[PATCH] xen/arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery

[PATCH] xen/arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery

[julien.grall]

From: Julien Grall <julien.grall@arm.com>

A recent update to the ARM SMCCC_ARCH_WORKAROUND_1 specification (see [1])
allows firmware to return a non zero, positive value, to describe that
although the mitigation is implemented at the higher exception level,
the CPU on which the call is made is not affected.

Relax the check on the return value from ARM_WORKAROUND_1 so that we
only error out if the returned value is negative.

[1] https://developer.arm.com/support/security-update/downloads
"Firmware interfaces for mitigating CVE-2017-5715 System Software on Arm
Systems"

Signed-off-by: Julien Grall <julien.grall@arm.com>

---
    This patch should be backported as part of XSA-254.

    There are potential more optimization to do as part of this
    relaxation. For instance, we dropping the CPU ID recognition and
    only look ad the SMCCC.
---
 xen/arch/arm/cpuerrata.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
index 4eb1567589..1baa20654b 100644
--- a/xen/arch/arm/cpuerrata.c
+++ b/xen/arch/arm/cpuerrata.c
@@ -168,7 +168,8 @@ static int enable_smccc_arch_workaround_1(void *data)
 
     arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
                       ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res);
-    if ( res.a0 != ARM_SMCCC_SUCCESS )
+    /* The return value is in the lower 32-bits. */
+    if ( (int)res.a0 < 0 )
         goto warn;
 
     return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
-- 
2.11.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] xen/arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery

[Stefano Stabellini]

On Mon, 12 Mar 2018, julien.grall@arm.com wrote:
> From: Julien Grall <julien.grall@arm.com>
> 
> A recent update to the ARM SMCCC_ARCH_WORKAROUND_1 specification (see [1])
> allows firmware to return a non zero, positive value, to describe that
> although the mitigation is implemented at the higher exception level,
> the CPU on which the call is made is not affected.
> 
> Relax the check on the return value from ARM_WORKAROUND_1 so that we
> only error out if the returned value is negative.
> 
> [1] https://developer.arm.com/support/security-update/downloads
> "Firmware interfaces for mitigating CVE-2017-5715 System Software on Arm
> Systems"
> 
> Signed-off-by: Julien Grall <julien.grall@arm.com>

Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

> ---
>     This patch should be backported as part of XSA-254.
> 
>     There are potential more optimization to do as part of this
>     relaxation. For instance, we dropping the CPU ID recognition and
>     only look ad the SMCCC.

Indeed there are. I assume more patches will be coming?


> ---
>  xen/arch/arm/cpuerrata.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
> index 4eb1567589..1baa20654b 100644
> --- a/xen/arch/arm/cpuerrata.c
> +++ b/xen/arch/arm/cpuerrata.c
> @@ -168,7 +168,8 @@ static int enable_smccc_arch_workaround_1(void *data)
>  
>      arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID,
>                        ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res);
> -    if ( res.a0 != ARM_SMCCC_SUCCESS )
> +    /* The return value is in the lower 32-bits. */
> +    if ( (int)res.a0 < 0 )
>          goto warn;
>  
>      return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start,
> -- 
> 2.11.0
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH] xen/arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery

[Julien Grall]

Hi Stefano,

On 03/16/2018 08:27 PM, Stefano Stabellini wrote:
> On Mon, 12 Mar 2018, julien.grall@arm.com wrote:
>> From: Julien Grall <julien.grall@arm.com>
>>
>> A recent update to the ARM SMCCC_ARCH_WORKAROUND_1 specification (see [1])
>> allows firmware to return a non zero, positive value, to describe that
>> although the mitigation is implemented at the higher exception level,
>> the CPU on which the call is made is not affected.
>>
>> Relax the check on the return value from ARM_WORKAROUND_1 so that we
>> only error out if the returned value is negative.
>>
>> [1] https://developer.arm.com/support/security-update/downloads
>> "Firmware interfaces for mitigating CVE-2017-5715 System Software on Arm
>> Systems"
>>
>> Signed-off-by: Julien Grall <julien.grall@arm.com>
> 
> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> 
>> ---
>>      This patch should be backported as part of XSA-254.
>>
>>      There are potential more optimization to do as part of this
>>      relaxation. For instance, we dropping the CPU ID recognition and
>>      only look ad the SMCCC.
> 
> Indeed there are. I assume more patches will be coming?

It is not in my immediate plan. I pointed out if someone wants to 
implement and send a patch.

Cheers,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel