Xen project Mailing List

[Xen-devel] update on the status of SP2 mitigations for Xen on Arm

To: security@xxxxxxxxxxxxxx

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Wed, 7 Feb 2018 12:14:08 -0800 (PST)

Authentication-results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org

Authentication-results: mail.kernel.org; spf=none smtp.mailfrom=sstabellini@xxxxxxxxxx

Cc: lars.kurth.xen@xxxxxxxxx, julien.grall@xxxxxxxxxx, sstabellini@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx

Delivery-date: Wed, 07 Feb 2018 20:14:39 +0000

Dmarc-filter: OpenDMARC Filter v1.3.2 mail.kernel.org EA6A521788

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi all, This is the latest status of the SP2 mitigations for Xen on Arm. Please note that arm32 and arm64 require different mitigations. I have just backported the arm32 mitigation to 4.10, 4.9, 4.8 and 4.7: - 4.10 bbd093c xen/arm32: entry: Document the purpose of r11 in the traps handler a69a8b5 xen/arm32: Invalidate icache on guest exist for Cortex-A15 f167ebf xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 c4c0187 xen/arm32: Add skeleton to harden branch predictor aliasing attacks 19ad8a7 xen/arm32: entry: Add missing trap_reset entry 3caf32c xen/arm32: Add missing MIDR values for Cortex-A17 and A12 df7be94 xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros - 4.9 4d01dbc xen/arm32: entry: Document the purpose of r11 in the traps handler 22379b6 xen/arm32: Invalidate icache on guest exist for Cortex-A15 6e13ad7 xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 0d32237 xen/arm32: Add skeleton to harden branch predictor aliasing attacks 4ba59bd xen/arm32: entry: Add missing trap_reset entry 2997c5e xen/arm32: Add missing MIDR values for Cortex-A17 and A12 751c879 xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros - 4.8 11875b7 xen/arm32: entry: Document the purpose of r11 in the traps handler 1105f3a xen/arm32: Invalidate icache on guest exist for Cortex-A15 754345c xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 7336d0d xen/arm32: Add skeleton to harden branch predictor aliasing attacks cf95bba xen/arm32: entry: Add missing trap_reset entry a586cbd xen/arm32: Add missing MIDR values for Cortex-A17 and A12 6082e3b xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros - 4.7 f50ea84 xen/arm32: entry: Document the purpose of r11 in the traps handler de3bdaa xen/arm32: Invalidate icache on guest exist for Cortex-A15 766990b xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 4ac0229 xen/arm32: Add skeleton to harden branch predictor aliasing attacks bafd63f xen/arm32: entry: Add missing trap_reset entry d5bb425 xen/arm32: Add missing MIDR values for Cortex-A17 and A12 003ec3e xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros The arm64 backports have been in the staging trees for a while, see: https://marc.info/?l=xen-devel&m=151690105623579 Julien posted another series to improve the SP2 mitigation for arm64: https://marc.info/?l=xen-devel&m=151783688420038 It is not yet reviewed. This second series is highly desirable, as it uses better firmware interfaces for the mitigation. At present, Xen is using a PSCI get_version call (it is a call to the PSCI firmware) for the mitigation. It relies on the firmware cleaning the branch predictor cache in the implementation of the get_version call. However, it appers that get_version doesn't actually do the expected task on most arm64 platforms. Hence, the need for a new series and a better firmware call. Julien, feel free to add more details here. Cheers, Stefano _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.