From: Stefano Stabellini <sstabellini@kernel.org>
To: Julien Grall <julien.grall@linaro.org>
Cc: Lars Kurth <lars.kurth.xen@gmail.com>,
Stefano Stabellini <sstabellini@kernel.org>,
"security@xenproject.org" <security@xenproject.org>,
Andre Przywara <andre.przywara@linaro.org>,
xen-devel <xen-devel@lists.xen.org>
Subject: Re: XSA-254 SP2 for ARM (was Re: [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU)
Date: Thu, 25 Jan 2018 09:23:36 -0800 (PST) [thread overview]
Message-ID: <alpine.DEB.2.10.1801250922350.11958@sstabellini-ThinkPad-X260> (raw)
In-Reply-To: <38c67391-50e2-44c5-a4ae-f43e68993879@linaro.org>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 6177 bytes --]
On Thu, 25 Jan 2018, Julien Grall wrote:
> Hi,
>
> On 24/01/18 22:43, Stefano Stabellini wrote:
> > On Wed, 24 Jan 2018, Julien Grall wrote:
> > > Hi Stefano,
> > >
> > > On 24 January 2018 at 22:14, Stefano Stabellini <sstabellini@kernel.org>
> > > wrote:
> > > > On Thu, 18 Jan 2018, Julien Grall wrote:
> > > > > (+ Security team)
> > > > >
> > > > > Hi Stefano,
> > > > >
> > > > > On 17/01/18 21:47, Stefano Stabellini wrote:
> > > > > > On Wed, 17 Jan 2018, Stefano Stabellini wrote:
> > > > > > > On Wed, 17 Jan 2018, Lars Kurth wrote:
> > > > > > > > Regarding README.source, this is covering file and
> > > > > > > > contain the
> > > > > > > > same mention as in the commit message. As this is a single
> > > > > > > > function.
> > > > > > > > Isn't the commit message
> > > > > > > > enough?
> > > > > > > >
> > > > > > > >
> > > > > > > > From a legal viewpoint it is enough.
> > > > > > >
> > > > > > > If that is enough from a legal viewpoint, then it is enough for
> > > > > > > me.
> > > > > > >
> > > > > > > However, from a legal viewpoint, I thought we needed to explicitly
> > > > > > > mention all the original signed-off-bys because Julien is not
> > > > > > > actually
> > > > > > > the copyright holder for that function, hence, we need to add the
> > > > > > > signed-off-bys of all the missing copyright holders.
> > > > > >
> > > > > > Actually, reading again the Developer’s Certificate of Origin, it
> > > > > > states:
> > > > > >
> > > > > > "The contribution is based upon previous work that, to the best of
> > > > > > my
> > > > > > knowledge, is covered under an appropriate open source license and I
> > > > > > have
> > > > > > the right under that license to submit that work with modifications,
> > > > > > whether
> > > > > > created in whole or in part by me, under the same open source
> > > > > > license
> > > > > > (unless I am permitted to submit under a different license), as
> > > > > > indicated in
> > > > > > the file"
> > > > > >
> > > > > > so I think Lars is right. In that case, there is no need to resubmit
> > > > > > this series, I'll commit to staging as is. If tests go well, I'll
> > > > > > backport it to the stable trees.
> > > > > Thank you! I have created branches with patches backported up to Xen
> > > > > 4.8. With
> > > > > minor changes:
> > > > >
> > > > > - Xen 4.10: No changes
> > > > > - Xen 4.9:
> > > > > * minor conflict in some files
> > > > > * compilation failure in cpuerrata.c (__virt_to_mfn does not
> > > > > exist)
> > > > > - Xen 4.8:
> > > > > * conflict in some files (one medium as the number of
> > > > > "features" is
> > > > > different)
> > > > > * compilation failure in cpuerrata.c (__virt_to_mfn does not
> > > > > exist)
> > > > >
> > > > > The branches can be found on xenbits [1] : xsa-254-sp2-X.XX where X.XX
> > > > > is the
> > > > > version of Xen.
> > > > >
> > > > > Xen 4.7 and earlier does not have cpufeature/cpuerrata infrastructure
> > > > > and will
> > > > > require backport. The only difficulty here should be finding the list
> > > > > of
> > > > > commits required.
> > > > >
> > > > > Also, we probably want to update the XSA pointing to the patches. So
> > > > > if
> > > > > someone wants to backport to Xen 4.7 (or earlier) they can. Any
> > > > > opinions?
> > > >
> > > > These are the commits for the XSA 254 mitigation for the arm64
> > > > architecture:
> > > >
> > > > staging-4.10
> > > > b829d42829c1ff626a02756acae4dd482fc20c9a
> > > > 0f7a4faafb2d79920cc63457cfca3e03990af4cc
> > > > d1f4283a1d8405a480b4121e1efcfaec8bbdbffa
> > > > cae6e1572f39a1906be0fc3bdaf49fe514c6a9c0
> > > > 928112900e5b4a92ccebb2eea11665fd76aa0f0d
> > > > 728fadb586a2a14a244dabd70463bcc1654ecc85
> > > >
> > > > staging-4.9
> > > > 2ec7ccbffc6b788f65e55498e4347c1ee3a44b01
> > > > 50450c1f33dc72f2138a671d738934f796be3318
> > > > 3790833ef16b95653424ec9b145e460ec1a56d16
> > > > fba48eff18c02d716c95b92df804a755620be82e
> > > > 9f79e8d846e8413c828f5fc7cc6ac733728dff00
> > > > a2567d6b54b7b187ecc0165021b6dd07dafaf06a
> > > >
> > > > staging-4.8
> > > > 946dd2eefae2faeecbeb9662e66935c8070f64f5
> > > > 85990bf53addcdb0ce8e458a3d8fad199710ac59
> > > > cf0b584c8c5030588bc47a3614ad860af7482c53
> > > > 44139fed7c794eb4e47a9bb93061e325bd57fe8c
> > > > 6f6786ef0d7f7025860d360f6b1267193ffd1b27
> > >
> > > Something looks quite odd. The commit message have two cherry-pick commit
> > > ID.
> > >
> > > Why didn't you just merged the branches I provided?
> >
> > Basically I did the backports on my own, then I double-checked that they
> > matched your own version of the backports. I did it for safety: this way
> > we can be quite sure that the backports are good, or both of us did
> > exactly the same mistakes :-)
> > It was very helpful to have branches to compare against, thank you for
> > that.
>
> I also double checked it yesterday because I wasn't sure what you did :).
>
> >
> >
> > > >
> > > > For staging-4.7, I made the backports and tested them as well. They look
> > > > correct. However, given that it was more complex than initially though,
> > > > I would appreciate if you could give it a look as well (I haven't pushed
> > > > it staging-4.7 yet):
> > > >
> > > > git://xenbits.xen.org/people/sstabellini/xen-unstable.git
> > > > staging-4.7-xsa254
> > >
> > > I will have a look.
> >
> > Thanks again!
>
> This looks good to me. Thank you for backporting them to 4.7.
Thank you! I pushed the branch, these are the relevant commits for 4.7:
fd884d6 xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs
50c68df xen/arm64: Add skeleton to harden the branch predictor aliasing attacks
1bdcc9f xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS
2914ef5 xen/arm64: Add missing MIDR values for Cortex-A72, A73 and A75
62b9706 xen/arm: Introduce enable callback to enable a capabilities on each online CPU
624abdc xen/arm: Detect silicon revision and set cap bits accordingly
d7b73ed xen/arm: cpufeature: Provide an helper to check if a capability is supported
112c49c xen/arm: Add cpu_hwcap bitmap
a5b0fa4 xen/arm: Add macros to handle the MIDR
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-25 17:23 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-16 14:23 [PATCH 0/5] xen/arm64: Branch predictor hardening (XSA-254 variant 2) Julien Grall
2018-01-16 14:23 ` [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU Julien Grall
2018-01-16 23:55 ` Stefano Stabellini
2018-01-17 10:31 ` Julien Grall
2018-01-17 12:23 ` Lars Kurth
2018-01-17 12:31 ` Julien Grall
2018-01-17 14:31 ` Lars Kurth
2018-01-17 17:16 ` Stefano Stabellini
2018-01-17 21:47 ` Stefano Stabellini
2018-01-18 12:34 ` XSA-254 SP2 for ARM (was Re: [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU) Julien Grall
2018-01-18 20:28 ` Stefano Stabellini
2018-01-19 9:48 ` Jan Beulich
2018-01-19 17:23 ` Stefano Stabellini
2018-01-24 22:14 ` Stefano Stabellini
2018-01-24 22:21 ` Julien Grall
2018-01-24 22:43 ` Stefano Stabellini
2018-01-25 11:03 ` Julien Grall
2018-01-25 17:23 ` Stefano Stabellini [this message]
2018-01-18 10:56 ` [PATCH 1/5] xen/arm: Introduce enable callback to enable a capabilities on each online CPU Julien Grall
2018-01-24 17:05 ` Lars Kurth
2018-01-16 14:23 ` [PATCH 2/5] xen/arm64: Add missing MIDR values for Cortex-A72, A73 and A75 Julien Grall
2018-01-16 21:35 ` Stefano Stabellini
2018-01-16 14:23 ` [PATCH 3/5] xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS Julien Grall
2018-01-16 21:38 ` Stefano Stabellini
2018-01-16 14:23 ` [PATCH 4/5] xen/arm64: Add skeleton to harden the branch predictor aliasing attacks Julien Grall
2018-01-17 18:26 ` Stefano Stabellini
2018-01-18 11:54 ` Julien Grall
2018-01-16 14:23 ` [PATCH 5/5] xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs Julien Grall
2018-01-17 0:42 ` Stefano Stabellini
2018-01-17 10:52 ` Julien Grall
2018-01-17 17:11 ` Stefano Stabellini
2018-01-18 11:19 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.10.1801250922350.11958@sstabellini-ThinkPad-X260 \
--to=sstabellini@kernel.org \
--cc=andre.przywara@linaro.org \
--cc=julien.grall@linaro.org \
--cc=lars.kurth.xen@gmail.com \
--cc=security@xenproject.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.