From: Marc Zyngier <maz@kernel.org>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Stefan Wahren <stefan.wahren@i2se.com>,
Corey Minyard <cminyard@mvista.com>,
minyard@acm.org, Catalin Marinas <catalin.marinas@arm.com>,
Andre Przywara <andre.przywara@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH] arm64: Fix compile error with KVM and !HARDEN_BRANCH_PREDICTOR
Date: Fri, 29 Nov 2019 07:21:07 +0000 [thread overview]
Message-ID: <86pnhbywpo.wl-maz@kernel.org> (raw)
In-Reply-To: <CAKv+Gu-Xbpky-VN4WgSKJ5k_98shRdr_7aEcXJBV9uZqJrV7Jw@mail.gmail.com>
On Thu, 28 Nov 2019 17:20:20 +0000,
[fixing Will's email address]
Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> (+ Marc)
>
>
>
> On Wed, 27 Nov 2019 at 19:10, <minyard@acm.org> wrote:
> >
> > From: Corey Minyard <cminyard@mvista.com>
> >
> > When compiling with KVM enabled and without HARDEN_BRANCH_PREDICTOR,
> > the following compile error happens:
> >
> > arch/arm64/kernel/cpu_errata.c:92:23:
> > error: '__bp_harden_hyp_vecs_start' undeclared (first use in this function);
> > did you mean 'hyp_vecs_start'?
> > void *dst = lm_alias(__bp_harden_hyp_vecs_start + slot * SZ_2K);
> >
> > Some ifdefs were removed by 3e91f3eacc91d9 "arm64: Always enable
> > spectre-v2 vulnerability detection" for CONFIG_HARDEN_BRANCH_PREDICTOR,
> > but __bp_harden_hyp_vecs_start is only defined if that config is
> > enabled.
> >
> > Add CONFIG_HARDEN_BRANCH_PREDICTOR to the #if that has CONFIG_KVM,
> > It looks like you need both of those for that code to be valid.
> >
> > Fixes: 3e91f3eacc91d9 "arm64: Always enable spectre-v2 vulnerability detection"
> > Cc: Andre Przywara <andre.przywara@arm.com>
> > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > Cc: Stefan Wahren <stefan.wahren@i2se.com>
> > Cc: Will Deacon <will.deacon@arm.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Signed-off-by: Corey Minyard <cminyard@mvista.com>
> > ---
> > This is for 4.14, I'm not sure if it is needed for other kernels.
> >
> > It is not needed in master because a new config item was added,
> > CONFIG_KVM_INDIRECT_VECTORS, that depends on KVM and
> > HARDEN_BRANCH_PREDICTOR being configured. I looked at pulling the
> > patches that add the required changes, and they make a lot of
> > changes. This change is the simple fix, but I'm not sure if we want to
> > pull all those other changes into 4.14 and whatever other kernels
> > are required.
> >
>
> I agree that backporting this cleanly is going to be problematic,
> since it pulls in the entire EL2 VA randomization feature with all its
> prerequisites.
>
> Backporting the following set could be done fairly cleanly, and fixes
> the problem at build time, but unfortunately, it causes a boot time
> crash (see below)
>
> 97eca4d2bfec (HEAD -> linux-4.14.y) arm64: Move the content of bpi.S
> to hyp-entry.S
> 514dd33114c6 arm64: Make BP hardening slot counter available
> d7ddf3ae9470 arm64; insn: Add encoder for the EXTR instruction
> c0b2c4e56e10 arm64: KVM: Introduce EL2 VA randomisation
> 56ab0a87c737 arm64: KVM: Dynamically compute the HYP VA mask
> d92c02628dfb arm64: KVM: Allow far branches from vector slots to the
> main vectors
> 7adec01c9674 arm64: cpufeatures: Drop the ARM64_HYP_OFFSET_LOW feature flag
> 1095e4fc3134 arm64: KVM: Move stashing of x0/x1 into the vector code itself
> bb2e1aceb423 arm64: KVM: Dynamically patch the kernel/hyp VA mask
> 6f0ccfc451be arm64: KVM: Reserve 4 additional instructions in the BPI template
> bf425ffee07a arm64: insn: Add encoder for bitwise operations using literals
> 41dda94d1a9f arm64: insn: Add N immediate encoding
> 3225668ebe00 arm64: KVM: Move BP hardening vectors into .hyp.text section
>
> Marc?
You need at least these:
1bb32a44aea1 KVM: arm/arm64: Keep GICv2 HYP VAs in kvm_vgic_global_state
44a497abd621 KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
But that's definitely not enough to fix the crash.
>
> [ 0.062126] CPU: All CPU(s) started at EL1
> [ 0.063109] alternatives: patching kernel code
> [ 0.064228] random: get_random_u64 called from
> compute_layout+0x94/0xe8 with crng_init=0
> [ 0.066313] aarch64_insn_gen_add_sub_imm: invalid immediate encoding 1904640
OK, that one is really bizarre. This value (tag_val) is supposed to be
a small value (only 12 significant bits out of 24 at any given time),
and it is not (0x1D1000). So somehow compute_instruction() is not
doing the right thing.
Do you have a tree somewhere with this patches?
Thanks,
M.
--
Jazz is not dead, it just smells funny.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-11-29 7:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-27 18:10 [PATCH] arm64: Fix compile error with KVM and !HARDEN_BRANCH_PREDICTOR minyard
2019-11-28 17:20 ` Ard Biesheuvel
2019-11-29 7:21 ` Marc Zyngier [this message]
2019-11-29 7:25 ` Ard Biesheuvel
2019-11-29 9:04 ` Marc Zyngier
2019-12-03 18:35 ` Ard Biesheuvel
2019-12-03 18:45 ` Marc Zyngier
2019-12-03 19:16 ` Corey Minyard
2019-12-04 15:51 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86pnhbywpo.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=andre.przywara@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=cminyard@mvista.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=minyard@acm.org \
--cc=stefan.wahren@i2se.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).