| Message ID | 20180314165049.30105-21-marc.zyngier@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Mar 14, 2018 at 04:50:43PM +0000, Marc Zyngier wrote: > There is no reason why the BP hardening vectors shouldn't be part > of the HYP text at compile time, rather than being mapped at runtime. > > Also introduce a new config symbol that controls the compilation > of bpi.S. > > Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> > --- > arch/arm64/include/asm/kvm_mmu.h | 4 +--- > arch/arm64/kernel/Makefile | 4 +--- > arch/arm64/kernel/bpi.S | 6 ++++++ > arch/arm64/kvm/Kconfig | 3 +++ > 4 files changed, 11 insertions(+), 6 deletions(-) > > diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h > index bfb81e73da06..c2beb2d25170 100644 > --- a/arch/arm64/include/asm/kvm_mmu.h > +++ b/arch/arm64/include/asm/kvm_mmu.h > @@ -380,9 +380,7 @@ static inline void *kvm_get_hyp_vector(void) > > static inline int kvm_map_vectors(void) > { > - return create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start), > - kvm_ksym_ref(__bp_harden_hyp_vecs_end), > - PAGE_HYP_EXEC); > + return 0; > } > > #else > diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile > index b87541360f43..93bce17109a6 100644 > --- a/arch/arm64/kernel/Makefile > +++ b/arch/arm64/kernel/Makefile > @@ -54,9 +54,7 @@ arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o > arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o > arm64-obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o > > -ifeq ($(CONFIG_KVM),y) > -arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o > -endif > +arm64-obj-$(CONFIG_KVM_INDIRECT_VECTORS)+= bpi.o I was about to say a space before the += would be nice, but I see the operator actually lines up with the others this way. > > obj-y += $(arm64-obj-y) vdso/ probes/ > obj-m += $(arm64-obj-m) > diff --git a/arch/arm64/kernel/bpi.S b/arch/arm64/kernel/bpi.S > index e5de33513b5d..447188e2a664 100644 > --- a/arch/arm64/kernel/bpi.S > +++ b/arch/arm64/kernel/bpi.S > @@ -48,6 +48,10 @@ > ventry \target + 0x780 > .endm > > + > + .text > + .pushsection .hyp.text, "ax" > + > .align 11 > ENTRY(__bp_harden_hyp_vecs_start) > .rept 4 > @@ -55,6 +59,8 @@ ENTRY(__bp_harden_hyp_vecs_start) > .endr > ENTRY(__bp_harden_hyp_vecs_end) > > + .popsection > + > ENTRY(__qcom_hyp_sanitize_link_stack_start) > stp x29, x30, [sp, #-16]! > .rept 16 > diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig > index 2257dfcc44cc..bd8cc03d7522 100644 > --- a/arch/arm64/kvm/Kconfig > +++ b/arch/arm64/kvm/Kconfig > @@ -57,6 +57,9 @@ config KVM_ARM_PMU > Adds support for a virtual Performance Monitoring Unit (PMU) in > virtual machines. > > +config KVM_INDIRECT_VECTORS > + def_bool KVM && HARDEN_BRANCH_PREDICTOR > + > source drivers/vhost/Kconfig > > endif # VIRTUALIZATION > -- > 2.14.2 > Reviewed-by: Andrew Jones <drjones@redhat.com>
On Wed, Mar 14, 2018 at 04:50:43PM +0000, Marc Zyngier wrote: > There is no reason why the BP hardening vectors shouldn't be part > of the HYP text at compile time, rather than being mapped at runtime. > > Also introduce a new config symbol that controls the compilation > of bpi.S. > > Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h index bfb81e73da06..c2beb2d25170 100644 --- a/arch/arm64/include/asm/kvm_mmu.h +++ b/arch/arm64/include/asm/kvm_mmu.h @@ -380,9 +380,7 @@ static inline void *kvm_get_hyp_vector(void) static inline int kvm_map_vectors(void) { - return create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start), - kvm_ksym_ref(__bp_harden_hyp_vecs_end), - PAGE_HYP_EXEC); + return 0; } #else diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index b87541360f43..93bce17109a6 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -54,9 +54,7 @@ arm64-reloc-test-y := reloc_test_core.o reloc_test_syms.o arm64-obj-$(CONFIG_CRASH_DUMP) += crash_dump.o arm64-obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o -ifeq ($(CONFIG_KVM),y) -arm64-obj-$(CONFIG_HARDEN_BRANCH_PREDICTOR) += bpi.o -endif +arm64-obj-$(CONFIG_KVM_INDIRECT_VECTORS)+= bpi.o obj-y += $(arm64-obj-y) vdso/ probes/ obj-m += $(arm64-obj-m) diff --git a/arch/arm64/kernel/bpi.S b/arch/arm64/kernel/bpi.S index e5de33513b5d..447188e2a664 100644 --- a/arch/arm64/kernel/bpi.S +++ b/arch/arm64/kernel/bpi.S @@ -48,6 +48,10 @@ ventry \target + 0x780 .endm + + .text + .pushsection .hyp.text, "ax" + .align 11 ENTRY(__bp_harden_hyp_vecs_start) .rept 4 @@ -55,6 +59,8 @@ ENTRY(__bp_harden_hyp_vecs_start) .endr ENTRY(__bp_harden_hyp_vecs_end) + .popsection + ENTRY(__qcom_hyp_sanitize_link_stack_start) stp x29, x30, [sp, #-16]! .rept 16 diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig index 2257dfcc44cc..bd8cc03d7522 100644 --- a/arch/arm64/kvm/Kconfig +++ b/arch/arm64/kvm/Kconfig @@ -57,6 +57,9 @@ config KVM_ARM_PMU Adds support for a virtual Performance Monitoring Unit (PMU) in virtual machines. +config KVM_INDIRECT_VECTORS + def_bool KVM && HARDEN_BRANCH_PREDICTOR + source drivers/vhost/Kconfig endif # VIRTUALIZATION
There is no reason why the BP hardening vectors shouldn't be part of the HYP text at compile time, rather than being mapped at runtime. Also introduce a new config symbol that controls the compilation of bpi.S. Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> --- arch/arm64/include/asm/kvm_mmu.h | 4 +--- arch/arm64/kernel/Makefile | 4 +--- arch/arm64/kernel/bpi.S | 6 ++++++ arch/arm64/kvm/Kconfig | 3 +++ 4 files changed, 11 insertions(+), 6 deletions(-)