From: James Morse <james.morse@arm.com>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: James Morse <james.morse@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>
Subject: [stable:PATCH v4.9.309 39/43] KVM: arm64: Add templates for BHB mitigation sequences
Date: Wed, 6 Apr 2022 17:45:42 +0100 [thread overview]
Message-ID: <20220406164546.1888528-39-james.morse@arm.com> (raw)
In-Reply-To: <20220406164546.1888528-1-james.morse@arm.com>
KVM writes the Spectre-v2 mitigation template at the beginning of each
vector when a CPU requires a specific sequence to run.
Because the template is copied, it can not be modified by the alternatives
at runtime. As the KVM template code is intertwined with the bp-hardening
callbacks, all templates must have a bp-hardening callback.
Add templates for calling ARCH_WORKAROUND_3 and one for each value of K
in the brancy-loop. Identify these sequences by a new parameter
template_start, and add a copy of install_bp_hardening_cb() that is able to
install them.
Signed-off-by: James Morse <james.morse@arm.com>
---
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/kvm_mmu.h | 2 +-
arch/arm64/include/asm/mmu.h | 6 +++
arch/arm64/kernel/bpi.S | 50 ++++++++++++++++++++++
arch/arm64/kernel/cpu_errata.c | 71 +++++++++++++++++++++++++++++++-
5 files changed, 128 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index d4a46764c1ad..9935e55a3cc7 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -39,7 +39,8 @@
#define ARM64_SSBD 18
#define ARM64_MISMATCHED_CACHE_TYPE 19
#define ARM64_WORKAROUND_1188873 20
+#define ARM64_SPECTRE_BHB 21
-#define ARM64_NCAPS 21
+#define ARM64_NCAPS 22
#endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index ff721659eb94..4a2c95854856 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -362,7 +362,7 @@ static inline void *kvm_get_hyp_vector(void)
struct bp_hardening_data *data = arm64_get_bp_hardening_data();
void *vect = kvm_ksym_ref(__kvm_hyp_vector);
- if (data->fn) {
+ if (data->template_start) {
vect = __bp_harden_hyp_vecs_start +
data->hyp_vectors_slot * SZ_2K;
diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
index 5eff1c49270d..f4377b005cba 100644
--- a/arch/arm64/include/asm/mmu.h
+++ b/arch/arm64/include/asm/mmu.h
@@ -45,6 +45,12 @@ typedef void (*bp_hardening_cb_t)(void);
struct bp_hardening_data {
int hyp_vectors_slot;
bp_hardening_cb_t fn;
+
+ /*
+ * template_start is only used by the BHB mitigation to identify the
+ * hyp_vectors_slot sequence.
+ */
+ const char *template_start;
};
#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
diff --git a/arch/arm64/kernel/bpi.S b/arch/arm64/kernel/bpi.S
index dc4eb154e33b..313f2b59eef9 100644
--- a/arch/arm64/kernel/bpi.S
+++ b/arch/arm64/kernel/bpi.S
@@ -73,3 +73,53 @@ ENTRY(__smccc_workaround_1_smc_end)
ENTRY(__smccc_workaround_1_hvc_start)
smccc_workaround_1 hvc
ENTRY(__smccc_workaround_1_hvc_end)
+
+ENTRY(__smccc_workaround_3_smc_start)
+ sub sp, sp, #(8 * 4)
+ stp x2, x3, [sp, #(8 * 0)]
+ stp x0, x1, [sp, #(8 * 2)]
+ mov w0, #ARM_SMCCC_ARCH_WORKAROUND_3
+ smc #0
+ ldp x2, x3, [sp, #(8 * 0)]
+ ldp x0, x1, [sp, #(8 * 2)]
+ add sp, sp, #(8 * 4)
+ENTRY(__smccc_workaround_3_smc_end)
+
+ENTRY(__spectre_bhb_loop_k8_start)
+ sub sp, sp, #(8 * 2)
+ stp x0, x1, [sp, #(8 * 0)]
+ mov x0, #8
+2: b . + 4
+ subs x0, x0, #1
+ b.ne 2b
+ dsb nsh
+ isb
+ ldp x0, x1, [sp, #(8 * 0)]
+ add sp, sp, #(8 * 2)
+ENTRY(__spectre_bhb_loop_k8_end)
+
+ENTRY(__spectre_bhb_loop_k24_start)
+ sub sp, sp, #(8 * 2)
+ stp x0, x1, [sp, #(8 * 0)]
+ mov x0, #24
+2: b . + 4
+ subs x0, x0, #1
+ b.ne 2b
+ dsb nsh
+ isb
+ ldp x0, x1, [sp, #(8 * 0)]
+ add sp, sp, #(8 * 2)
+ENTRY(__spectre_bhb_loop_k24_end)
+
+ENTRY(__spectre_bhb_loop_k32_start)
+ sub sp, sp, #(8 * 2)
+ stp x0, x1, [sp, #(8 * 0)]
+ mov x0, #32
+2: b . + 4
+ subs x0, x0, #1
+ b.ne 2b
+ dsb nsh
+ isb
+ ldp x0, x1, [sp, #(8 * 0)]
+ add sp, sp, #(8 * 2)
+ENTRY(__spectre_bhb_loop_k32_end)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 0d08249cbdab..acccc685b670 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -74,6 +74,14 @@ extern char __smccc_workaround_1_smc_start[];
extern char __smccc_workaround_1_smc_end[];
extern char __smccc_workaround_1_hvc_start[];
extern char __smccc_workaround_1_hvc_end[];
+extern char __smccc_workaround_3_smc_start[];
+extern char __smccc_workaround_3_smc_end[];
+extern char __spectre_bhb_loop_k8_start[];
+extern char __spectre_bhb_loop_k8_end[];
+extern char __spectre_bhb_loop_k24_start[];
+extern char __spectre_bhb_loop_k24_end[];
+extern char __spectre_bhb_loop_k32_start[];
+extern char __spectre_bhb_loop_k32_end[];
static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
const char *hyp_vecs_end)
@@ -87,12 +95,14 @@ static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K);
}
+static DEFINE_SPINLOCK(bp_lock);
+static int last_slot = -1;
+
static void __install_bp_hardening_cb(bp_hardening_cb_t fn,
const char *hyp_vecs_start,
const char *hyp_vecs_end)
{
- static int last_slot = -1;
- static DEFINE_SPINLOCK(bp_lock);
+
int cpu, slot = -1;
spin_lock(&bp_lock);
@@ -113,6 +123,7 @@ static void __install_bp_hardening_cb(bp_hardening_cb_t fn,
__this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot);
__this_cpu_write(bp_hardening_data.fn, fn);
+ __this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start);
spin_unlock(&bp_lock);
}
#else
@@ -544,3 +555,59 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
{
}
};
+
+#ifdef CONFIG_KVM
+static const char *kvm_bhb_get_vecs_end(const char *start)
+{
+ if (start == __smccc_workaround_3_smc_start)
+ return __smccc_workaround_3_smc_end;
+ else if (start == __spectre_bhb_loop_k8_start)
+ return __spectre_bhb_loop_k8_end;
+ else if (start == __spectre_bhb_loop_k24_start)
+ return __spectre_bhb_loop_k24_end;
+ else if (start == __spectre_bhb_loop_k32_start)
+ return __spectre_bhb_loop_k32_end;
+
+ return NULL;
+}
+
+void kvm_setup_bhb_slot(const char *hyp_vecs_start)
+{
+ int cpu, slot = -1;
+ const char *hyp_vecs_end;
+
+ if (!IS_ENABLED(CONFIG_KVM) || !is_hyp_mode_available())
+ return;
+
+ hyp_vecs_end = kvm_bhb_get_vecs_end(hyp_vecs_start);
+ if (WARN_ON_ONCE(!hyp_vecs_start || !hyp_vecs_end))
+ return;
+
+ spin_lock(&bp_lock);
+ for_each_possible_cpu(cpu) {
+ if (per_cpu(bp_hardening_data.template_start, cpu) == hyp_vecs_start) {
+ slot = per_cpu(bp_hardening_data.hyp_vectors_slot, cpu);
+ break;
+ }
+ }
+
+ if (slot == -1) {
+ last_slot++;
+ BUG_ON(((__bp_harden_hyp_vecs_end - __bp_harden_hyp_vecs_start)
+ / SZ_2K) <= last_slot);
+ slot = last_slot;
+ __copy_hyp_vect_bpi(slot, hyp_vecs_start, hyp_vecs_end);
+ }
+
+ __this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot);
+ __this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start);
+ spin_unlock(&bp_lock);
+}
+#else
+#define __smccc_workaround_3_smc_start NULL
+#define __spectre_bhb_loop_k8_start NULL
+#define __spectre_bhb_loop_k24_start NULL
+#define __spectre_bhb_loop_k32_start NULL
+
+void kvm_setup_bhb_slot(const char *hyp_vecs_start) { };
+#endif
--
2.30.2
next prev parent reply other threads:[~2022-04-06 18:09 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0220406164217.1888053-1-james.morse@arm.com>
2022-04-06 16:45 ` [stable:PATCH v4.9.309 01/43] arm64: errata: Provide macro for major and minor cpu revisions James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 02/43] arm64: Remove useless UAO IPI and describe how this gets enabled James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 03/43] arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35 James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 04/43] arm64: capabilities: Update prototype for enable call back James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 05/43] arm64: capabilities: Move errata work around check on boot CPU James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 06/43] arm64: capabilities: Move errata processing code James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 07/43] arm64: capabilities: Prepare for fine grained capabilities James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 08/43] arm64: capabilities: Add flags to handle the conflicts on late CPU James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 09/43] arm64: capabilities: Clean up midr range helpers James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 10/43] arm64: Add helpers for checking CPU MIDR against a range James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 11/43] arm64: capabilities: Add support for checks based on a list of MIDRs James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 12/43] clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 13/43] clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 14/43] arm64: arch_timer: Add infrastructure for multiple erratum detection methods James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 15/43] arm64: arch_timer: Add erratum handler for CPU-specific capability James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 16/43] arm64: arch_timer: Add workaround for ARM erratum 1188873 James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 17/43] arm64: arch_timer: avoid unused function warning James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 18/43] arm64: Add silicon-errata.txt entry for ARM erratum 1188873 James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 19/43] arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 20/43] arm64: Add part number for Neoverse N1 James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 21/43] arm64: Add part number for Arm Cortex-A77 James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 22/43] arm64: Add Neoverse-N2, Cortex-A710 CPU part definition James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 23/43] arm64: Add Cortex-X2 " James Morse
2022-04-06 18:22 ` Patch "arm64: Add Cortex-X2 CPU part definition" has been added to the 4.9-stable tree gregkh
2022-04-06 16:45 ` [stable:PATCH v4.9.309 24/43] arm64: Add helper to decode register from instruction James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 25/43] arm64: entry.S: Add ventry overflow sanity checks James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 26/43] arm64: entry: Make the trampoline cleanup optional James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 27/43] arm64: entry: Free up another register on kpti's tramp_exit path James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 28/43] arm64: entry: Move the trampoline data page before the text page James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 29/43] arm64: entry: Allow tramp_alias to access symbols after the 4K boundary James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 30/43] arm64: entry: Don't assume tramp_vectors is the start of the vectors James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 31/43] arm64: entry: Move trampoline macros out of ifdef'd section James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 32/43] arm64: entry: Make the kpti trampoline's kpti sequence optional James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 33/43] arm64: entry: Allow the trampoline text to occupy multiple pages James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 34/43] arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 35/43] arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 36/43] arm64: entry: Add vectors that have the bhb mitigation sequences James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 37/43] arm64: entry: Add macro for reading symbol addresses from the trampoline James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 38/43] arm64: Add percpu vectors for EL1 James Morse
2022-04-06 16:45 ` James Morse [this message]
2022-04-06 16:45 ` [stable:PATCH v4.9.309 40/43] arm64: Mitigate spectre style branch history side channels James Morse
2022-04-08 16:56 ` James Morse
2022-04-12 5:48 ` Greg KH
2022-04-06 16:45 ` [stable:PATCH v4.9.309 41/43] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 42/43] arm64: add ID_AA64ISAR2_EL1 sys register James Morse
2022-04-06 16:45 ` [stable:PATCH v4.9.309 43/43] arm64: Use the clearbhb instruction in mitigations James Morse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220406164546.1888528-39-james.morse@arm.com \
--to=james.morse@arm.com \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.