On 2018/2/1 10:40, Hanjun Guo wrote:
> On 2018/1/31 23:05, Marc Zyngier wrote:
>> On 31/01/18 14:38, Ard Biesheuvel wrote:
>>> On 31 January 2018 at 14:35, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:
>>>> On 31 January 2018 at 14:11, Marc Zyngier <marc.zyngier@xxxxxxx> wrote:
>>>>> On 31/01/18 13:56, Hanjun Guo wrote:
>>>>>> Hi Marc,
>>>>>>
>>>>>> On 2018/1/30 1:45, Marc Zyngier wrote:
>>>>>>> static int enable_psci_bp_hardening(void *data)
>>>>>>> {
>>>>>>> const struct arm64_cpu_capabilities *entry = data;
>>>>>>>
>>>>>>> - if (psci_ops.get_version)
>>>>>>> + if (psci_ops.get_version) {
>>>>>>> + if (check_smccc_arch_workaround_1(entry))
>>>>>>> + return 0;
>>>>>>
>>>>>> If I'm using the new version SMCCC, the firmware have the choicARM_SMCCC_ARCH_WORKAROUND_1e to decide
>>>>>> whether this machine needs the workaround, even if the CPU is vulnerable
>>>>>> for CVE-2017-5715, but..
>>>>>>
>>>>>>> +
>>>>>>> install_bp_hardening_cb(entry,
>>>>>>> (bp_hardening_cb_t)psci_ops.get_version,
>>>>>>> __psci_hyp_bp_inval_start,
>>>>>>> __psci_hyp_bp_inval_end);
>>>>>>
>>>>>> ..the code above seems will enable get_psci_version() for CPU and will
>>>>>> trap to trust firmware even the new version of firmware didn't say
>>>>>> we need the workaround, did I understand it correctly?
>>>>>
>>>>> Well, you only get there if we've established that your CPU is affected
>>>>> (it has an entry matching its MIDR with the HARDEN_BRANCH_PREDICTOR
>>>>> capability), and that entry points to enable_psci_bp_hardening. It is
>
> I understand, but A53, A57, A72 and etc are always in the list :)
Sorry, A53 is not susceptible to branch predictor aliasing..
Thanks
Hanjun
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
