Xen project Mailing List

Re: [PATCH v3 6/7] xen/arm: Taint Xen on incompatible DCZID values

To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Tue, 7 Sep 2021 16:17:28 -0700 (PDT)

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Tue, 07 Sep 2021 23:17:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, 6 Sep 2021, Bertrand Marquis wrote: > > On 3 Sep 2021, at 23:49, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote: > > > > On Wed, 25 Aug 2021, Bertrand Marquis wrote: > >> Use arm64 cpu feature sanitization to TAIN Xen if different DCZID values > > ^ TAINT > > > > > >> are found (ftr_dczid is using only STRICT method). > >> In this case actual memory being cleaned by DC ZVA operations would be > >> different depending on the cores which could make a guest zeroing too > >> much or too little memory if it is merged between CPUs. > >> > >> We could, on processor supporting it, trap access to DCZID_EL0 register > > ^ processors > > Could those typos be fixed during commit ? Yes they can > >> using HFGRTR_EL2 register but this would not solve the case where a > >> process is being migrated during a copy or if it cached the value of the > >> register. > >> > >> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx> > >> --- > >> Change in v3: none > >> Change in v2: Patch introduced in v2 > >> --- > >> xen/arch/arm/arm64/cpufeature.c | 14 +++++++++++--- > >> xen/arch/arm/cpufeature.c | 2 ++ > >> xen/include/asm-arm/cpufeature.h | 8 ++++++++ > >> 3 files changed, 21 insertions(+), 3 deletions(-) > >> > >> diff --git a/xen/arch/arm/arm64/cpufeature.c > >> b/xen/arch/arm/arm64/cpufeature.c > >> index 61f629ebaa..b1936ef1d6 100644 > >> --- a/xen/arch/arm/arm64/cpufeature.c > >> +++ b/xen/arch/arm/arm64/cpufeature.c > >> @@ -329,14 +329,11 @@ static const struct arm64_ftr_bits ftr_mvfr2[] = { > >> ARM64_FTR_END, > >> }; > >> > >> -#if 0 > >> -/* TODO: handle this when sanitizing cache related registers */ > >> static const struct arm64_ftr_bits ftr_dczid[] = { > >> ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, DCZID_DZP_SHIFT, 1, > >> 1), > >> ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, DCZID_BS_SHIFT, > >> 4, 0), > >> ARM64_FTR_END, > >> }; > >> -#endif > >> > >> static const struct arm64_ftr_bits ftr_id_isar0[] = { > >> ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, > >> ID_ISAR0_DIVIDE_SHIFT, 4, 0), > >> @@ -592,6 +589,17 @@ void update_system_features(const struct cpuinfo_arm > >> *new) > >> > >> SANITIZE_ID_REG(zfr64, 0, aa64zfr0); > >> > >> + /* > >> + * Comment from Linux: > > > > I don't know if I would keep or remove "Comment from Linux" > > I added that because the comment itself does not really apply to Xen. > I could have rephrased the comment/ > Anyway I have no objection to remove that statement. > > Do I need to send a v2 for that ? No you don't need to resend just for that or the typos. However if you are going to resend, then an update would be nice :-)

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.