[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 2/4] xen: arm: make VMAP only support in MMU system

To: Ayan Kumar Halder <ayankuma@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, sstabellini@xxxxxxxxxx, bertrand.marquis@xxxxxxx, michal.orzel@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Mon, 5 Aug 2024 22:36:05 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Penny Zheng <penny.zheng@xxxxxxx>, Wei Chen <wei.chen@xxxxxxx>
Delivery-date: Mon, 05 Aug 2024 21:36:15 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Ayan,

On 05/08/2024 11:44, Ayan Kumar Halder wrote:

On 02/08/2024 14:27, Julien Grall wrote:
Hi,
Hi Julien,
On 02/08/2024 13:14, Ayan Kumar Halder wrote:
From: Penny Zheng <penny.zheng@xxxxxxx>

VMAP is widely used in ALTERNATIVE feature, CPUERRATA feature, etc to
remap a range of memory with new memory attributes. Since this is
highly dependent on virtual address translation, we choose to fold VMAP
in MMU system.

In this patch, we introduce a new Kconfig CONFIG_HAS_VMAP, and make it
only support in MMU system on ARM architecture. And we make features
like ALTERNATIVE, CPUERRATA, etc, now depend on VMAP.
While I agree that alternative should depend on VMAP (for now), I feelthis is incorrect for CPUERRATA. Very likely, you will need to dealwith them on the MPU.
Before making any suggestion, would you be able to clarify how youenvision to deal with errata? Will they be selected at built time orboot time?
TBH, I hadn't thought that through. I am thinking about selecting themat built time (like it is been done for Arm64 cpus).

To clarify, on arm64, the decision to enable the bulk of mitigation isdone at runtime. The Kconfig is just to remove it from the binary if youyou are not targeting such HW. With that in mind...

However given that there are lesser number of MPU cpus (only R52 andR82) compared to MMU ones, could there be a simpler approach.

... do you mean always an errata enabled in the Kconfig would be alwaysmitigate (IOW no runtime selection)?

I am open to any suggestions you have.
Also, can we disable the CPUERRATA on MPU until we add support for thefirst errata ?

So I have looked at the code and it is rather unclear why you actuallyneed to disable CPU Errata. Can you clarify what would happen ifcpuerrata is always built *and* CONFIG_ARM64_HARDEN_BRANCH_PREDICATOR isgated by HAS_VMAP? I am assuming we will not need the branch predictorhardening on Cortex-R (at least this is the implication from [1]).

Now regarding alternative, at least for arm64 this is used outside ofthe errata. Not critical right now, but at some point you will want tore-enable alternatives.


Cheers,

[1]https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability



--
Julien Grall

References:
- [PATCH v1 0/4] xen: arm: Split MMU code in preparation for MPU work (part 2)
  - From: Ayan Kumar Halder
- [PATCH v1 2/4] xen: arm: make VMAP only support in MMU system
  - From: Ayan Kumar Halder
- Re: [PATCH v1 2/4] xen: arm: make VMAP only support in MMU system
  - From: Julien Grall
- Re: [PATCH v1 2/4] xen: arm: make VMAP only support in MMU system
  - From: Ayan Kumar Halder

Prev by Date: [xen-unstable-smoke test] 187160: tolerable all pass - PUSHED
Next by Date: [ovmf test] 187162: all pass - PUSHED
Previous by thread: Re: [PATCH v1 2/4] xen: arm: make VMAP only support in MMU system
Next by thread: [PATCH v1 3/4] xen: arm: Move the functions of domain_page to MMU specific
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.