[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.10] xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
commit 1ef0574d3badeaef816df796e719999b92efdd44 Author: Julien Grall <julien.grall@xxxxxxx> AuthorDate: Fri Feb 23 18:57:22 2018 +0000 Commit: Stefano Stabellini <sstabellini@xxxxxxxxxx> CommitDate: Tue Apr 3 16:51:57 2018 -0700 xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Add the detection and runtime code for ARM_SMCCC_ARCH_WORKAROUND_1. Signed-off-by: Julien Grall <julien.grall@xxxxxxx> Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx> Reviewed-by: Andre Przywara <andre.przywara@xxxxxxx> Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> (cherry picked from commit 99cd6934c17361456a68edd64348f201e2e00ce1) --- xen/arch/arm/arm64/bpi.S | 13 +++++++++++++ xen/arch/arm/cpuerrata.c | 32 +++++++++++++++++++++++++++++++- xen/include/asm-arm/smccc.h | 1 + 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/arm64/bpi.S b/xen/arch/arm/arm64/bpi.S index 4b7f1dc21f..b59e307b0f 100644 --- a/xen/arch/arm/arm64/bpi.S +++ b/xen/arch/arm/arm64/bpi.S @@ -16,6 +16,8 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <asm/smccc.h> + .macro ventry target .rept 31 nop @@ -81,6 +83,17 @@ ENTRY(__psci_hyp_bp_inval_start) add sp, sp, #(8 * 18) ENTRY(__psci_hyp_bp_inval_end) +ENTRY(__smccc_workaround_1_smc_start) + sub sp, sp, #(8 * 4) + stp x0, x1, [sp, #(8 * 2)] + stp x2, x3, [sp, #(8 * 0)] + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_1_FID + smc #0 + ldp x2, x3, [sp, #(8 * 0)] + ldp x0, x1, [sp, #(8 * 2)] + add sp, sp, #(8 * 4) +ENTRY(__smccc_workaround_1_smc_end) + /* * Local variables: * mode: ASM diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c index 8d5f8d372a..dec9074422 100644 --- a/xen/arch/arm/cpuerrata.c +++ b/xen/arch/arm/cpuerrata.c @@ -147,6 +147,34 @@ install_bp_hardening_vec(const struct arm_cpu_capabilities *entry, return ret; } +extern char __smccc_workaround_1_smc_start[], __smccc_workaround_1_smc_end[]; + +static bool +check_smccc_arch_workaround_1(const struct arm_cpu_capabilities *entry) +{ + struct arm_smccc_res res; + + /* + * Enable callbacks are called on every CPU based on the + * capabilities. So double-check whether the CPU matches the + * entry. + */ + if ( !entry->matches(entry) ) + return false; + + if ( smccc_ver < SMCCC_VERSION(1, 1) ) + return false; + + arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, + ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res); + if ( res.a0 != ARM_SMCCC_SUCCESS ) + return false; + + return install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, + __smccc_workaround_1_smc_end, + "call ARM_SMCCC_ARCH_WORKAROUND_1"); +} + extern char __psci_hyp_bp_inval_start[], __psci_hyp_bp_inval_end[]; static int enable_psci_bp_hardening(void *data) @@ -154,12 +182,14 @@ static int enable_psci_bp_hardening(void *data) bool ret = true; static bool warned = false; + if ( check_smccc_arch_workaround_1(data) ) + return 0; /* * The mitigation is using PSCI version function to invalidate the * branch predictor. This function is only available with PSCI 0.2 * and later. */ - if ( psci_ver >= PSCI_VERSION(0, 2) ) + else if ( psci_ver >= PSCI_VERSION(0, 2) ) ret = install_bp_hardening_vec(data, __psci_hyp_bp_inval_start, __psci_hyp_bp_inval_end, "call PSCI get version"); diff --git a/xen/include/asm-arm/smccc.h b/xen/include/asm-arm/smccc.h index 154772b728..8342cc33fe 100644 --- a/xen/include/asm-arm/smccc.h +++ b/xen/include/asm-arm/smccc.h @@ -261,6 +261,7 @@ struct arm_smccc_res { /* SMCCC error codes */ #define ARM_SMCCC_ERR_UNKNOWN_FUNCTION (-1) #define ARM_SMCCC_NOT_SUPPORTED (-1) +#define ARM_SMCCC_SUCCESS (0) /* SMCCC function identifier range which is reserved for existing APIs */ #define ARM_SMCCC_RESERVED_RANGE_START 0x0 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.10 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |