From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755466AbeARR40 (ORCPT ); Thu, 18 Jan 2018 12:56:26 -0500 Received: from mail-bl2nam02on0078.outbound.protection.outlook.com ([104.47.38.78]:22304 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754916AbeARR4Y (ORCPT ); Thu, 18 Jan 2018 12:56:24 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Jayachandran.Nair@cavium.com; Date: Thu, 18 Jan 2018 09:56:16 -0800 From: Jayachandran C To: Will Deacon Cc: Jon Masters , marc.zyngier@arm.com, linux-arm-kernel@lists.infradead.org, lorenzo.pieralisi@arm.com, ard.biesheuvel@linaro.org, catalin.marinas@arm.com, linux-kernel@vger.kernel.org, labbott@redhat.com, christoffer.dall@linaro.org Subject: Re: [PATCH v2] arm64: Branch predictor hardening for Cavium ThunderX2 Message-ID: <20180118175615.GF38392@jc-sabre> References: <20180108164651.GQ25869@arm.com> <1515502022-7376-1-git-send-email-jnair@caviumnetworks.com> <20180116234554.GA38392@jc-sabre> <20180118135354.GB20783@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180118135354.GB20783@arm.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Originating-IP: [50.233.148.156] X-ClientProxiedBy: DM5PR12CA0065.namprd12.prod.outlook.com (2603:10b6:3:103::27) To SN2PR0701MB1071.namprd07.prod.outlook.com (2a01:111:e400:341f::17) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ed67211b-b4d4-4b20-ebda-08d55e9cc839 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(4534125)(4602075)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020);SRVR:SN2PR0701MB1071; X-Microsoft-Exchange-Diagnostics: 1;SN2PR0701MB1071;3:uDJ++4rPrWVogY3NaPCqpR/+GP0XfHVyfahcU8juzNCwUFWj8r8lVlx9DirbEd5YdLaH4qaRXfU8Qqk16vQXI+jVGjTTKX4ZG/MkKchXdFfmiBBbdi11zZdWRQvCXLof8ssCXL1fvvyIcYOEWVJ493PPcGvsqhpVnbMAyN5o9s1ZBEOfCXYbLLlTxWsRaAD0UlHKqe1RIjtqgTqDQYa/ahvHC4z66sslIXKLAFZe+FnPLni7dpXE+U87duvM/adC;25:cElW17OA/hrFCiW5eraBjFdG+tO6LmVgYdIKPL4MYYqtaBA9ZOqr9+dip+kZrDUNeFdjzHWB9Suap5F3KzeKvO+T4C8osNUrpcAM32C9IJ4j9jX0i0NBzP9a6XvYK8FH4zXtrYxBl6mWuwZBZ27LWxvqluvnUKhoDCAoBASmr2+VfgskedTgtjEByZYDDqV0cL9nxFEvVdbgPCqA6mXOjl6+oueb9SD6WIjeeB7zToy0Cxq4WMDcvUxYUsMGboahP2SBonalUeRm62Lj2b1P+gfzcAuTguJTIvuPPl+/SwAtV6E6Pfoif/KCndbYBSAVaWEnXOsFNWDyYdYRJEcg5w==;31:FXaqbAov7/b5qamog3M43JGdAArLoebDIOWsEsFoso6XU110vKjpYp1lPceraG4ldqL8r8042a10eQqC7wZAfBuz6N4FAW79nhA0ug5ahbuTbKqv4c4EEOHBWYlDu1MQJ+3/J3YwDk0hP3WKctfoBoeyI11apb/2zhKOWjvJSw08+R9gvJbRDOk27TOM6ONtPBZ7qy4QQ1T+WIq+fjVUErkOcdREwbwn/xJAO3OtCD8= X-MS-TrafficTypeDiagnostic: SN2PR0701MB1071: X-Microsoft-Exchange-Diagnostics: 1;SN2PR0701MB1071;20:UVS41BqTtIXHHwp3XbDW5m3c5TOnngZe3MRG6sG9ZvKZ+N+XS4Ezbhe4ln/ktfPcM3o8B8iOluiKB9QjVhqDIIygLI3V9/Z55HTEiSQuZq18HTWTGdW9IpJcT3MlZE9+jEfkPtGbGE0PhRbIOWqvriaPp3u/YvvZIMbaGTNVcSOHogweBVmzQHR8eAOiFvnAM3GpXzaa/SftoQUTkI+RbCMsWuD34G3c+Aux0YrSzMmNPPhQ1QEatKaJJrr20TdtvbjCec+hYpsyMMkwh7irpXBuYLafORXfSDfnUhPWayPQO8FtBPHCIiJMiLt7HwBwqMPc+q4HMEgOGd9+8+vwFZbbC1jy2URRrygGFGOUwhcOnYkD5k8SYIufw6P3CbqlRx7wCYM1UgYtxHKZ/Oast3pylZ5UmELraw6Z3e6bLuPMD3FfAoJ/OPGu2V7sdvQAuh5/ghIFn/G/K8ddcAWpDwOW8DyTThmsw82Wq1B+bxzr4k2FDlFang9BzaJ83d5JHWYuIsnBwR420GRB4GoK3fchVkjFzJZHc98OJpDGU1u3PJvqpNO96eOt9UsKLmLZFDWQAAIzekWVqsCkdYKWmjg0FJiLKiEiFk7DPBu2N7M= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(84791874153150); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(5005006)(8121501046)(3002001)(3231023)(944501161)(10201501046)(93006095)(6041268)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011);SRVR:SN2PR0701MB1071;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:SN2PR0701MB1071; X-Microsoft-Exchange-Diagnostics: 1;SN2PR0701MB1071;4:y/3fyuTdxlrMz0++WOCMcJpEpr1A1X1BFVkQzZyVUdpBmoH9IMoUmDoS+0112ABtEYvWHvjpD4lZViP1iovE2Fi+B/LnFNiIKh9DLm96Gh0b76hMf11hhDSKhkfCrxY/33uiHgxNizcSMixI6ufGR7iGR6HBEWJyzA6OChylDxRNJaPCcLEs+Lj1U0SnyIQCAfwcsWSHKs0UObU2Z6QdHSTN+gaO5zR10SIFUVK0Zm6FXkirtLmrs2LJJuP1mI0ALh9fK8fiK0arfopgAfnZWcWCM7UV01mMd/rEsiYmGnO/Wi7NL7wPMSW0wWkYdrmubxMoJy40yxOcUVVKaWUKtX9AZANHhKCcOnA/LzlFQp4= X-Forefront-PRVS: 05568D1FF7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(396003)(346002)(39380400002)(39860400002)(376002)(366004)(189003)(199004)(52116002)(23726003)(7416002)(6306002)(59450400001)(6496006)(58126008)(386003)(83506002)(229853002)(9686003)(68736007)(33896004)(8936002)(50466002)(305945005)(33716001)(97736004)(55016002)(93886005)(53546011)(66066001)(105586002)(26005)(106356001)(3846002)(4326008)(47776003)(7736002)(6246003)(316002)(72206003)(76176011)(966005)(25786009)(1076002)(16526018)(42882006)(53936002)(16586007)(81166006)(81156014)(2950100002)(6916009)(2906002)(478600001)(8676002)(33656002)(5660300001)(6666003)(6116002)(18370500001)(107986001);DIR:OUT;SFP:1101;SCL:1;SRVR:SN2PR0701MB1071;H:jc-sabre;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;SN2PR0701MB1071;23:iAxQAEeukWFO8qsBdXcDth3KPLulZQjb1yyR0mf?= =?us-ascii?Q?QTvm54QS7X2hO3CjM1vFoUhPbCGZV6YJchmegIakD3/+9CLMint9blhUl6fq?= =?us-ascii?Q?oaUReoXSOGjT3O3M82Ln8edE8jvwA1Bir6DLcSQBbGfZNfx4K8SukW+qSpGi?= =?us-ascii?Q?gLJ65CUsWF6htpItB8JU11HLLQWfNzAnE/NBtD5nPPSmrccf8hky76rC1c8H?= =?us-ascii?Q?dk9Bufyt22kjsesuw3goRu70rCaXo1rHb3wNeEQXl9D4Jb53N34+5sKMoCMM?= =?us-ascii?Q?iwAQdhNZ6XJ3u4tU7MNVJyJrBivphhqqrrry2y19JCSK1UsYMhmByQ2DQGjf?= =?us-ascii?Q?QC0+YH7rpxIcdifwplghgKrSOpSoige+Mtg7BwqTGbiNgmR0b3gUyi7U2tGA?= =?us-ascii?Q?+D3kBnA6wax6MrrAniGtUQxx0BudkrSddQuC7vNLM4REuvZTRoo7S7nSepzN?= =?us-ascii?Q?QZvrOh0sSSdw/T0gPiukBKVNDX1s8SzDNz3nV3q8FERMlN/lGjKudMoBRkkf?= =?us-ascii?Q?0t5GGeNgYX1h2+X5m7c3bzgp/kgGe1EZTQRB3MmLsoA8l6rG/J37vviX6wzx?= =?us-ascii?Q?hWRu/vwDHs6NlVvbjHw4Csfbb4gesz9qQxr+CNkJ/FV8IUMdHvBC27eHh39b?= =?us-ascii?Q?Ixeoigj5HGUJLVcBg+pJDFRzGLuLuD4RDGb4kcwf+zSZF0hKY5r+sqotPxMb?= =?us-ascii?Q?56qNLqa7YX+tQcnJqgosP8R4U2WLfohqTz2H8wT+ZB3CNLsTy83V0j+35yKV?= =?us-ascii?Q?REPgg0OibQfGeWqMyAK4oDBjh/t+mkRPMsolIJDphBZKdA2PLkRaLe/qqhsS?= =?us-ascii?Q?AdoP2VWorx/kra6gLnNsqPpZ1h1+tJVmdKRnoSgpEH2JYZoQWq/yce62WEqN?= =?us-ascii?Q?r0NmHttzzKnkfr0cVUSJrZkgPcp6qK4Xmu+BKuGvv1a1sxg91C/AF0/ycFHT?= =?us-ascii?Q?oT3wpqkSpgdbbpvHSFEbdyfq4bWNsNkvKjK9kE+9Ojm+4r+tVh02yztsPnBN?= =?us-ascii?Q?RhEm2j/PIjFX7qHmJdUa07xW2W/MNn9gjcxTwUo8sIlsAaWVsIbZtmAqvc8H?= =?us-ascii?Q?0VJG8CAsxWfs1cKkinvtT3OCloohIieu3mbjBekecvS2O/emPH/uv1h+qUQw?= =?us-ascii?Q?7YXG4GMEfiYKcs7zpxcmQPpvmqcTsYNmFqiwaxluc7GhH/2Y0M69Bsygfkwr?= =?us-ascii?Q?P6TOTR/2WrESol/MZcY4HrW7dEw+Du2Mziu59piFOZX0tfT1GdR97NVhhM8I?= =?us-ascii?Q?BsI17k5HSIE+yOjRJmWOj3cJoHQ7PR9mxdYZ9ihC/cM0ljrNnK7FoEZ+Y7zd?= =?us-ascii?Q?yJJCBA+WzlTUsyDfK2gqOSfwbBON9mrJrDNdhtr5cI6NTEkhLqoY1R+sdnpL?= =?us-ascii?Q?xXKCut7t95j+/fxK387tNJm0RKO4=3D?= X-Microsoft-Exchange-Diagnostics: 1;SN2PR0701MB1071;6:xEEvUk4PjgrJexRIeuok6UYbZ+6+7fSStMyZC/aTdAQkfEqMRTAUI86zlPshr/l8qF+9dfs1XYzbhMLn9Op04YKJ7Mp6+qjyHfNWTVufj7OgnDP3J+tBvN9b2FdcuvLYehdg7jVnU6vWhxx5/XkYKvflN1Yl73qxwbsPZqHpGpj+5g8wM+HL/iKZ//77tf/4pkh0vZVncbqi6gpVnhiCbJpdJkZ35eATzzt50Lxybl2ctp/OcEnoY1ghFIhOHkjVnKcjZXNu9SNA2vcKT/hV+h6K+IRf8HFSxBILS74xhbIgGeoji7Lt2/NbZ7WA4kZqx5DX0BWN2pQ8BOuEuqKAl44+SqCqfWYdsda1BVJUEWw=;5:FNKb1ag2hLHfosWUWi17YnfZedXQAc58oXEISQ8aU8Nt1SzPQAY4CEgz/w5iSVwKOlfi6SKLeSEBKRmXGCQhhf9LDFUf/A4q7Wt7J5OufF94zusc+FS725gjraNPfiN+1IxU4L/NlcMjWacfaXuJnORuTLI8z1T8qvjQ42ZxfNQ=;24:gdZoI+mTBl1uL/EkZ7wfdphNmgatHxRy84zW9yknLHRp44CdkvCQ8vgW2CWX2ywa1ewrGvHKAYUFNV4+I8BQ+/V+4u9esVFGUpZ2MvjYsUQ=;7:VHWc1NXEGn8kx6WwQJfARexitfjOtmNG3wxO3RDyzKBnkmuSvQfii0rKek8Nh7FtTOKwOeq9wbBGL0p9vTzAWfvCfVebWYmFVdVdBl/3+6jt6Z0Qkmn/NPLSlBNpJreAif3F0cxNOQK2A2ywQJHD1IlyOT0ijZeklLHlS1QH4K1aF7FyTI+eOy4yprXcR7mLIr+EAME5+nDfmosncQLfI5nn0vqL4/xyPLcEJp1f1etW+kggKK/LIVXGd83ZxTc0 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jan 2018 17:56:20.0878 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ed67211b-b4d4-4b20-ebda-08d55e9cc839 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR0701MB1071 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 18, 2018 at 01:53:55PM +0000, Will Deacon wrote: > Hi JC, > > On Tue, Jan 16, 2018 at 03:45:54PM -0800, Jayachandran C wrote: > > On Tue, Jan 16, 2018 at 04:52:53PM -0500, Jon Masters wrote: > > > On 01/09/2018 07:47 AM, Jayachandran C wrote: > > > > > > > Use PSCI based mitigation for speculative execution attacks targeting > > > > the branch predictor. The approach is similar to the one used for > > > > Cortex-A CPUs, but in case of ThunderX2 we add another SMC call to > > > > test if the firmware supports the capability. > > > > > > > > If the secure firmware has been updated with the mitigation code to > > > > invalidate the branch target buffer, we use the PSCI version call to > > > > invoke it. > > > > > > What's the status of this patch currently? Previously you had suggested > > > to hold while the SMC got standardized, but then you seemed happy with > > > pulling in. What's the latest? > > > > My understanding is that the SMC standardization is being worked on > > but will take more time, and the KPTI current patchset will go to > > mainline before that. > > > > Given that, I would expect arm64 maintainers to pick up this patch for > > ThunderX2, but I have not seen any comments so far. > > > > Will/Marc, please let me know if you are planning to pick this patch > > into the KPTI tree. > > Are you really sure you want us to apply this? If we do, then you can't run > KVM guests anymore because your IMPDEF SMC results in an UNDEF being > injected (crash below). > > I really think that you should just hook up the enable_psci_bp_hardening > callback like we've done for the Cortex CPUs. We can optimise this later > once the SMC standarisation work has been completed (which is nearly final > now and works in a backwards-compatible manner). I think Marc's patch here: https://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms.git/commit/?h=kvm-arm64/kpti&id=d35e77fae4b70331310c3bc1796bb43b93f9a85e handles returning for undefined smc calls in guest. I think in this case we have to choose between crashing or giving a false sense of security when a guest compiled with HARDEN_BRANCH_PREDICTOR is booted on an hypervisor that does not support hardening. Crashing maybe a reasonable option. JC.