Re: [PATCH v3 2/4] xen: make VMAP only support in MMU system

Wed, 14 Aug 2024 03:55:37 -0700 

Hi Jan,

On 14/08/2024 07:37, Jan Beulich wrote:

On 13.08.2024 19:13, Ayan Kumar Halder wrote:

From: Penny Zheng <penny.zh...@arm.com>

Introduced CONFIG_VMAP which is selected by the architectures that use
MMU. vm_init() does not do anything if CONFIG_VMAP is not enabled.

VMAP is widely used in ALTERNATIVE feature to remap a range of memory
with new memory attributes. Since this is highly dependent on virtual
address translation, we choose to fold VMAP in MMU system.

In this patch, we introduce a new Kconfig CONFIG_HAS_VMAP, and make it
only support in MMU system on ARM architecture. And ALTERNATIVE now
depends on VMAP.

HARDEN_BRANCH_PREDICTOR is now gated on HAS_VMAP as speculative
attacks are not possible on non MMU based systems (ie Cortex-R52, R82).
See 
https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability.

While I'm not an Arm expert and hence I'm likely missing aspects, I question
the one (Spectre-BHB) vulnerability there to be sufficient to draw a
conclusion towards the usefulness of branch hardening. I would advise
against encoding such a connection in the Kconfig dependencies.
AFAIU, to address 'Spectre' like vulnerabilities 'branch hardening' was added. 

See https://lore.kernel.org/all/e1fnadd-0000fz...@rmk-pc.armlinux.org.uk/
And from https://lists.linaro.org/archives/list/linux-stable-mir...@lists.linaro.org/message/F4MGL4WT2R7T54NLRDGKFRQNSXF3DZGD/ 

Spectre is valid on MMU based systems.

Thus, I would make 'branch hardenining' valid on MMU based systems only.

Let me know your thoughts.




--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -1,6 +1,7 @@
  config X86_64
        def_bool y
        select 64BIT
+       select HAS_VMAP
config X86 
        def_bool y
@@ -31,6 +32,7 @@ config X86
        select HAS_UBSAN
        select HAS_VPCI if HVM
        select NEEDS_LIBELF
+       select HAS_VMAP

Why in two places? Also please respect alphabetic sorting here (if this
hunk is kept, which may be the more consistent approach) ...
My mistake. I initially thought user could select one of the two. However, "vm_init()" is invoked only from xen/arch/x86/setup.c. 

Thus, keeping 'HAS_VMAP' under 'config X86' is dufficient.

I agree that HAS_VMAP needs to go before HAS_VPCI.




--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -77,6 +77,9 @@ config HAS_PIRQ
  config HAS_PMAP
        bool
+config HAS_VMAP 
+       bool
+
  config HAS_SCHED_GRANULARITY
        bool

... and here.


Yes, it needs to go after HAS_UBSAN.

- Ayan



Jan

Reply via email to