On Mon, 12 Mar 2018, [email protected] wrote: > From: Julien Grall <[email protected]> > > A recent update to the ARM SMCCC_ARCH_WORKAROUND_1 specification (see [1]) > allows firmware to return a non zero, positive value, to describe that > although the mitigation is implemented at the higher exception level, > the CPU on which the call is made is not affected. > > Relax the check on the return value from ARM_WORKAROUND_1 so that we > only error out if the returned value is negative. > > [1] https://developer.arm.com/support/security-update/downloads > "Firmware interfaces for mitigating CVE-2017-5715 System Software on Arm > Systems" > > Signed-off-by: Julien Grall <[email protected]>
Reviewed-by: Stefano Stabellini <[email protected]> > --- > This patch should be backported as part of XSA-254. > > There are potential more optimization to do as part of this > relaxation. For instance, we dropping the CPU ID recognition and > only look ad the SMCCC. Indeed there are. I assume more patches will be coming? > --- > xen/arch/arm/cpuerrata.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c > index 4eb1567589..1baa20654b 100644 > --- a/xen/arch/arm/cpuerrata.c > +++ b/xen/arch/arm/cpuerrata.c > @@ -168,7 +168,8 @@ static int enable_smccc_arch_workaround_1(void *data) > > arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FID, > ARM_SMCCC_ARCH_WORKAROUND_1_FID, &res); > - if ( res.a0 != ARM_SMCCC_SUCCESS ) > + /* The return value is in the lower 32-bits. */ > + if ( (int)res.a0 < 0 ) > goto warn; > > return !install_bp_hardening_vec(entry,__smccc_workaround_1_smc_start, > -- > 2.11.0 > _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
