[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-next v2 0/2] xen/arm: Mitigate straight-line speculation

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Tue, 16 Mar 2021 17:16:36 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FxZQ4dQ4ONBqprdwygfqlLRxjnGYVCv+JAFlVxH/v0Y=; b=C4Fb+ap6eZ8vuZtsYlgKvla6qDP7iXAnqZuZHqr77uQaQVB/piQO6enY9HI4vl3ChVy3OiRbBkjTO/s9t9tRUHqu1x/NJWerj1m7LFPWquCw0p7hCKXkA5opJE93apTu+DmFKyezXSNiD6tmXrDNAYUmRT4vh3S9hGRHMWDUYsBQeCxw+W2cob1Pd8Kjj3k2gZ90m6rYW7NATE03fA044mubpOqQKORVjl59Go1xqfUbTITq/cAaDngT7ZkaaHMvVZAjwaQv8llWjfRJ+uxHFfTBeDDc6u+K8eoYil74aQPtwMZs8EzI/uF8OMKRXP2G2WIA4V7fYHBQ+9kohiJLrg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WqVek89DHntji3CWD/ZCra1wiPwVZKsPWXNcTqL4CCK607R2/N4fq3b4feZxW8NycJW6iMzM7J0QFiYTVgfL9Mex+RFInzJwEXEfgJe/Ti/erk18BQj012JK75yHdEvGQxUfM+dCfRhgQjzCCf9OaDj2DDLxfVntYl8GxXZI4RYsaC0rAnnyC7FUo3brYkXux3dfrfbKifzo6nWiGAGLOmrypGAhNppMgUR8KymxjQ9QCie4TcXjt+UcFRDCz1ByqEnrHPoTJJzDPDXLnmYf81Go5Pvfkwd5tw6s+egpx+LnfixvUOO2IXKmQjZQ37+QwSWCxI8rRmPp8m/jtd6Tuw==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Tue, 16 Mar 2021 17:16:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHXGCLVbl4hty1bX0WFvkxXr3KxFaqFDwwAgAGybICAAB5+gA==
  • Thread-topic: [PATCH for-next v2 0/2] xen/arm: Mitigate straight-line speculation
Hi Julien,

> On 16 Mar 2021, at 15:27, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 15/03/2021 13:32, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
>>> On 13 Mar 2021, at 16:06, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> From: Julien Grall <jgrall@xxxxxxxxxx>
>>> 
>>> Hi all,
>>> 
>>> Last year, Arm released a whitepaper about a new category of speculation.
>>> (see [1] and [2]). In short, a processor may be able to speculate past
>>> some of the unconditional control flow instructions (e.g eret, smc, br).
>>> 
>>> In some of the cases, the registers will contain values controlled by
>>> the guest. While there is no known gadget afterwards, we still want to
>>> prevent any leakage in the future.
>>> 
>>> The mitigation is planned in two parts:
>>>   1) Arm provided patches for both GCC and LLVM to add speculation barrier
>>>   and remove problematic code sequence.
>>>   2) Inspection of assembly code and call to higher level (e.g smc in our 
>>> case).
>>> 
>>> I still haven't looked at 1) and how to mitigate properly Arm32 (see
>>> patch #1) and SMC call. So this issue is not fully addressed.
>>> 
>>> Note that the ERET instruction was already addressed as part of XSA-312.
>> On my tests, this serie is breaking the arm64 build:
>> | aarch64-poky-linux-ld 
>> --sysroot=/home/bermar01/Development/xen-dev/build/profile-fvp-base.prj/tmp/work/fvp_base-poky-linux/xen/4.15+git1-r0/recipe-sysroot
>>          -EL  --fix-cortex-a53-843419 --fix-cortex-a53-843419 -r -o 
>> built_in.o memcpy.o memcmp.o memmove.o memset.o memchr.o clear_page.o 
>> bitops.o find_next_bit.o strchr.o strcmp.o strlen.o strncmp.o strnlen.o 
>> strrchr.o
> 
> I can't see any build failure with the following GCC:
> 
> 42sh> aarch64-linux-gnu-gcc
> aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0
> Copyright (C) 2017 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.  There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> AFAICT, there is also no compilation issue reported by gitlab:
> 
> https://gitlab.com/xen-project/patchew/xen/-/pipelines/269989894
> 
> What's the version of your compiler? Do you have steps to reproduce your 
> setup?

You need to have earlyprintk enabled
I am using gcc 7.5.0:
aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0

one configuration triggering the issue is using the default .config with the 
following items added:
CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS=y
CONFIG_DEBUG_LOCK_PROFILE=y
CONFIG_PERF_COUNTERS=y
CONFIG_PERF_ARRAYS=y
CONFIG_DEVICE_TREE_DEBUG=y
CONFIG_DEBUG_TRACE=y
CONFIG_EARLY_PRINTK_JUNO=y
CONFIG_EARLY_UART_PL011=y
CONFIG_EARLY_PRINTK=y
CONFIG_EARLY_UART_BASE_ADDRESS=0x7ff80000
CONFIG_EARLY_UART_PL011_BAUD_RATE=115200
CONFIG_EARLY_UART_INIT=y
CONFIG_EARLY_PRINTK_INC="debug-pl011.inc”

> 
>> | arm64/head.S: Assembler messages:
>> | arm64/head.S:305: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Boot CPU booting -\r\n")'
> 
> This is strange, the code should use RODATA_STR() but here it is in lower 
> case. Can you check in your tree whether there some instance of the lower 
> case version?

I have no instance of rodata_str in lower case.

> 
> If not, this may just be GAS printing in lower cases.

it probably is then.

If you need help on this i can try to dig on that a bit later this week 
(thursday or friday).

Cheers
Bertrand

> 
>> | arm64/head.S:331: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Ready -\r\n")'
>> | arm64/head.S:365: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- CPU ")'
>> | make[6]: Leaving directory 
>> '/home/bermar01/Development/xen-dev/build/profile-fvp-base.prj/tmp/work/fvp_base-poky-linux/xen/4.15+git1-r0/local-xen/xen/xen/arch/arm/arm64/lib'
>> | arm64/head.S:367: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> " booting -\r\n")'
>> | arm64/head.S:398: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Ready -\r\n")'
>> | arm64/head.S:412: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Current EL ")'
>> | arm64/head.S:415: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> " -\r\n")'
>> | arm64/head.S:424: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Xen must be entered in NS EL2 mode -\r\n")'
>> | arm64/head.S:425: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Please update the bootloader -\r\n")'
>> | arm64/head.S:441: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Zero BSS -\r\n")'
>> | arm64/head.S:459: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Initialize CPU -\r\n")'
>> | arm64/head.S:654: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Unable to build boot page tables - virt and phys addresses clash. -\r\n")'
>> | arm64/head.S:666: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Turning on paging -\r\n")'
>> | arm64/head.S:800: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- Boot failed -\r\n")'
>> | arm64/head.S:848: Error: unknown mnemonic `rodata_str' -- `rodata_str(98, 
>> "- UART enabled -\r\n")'
>> | {standard input}: Error: local label `"98" (instance number 1 of a fb 
>> label)' is not defined
>> | 
>> /home/bermar01/Development/xen-dev/build/profile-fvp-base.prj/tmp/work/fvp_base-poky-linux/xen/4.15+git1-r0/local-xen/xen/xen/Rules.mk:204:
>>  recipe for target 'arm64/head.o' failed
>> This was done adding your 2 patches on top of current staging.
>> Cheers
>> Bertrand
>>> 
>>> Cheers,
>>> 
>>> [1] 
>>> https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
>>> [2] 
>>> https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
>>> 
>>> Julien Grall (2):
>>>  xen/arm: Include asm/asm-offsets.h and asm/macros.h on every assembly
>>>    files
>>>  xen/arm64: Place a speculation barrier following an ret instruction
>>> 
>>> xen/arch/arm/Makefile                |  2 +-
>>> xen/arch/arm/arm32/entry.S           |  2 +-
>>> xen/arch/arm/arm32/head.S            |  1 -
>>> xen/arch/arm/arm32/lib/lib1funcs.S   |  1 +
>>> xen/arch/arm/arm32/proc-v7.S         |  1 -
>>> xen/arch/arm/arm64/debug-cadence.inc |  1 -
>>> xen/arch/arm/arm64/debug-pl011.inc   |  2 --
>>> xen/arch/arm/arm64/entry.S           |  2 --
>>> xen/arch/arm/arm64/head.S            |  2 --
>>> xen/arch/arm/arm64/smc.S             |  3 ---
>>> xen/include/asm-arm/arm64/macros.h   |  6 ++++++
>>> xen/include/asm-arm/config.h         |  6 ++++++
>>> xen/include/asm-arm/macros.h         | 18 +++++++++---------
>>> 13 files changed, 24 insertions(+), 23 deletions(-)
>>> 
>>> -- 
>>> 2.17.1
>>> 
> 
> -- 
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.