On Tue, 3 Dec 2019 at 19:16, Corey Minyard [off-list ref] wrote:

On Tue, Dec 03, 2019 at 06:45:46PM +0000, Marc Zyngier wrote:

quoted

On 2019-12-03 18:35, Ard Biesheuvel wrote:

[...]

quoted

OK, I have prepared a branch that carries all these patches in the
right order with the upstream commit reference added to the commit
log. I'll send this out for review first, before actually sending it
to -stable, unless anyone feels that this is a bad idea.

arm64: KVM: Move BP hardening vectors into .hyp.text section
arm64: insn: Add N immediate encoding
arm64: insn: Add encoder for bitwise operations using literals
arm64: KVM: Dynamically patch the kernel/hyp VA mask
arm64: cpufeatures: Drop the ARM64_HYP_OFFSET_LOW feature flag
arm64; insn: Add encoder for the EXTR instruction
arm64: insn: Allow ADD/SUB (immediate) with LSL #12
arm64: KVM: Dynamically compute the HYP VA mask
arm64: KVM: Introduce EL2 VA randomisation
arm64: KVM: Move stashing of x0/x1 into the vector code itself
arm64: KVM: Reserve 4 additional instructions in the BPI template
arm64: KVM: Allow far branches from vector slots to the main vectors
arm64: Make BP hardening slot counter available
arm64: Move the content of bpi.S to hyp-entry.S

My personal take on this is that it is *a lot* of code that affects
a very critical path, and I'm not completely sure that it is what
we want for something as dated as 4.14.

That was my thought, too.  I was just trying to fix a simple compile
error.

quoted

The only valuable reason I can think of (aside of the vulnerability
mitigation aspect) would be if we need to backport more code to
the exception entry path for EL2. I don't know if there is such
need yet.

If that is the case, IMHO this should be backported as part of other
things that require it.

I don't know this code that well, but these changes seem to me more
setup for allowing other things to be done.

Agreed. But I'd still prefer it if we could backport 4340ba80bd3a
"arm64: KVM: Move BP hardening vectors into .hyp.text section" (which
introduces CONFIG_KVM_INDIRECT_VECTORS and is a useful change by
itself) and only the below hunk taken from 5bea94c013bab "arm64: Move
the content of bpi.S to hyp-entry.S".

diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 66a37cb9a392..67d39c5e6966 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c

@@ -84,7 +84,7 @@ atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);

 DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);

-#ifdef CONFIG_KVM
+#ifdef CONFIG_KVM_INDIRECT_VECTORS
 extern char __smccc_workaround_1_smc_start[];
 extern char __smccc_workaround_1_smc_end[];

@@ -135,7 +135,7 @@ static void install_bp_hardening_cb(bp_hardening_cb_t fn,
 {
 __this_cpu_write(bp_hardening_data.fn, fn);
 }
-#endif /* CONFIG_KVM */
+#endif /* CONFIG_KVM_INDIRECT_VECTORS */

 #include <uapi/linux/psci.h>
 #include <linux/arm-smccc.h>

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel