mbox series

[for-4.13,v4,00/19] xen/arm: XSA-201 and XSA-263 fixes

Message ID 20191031150922.22938-1-julien.grall@arm.com (mailing list archive)
Headers show
Series xen/arm: XSA-201 and XSA-263 fixes | expand

Message

Julien Grall Oct. 31, 2019, 3:09 p.m. UTC
Hi all,

This is v4 of the series. For those wondering why it is v4 and not v2, this
series is closely related to XSA-303 [1] and refrained to post a new version
publicly. To avoid delaying the series was reviewed privately on security@.

The series is now nearly fully reviewed. There are just a few missing tags
for patch #11, #12 and #19.

The series is based on XSA-303 which has not yet been committed. For
convenience, I have pushed a branch on my public git:

https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git
branch entry-rework/v4

@Juergen: On v1, you agreed this should be considered as a blocker for Xen 4.13.
Are you still happy to consider this series to go in Xen 4.13?This is mostly
fixing up the non-XSA part of XSA-303. This should allow to handle properly
SSBD workaround and receive safely SErrors.

Cheers,

[1] https://xenbits.xen.org/xsa/advisory-303.html

Cc: jgross@suse.com

Julien Grall (18):
  docs/misc: xen-command-line: Remove wrong statement from
    serrors=diverse
  xen/arm: Remove serrors=forward
  xen/arm: traps: Rework __do_serror() documentation
  docs/misc: xen-command-line: Rework documentation of the option
    'serrors'
  xen/arm: traps: Update the correct PC when inject a virtual SError to
    the guest
  xen/arm64: entry: Avoid open-coding interrupt flags
  xen/arm64: entry: Introduce a macro to generate guest vector and use
    it
  xen/arm64: entry: Check if an SError is pending when receiving a
    vSError
  xen/arm: traps: Rework entry/exit from the guest path
  xen/arm32: entry: Rename save_guest_regs()
  xen/arm: Ensure the SSBD workaround is re-enabled right after exiting
    a guest
  xen/arm: traps: Don't ignore invalid value for serrors=
  xen/arm: alternative: Remove unused parameter for
    alternative_if_not_cap
  xen/arm: Move ARCH_PATCH_INSN_SIZE out of the header livepatch.h
  xen/arm: Allow insn.h to be called from assembly
  xen/arm: asm: Replace use of ALTERNATIVE with alternative_if
  xen/arm: Update the ASSERT() in SYNCHRONIZE_SERROR()
  xen/arm: entry: Ensure the guest state is synced when receiving a
    vSError

Mark Rutland (1):
  xen/arm: alternative: add auto-nop infrastructure

 docs/misc/xen-command-line.pandoc |  45 +++-------
 xen/arch/arm/alternative.c        |   2 -
 xen/arch/arm/arm32/entry.S        |  80 ++++++++++++++----
 xen/arch/arm/arm32/traps.c        |  12 +--
 xen/arch/arm/arm64/entry.S        | 170 +++++++++++++++++++++-----------------
 xen/arch/arm/domain.c             |  11 ---
 xen/arch/arm/traps.c              | 166 +++++++++++++++++--------------------
 xen/include/asm-arm/alternative.h |  75 ++++++++++++-----
 xen/include/asm-arm/cpufeature.h  |  11 ++-
 xen/include/asm-arm/insn.h        |   7 ++
 xen/include/asm-arm/livepatch.h   |   4 +-
 xen/include/asm-arm/macros.h      |   7 ++
 xen/include/asm-arm/processor.h   |   2 +-
 13 files changed, 323 insertions(+), 269 deletions(-)

Comments

Jürgen Groß Nov. 1, 2019, 10:47 a.m. UTC | #1
On 31.10.19 16:09, Julien Grall wrote:
> Hi all,
> 
> This is v4 of the series. For those wondering why it is v4 and not v2, this
> series is closely related to XSA-303 [1] and refrained to post a new version
> publicly. To avoid delaying the series was reviewed privately on security@.
> 
> The series is now nearly fully reviewed. There are just a few missing tags
> for patch #11, #12 and #19.
> 
> The series is based on XSA-303 which has not yet been committed. For
> convenience, I have pushed a branch on my public git:
> 
> https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git
> branch entry-rework/v4
> 
> @Juergen: On v1, you agreed this should be considered as a blocker for Xen 4.13.
> Are you still happy to consider this series to go in Xen 4.13?This is mostly
> fixing up the non-XSA part of XSA-303. This should allow to handle properly
> SSBD workaround and receive safely SErrors.

Yeah, still fine with me, so for the series:

Release-acked-by: Juergen Gross <jgross@suse.com>


Juergen
Julien Grall Nov. 1, 2019, 2:45 p.m. UTC | #2
Hi,

On 11/1/19 10:47 AM, Jürgen Groß wrote:
> On 31.10.19 16:09, Julien Grall wrote:
>> Hi all,
>>
>> This is v4 of the series. For those wondering why it is v4 and not v2, 
>> this
>> series is closely related to XSA-303 [1] and refrained to post a new 
>> version
>> publicly. To avoid delaying the series was reviewed privately on 
>> security@.
>>
>> The series is now nearly fully reviewed. There are just a few missing 
>> tags
>> for patch #11, #12 and #19.
>>
>> The series is based on XSA-303 which has not yet been committed. For
>> convenience, I have pushed a branch on my public git:
>>
>> https://xenbits.xen.org/git-http/people/julieng/xen-unstable.git
>> branch entry-rework/v4
>>
>> @Juergen: On v1, you agreed this should be considered as a blocker for 
>> Xen 4.13.
>> Are you still happy to consider this series to go in Xen 4.13?This is 
>> mostly
>> fixing up the non-XSA part of XSA-303. This should allow to handle 
>> properly
>> SSBD workaround and receive safely SErrors.
> 
> Yeah, still fine with me, so for the series:
> 
> Release-acked-by: Juergen Gross <jgross@suse.com>

Thank you! I took the liberty to commit the series with the renaming 
Stefano and I discussed yesterday.

Hopefully this is the last big series for Arm for Xen 4.13 :).

Cheers,