Received: by 10.223.176.5 with SMTP id f5csp2371317wra; Wed, 31 Jan 2018 22:54:32 -0800 (PST) X-Google-Smtp-Source: AH8x224Ym8nMZJ4U/g4TFpxqwmR0SZXXTvMLu7K6Tq+1RSM220QONiZJ5V7sYzLMggvezcuOnumC X-Received: by 2002:a17:902:67:: with SMTP id 94-v6mr30667077pla.183.1517468072178; Wed, 31 Jan 2018 22:54:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517468072; cv=none; d=google.com; s=arc-20160816; b=Je/yrh+X+ml/je4eL0Mqdg0ZRIGBMoqG/J8nO5BvIg/ADjb81kIFcITNXYyqqgxXRq P0leyN+3I7bLbDmOiHstBJ/Aeaf9izrFLZmsCFAOlyy6gjuC4NJE6V1VfpInLz3atLc/ q7M0hido2MfSMkUDxiGnh/Uza6MOLQjewN/dy/lqX9WGEtKf+9KW9iA2dhP7VoccnlZN 8x5ln++hr4St5WfeqJYgzUjLNxPHOw2CbjTDDd+4KsSnD2IwvfvExfjSOwdRY/kEuNJH nuU7CP3HkpNIis72ZPcPugYovPECe9rcBoKY0XVhV4vdRAvmpUBD5wkIXRCTkzv5hqEV kWuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:arc-authentication-results; bh=47kk5cT3KrZryhrKPyJQ5R6jLArA4neRV0+NxBH6XXw=; b=FihCwoJbIz4neWdFgx5VMTpWtJz2Nyg4kcPOoU4YPTrvqKphSm6sxTTvp3RN1MQWfh 8HboPt0ZkC0+o2NaQK1rt3gvvYKthKTVlc+8A6ZLR4PlbWel25x+wCY1UVTooN9QZ2mS 35tEooM2me7Sj/6OWYC8Pz/urghM41igpZmVCJ1YKl52gLOd1sarPASTJRyTufkDzoza 1i7RaFuPI8oDmfItLUUya0IEbfJLsXv62FAl3IQngA56m3HR61M/AoXUbntACVtbp4L/ pv1pLLRIFsEhEd3akkWB90SZGh9dipofS0CTn3v0A1Eq3c0bH5G1FnaZUlTC5L+6L+Mj KbTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y3si12388578pgv.59.2018.01.31.22.54.15; Wed, 31 Jan 2018 22:54:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751509AbeBAGxr (ORCPT + 99 others); Thu, 1 Feb 2018 01:53:47 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:4755 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751119AbeBAGxq (ORCPT ); Thu, 1 Feb 2018 01:53:46 -0500 Received: from DGGEMS404-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 22C7CF1EDEBEC; Thu, 1 Feb 2018 14:53:32 +0800 (CST) Received: from [127.0.0.1] (10.177.223.23) by DGGEMS404-HUB.china.huawei.com (10.3.19.204) with Microsoft SMTP Server id 14.3.361.1; Thu, 1 Feb 2018 14:53:30 +0800 Subject: Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support From: Hanjun Guo To: Marc Zyngier , Ard Biesheuvel CC: Linux Kernel Mailing List , linux-arm-kernel , kvmarm , Catalin Marinas , Will Deacon , Peter Maydell , Christoffer Dall , Lorenzo Pieralisi , Mark Rutland , "Robin Murphy" , Jon Masters References: <20180129174559.1866-1-marc.zyngier@arm.com> <20180129174559.1866-17-marc.zyngier@arm.com> <476d111e-6fb0-9bef-2448-a94d0cc03f45@huawei.com> <49853e5e-f093-2e79-1cfb-182f51fcd6a0@arm.com> <501451b6-cc84-e8d3-b7b6-49a7de953976@arm.com> Message-ID: <876a9d85-31ee-d6fb-3e91-0a092eeb55c3@huawei.com> Date: Thu, 1 Feb 2018 14:52:26 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.223.23] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/2/1 10:40, Hanjun Guo wrote: > On 2018/1/31 23:05, Marc Zyngier wrote: >> On 31/01/18 14:38, Ard Biesheuvel wrote: >>> On 31 January 2018 at 14:35, Ard Biesheuvel wrote: >>>> On 31 January 2018 at 14:11, Marc Zyngier wrote: >>>>> On 31/01/18 13:56, Hanjun Guo wrote: >>>>>> Hi Marc, >>>>>> >>>>>> On 2018/1/30 1:45, Marc Zyngier wrote: >>>>>>> static int enable_psci_bp_hardening(void *data) >>>>>>> { >>>>>>> const struct arm64_cpu_capabilities *entry = data; >>>>>>> >>>>>>> - if (psci_ops.get_version) >>>>>>> + if (psci_ops.get_version) { >>>>>>> + if (check_smccc_arch_workaround_1(entry)) >>>>>>> + return 0; >>>>>> >>>>>> If I'm using the new version SMCCC, the firmware have the choicARM_SMCCC_ARCH_WORKAROUND_1e to decide >>>>>> whether this machine needs the workaround, even if the CPU is vulnerable >>>>>> for CVE-2017-5715, but.. >>>>>> >>>>>>> + >>>>>>> install_bp_hardening_cb(entry, >>>>>>> (bp_hardening_cb_t)psci_ops.get_version, >>>>>>> __psci_hyp_bp_inval_start, >>>>>>> __psci_hyp_bp_inval_end); >>>>>> >>>>>> ..the code above seems will enable get_psci_version() for CPU and will >>>>>> trap to trust firmware even the new version of firmware didn't say >>>>>> we need the workaround, did I understand it correctly? >>>>> >>>>> Well, you only get there if we've established that your CPU is affected >>>>> (it has an entry matching its MIDR with the HARDEN_BRANCH_PREDICTOR >>>>> capability), and that entry points to enable_psci_bp_hardening. It is > > I understand, but A53, A57, A72 and etc are always in the list :) Sorry, A53 is not susceptible to branch predictor aliasing.. Thanks Hanjun