From: Stefano Stabellini <sstabellini@kernel.org>
To: Julien Grall <julien.grall@arm.com>
Cc: jgross@suse.com, Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <julien@xen.org>,
Andrii Anisov <andrii_anisov@epam.com>,
xen-devel@lists.xenproject.org,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [Xen-devel] [PATCH for-4.13 v4 11/19] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest
Date: Thu, 31 Oct 2019 11:15:33 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.21.1910311115250.2267@sstabellini-ThinkPad-T480s> (raw)
In-Reply-To: <20191031150922.22938-12-julien.grall@arm.com>
On Thu, 31 Oct 2019, Julien Grall wrote:
> At the moment, SSBD workaround is re-enabled for Xen after interrupts
> are unmasked. This means we may end up to execute some part of the
> hypervisor if an interrupt is received before the workaround is
> re-enabled.
>
> Each trap may require to unmask different interrupts.
> As the rest of enter_hypervisor_from_guest() does not require to have
> interrupts masked, the function is now split in two parts:
> 1) enter_hypervisor_from_guest_preirq() called with interrupts
> masked.
> 2) enter_hypervisor_from_guest() called with interrupts unmasked.
>
> Note that while it might be possible to avoid spliting the function in
> two parts, it requires a bit more work than I can currently invest to
> avoid using indirect branch.
>
> Furthermore, the function name is rather generic as there might be more
> work to dob before interrupts are unmasked in the future.
>
> Fixes: a7898e4c59 ("xen/arm: Add ARCH_WORKAROUND_2 support for guests")
> Reported-by: Andrii Anisov <andrii_anisov@epam.com>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
> ---
> Changes in v4:
> - Remove spurious line
>
> Changes in v3:
> - Rework the arm32 part
>
> Changes in v2:
> - Add Arm32 code
> - Rename enter_hypervisor_from_guest_noirq() to
> enter_hypervisor_from_guest_preirq()
> - Update the commit message to explain the choice of splitting
> the code.
> ---
> xen/arch/arm/arm32/entry.S | 2 +-
> xen/arch/arm/arm64/entry.S | 1 +
> xen/arch/arm/traps.c | 14 ++++++++++++--
> 3 files changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/xen/arch/arm/arm32/entry.S b/xen/arch/arm/arm32/entry.S
> index cea4e0e302..0a9c248ee2 100644
> --- a/xen/arch/arm/arm32/entry.S
> +++ b/xen/arch/arm/arm32/entry.S
> @@ -118,7 +118,7 @@ abort_guest_exit_end:
> bne return_from_trap
>
> skip_check:
> - mov pc, lr
> + b enter_hypervisor_from_guest_preirq
> ENDPROC(arch_enter_hypervisor_from_guest_preirq)
>
> /*
> diff --git a/xen/arch/arm/arm64/entry.S b/xen/arch/arm/arm64/entry.S
> index 97dc60210d..d4fb5fdc1c 100644
> --- a/xen/arch/arm/arm64/entry.S
> +++ b/xen/arch/arm/arm64/entry.S
> @@ -191,6 +191,7 @@
> ALTERNATIVE("bl check_pending_vserror; cbnz x0, 1f",
> "nop; nop",
> SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
> + bl enter_hypervisor_from_guest_preirq
> msr daifclr, \iflags
> bl enter_hypervisor_from_guest
> mov x0, sp
> diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
> index adbedc2d15..cb4e3b627b 100644
> --- a/xen/arch/arm/traps.c
> +++ b/xen/arch/arm/traps.c
> @@ -1986,15 +1986,25 @@ static inline bool needs_ssbd_flip(struct vcpu *v)
>
> /*
> * Actions that needs to be done after entering the hypervisor from the
> - * guest and before we handle any request.
> + * guest and before the interrupts are unmasked.
> */
> -void enter_hypervisor_from_guest(void)
> +void enter_hypervisor_from_guest_preirq(void)
> {
> struct vcpu *v = current;
>
> /* If the guest has disabled the workaround, bring it back on. */
> if ( needs_ssbd_flip(v) )
> arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_2_FID, 1, NULL);
> +}
> +
> +/*
> + * Actions that needs to be done after entering the hypervisor from the
> + * guest and before we handle any request. Depending on the exception trap,
> + * this may be called with interrupts unmasked.
> + */
> +void enter_hypervisor_from_guest(void)
> +{
> + struct vcpu *v = current;
>
> /*
> * If we pended a virtual abort, preserve it until it gets cleared.
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-10-31 18:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-31 15:09 [Xen-devel] [PATCH for-4.13 v4 00/19] xen/arm: XSA-201 and XSA-263 fixes Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 01/19] docs/misc: xen-command-line: Remove wrong statement from serrors=diverse Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 02/19] xen/arm: Remove serrors=forward Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 03/19] xen/arm: traps: Rework __do_serror() documentation Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 04/19] docs/misc: xen-command-line: Rework documentation of the option 'serrors' Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 05/19] xen/arm: traps: Update the correct PC when inject a virtual SError to the guest Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 06/19] xen/arm64: entry: Avoid open-coding interrupt flags Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 07/19] xen/arm64: entry: Introduce a macro to generate guest vector and use it Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 08/19] xen/arm64: entry: Check if an SError is pending when receiving a vSError Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 09/19] xen/arm: traps: Rework entry/exit from the guest path Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 10/19] xen/arm32: entry: Rename save_guest_regs() Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 11/19] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest Julien Grall
2019-10-31 18:15 ` Stefano Stabellini [this message]
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 12/19] xen/arm: traps: Don't ignore invalid value for serrors= Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 13/19] xen/arm: alternative: Remove unused parameter for alternative_if_not_cap Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 14/19] xen/arm: Move ARCH_PATCH_INSN_SIZE out of the header livepatch.h Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 15/19] xen/arm: Allow insn.h to be called from assembly Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 16/19] xen/arm: alternative: add auto-nop infrastructure Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 17/19] xen/arm: asm: Replace use of ALTERNATIVE with alternative_if Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 18/19] xen/arm: Update the ASSERT() in SYNCHRONIZE_SERROR() Julien Grall
2019-10-31 15:09 ` [Xen-devel] [PATCH for-4.13 v4 19/19] xen/arm: entry: Ensure the guest state is synced when receiving a vSError Julien Grall
2019-10-31 18:18 ` Stefano Stabellini
2019-11-01 10:47 ` [Xen-devel] [PATCH for-4.13 v4 00/19] xen/arm: XSA-201 and XSA-263 fixes Jürgen Groß
2019-11-01 14:45 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1910311115250.2267@sstabellini-ThinkPad-T480s \
--to=sstabellini@kernel.org \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrii_anisov@epam.com \
--cc=jgross@suse.com \
--cc=julien.grall@arm.com \
--cc=julien@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.