=IJeGgudLx+WMHcm5tZRYCQhX5K HLOOcKrHOp9Szvrj8koZZZ6apZ8JztN4vVVv+WeCfK7SLMPnva7xmQGPZ9NHrlTeudnueqDOyy5rd nWJ3xErP2qXIgVmvIa3XTZE4uAcr7rPF1Wasd+NnjB1R4ISubJKrVclborVF0kBnUXdE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] build: generic top-level rule to build individual files Message-Id: Date: Thu, 31 Mar 2022 08:33:11 +0000 commit 8eec96b7b8d937d40e2e7988edb8bbd08598c715 Author: Jan Beulich AuthorDate: Tue Mar 29 15:48:15 2022 +0200 Commit: Jan Beulich CommitDate: Tue Mar 29 15:48:15 2022 +0200 build: generic top-level rule to build individual files In particular when cross-compiling or having in place other tool chain overrides, invoking make to build individual files (e.g. object, preprocessed, or assembly ones) so far involves putting the various overrides on the command line instead of simply getting them from ./.config. Furthermore this helps working around a yet unaddressed make quirk [1]: Variables put on the command line are invisible to $(shell ...), unless invoked from a recursive make: During the recursive invocation such variables are put in the recursive make's environment and hence become "visible". Signed-off-by: Jan Beulich Reviewed-by: Anthony PERARD [1] https://savannah.gnu.org/bugs/?10593 --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Makefile b/Makefile index 346d73a0dc..b93b22c752 100644 --- a/Makefile +++ b/Makefile @@ -75,6 +75,13 @@ ifeq (x86_64,$(XEN_TARGET_ARCH)) XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom pv-grub-if-enabled endif +define do-subtree +$(1)/%: FORCE + $$(MAKE) -C $(1) $$* +endef + +$(foreach m,$(wildcard */Makefile),$(eval $(call do-subtree,$(patsubst %/Makefile,%,$(m))))) + .PHONY: build-docs build-docs: $(MAKE) -C docs build @@ -334,3 +341,6 @@ uninstall: uninstall-tools-public-headers $(TARGS_UNINSTALL) .PHONY: xenversion xenversion: @$(MAKE) --no-print-directory -C xen xenversion + +.PHONY: FORCE +FORCE: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 08:55:08 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 08:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296780.505262 (Exim 4.92) (envelope-from ) id 1nZqaA-0001he-HG; Thu, 31 Mar 2022 08:55:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296780.505262; Thu, 31 Mar 2022 08:55:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqaA-0001hW-EU; Thu, 31 Mar 2022 08:55:06 +0000 Received: by outflank-mailman (input) for mailman id 296780; Thu, 31 Mar 2022 08:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqa8-0001hQ-QZ for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqa8-0001Qz-O1 for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqa8-0006Ud-Mz for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AEIJSLvSHNaTj7hKLt+wB83i8a9gExYfMm31jFkEl3k=; b=1eyJKrpeLaOLxTgnb6Ng90DYDS IuKSK/mEBFxrSjP7SVwK6UrdZyKeTUc816GE+Apwry2GBVln8NqsE1zem709UoUbYN3Jod/j8jBAE ZyrdLQebJivmi52d+NOTVqJFsEIglR8iP8A8KhcFUQ+n5dSaiTOqWEWsXHoItgD0DAyg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: fix typos Message-Id: Date: Thu, 31 Mar 2022 08:55:04 +0000 commit 04f34f84aa8bac5893428c07421f4bddc79d2ec7 Author: Bjoern Doebel AuthorDate: Thu Mar 31 10:45:14 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:45:14 2022 +0200 livepatch: fix typos Fix a couple of typos in livepatch code. Signed-off-by: Bjoern Doebel Reviewed-by: Luca Fancellu Acked-by: Jan Beulich --- xen/arch/x86/livepatch.c | 2 +- xen/common/livepatch.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index a3553e94d0..b566ff1071 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -28,7 +28,7 @@ static bool has_active_waitqueue(const struct vm_event_domain *ved) } /* - * x86's implementation of waitqueue violates the livepatching safey principle + * x86's implementation of waitqueue violates the livepatching safety principle * of having unwound every CPUs stack before modifying live content. * * Search through every domain and check that no vCPUs have an active diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index be2cf75c2d..edf56a357f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -40,7 +40,7 @@ static LIST_HEAD(payload_list); /* * Patches which have been applied. Need RCU in case we crash (and then - * traps code would iterate via applied_list) when adding entries onthe list. + * traps code would iterate via applied_list) when adding entries on the list. */ static DEFINE_RCU_READ_LOCK(rcu_applied_lock); static LIST_HEAD(applied_list); @@ -326,8 +326,8 @@ static int move_payload(struct payload *payload, struct livepatch_elf *elf) /* * Total of all three regions - RX, RW, and RO. We have to have - * keep them in seperate pages so we PAGE_ALIGN the RX and RW to have - * them on seperate pages. The last one will by default fall on its + * keep them in separate pages so we PAGE_ALIGN the RX and RW to have + * them on separate pages. The last one will by default fall on its * own page. */ size = PAGE_ALIGN(payload->text_size) + PAGE_ALIGN(payload->rw_size) + @@ -882,7 +882,7 @@ static bool_t is_payload_symbol(const struct livepatch_elf *elf, return 0; /* - * The payload is not a final image as we dynmically link against it. + * The payload is not a final image as we dynamically link against it. * As such the linker has left symbols we don't care about and which * binutils would have removed had it be a final image. Hence we: * - For SHF_ALLOC - ignore symbols referring to sections that are not @@ -1523,7 +1523,7 @@ static bool_t is_work_scheduled(const struct payload *data) /* * Check if payload has any of the vetoing, non-atomic hooks assigned. - * A vetoing, non-atmic hook may perform an operation that changes the + * A vetoing, non-atomic hook may perform an operation that changes the * hypervisor state and may not be guaranteed to succeed. Result of * such operation may be returned and may change the livepatch workflow. * Such hooks may require additional cleanup actions performed by other -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 08:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 08:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296781.505265 (Exim 4.92) (envelope-from ) id 1nZqaK-0001jv-Im; Thu, 31 Mar 2022 08:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296781.505265; Thu, 31 Mar 2022 08:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqaK-0001jn-Fw; Thu, 31 Mar 2022 08:55:16 +0000 Received: by outflank-mailman (input) for mailman id 296781; Thu, 31 Mar 2022 08:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqaI-0001jb-S3 for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqaI-0001RA-RE for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqaI-0006VG-QL for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 08:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=72Q7fBSmXdR44KrP8YO+qFi+UREilAYjX5R1akfeKRc=; b=n2dfnE/l6uHp/tpvlShcC05vSB ht5CgwQrozBQegrvCvssfP8DjGJ+l5G/dRvyeQp5huJZwdsqLWMuSUubQjIuFzGtbsnTHTYigq96c aFbJy6c8aKY4x6NIHNz8m2Dv0LYwrXuri7sUSmTAI4CXkrZhR0E6x9jyRkaf2wmymT9E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Thu, 31 Mar 2022 08:55:14 +0000 commit 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b Author: Jan Beulich AuthorDate: Thu Mar 31 10:45:46 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:45:46 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index b566ff1071..78c35f1fef 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -145,9 +145,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -160,6 +157,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) || is_endbr64_poison(func->old_addr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 09:11:09 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 09:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296782.505269 (Exim 4.92) (envelope-from ) id 1nZqpe-0003ZD-Gt; Thu, 31 Mar 2022 09:11:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296782.505269; Thu, 31 Mar 2022 09:11:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpe-0003Z4-E5; Thu, 31 Mar 2022 09:11:06 +0000 Received: by outflank-mailman (input) for mailman id 296782; Thu, 31 Mar 2022 09:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpc-0003Yy-Tn for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpc-0001jS-HB for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqpc-0008Ce-Fx for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f913dtCzUkki8SNreDNqNgB9m+c11GJmi4UqhEZB1H4=; b=cG+3qN0h3IuFB32vNBIwgFnmOo rl2pfhI7KqSKiDAzs19BZgnorvDiSOLOtRJm/qgk3D/jtOodiOZzrBbUAjx6DE99abuL2FIlzdmo8 eBm1y8LpnC8HgBShIjnoNO4oLeZU9tKrSzApUma/P5e1pwfLEQw17jnUey/6RG+oQLMA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/retpoline: split retpoline compiler support into separate option Message-Id: Date: Thu, 31 Mar 2022 09:11:04 +0000 commit 0caab659704bb0944a62f7535f3c726f5db922c5 Author: Roger Pau Monné AuthorDate: Thu Mar 31 10:54:08 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:54:08 2022 +0200 x86/retpoline: split retpoline compiler support into separate option Keep the previous option as a way to signal generic retpoline support regardless of the underlying compiler, while introducing a new CC_HAS_INDIRECT_THUNK that signals whether the underlying compiler supports retpoline. No functional change intended. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper master commit: e245bc154300b5d0367b64e8b937c9d1da508ad3 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 6 +++++- xen/arch/x86/arch.mk | 10 ++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index ef72e7821b..e20e53edfc 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -32,9 +32,13 @@ config ARCH_DEFCONFIG string default "arch/x86/configs/x86_64_defconfig" -config INDIRECT_THUNK +config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) +config INDIRECT_THUNK + def_bool y + depends on CC_HAS_INDIRECT_THUNK + config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 456e5d5c1a..abb55b4408 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -41,10 +41,12 @@ CFLAGS += -mno-red-zone -fpic # SSE setup for variadic function calls. CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup) -# Compile with thunk-extern, indirect-branch-register if avaiable. -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register -CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +ifeq ($(CONFIG_INDIRECT_THUNK),y) +# Compile with gcc thunk-extern, indirect-branch-register if available. +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern +CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register +CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables +endif ifdef CONFIG_XEN_IBT # Force -fno-jump-tables to work around -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 09:11:15 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 09:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296783.505274 (Exim 4.92) (envelope-from ) id 1nZqpn-0003bZ-Iq; Thu, 31 Mar 2022 09:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296783.505274; Thu, 31 Mar 2022 09:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpn-0003bR-Fp; Thu, 31 Mar 2022 09:11:15 +0000 Received: by outflank-mailman (input) for mailman id 296783; Thu, 31 Mar 2022 09:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpm-0003b9-LE for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpm-0001jZ-KP for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqpm-0008DH-JW for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gK9OSw/J6CnNezMtQOM6hfwmBqbH4y3rkko68+EXTjg=; b=kd58BwCMuWanhFpPXM3wG8sXFE l0hgdtGLdeJDP6rFVOMZA5FdBenFloUZM2a8RTbx/yXmRcstZmXTz6Y9AbH8xbXYmW+Dd6qd1GXfG E+Q09WkwYl7N7aaKBTpLS7fOjO5nutX8oidnvLn6Z0xgf5bqmFg1NBEV+hKyPMstkn+M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/clang: add retpoline support Message-Id: Date: Thu, 31 Mar 2022 09:11:14 +0000 commit dc24f4342b718c570ec794a0fc953e82e894ee3c Author: Roger Pau Monné AuthorDate: Thu Mar 31 10:56:34 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:56:34 2022 +0200 x86/clang: add retpoline support Detect whether the compiler supports clang retpoline option and enable by default if available, just like it's done for gcc. Note clang already disables jump tables when retpoline is enabled, so there's no need to also pass the fno-jump-tables parameter. Also clang already passes the return address in a register always on amd64, so there's no need for any equivalent mindirect-branch-register parameter. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper master commit: 9412486707f8f1ca2eb31c2ef330c5e39c0a2f30 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 3 ++- xen/arch/x86/arch.mk | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index e20e53edfc..34dcb47ecd 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -33,7 +33,8 @@ config ARCH_DEFCONFIG default "arch/x86/configs/x86_64_defconfig" config CC_HAS_INDIRECT_THUNK - def_bool $(cc-option,-mindirect-branch-register) + def_bool $(cc-option,-mindirect-branch-register) || \ + $(cc-option,-mretpoline-external-thunk) config INDIRECT_THUNK def_bool y diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index abb55b4408..976ac5aafe 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -46,6 +46,9 @@ ifeq ($(CONFIG_INDIRECT_THUNK),y) CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_CC_IS_GCC) += -mindirect-branch-register CFLAGS-$(CONFIG_CC_IS_GCC) += -fno-jump-tables + +# Enable clang retpoline support if available. +CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif ifdef CONFIG_XEN_IBT -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 09:11:26 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 09:11:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296784.505278 (Exim 4.92) (envelope-from ) id 1nZqpy-0003eu-Ly; Thu, 31 Mar 2022 09:11:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296784.505278; Thu, 31 Mar 2022 09:11:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpy-0003em-Ij; Thu, 31 Mar 2022 09:11:26 +0000 Received: by outflank-mailman (input) for mailman id 296784; Thu, 31 Mar 2022 09:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpw-0003eW-OY for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqpw-0001jn-Nd for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqpw-0008Du-Mj for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PaRQfV9hF72t2VxptVWnuFy9rNQi2MU8+/WcJrCZsnU=; b=6wNKnOhVhk/MJtSMThdRNTUUeZ OtjacJJ96cHKBcxY2hUJpJX3rHj9RlrVO82M+A0QgO2VBqxbMwoPLL4q5CsAsXoCSdD/ZQ3gjodly rUCQQNBPPnD+ZntavwkBqMb1D/Y8im48WQdJrfsdhk+miPM6kVyHoNDaxPTB/HnTF9jg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/Kconfig: introduce option to select retpoline usage Message-Id: Date: Thu, 31 Mar 2022 09:11:24 +0000 commit dd359f9f505e7df960aad13116bc6f576f5fdd94 Author: Roger Pau Monné AuthorDate: Thu Mar 31 10:57:23 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:57:23 2022 +0200 x86/Kconfig: introduce option to select retpoline usage Add a new Kconfig option under the "Speculative hardening" section that allows selecting whether to enable retpoline. This depends on the underlying compiler having retpoline support. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper master commit: 95d9ab46143685f169f636cfdd7997e2fc630e86 master date: 2022-02-21 18:17:56 +0000 --- xen/arch/x86/Kconfig | 4 ---- xen/common/Kconfig | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 34dcb47ecd..3c14096c80 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -36,10 +36,6 @@ config CC_HAS_INDIRECT_THUNK def_bool $(cc-option,-mindirect-branch-register) || \ $(cc-option,-mretpoline-external-thunk) -config INDIRECT_THUNK - def_bool y - depends on CC_HAS_INDIRECT_THUNK - config HAS_AS_CET_SS # binutils >= 2.29 or LLVM >= 6 def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy) diff --git a/xen/common/Kconfig b/xen/common/Kconfig index db687b1785..6443943889 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -85,6 +85,20 @@ config STATIC_MEMORY menu "Speculative hardening" +config INDIRECT_THUNK + bool "Speculative Branch Target Injection Protection" + depends on CC_HAS_INDIRECT_THUNK + default y + help + Contemporary processors may use speculative execution as a + performance optimisation, but this can potentially be abused by an + attacker to leak data via speculative sidechannels. + + One source of data leakage is via branch target injection. + + When enabled, indirect branches are implemented using a new construct + called "retpoline" that prevents speculation. + config SPECULATIVE_HARDEN_ARRAY bool "Speculative Array Hardening" default y -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 09:11:36 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 09:11:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296785.505282 (Exim 4.92) (envelope-from ) id 1nZqq8-0003iK-NQ; Thu, 31 Mar 2022 09:11:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296785.505282; Thu, 31 Mar 2022 09:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqq8-0003i8-KJ; Thu, 31 Mar 2022 09:11:36 +0000 Received: by outflank-mailman (input) for mailman id 296785; Thu, 31 Mar 2022 09:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqq6-0003hx-Rj for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqq6-0001k0-Qo for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqq6-0008Ef-Pr for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZSXe8eAnhMl/4Eyq6ctRBaYbM8DpuMjW4+1ErUVjVMc=; b=yi0/8umSHL5mL5Z96C6QQFUO5b Qdaj0n0Lu/FnDE2vp4u92dgbCM4BYr6EUpHWnAUk4AF/9jaLj/1WS6BWeIsNBqqZrLXItvT/okQFY x42YddPJYTZjFeU4Jz5il1CNSsW29pToqKbfn2EqnnZNxjItLyIze9hFqKsAhzKViyN8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] vpci/msix: fix PBA accesses Message-Id: Date: Thu, 31 Mar 2022 09:11:34 +0000 commit ef63570d8391a35fd734a956865b8295d2c57112 Author: Roger Pau Monné AuthorDate: Thu Mar 31 10:58:42 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 10:58:42 2022 +0200 vpci/msix: fix PBA accesses Map the PBA in order to access it from the MSI-X read and write handlers. Note that previously the handlers would pass the physical host address into the {read,write}{l,q} handlers, which is wrong as those expect a linear address. Map the PBA using ioremap when the first access is performed. Note that 32bit arches might want to abstract the call to ioremap into a vPCI arch handler, so they can use a fixmap range to map the PBA. Reported-by: Jan Beulich Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Tested-by: Alex Olson master commit: b4f21160601155762a4d014db9623af921fec959 master date: 2022-03-09 16:21:01 +0100 --- xen/drivers/vpci/msix.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++--- xen/drivers/vpci/vpci.c | 2 ++ xen/include/xen/vpci.h | 2 ++ 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index 846f1b8d70..ac5de98f6d 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -182,6 +182,38 @@ static struct vpci_msix_entry *get_entry(struct vpci_msix *msix, return &msix->entries[(addr - start) / PCI_MSIX_ENTRY_SIZE]; } +static void __iomem *get_pba(struct vpci *vpci) +{ + struct vpci_msix *msix = vpci->msix; + /* + * PBA will only be unmapped when the device is deassigned, so access it + * without holding the vpci lock. + */ + void __iomem *pba = read_atomic(&msix->pba); + + if ( likely(pba) ) + return pba; + + pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), + vmsix_table_size(vpci, VPCI_MSIX_PBA)); + if ( !pba ) + return read_atomic(&msix->pba); + + spin_lock(&vpci->lock); + if ( !msix->pba ) + { + write_atomic(&msix->pba, pba); + spin_unlock(&vpci->lock); + } + else + { + spin_unlock(&vpci->lock); + iounmap(pba); + } + + return read_atomic(&msix->pba); +} + static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, unsigned long *data) { @@ -200,6 +232,10 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + /* * Access to PBA. * @@ -207,14 +243,22 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, * guest address space. If this changes the address will need to be * translated. */ + if ( !pba ) + { + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, report all pending\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - *data = readl(addr); + *data = readl(pba + idx); break; case 8: - *data = readq(addr); + *data = readq(pba + idx); break; default: @@ -278,14 +322,27 @@ static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ if ( is_hardware_domain(d) ) { + struct vpci *vpci = msix->pdev->vpci; + unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); + const void __iomem *pba = get_pba(vpci); + + if ( !pba ) + { + /* Unable to map the PBA, ignore write. */ + gprintk(XENLOG_WARNING, + "%pp: unable to map MSI-X PBA, write ignored\n", + msix->pdev); + return X86EMUL_OKAY; + } + switch ( len ) { case 4: - writel(data, addr); + writel(data, pba + idx); break; case 8: - writeq(data, addr); + writeq(data, pba + idx); break; default: diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 657697fe34..dfc8136ffb 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -51,6 +51,8 @@ void vpci_remove_device(struct pci_dev *pdev) xfree(r); } spin_unlock(&pdev->vpci->lock); + if ( pdev->vpci->msix && pdev->vpci->msix->pba ) + iounmap(pdev->vpci->msix->pba); xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); xfree(pdev->vpci); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h index 9ea66e033f..755b4fd5c8 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h @@ -129,6 +129,8 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; + /* PBA map */ + void __iomem *pba; /* Entries. */ struct vpci_msix_entry { uint64_t addr; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 09:11:46 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 09:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.296786.505286 (Exim 4.92) (envelope-from ) id 1nZqqI-0003ku-Ol; Thu, 31 Mar 2022 09:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 296786.505286; Thu, 31 Mar 2022 09:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqqI-0003km-Lp; Thu, 31 Mar 2022 09:11:46 +0000 Received: by outflank-mailman (input) for mailman id 296786; Thu, 31 Mar 2022 09:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqqG-0003kL-V9 for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZqqG-0001kQ-UJ for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZqqG-0008FS-T8 for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 09:11:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f4dodCUJuG45XE6MuVF9iSN9sLd5aOc5c293bhlEV/8=; b=RC7jKS1pNIPpdiUbuFMGOcCVQq AYKizRz3FxtjAwWtUq9uw93Teu97nDaFK2HLCwyqeyy3tXt9y64dKqSxKOzSks0dwXhB0sMUATD21 V/doupbAXFmQN6cG+U3InwCb5RNJLmBi+dDTVfm8CJihMg7hfgXqwiDNyaBFfTiDPMoM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] livepatch: account for patch offset when applying NOP patch Message-Id: Date: Thu, 31 Mar 2022 09:11:44 +0000 commit e34c16cc6ee029fa75c35bd21f75103d5502ea30 Author: Jan Beulich AuthorDate: Thu Mar 31 11:00:57 2022 +0200 Commit: Jan Beulich CommitDate: Thu Mar 31 11:00:57 2022 +0200 livepatch: account for patch offset when applying NOP patch While not triggered by the trivial xen_nop in-tree patch on staging/master, that patch exposes a problem on the stable trees, where all functions have ENDBR inserted. When NOP-ing out a range, we need to account for this. Handle this right in livepatch_insn_len(). This requires livepatch_insn_len() to be called _after_ ->patch_offset was set. Fixes: 6974c75180f1 ("xen/x86: Livepatch: support patching CET-enhanced functions") Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné master commit: 8a87b9a0fb0564f9d68f0be0a0d1a17c34117b8b master date: 2022-03-31 10:45:46 +0200 --- xen/arch/x86/livepatch.c | 8 +++++--- xen/include/xen/livepatch.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index e94ac9b228..a3cb63a7ea 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -144,9 +144,6 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) func->patch_offset = 0; old_ptr = func->old_addr; - len = livepatch_insn_len(func); - if ( !len ) - return; /* * CET hotpatching support: We may have functions starting with an ENDBR64 @@ -159,6 +156,11 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) if ( is_endbr64(old_ptr) ) func->patch_offset += ENDBR64_LEN; + /* This call must be done with ->patch_offset already set. */ + len = livepatch_insn_len(func); + if ( !len ) + return; + memcpy(func->opaque, old_ptr + func->patch_offset, len); if ( func->new_addr ) { diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index f3ae10f007..9fdb29c382 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -90,7 +90,7 @@ static inline unsigned int livepatch_insn_len(const struct livepatch_func *func) { if ( !func->new_addr ) - return func->new_size; + return func->new_size - func->patch_offset; return ARCH_PATCH_INSN_SIZE; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 18:55:10 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 18:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297057.505880 (Exim 4.92) (envelope-from ) id 1nZzwn-0001cB-Re; Thu, 31 Mar 2022 18:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297057.505880; Thu, 31 Mar 2022 18:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzwn-0001c3-OY; Thu, 31 Mar 2022 18:55:05 +0000 Received: by outflank-mailman (input) for mailman id 297057; Thu, 31 Mar 2022 18:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzwm-0001bx-Mi for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzwm-0004CJ-Kt for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZzwm-00038p-JX for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a7o7lB4t1lJYo/JQhOsmKqsqV5gpuvpHSIevO7p4bMY=; b=NEH8yweOV1qFoCRSV9L2c1MHoZ VtLWqk9IIU1R82NiT/Q/jgX3NHsJ19SgwJJ1RyeFWt+C8lUordi3pS6p9KPnvhNLkZBs/8qdFMZ9k Jld/0nakXYZThxNOpqdUOa0SBOEBB/x/RMtPT+Esfvpcf+ozuNuhDWaT3G713eNZLdDY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xl: Fix global pci options Message-Id: Date: Thu, 31 Mar 2022 18:55:04 +0000 commit e45ad0b1b0bd6a43f59aaf4a6f86d88783c630e5 Author: Jason Andryuk AuthorDate: Wed Mar 30 14:17:41 2022 -0400 Commit: Andrew Cooper CommitDate: Thu Mar 31 19:48:12 2022 +0100 xl: Fix global pci options commit babde47a3fed "introduce a 'passthrough' configuration option to xl.cfg..." moved the pci list parsing ahead of the global pci option parsing. This broke the global pci configuration options since they need to be set first so that looping over the pci devices assigns their values. Move the global pci options ahead of the pci list to restore their function. Fixes: babde47a3fed ("introduce a 'passthrough' configuration option to xl.cfg...") Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD --- tools/xl/xl_parse.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index 117fcdcb2b..b98c0de378 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -1478,6 +1478,32 @@ void parse_config_data(const char *config_source, exit(1); } + /* To be reworked (automatically enabled) once the auto ballooning + * after guest starts is done (with PCI devices passed in). */ + if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { + xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); + } + + if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) + pci_msitranslate = l; + + if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) + pci_power_mgmt = l; + + if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) + pci_permissive = l; + + if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) + pci_seize = l; + + if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { + libxl_rdm_reserve rdm; + if (!xlu_rdm_parse(config, &rdm, buf)) { + b_info->u.hvm.rdm.strategy = rdm.strategy; + b_info->u.hvm.rdm.policy = rdm.policy; + } + } + if (!xlu_cfg_get_list (config, "pci", &pcis, 0, 0)) { d_config->num_pcidevs = 0; d_config->pcidevs = NULL; @@ -2338,32 +2364,6 @@ skip_vfb: } } - if (!xlu_cfg_get_long (config, "pci_msitranslate", &l, 0)) - pci_msitranslate = l; - - if (!xlu_cfg_get_long (config, "pci_power_mgmt", &l, 0)) - pci_power_mgmt = l; - - if (!xlu_cfg_get_long (config, "pci_permissive", &l, 0)) - pci_permissive = l; - - if (!xlu_cfg_get_long (config, "pci_seize", &l, 0)) - pci_seize = l; - - /* To be reworked (automatically enabled) once the auto ballooning - * after guest starts is done (with PCI devices passed in). */ - if (c_info->type == LIBXL_DOMAIN_TYPE_PV) { - xlu_cfg_get_defbool(config, "e820_host", &b_info->u.pv.e820_host, 0); - } - - if (!xlu_cfg_get_string(config, "rdm", &buf, 0)) { - libxl_rdm_reserve rdm; - if (!xlu_rdm_parse(config, &rdm, buf)) { - b_info->u.hvm.rdm.strategy = rdm.strategy; - b_info->u.hvm.rdm.policy = rdm.policy; - } - } - if (!xlu_cfg_get_list(config, "usbctrl", &usbctrls, 0, 0)) { d_config->num_usbctrls = 0; d_config->usbctrls = NULL; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Mar 31 18:55:16 2022 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 31 Mar 2022 18:55:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.297058.505884 (Exim 4.92) (envelope-from ) id 1nZzwy-0001eE-T6; Thu, 31 Mar 2022 18:55:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 297058.505884; Thu, 31 Mar 2022 18:55:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzwy-0001e5-Q5; Thu, 31 Mar 2022 18:55:16 +0000 Received: by outflank-mailman (input) for mailman id 297058; Thu, 31 Mar 2022 18:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzww-0001dt-Qh for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nZzww-0004Dw-Pr for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1nZzww-00039Z-Oa for xen-changelog@lists.xenproject.org; Thu, 31 Mar 2022 18:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zng9/UlZ5yS0G8hvfYle9uBcuYN6iooQlZUkxlESo6I=; b=vrM2pFR1hRit1BBal1sgcA2pPt 3q/FLkReFXSDjd4evm9ACce+Vi1U4OdPW0rq3tEoWp7BHL/gY3rWVWV9ashlbJDfKNBPOCXigmIRN EGr6m8A7kl4ASu/F3vqFBnFwUgPH4WhKNSx5IFCEZIjK0r/qS2F5yg66g3fj/re3r2ac=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: constify libxl__stubdomain_is_linux Message-Id: Date: Thu, 31 Mar 2022 18:55:14 +0000 commit e7cfcdc6719d586eb7cdb62d40275a7d17fe6760 Author: Jason Andryuk AuthorDate: Wed Mar 30 14:17:22 2022 -0400 Commit: Andrew Cooper CommitDate: Thu Mar 31 19:50:03 2022 +0100 libxl: constify libxl__stubdomain_is_linux libxl__stubdomain_is_linux can take a const pointer, so make the change. This isn't an issue in-tree, but was found with an OpenXT patch where it was called with only const libxl_domain_build_info available. Signed-off-by: Jason Andryuk Acked-by: Anthony PERARD --- tools/libs/light/libxl_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index c0e7779d97..a26daec040 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -2326,7 +2326,7 @@ bool libxl__stubdomain_is_linux_running(libxl__gc *gc, uint32_t domid) } static inline -bool libxl__stubdomain_is_linux(libxl_domain_build_info *b_info) +bool libxl__stubdomain_is_linux(const libxl_domain_build_info *b_info) { /* right now qemu-tranditional implies MiniOS stubdomain and qemu-xen * implies Linux stubdomain */ -- generated by git-patchbot for /home/xen/git/xen.git#staging