[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-next v2 0/2] xen/arm: Mitigate straight-line speculation

  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 17 Mar 2021 14:04:42 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U7ti9llXCWTFMe6QSQtdT4PxC4YV4LOHHo6FuekhJxo=; b=cmZoKBUql/0i+fodMQkjEF+h1h0fpbQnqO8BnNEP+Yv9l+eNtJWihCKhXzim6J2Sk6XLZaWe9n2kaiaXhSReLKrTpJHoRWRKelbmmBXfzWmqld4y5SUWzVVbO04IDdOzHQ/goZvtV4o4tS3fHZue4UZ981usrzuM5SXb87n/jIbIg6fF05DsFZ3o6sTiXHz+dRAoCHWA2JUSOgLzmW59svXMxQCeRYngp0hwvrdugKAYWtOWsTfRixFM2Q4+hDSiO5elF2AsKulx4xfgazAkw34QrNgLPXNrDAlNgpMt/m6xoskNikOjrD65Vu3pjNN7rVz6jZKWBhO6tcA8ZA1krA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VC3BH7VoHY8O2ElunVhyGHr4HQdvk/7eOEuuZQvQJuW4SMptaPpovvkAUSU7Tkwhf7Vj8xIlWT9XxnMlpOqZlV2jAbu/O0rrEmnjluPih2GgjuiAjMf9IGUngILCIgFZA6RSre2ZIBlqxwLNxyEnoP7srk9t2ift2tlHyCsdg3rw6w5upo3wY4L2eLXk+o2JIkOYfeFfoDmfV5o/+9DbzwN1vPOc7t6EPG2Te8M1sVl+osX+v4fDknmRU40T5xGONdbVyz3y7kzaq+1V2NZJZZj9f9OxYs980uFd+9nLKoqCD9AHNhQGLq34Ct/BM5/jjyuOVrkOtQmruvzoyk0Dgw==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 17 Mar 2021 14:05:01 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHXGCLVbl4hty1bX0WFvkxXr3KxFaqFDwwAgAGybICAAB5+gIABLumAgAAtzoA=
  • Thread-topic: [PATCH for-next v2 0/2] xen/arm: Mitigate straight-line speculation
Hi Julien,

> On 17 Mar 2021, at 11:20, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 16/03/2021 17:16, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
>>> On 16 Mar 2021, at 15:27, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> 
>>> 
>>> On 15/03/2021 13:32, Bertrand Marquis wrote:
>>>> Hi Julien,
>>> 
>>> Hi Bertrand,
>>> 
>>>>> On 13 Mar 2021, at 16:06, Julien Grall <julien@xxxxxxx> wrote:
>>>>> 
>>>>> From: Julien Grall <jgrall@xxxxxxxxxx>
>>>>> 
>>>>> Hi all,
>>>>> 
>>>>> Last year, Arm released a whitepaper about a new category of speculation.
>>>>> (see [1] and [2]). In short, a processor may be able to speculate past
>>>>> some of the unconditional control flow instructions (e.g eret, smc, br).
>>>>> 
>>>>> In some of the cases, the registers will contain values controlled by
>>>>> the guest. While there is no known gadget afterwards, we still want to
>>>>> prevent any leakage in the future.
>>>>> 
>>>>> The mitigation is planned in two parts:
>>>>>   1) Arm provided patches for both GCC and LLVM to add speculation barrier
>>>>>   and remove problematic code sequence.
>>>>>   2) Inspection of assembly code and call to higher level (e.g smc in our 
>>>>> case).
>>>>> 
>>>>> I still haven't looked at 1) and how to mitigate properly Arm32 (see
>>>>> patch #1) and SMC call. So this issue is not fully addressed.
>>>>> 
>>>>> Note that the ERET instruction was already addressed as part of XSA-312.
>>>> On my tests, this serie is breaking the arm64 build:
>>>> | aarch64-poky-linux-ld 
>>>> --sysroot=/home/bermar01/Development/xen-dev/build/profile-fvp-base.prj/tmp/work/fvp_base-poky-linux/xen/4.15+git1-r0/recipe-sysroot
>>>>          -EL  --fix-cortex-a53-843419 --fix-cortex-a53-843419 -r -o 
>>>> built_in.o memcpy.o memcmp.o memmove.o memset.o memchr.o clear_page.o 
>>>> bitops.o find_next_bit.o strchr.o strcmp.o strlen.o strncmp.o strnlen.o 
>>>> strrchr.o
>>> 
>>> I can't see any build failure with the following GCC:
>>> 
>>> 42sh> aarch64-linux-gnu-gcc
>>> aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0
>>> Copyright (C) 2017 Free Software Foundation, Inc.
>>> This is free software; see the source for copying conditions.  There is NO
>>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>> 
>>> AFAICT, there is also no compilation issue reported by gitlab:
>>> 
>>> https://gitlab.com/xen-project/patchew/xen/-/pipelines/269989894
>>> 
>>> What's the version of your compiler? Do you have steps to reproduce your 
>>> setup?
>> You need to have earlyprintk enabled
>> I am using gcc 7.5.0:
>> aarch64-linux-gnu-gcc (Ubuntu/Linaro 7.5.0-3ubuntu1~18.04) 7.5.0
>> one configuration triggering the issue is using the default .config with the 
>> following items added:
>> CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS=y
>> CONFIG_DEBUG_LOCK_PROFILE=y
>> CONFIG_PERF_COUNTERS=y
>> CONFIG_PERF_ARRAYS=y
>> CONFIG_DEVICE_TREE_DEBUG=y
>> CONFIG_DEBUG_TRACE=y
>> CONFIG_EARLY_PRINTK_JUNO=y
>> CONFIG_EARLY_UART_PL011=y
>> CONFIG_EARLY_PRINTK=y
>> CONFIG_EARLY_UART_BASE_ADDRESS=0x7ff80000
>> CONFIG_EARLY_UART_PL011_BAUD_RATE=115200
>> CONFIG_EARLY_UART_INIT=y
>> CONFIG_EARLY_PRINTK_INC="debug-pl011.inc”
> 
> Thanks for providing the .config. I managed to reproduce it. So I removed 
> "asm_defns.h" everywhere but forgot to include it in the "config.h" :/.
> 
> This small change fixed the error:
> 
> diff --git a/xen/include/asm-arm/config.h b/xen/include/asm-arm/config.h
> index 51273b9db1fc..c7b77912013e 100644
> --- a/xen/include/asm-arm/config.h
> +++ b/xen/include/asm-arm/config.h
> @@ -192,7 +192,7 @@ extern unsigned long frametable_virt_end;
> #define watchdog_enable()  ((void)0)
> 
> #if defined(__ASSEMBLY__) && !defined(__LINKER__)
> -#include <asm/asm-offsets.h>
> +#include <asm/asm_defns.h>
> #include <asm/macros.h>
> #endif
> 
> Would you still be happy to review the series before I send a v3?

Sure,

I will restart my tests with this change now and review the v2 once passed.

Cheers
Bertrand

> 
> Cheers,
> 
> -- 
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.