Hi Lokesh, On 7/16/18 11:48 AM, 'Lokesh Vutla' via Jailhouse wrote: > This series adds initial support for the new SMCCC 1.1 and PSCI v1.1 > that is support by ARM Trusted Firmware. For now the > SMCCC_ARCH_WORKAROUND_1 and SMCCC_ARCH_WORKAROUND_2 and reported as > not implemented. Once the mitigations are properly applied the actual > status can be reported.
I'm currently trying to get a better understating for SMCCC_ARCH_WORKAROUND_* and checked the code path of Jailhouse. On SMCCC feature discovery, Jailhouse will report that there are no features available. That's correct, because we don't handle those calls atm. So everything is safe for non-root cells. But... If the root cell discovered during its initial boot (w/o Jailhouse) that those features are available on the platform, it will take the WORKAROUND_* path from then on for branch prediction hardening (if vulnerable). AFAICT, there's no feature rediscovery after we enable Jailhouse on Linux side, so the Root cell will still think that those features are available and keep on calling SMCCC_ARCH_WORKAROUND_* (right?). As the specification [1] says that those SMCCC_ARCH_WORKAROUNDs have no return code, the root cell won't even notice that those calls have silently failed. In fact, we return ARM_SMCCC_NOT_SUPPORTED, while the spec says "no return value". This is just a wild guess, unfortunately I don't have a platform where I can test this behavior, maybe you can shed some light on this. Thanks Ralf [1] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/firmware-interfaces-for-mitigating-cache-speculation-vulnerabilities > > This series will allow to use jailhouse with Latest kernel and ATF. > > Changes since RFC: > - Updated Copyright statements. > - Fixed SMCCC 1.1 version value > - Fixed comments from Jan. > > Lokesh Vutla (3): > arm-common: Rework handling of SMC > arm-common: Add support for PSCI 1.1 > arm-common: Add support for SMCCC 1.1 > > hypervisor/arch/arm-common/Kbuild | 2 +- > hypervisor/arch/arm-common/include/asm/psci.h | 6 +- > hypervisor/arch/arm-common/include/asm/sip.h | 15 ----- > .../arch/arm-common/include/asm/smccc.h | 34 +++++++++++ > hypervisor/arch/arm-common/psci.c | 29 +++++++++- > hypervisor/arch/arm-common/smccc.c | 57 +++++++++++++++++++ > hypervisor/arch/arm/traps.c | 12 ++-- > hypervisor/arch/arm64/traps.c | 20 +------ > 8 files changed, 130 insertions(+), 45 deletions(-) > delete mode 100644 hypervisor/arch/arm-common/include/asm/sip.h > create mode 100644 hypervisor/arch/arm-common/include/asm/smccc.h > create mode 100644 hypervisor/arch/arm-common/smccc.c > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
