Hi Stefano,
On 12/06/18 00:14, Stefano Stabellini wrote:
On Tue, 5 Jun 2018, Julien Grall wrote:
As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery
mechanism for detecting the SSBD mitigation.
A new capability is also allocated for that purpose, and a config
option.
This is part of XSA-263.
Signed-off-by: Julien Grall <julien.gr...@arm.com>
---
Changes in v2:
- Add the switch in this patch rather than the next one.
- s/supported/required/
---
xen/arch/arm/Kconfig | 10 +++++++
xen/arch/arm/cpuerrata.c | 57 ++++++++++++++++++++++++++++++++++++++++
xen/include/asm-arm/cpuerrata.h | 21 +++++++++++++++
xen/include/asm-arm/cpufeature.h | 3 ++-
xen/include/asm-arm/smccc.h | 7 +++++
5 files changed, 97 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 8174c0c635..0e2d027060 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -73,6 +73,16 @@ config SBSA_VUART_CONSOLE
Allows a guest to use SBSA Generic UART as a console. The
SBSA Generic UART implements a subset of ARM PL011 UART.
+config ARM_SSBD
+ bool "Speculative Store Bypass Disable" if EXPERT = "y"
+ depends on HAS_ALTERNATIVE
+ default y
+ help
+ This enables mitigation of bypassing of previous stores by speculative
+ loads.
+
+ If unsure, say Y.
+
endmenu
menu "ARM errata workaround via the alternative framework"
diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 1baa20654b..aa86c7c0fe 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -235,6 +235,57 @@ static int enable_ic_inv_hardening(void *data)
#endif
+#ifdef CONFIG_ARM_SSBD
+
+/*
+ * Assembly code may use the variable directly, so we need to make sure
+ * it fits in a register.
+ */
+DEFINE_PER_CPU_READ_MOSTLY(register_t, ssbd_callback_required);
+
+static bool has_ssbd_mitigation(const struct arm_cpu_capabilities *entry)
+{
+ struct arm_smccc_res res;
+ bool required;
+
+ if ( smccc_ver < SMCCC_VERSION(1, 1) )
+ return false;
+
+ /*
+ * The probe function return value is either negative (unsupported
+ * or mitigated), positive (unaffected), or zero (requires
+ * mitigation). We only need to do anything in the last case.
+ */
+ arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
+ ARM_SMCCC_ARCH_WORKAROUND_2_FID, &res);
+ switch ( (int)res.a0 )
+ {
+ case ARM_SMCCC_NOT_SUPPORTED:
+ return false;
+
+ case ARM_SMCCC_NOT_REQUIRED:
+ return false;
+
+ case ARM_SMCCC_SUCCESS:
+ required = true;
+ break;
+
+ case 1: /* Mitigation not required on this CPU. */
+ required = true;
+ break;
Why is this required = true when the comment say otherwise, and we
change it to false in the next patch?
It was just a problem on the rebase after you asked to reshuffle the code.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel