[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/3] xen/arm: Warn user on cpu errata 832075

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 28 Oct 2020 08:43:43 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AYyRvUTEbAdnFlwhD1kOW7kYHlzlk8gTl6DKu3cM4bg=; b=FhIIQegiOTDw3MhrUOkfaCQ2fv0PBpe7xWY6Yeb0ICw4VI9aaKHFyxXAFA62KvfK0WA9KuwbN7bi8mzw77/CqiOkDQIUpn7naBrhpXTovW13SRp56nqq64QVR3uxi4m8gPi6stonjJvvraNlZ6GJAa7e1GPwA1JCXWmXvAoaCsIJyLrFnxlknG3beiszrj2LmsQPoNDi4pBY7CX0EJPopWZc6UBxzU4OjwZuexJ03IifhQBShkzZQSFR/OabcBoSxv+3sq91gsFYX9+PlpxU3IDE8/4Qt7ZK5IUE2c7e4mV60K0crMTgzJ+JCXxa+lfdp+x9Gd8bEEwTNvijRzaRYQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pm5sNEMkOb+5UDOaJk1MFcPLLO63zqz6FFVODvXbVT8+5/phZ9j0FNJVj6i3c2AK/GGW0d6thh4sBithgNMp0Tj9BsMuh4h9XuhOutJQIJ24cWQ8MWJuxtV4WZT4Fq23qjK3Pu+sPo/IB3gI7QjWDebj7qGHB+pyyota0bHfrE2XstFn5uJgXmStcVPj9AqNIP1jtXiQA7dk8ZTFp8rx1PohAUb9R9p8gqQ8eQJxoKwr/HdHHjPt8FYeOWjFPo5ju3ajnSQyox4NgjgWeuwQrLJljlzRr6fFBLLvG4Jjn0LfS8bJYcnoX7V/2PdjiLegbCSEyOYq3y0aSiL4WLYOtQ==
  • Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Cc: "open list:X86" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 28 Oct 2020 08:44:03 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHWq7RKM3lRt4XRXUWYGPT9/eCkOKmsDfmAgACnfwA=
  • Thread-topic: [PATCH v2 3/3] xen/arm: Warn user on cpu errata 832075

> On 27 Oct 2020, at 22:44, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> On Mon, 26 Oct 2020, Bertrand Marquis wrote:
>> When a Cortex A57 processor is affected by CPU errata 832075, a guest
>> not implementing the workaround for it could deadlock the system.
>> Add a warning during boot informing the user that only trusted guests
>> should be executed on the system.
>> An equivalent warning is already given to the user by KVM on cores
>> affected by this errata.
>> 
>> Also taint the hypervisor as unsecure when this errata applies and
>> mention Cortex A57 r0p0 - r1p2 as not security supported in SUPPORT.md
>> 
>> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>> ---
>> SUPPORT.md               |  1 +
>> xen/arch/arm/cpuerrata.c | 13 +++++++++++++
>> 2 files changed, 14 insertions(+)
>> 
>> diff --git a/SUPPORT.md b/SUPPORT.md
>> index 5fbe5fc444..f7a3b046b0 100644
>> --- a/SUPPORT.md
>> +++ b/SUPPORT.md
>> @@ -38,6 +38,7 @@ supported in this document.
>> ### ARM v8
>> 
>>     Status: Supported
>> +    Status, Cortex A57 r0p0 - r1p2, not security supported (Errata 832075)
>> 
>> ## Host hardware support
>> 
>> diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c
>> index 0430069a84..b35e8cd0b9 100644
>> --- a/xen/arch/arm/cpuerrata.c
>> +++ b/xen/arch/arm/cpuerrata.c
>> @@ -503,6 +503,19 @@ void check_local_cpu_errata(void)
>> void __init enable_errata_workarounds(void)
>> {
>>     enable_cpu_capabilities(arm_errata);
>> +
>> +#ifdef CONFIG_ARM64_ERRATUM_832075
>> +    if ( cpus_have_cap(ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE) )
>> +    {
>> +        printk_once("**** This CPU is affected by the errata 832075. ****\n"
>> +                    "**** Guests without CPU erratum workarounds     ****\n"
>> +                    "**** can deadlock the system!                   ****\n"
>> +                    "**** Only trusted guests should be used.        
>> ****\n");
> 
> These can be on 2 lines, no need to be on 4 lines.

I can fix that in a v3.

> 
> 
> I know that Julien wrote about printing the warning from
> enable_errata_workarounds but to me it looks more natural if we did it
> from the .enable function specific to ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE.

I have no preference either here but i kind of like this way because if we had 
more warnings
they would allow be at the same place.

I will wait for Julien answer on this before sending a v3 for this patch.

Cheers
Bertrand

> 
> That said, I don't feel strongly about it, I am fine either way. Julien,
> do you have a preference?
> 
> 
> Other than that, it is fine.
> 
> 
>> +        /* Taint the machine has being insecure */
>> +        add_taint(TAINT_MACHINE_UNSECURE);
>> +    }
>> +#endif

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.