[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 2/4] xen: make VMAP only support in MMU system


  • To: <sstabellini@xxxxxxxxxx>, <bertrand.marquis@xxxxxxx>, <michal.orzel@xxxxxxx>, <ayan.kumar.halder@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <julien@xxxxxxx>, <jbeulich@xxxxxxxx>
  • From: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
  • Date: Tue, 13 Aug 2024 18:13:54 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5t/nB18k33JmikWIsTZUH9Fi3nu8O21bDaKGSgVj5HY=; b=W9u3LWuc1P2cqNLvApvRgU87/HsFAJOvNkl8a6zCAciISLZYkvWC+mr8gLDRAGXPEM/UEFnf3QD5jnjdxDAZpvl/vXQ4BIG6C8ELIZ/oKTS5rPcIrxoCFxuFTGDcxoyI54TI6ULGsybviILfEF+1X1tZUP688sSBsU68UxSh4XyBgxaSQg9yGbRECovabm1VasAdVliweORSEbb3wBRg4pNgr+tVC7gS91JSiCV/Boyqcy2JV9PNhxqselKnJ+PG5mHmNlID0oRNMejLsQJcOIdDvKzV8xaMTyDHsA3zwROC/RSxNwYFkcBxz6jnNfqq8wayNTKt2J0gO9KESxZVeg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YCAyRdf3T9u/L9pQSSavjL4LC8u0F1E/Lt57eyCzxN09hL6ssS0Ls8kH9SCB3ruwyAifSJpIsN8bJw+OlhWQn8UZDM/iSw8qVCBV49FUoKyw+uxl0pxzeYy6LW4yLjc1PkAdIUU3LR+nkXYMeCpYhQ0EI3bDTr0akgH9EdSfckGo+V1+ayoQbGkVpQBKz4sD2cVtXJRF+eKigC1CLD7KQiO4OZyHAIv1YwOj1p8MB237oLcT0cIOAhsuHYDScUTVO/7ZutkOAnDTc/Xvni/NBJg3t+1VrgcgbWu3eDM3RiuQGq5H98Mr+XWH7kMFOtrHUquQd2rEmoas4Aof1g6NXQ==
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Penny Zheng <penny.zheng@xxxxxxx>, "Wei Chen" <wei.chen@xxxxxxx>
  • Delivery-date: Tue, 13 Aug 2024 17:14:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Penny Zheng <penny.zheng@xxxxxxx>

Introduced CONFIG_VMAP which is selected by the architectures that use
MMU. vm_init() does not do anything if CONFIG_VMAP is not enabled.

VMAP is widely used in ALTERNATIVE feature to remap a range of memory
with new memory attributes. Since this is highly dependent on virtual
address translation, we choose to fold VMAP in MMU system.

In this patch, we introduce a new Kconfig CONFIG_HAS_VMAP, and make it
only support in MMU system on ARM architecture. And ALTERNATIVE now
depends on VMAP.

HARDEN_BRANCH_PREDICTOR is now gated on HAS_VMAP as speculative
attacks are not possible on non MMU based systems (ie Cortex-R52, R82).
See 
https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability.

Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx>
Signed-off-by: Wei Chen <wei.chen@xxxxxxx>
Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
---
Changes from :-

v1 - 1. HARDEN_BRANCH_PREDICTOR is now gated on HAS_VMAP.
2. cpuerrata.c is not gated on HAS_VMAP.

v2 - 1. Introduced CONFIG_VMAP in common/Kconfig.
2. Architectures using MMU select this config.
3. vm_init() now uses CONFIG_VMAP.

 xen/arch/arm/Kconfig   | 4 +++-
 xen/arch/arm/setup.c   | 2 ++
 xen/arch/x86/Kconfig   | 2 ++
 xen/common/Kconfig     | 3 +++
 xen/include/xen/vmap.h | 2 ++
 5 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 21d03d9f44..e30a7da186 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -12,7 +12,7 @@ config ARM_64
 config ARM
        def_bool y
        select FUNCTION_ALIGNMENT_4B
-       select HAS_ALTERNATIVE
+       select HAS_ALTERNATIVE if HAS_VMAP
        select HAS_DEVICE_TREE
        select HAS_PASSTHROUGH
        select HAS_UBSAN
@@ -61,6 +61,7 @@ config PADDR_BITS
 config MMU
        def_bool y
        select HAS_PMAP
+       select HAS_VMAP
 
 source "arch/Kconfig"
 
@@ -171,6 +172,7 @@ config ARM_SSBD
 
 config HARDEN_BRANCH_PREDICTOR
        bool "Harden the branch predictor against aliasing attacks" if EXPERT
+       depends on HAS_VMAP
        default y
        help
          Speculation attacks against some high-performance processors rely on
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index cb2c0a16b8..7f686d2cca 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -447,7 +447,9 @@ void asmlinkage __init start_xen(unsigned long 
boot_phys_offset,
      * It needs to be called after do_initcalls to be able to use
      * stop_machine (tasklets initialized via an initcall).
      */
+#ifdef CONFIG_HAS_ALTERNATIVE
     apply_alternatives_all();
+#endif
     enable_errata_workarounds();
     enable_cpu_features();
 
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 7ef5c8bc48..32be057978 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -1,6 +1,7 @@
 config X86_64
        def_bool y
        select 64BIT
+       select HAS_VMAP
 
 config X86
        def_bool y
@@ -31,6 +32,7 @@ config X86
        select HAS_UBSAN
        select HAS_VPCI if HVM
        select NEEDS_LIBELF
+       select HAS_VMAP
 
 config ARCH_DEFCONFIG
        string
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 565ceda741..188918ec5c 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -77,6 +77,9 @@ config HAS_PIRQ
 config HAS_PMAP
        bool
 
+config HAS_VMAP
+       bool
+
 config HAS_SCHED_GRANULARITY
        bool
 
diff --git a/xen/include/xen/vmap.h b/xen/include/xen/vmap.h
index fdae37e950..c1dd7ac22f 100644
--- a/xen/include/xen/vmap.h
+++ b/xen/include/xen/vmap.h
@@ -141,7 +141,9 @@ void *arch_vmap_virt_end(void);
 /* Initialises the VMAP_DEFAULT virtual range */
 static inline void vm_init(void)
 {
+#ifdef CONFIG_HAS_VMAP
     vm_init_type(VMAP_DEFAULT, (void *)VMAP_VIRT_START, arch_vmap_virt_end());
+#endif
 }
 
 #endif /* __XEN_VMAP_H__ */
-- 
2.25.1




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.