On Thu, Nov 12, 2020 at 12:05:54PM +0000, Marc Zyngier wrote: > On 2020-11-09 21:47, Will Deacon wrote: > > The EL2 vectors installed when a guest is running point at one of the > > following configurations for a given CPU: > > > > - Straight at __kvm_hyp_vector > > - A trampoline containing an SMC sequence to mitigate Spectre-v2 and > > then a direct branch to __kvm_hyp_vector > > - A dynamically-allocated trampoline which has an indirect branch to > > __kvm_hyp_vector > > - A dynamically-allocated trampoline containing an SMC sequence to > > mitigate Spectre-v2 and then an indirect branch to __kvm_hyp_vector > > > > The indirect branches mean that VA randomization at EL2 isn't trivially > > bypassable using Spectre-v3a (where the vector base is readable by the > > guest). > > > > Rather than populate these vectors dynamically, configure everything > > statically and use an enumerated type to identify the vector "slot" > > corresponding to one of the configurations above. This both simplifies > > the code, but also makes it much easier to implement at EL2 later on. > > > > Cc: Marc Zyngier <maz@xxxxxxxxxx> > > Cc: Quentin Perret <qperret@xxxxxxxxxx> > > Signed-off-by: Will Deacon <will@xxxxxxxxxx> > > --- > > [...] > > > SYM_CODE_START(__bp_harden_hyp_vecs) > > - .rept BP_HARDEN_EL2_SLOTS > > - generate_vectors > > - .endr > > + generate_vectors indirect = 0, spectrev2 = 0 // HYP_VECTOR_DIRECT > > + generate_vectors indirect = 0, spectrev2 = 1 // > > HYP_VECTOR_SPECTRE_DIRECT > > + generate_vectors indirect = 1, spectrev2 = 0 // HYP_VECTOR_INDIRECT > > + generate_vectors indirect = 1, spectrev2 = 1 // > > HYP_VECTOR_SPECTRE_INDIRECT > > Another nit (though I'm not sure if it it's a regression or not): > Why do we generate a set of hardened vectors for HYP_VECTOR_DIRECT? > The code in kvm_init_vector_slots() directly points the per-CPU VBAR > to __kvm_hyp_vector, which is the right thing to do. I don't think we > ever use slot 0 in __bp_harden_hyp_vecs, wasting 2kB of text. > > Did I miss something? It's inherited from the old code, but I agree that the first slot is unused. We should be able to remove it afaict if we separate BP_HARDEN_EL2_SLOTS and __BP_HARDEN_HYP_VECS_SZ but, as ever, testing this is a massive pain. I'll add a patch on top for the next version. Will _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
