Xen project Mailing List

Re: [Xen-devel] [PATCH RFC for-4.13 04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest

To: Julien Grall <julien.grall@xxxxxxx>

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Fri, 27 Sep 2019 11:56:21 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QnmANQSy8BM2aSSQHwa6/MFzJngV4gNSOeZUJjIVSOo=; b=fLsBAwisiPi5vAo502INSdmIvY54yccrB9NW2ZSQV2vKn/+dL2Vd4kKhWru6/GUINZrLAPc5cq1r8ngK6TQB85at82sLO4JKcjGO4cTJP3TowMDjBKXE4NK9kSdR6jqf6DyDqj4ZVpgQlNf3MpcbQygqmHaPBKWfFJjDjIdWvkVZLBRRuM5l0A0Hc/obl2hfQ/aUB8JafbgSgWRuvBWRQWnQtpYUB2n6Tr016OIN13kB/18HRenK2Pk648pncJCtAMGTsNuifezGwWeJwPYuLCuL4TAYe2WQtyzcqT4JRZ5QOyOrOcKrQ+xiSuz1huU9T/uOKsRR42wAQE7DmGjaqg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QdOWwx5XxxYzqyAmqKxvulDzT9xr6F3R4cWnIG5lBt+zjYUqdrsh1VWsz5s7/AVYzs6cOu3vGZpWJmLA/G2NM9q1AyxQWE5yAthUbyqZgpz4zgkXCqFEbQHjsjMAynB1GbmQS9/eyQIGdCLKtuF4YXcKMn2JTYsac1S30ZBhoxU3/CliYllSEMeDtFB4BuS//5/T5UtjZqCGU/wkgwfPD+UNuAQQoJETY2xZoL++GX9isR7Sq/9OkGjZoWAOX3N6XU97z4fW/0PFGuSkmewF4JVUhjYeqg0Q2emJVINztdlHiH85wBDMERxxXClnJlCsa3jBS4VVxXz33+ZjIhNrfg==

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrii Anisov <Andrii_Anisov@xxxxxxxx>, "andrii.anisov@xxxxxxxxx" <andrii.anisov@xxxxxxxxx>

Delivery-date: Fri, 27 Sep 2019 11:56:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHVdJmSz7FwOb+ZL0aIExPYLyfVU6c/a/SA

Thread-topic: [PATCH RFC for-4.13 04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest

Julien, Julien Grall writes: > At the moment, SSBD workaround is re-enabled for Xen after interrupts > are unmasked. This means we may end up to execute some part of the > hypervisor if an interrupt is received before the workaround is > re-enabled. > > As the rest of enter_hypervisor_from_guest() does not require to have > interrupts masked, the function is now split in two parts: > 1) enter_hypervisor_from_guest_noirq() called with interrupts > masked. I'm okay with this approach, but I don't like name for enter_hypervisor_from_guest_noirq(). Right now it is doing exactly one thing - mitigates SSBD. So, maybe more appropriate name will be something like "mitigate_ssbd()" ? > 2) enter_hypervisor_from_guest() called with interrupts unmasked. > > Note that while enter_hypervisor_from_guest_noirq() does not use the > on-stack context registers, it is still passed as parameter to match the > rest of the C functions called from the entry path. As I pointed in the previous email, enter_hypervisor_from_guest() does not use on-stack registers as well. > Fixes: a7898e4c59 ("xen/arm: Add ARCH_WORKAROUND_2 support for guests") > Reported-by: Andrii Anisov <andrii_anisov@xxxxxxxx> > Signed-off-by: Julien Grall <julien.grall@xxxxxxx> > > --- > > Note the Arm32 code has not been changed yet. I am also open on turn > both enter_hypervisor_from_guest_noirq() and enter_hypervisor_from() > to functions not taking any parameters. That would be appropriate in my opinion. > --- > xen/arch/arm/arm64/entry.S | 2 ++ > xen/arch/arm/traps.c | 16 +++++++++++++--- > 2 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S > index 9eafae516b..458d12f188 100644 > --- a/xen/arch/arm/arm64/entry.S > +++ b/xen/arch/arm/arm64/entry.S > @@ -173,6 +173,8 @@ > ALTERNATIVE("bl check_pending_vserror; cbnz x0, 1f", > "nop; nop", > SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT) > + mov x0, sp > + bl enter_hypervisor_from_guest_noirq > msr daifclr, \iflags > mov x0, sp > bl enter_hypervisor_from_guest > diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c > index 20ba34ec91..5848dd8399 100644 > --- a/xen/arch/arm/traps.c > +++ b/xen/arch/arm/traps.c > @@ -2007,16 +2007,26 @@ static inline bool needs_ssbd_flip(struct vcpu *v) > } > > /* > - * Actions that needs to be done after exiting the guest and before any > - * request from it is handled. > + * Actions that needs to be done after exiting the guest and before the > + * interrupts are unmasked. > */ > -void enter_hypervisor_from_guest(struct cpu_user_regs *regs) > +void enter_hypervisor_from_guest_noirq(struct cpu_user_regs *regs) > { > struct vcpu *v = current; > > /* If the guest has disabled the workaround, bring it back on. */ > if ( needs_ssbd_flip(v) ) > arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 1, NULL); > +} > + > +/* > + * Actions that needs to be done after exiting the guest and before any > + * request from it is handled. Depending on the exception trap, this may > + * be called with interrupts unmasked. > + */ > +void enter_hypervisor_from_guest(struct cpu_user_regs *regs) > +{ > + struct vcpu *v = current; > > /* > * If we pended a virtual abort, preserve it until it gets cleared. -- Volodymyr Babchuk at EPAM _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.