xen/arch/arm/cpufeature.c | 3 +++ xen/arch/arm/domain.c | 12 ------------ xen/arch/arm/setup.c | 3 +-- xen/include/asm-arm/cpregs.h | 6 ------ xen/include/asm-arm/cpufeature.h | 1 - xen/include/asm-arm/domain.h | 1 - 6 files changed, 4 insertions(+), 22 deletions(-)
ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8.
In 2011 ARM deprecated any use of the ThumbEE instruction set.
This feature is untested and as per my understanding
there are no reported users for it.
Remove all the bits related to it.
Signed-off-by: Michal Orzel <michal.orzel@arm.com>
---
xen/arch/arm/cpufeature.c | 3 +++
xen/arch/arm/domain.c | 12 ------------
xen/arch/arm/setup.c | 3 +--
xen/include/asm-arm/cpregs.h | 6 ------
xen/include/asm-arm/cpufeature.h | 1 -
xen/include/asm-arm/domain.h | 1 -
6 files changed, 4 insertions(+), 22 deletions(-)
diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c
index 1d88783809..82265a72f4 100644
--- a/xen/arch/arm/cpufeature.c
+++ b/xen/arch/arm/cpufeature.c
@@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void)
guest_cpuinfo.pfr32.ras = 0;
guest_cpuinfo.pfr32.ras_frac = 0;
+ /* Hide ThumbEE support */
+ guest_cpuinfo.pfr32.thumbee = 0;
+
return 0;
}
/*
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index bdd3d3e5b5..d12903407f 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -116,12 +116,6 @@ static void ctxt_switch_from(struct vcpu *p)
p->arch.cntkctl = READ_SYSREG32(CNTKCTL_EL1);
virt_timer_save(p);
- if ( is_32bit_domain(p->domain) && cpu_has_thumbee )
- {
- p->arch.teecr = READ_SYSREG32(TEECR32_EL1);
- p->arch.teehbr = READ_SYSREG32(TEEHBR32_EL1);
- }
-
#ifdef CONFIG_ARM_32
p->arch.joscr = READ_CP32(JOSCR);
p->arch.jmcr = READ_CP32(JMCR);
@@ -255,12 +249,6 @@ static void ctxt_switch_to(struct vcpu *n)
WRITE_SYSREG(n->arch.tpidrro_el0, TPIDRRO_EL0);
WRITE_SYSREG(n->arch.tpidr_el1, TPIDR_EL1);
- if ( is_32bit_domain(n->domain) && cpu_has_thumbee )
- {
- WRITE_SYSREG32(n->arch.teecr, TEECR32_EL1);
- WRITE_SYSREG32(n->arch.teehbr, TEEHBR32_EL1);
- }
-
#ifdef CONFIG_ARM_32
WRITE_CP32(n->arch.joscr, JOSCR);
WRITE_CP32(n->arch.jmcr, JMCR);
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index 9ba2f267f6..76841262e3 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -165,12 +165,11 @@ static void __init processor_id(void)
printk("32-bit Execution:\n");
printk(" Processor Features: %"PRIregister":%"PRIregister"\n",
boot_cpu_data.pfr32.bits[0], boot_cpu_data.pfr32.bits[1]);
- printk(" Instruction Sets:%s%s%s%s%s%s\n",
+ printk(" Instruction Sets:%s%s%s%s%s\n",
cpu_has_aarch32 ? " AArch32" : "",
cpu_has_arm ? " A32" : "",
cpu_has_thumb ? " Thumb" : "",
cpu_has_thumb2 ? " Thumb-2" : "",
- cpu_has_thumbee ? " ThumbEE" : "",
cpu_has_jazelle ? " Jazelle" : "");
printk(" Extensions:%s%s\n",
cpu_has_gentimer ? " GenericTimer" : "",
diff --git a/xen/include/asm-arm/cpregs.h b/xen/include/asm-arm/cpregs.h
index 6daf2b1a30..2966c21708 100644
--- a/xen/include/asm-arm/cpregs.h
+++ b/xen/include/asm-arm/cpregs.h
@@ -87,13 +87,9 @@
#define DBGOSDLR p14,0,c1,c3,4 /* OS Double Lock */
#define DBGPRCR p14,0,c1,c4,4 /* Debug Power Control Register */
-/* CP14 CR0: */
-#define TEECR p14,6,c0,c0,0 /* ThumbEE Configuration Register */
-
/* CP14 CR1: */
#define DBGDRAR64 p14,0,c1 /* Debug ROM Address Register (64-bit access) */
#define DBGDRAR p14,0,c1,c0,0 /* Debug ROM Address Register (32-bit access) */
-#define TEEHBR p14,6,c1,c0,0 /* ThumbEE Handler Base Register */
#define JOSCR p14,7,c1,c0,0 /* Jazelle OS Control Register */
/* CP14 CR2: */
@@ -344,8 +340,6 @@
#define SCTLR_EL1 SCTLR
#define SCTLR_EL2 HSCTLR
#define TCR_EL1 TTBCR
-#define TEECR32_EL1 TEECR
-#define TEEHBR32_EL1 TEEHBR
#define TPIDRRO_EL0 TPIDRURO
#define TPIDR_EL0 TPIDRURW
#define TPIDR_EL1 TPIDRPRW
diff --git a/xen/include/asm-arm/cpufeature.h b/xen/include/asm-arm/cpufeature.h
index ba48db3eac..f02ae8fde2 100644
--- a/xen/include/asm-arm/cpufeature.h
+++ b/xen/include/asm-arm/cpufeature.h
@@ -27,7 +27,6 @@
#define cpu_has_thumb (boot_cpu_feature32(thumb) >= 1)
#define cpu_has_thumb2 (boot_cpu_feature32(thumb) >= 3)
#define cpu_has_jazelle (boot_cpu_feature32(jazelle) > 0)
-#define cpu_has_thumbee (boot_cpu_feature32(thumbee) == 1)
#define cpu_has_aarch32 (cpu_has_arm || cpu_has_thumb)
#ifdef CONFIG_ARM_32
diff --git a/xen/include/asm-arm/domain.h b/xen/include/asm-arm/domain.h
index 1da90f207d..d5080a6df6 100644
--- a/xen/include/asm-arm/domain.h
+++ b/xen/include/asm-arm/domain.h
@@ -167,7 +167,6 @@ struct arch_vcpu
/* HYP configuration */
register_t hcr_el2;
- uint32_t teecr, teehbr; /* ThumbEE, 32-bit guests only */
#ifdef CONFIG_ARM_32
/*
* ARMv8 only supports a trivial implementation on Jazelle when in AArch32
--
2.29.0
Hi Michal, On 13/04/2021 09:24, Michal Orzel wrote: > ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8. > In 2011 ARM deprecated any use of the ThumbEE instruction set. This doesn't mean this is not present in any CPU. In fact, in the same section (see A2.10 in ARM DDI 0406C.d): "ThumbEE is both the name of the instruction set and the name of the extension that provides support for that instruction set. The ThumbEE Extension is: - Required in implementations of the ARMv7-A profile. - Optional in implementations of the ARMv7-R profile. " > > This feature is untested and as per my understanding > there are no reported users for it. > > Remove all the bits related to it. > > Signed-off-by: Michal Orzel <michal.orzel@arm.com> > --- > xen/arch/arm/cpufeature.c | 3 +++ > xen/arch/arm/domain.c | 12 ------------ > xen/arch/arm/setup.c | 3 +-- > xen/include/asm-arm/cpregs.h | 6 ------ > xen/include/asm-arm/cpufeature.h | 1 - > xen/include/asm-arm/domain.h | 1 - > 6 files changed, 4 insertions(+), 22 deletions(-) > > diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c > index 1d88783809..82265a72f4 100644 > --- a/xen/arch/arm/cpufeature.c > +++ b/xen/arch/arm/cpufeature.c > @@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void) > guest_cpuinfo.pfr32.ras = 0; > guest_cpuinfo.pfr32.ras_frac = 0; > > + /* Hide ThumbEE support */ > + guest_cpuinfo.pfr32.thumbee = 0; Even if you hide the feature from the guest, the registers are still accessible. So you are not removing support but just opening a potential security hole as the registers now gets shared... Looking at the spec, it doesn't look like it is possible to trap them. In any case, the number of registers to save/restore is pretty limited. So I don't see the problem to keep the code around. It doesn't mean the feature is working, it just means we properly keep the domain isolated from each other. Cheers, -- Julien Grall
Hi Julien, On 13.04.2021 11:07, Julien Grall wrote: > Hi Michal, > > On 13/04/2021 09:24, Michal Orzel wrote: >> ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8. >> In 2011 ARM deprecated any use of the ThumbEE instruction set. > > This doesn't mean this is not present in any CPU. In fact, in the same section (see A2.10 in ARM DDI 0406C.d): > > "ThumbEE is both the name of the instruction set and the name of the extension that provides support for that > instruction set. The ThumbEE Extension is: > - Required in implementations of the ARMv7-A profile. > - Optional in implementations of the ARMv7-R profile. > " > >> >> This feature is untested and as per my understanding >> there are no reported users for it. > >> Remove all the bits related to it. >> >> Signed-off-by: Michal Orzel <michal.orzel@arm.com> > --- >> xen/arch/arm/cpufeature.c | 3 +++ >> xen/arch/arm/domain.c | 12 ------------ >> xen/arch/arm/setup.c | 3 +-- >> xen/include/asm-arm/cpregs.h | 6 ------ >> xen/include/asm-arm/cpufeature.h | 1 - >> xen/include/asm-arm/domain.h | 1 - >> 6 files changed, 4 insertions(+), 22 deletions(-) >> >> diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c >> index 1d88783809..82265a72f4 100644 >> --- a/xen/arch/arm/cpufeature.c >> +++ b/xen/arch/arm/cpufeature.c >> @@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void) >> guest_cpuinfo.pfr32.ras = 0; >> guest_cpuinfo.pfr32.ras_frac = 0; >> + /* Hide ThumbEE support */ >> + guest_cpuinfo.pfr32.thumbee = 0; > > Even if you hide the feature from the guest, the registers are still accessible. So you are not removing support but just opening a potential security hole as the registers now gets shared... > > Looking at the spec, it doesn't look like it is possible to trap them. Looking at the spec for ARMv7A/R: https://developer.arm.com/documentation/ddi0406/c/System-Level-Architecture/System-Control-Registers-in-a-VMSA-implementation/VMSA-System-control-registers-descriptions--in-register-order/HSTR--Hyp-System-Trap-Register--Virtualization-Extensions we can trap Thumbee operations. This means that we will not open the security hole. > > In any case, the number of registers to save/restore is pretty limited. So I don't see the problem to keep the code around. It doesn't mean the feature is working, it just means we properly keep the domain isolated from each other. > > Cheers, > Cheers, Michal
On 13/04/2021 10:32, Michal Orzel wrote: > Hi Julien, > > On 13.04.2021 11:07, Julien Grall wrote: >> Hi Michal, >> >> On 13/04/2021 09:24, Michal Orzel wrote: >>> ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8. >>> In 2011 ARM deprecated any use of the ThumbEE instruction set. >> >> This doesn't mean this is not present in any CPU. In fact, in the same section (see A2.10 in ARM DDI 0406C.d): >> >> "ThumbEE is both the name of the instruction set and the name of the extension that provides support for that >> instruction set. The ThumbEE Extension is: >> - Required in implementations of the ARMv7-A profile. >> - Optional in implementations of the ARMv7-R profile. >> " >> >>> >>> This feature is untested and as per my understanding >>> there are no reported users for it. > >>> Remove all the bits related to it. >>> >>> Signed-off-by: Michal Orzel <michal.orzel@arm.com> > --- >>> xen/arch/arm/cpufeature.c | 3 +++ >>> xen/arch/arm/domain.c | 12 ------------ >>> xen/arch/arm/setup.c | 3 +-- >>> xen/include/asm-arm/cpregs.h | 6 ------ >>> xen/include/asm-arm/cpufeature.h | 1 - >>> xen/include/asm-arm/domain.h | 1 - >>> 6 files changed, 4 insertions(+), 22 deletions(-) >>> >>> diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c >>> index 1d88783809..82265a72f4 100644 >>> --- a/xen/arch/arm/cpufeature.c >>> +++ b/xen/arch/arm/cpufeature.c >>> @@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void) >>> guest_cpuinfo.pfr32.ras = 0; >>> guest_cpuinfo.pfr32.ras_frac = 0; >>> + /* Hide ThumbEE support */ >>> + guest_cpuinfo.pfr32.thumbee = 0; >> >> Even if you hide the feature from the guest, the registers are still accessible. So you are not removing support but just opening a potential security hole as the registers now gets shared... >> >> Looking at the spec, it doesn't look like it is possible to trap them. > Looking at the spec for ARMv7A/R: > https://developer.arm.com/documentation/ddi0406/c/System-Level-Architecture/System-Control-Registers-in-a-VMSA-implementation/VMSA-System-control-registers-descriptions--in-register-order/HSTR--Hyp-System-Trap-Register--Virtualization-Extensions > we can trap Thumbee operations. > This means that we will not open the security hole. That's for pointing that out. However, I am not still not sure why you want to drop the code. Yes this is technically untested, but: 1) The change is very small 2) There are CPU out there supporting it (it is mandated after all). -- Julien Grall
On 13.04.2021 11:42, Julien Grall wrote: > > > On 13/04/2021 10:32, Michal Orzel wrote: >> Hi Julien, >> >> On 13.04.2021 11:07, Julien Grall wrote: >>> Hi Michal, >>> >>> On 13/04/2021 09:24, Michal Orzel wrote: >>>> ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8. >>>> In 2011 ARM deprecated any use of the ThumbEE instruction set. >>> >>> This doesn't mean this is not present in any CPU. In fact, in the same section (see A2.10 in ARM DDI 0406C.d): >>> >>> "ThumbEE is both the name of the instruction set and the name of the extension that provides support for that >>> instruction set. The ThumbEE Extension is: >>> - Required in implementations of the ARMv7-A profile. >>> - Optional in implementations of the ARMv7-R profile. >>> " >>> >>>> >>>> This feature is untested and as per my understanding >>>> there are no reported users for it. > >>>> Remove all the bits related to it. >>>> >>>> Signed-off-by: Michal Orzel <michal.orzel@arm.com> > --- >>>> xen/arch/arm/cpufeature.c | 3 +++ >>>> xen/arch/arm/domain.c | 12 ------------ >>>> xen/arch/arm/setup.c | 3 +-- >>>> xen/include/asm-arm/cpregs.h | 6 ------ >>>> xen/include/asm-arm/cpufeature.h | 1 - >>>> xen/include/asm-arm/domain.h | 1 - >>>> 6 files changed, 4 insertions(+), 22 deletions(-) >>>> >>>> diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c >>>> index 1d88783809..82265a72f4 100644 >>>> --- a/xen/arch/arm/cpufeature.c >>>> +++ b/xen/arch/arm/cpufeature.c >>>> @@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void) >>>> guest_cpuinfo.pfr32.ras = 0; >>>> guest_cpuinfo.pfr32.ras_frac = 0; >>>> + /* Hide ThumbEE support */ >>>> + guest_cpuinfo.pfr32.thumbee = 0; >>> >>> Even if you hide the feature from the guest, the registers are still accessible. So you are not removing support but just opening a potential security hole as the registers now gets shared... >>> >>> Looking at the spec, it doesn't look like it is possible to trap them. >> Looking at the spec for ARMv7A/R: >> https://developer.arm.com/documentation/ddi0406/c/System-Level-Architecture/System-Control-Registers-in-a-VMSA-implementation/VMSA-System-control-registers-descriptions--in-register-order/HSTR--Hyp-System-Trap-Register--Virtualization-Extensions >> we can trap Thumbee operations. >> This means that we will not open the security hole. > > That's for pointing that out. However, I am not still not sure why you want to drop the code. Yes this is technically untested, but: > 1) The change is very small > 2) There are CPU out there supporting it (it is mandated after all). > I wanted to drop the support for thumbee due to the following reasons: -it is untested -it is deprecated -no reported users for this feature -KVM did that If you think we should not do this, then I am ok to abandon this patch.
On 13/04/2021 10:59, Michal Orzel wrote: > > > On 13.04.2021 11:42, Julien Grall wrote: >> >> >> On 13/04/2021 10:32, Michal Orzel wrote: >>> Hi Julien, >>> >>> On 13.04.2021 11:07, Julien Grall wrote: >>>> Hi Michal, >>>> >>>> On 13/04/2021 09:24, Michal Orzel wrote: >>>>> ThumbEE(T32EE) was introduced in ARMv7 and removed in ARMv8. >>>>> In 2011 ARM deprecated any use of the ThumbEE instruction set. >>>> >>>> This doesn't mean this is not present in any CPU. In fact, in the same section (see A2.10 in ARM DDI 0406C.d): >>>> >>>> "ThumbEE is both the name of the instruction set and the name of the extension that provides support for that >>>> instruction set. The ThumbEE Extension is: >>>> - Required in implementations of the ARMv7-A profile. >>>> - Optional in implementations of the ARMv7-R profile. >>>> " >>>> >>>>> >>>>> This feature is untested and as per my understanding >>>>> there are no reported users for it. > >>>>> Remove all the bits related to it. >>>>> >>>>> Signed-off-by: Michal Orzel <michal.orzel@arm.com> > --- >>>>> xen/arch/arm/cpufeature.c | 3 +++ >>>>> xen/arch/arm/domain.c | 12 ------------ >>>>> xen/arch/arm/setup.c | 3 +-- >>>>> xen/include/asm-arm/cpregs.h | 6 ------ >>>>> xen/include/asm-arm/cpufeature.h | 1 - >>>>> xen/include/asm-arm/domain.h | 1 - >>>>> 6 files changed, 4 insertions(+), 22 deletions(-) >>>>> >>>>> diff --git a/xen/arch/arm/cpufeature.c b/xen/arch/arm/cpufeature.c >>>>> index 1d88783809..82265a72f4 100644 >>>>> --- a/xen/arch/arm/cpufeature.c >>>>> +++ b/xen/arch/arm/cpufeature.c >>>>> @@ -209,6 +209,9 @@ static int __init create_guest_cpuinfo(void) >>>>> guest_cpuinfo.pfr32.ras = 0; >>>>> guest_cpuinfo.pfr32.ras_frac = 0; >>>>> + /* Hide ThumbEE support */ >>>>> + guest_cpuinfo.pfr32.thumbee = 0; >>>> >>>> Even if you hide the feature from the guest, the registers are still accessible. So you are not removing support but just opening a potential security hole as the registers now gets shared... >>>> >>>> Looking at the spec, it doesn't look like it is possible to trap them. >>> Looking at the spec for ARMv7A/R: >>> https://developer.arm.com/documentation/ddi0406/c/System-Level-Architecture/System-Control-Registers-in-a-VMSA-implementation/VMSA-System-control-registers-descriptions--in-register-order/HSTR--Hyp-System-Trap-Register--Virtualization-Extensions >>> we can trap Thumbee operations. >>> This means that we will not open the security hole. >> >> That's for pointing that out. However, I am not still not sure why you want to drop the code. Yes this is technically untested, but: >> 1) The change is very small >> 2) There are CPU out there supporting it (it is mandated after all). >> > I wanted to drop the support for thumbee due to the following reasons: > -it is untested > -it is deprecated Deprecated only means new code should avoid to use the instruction set. But it is still present for existing code until they are migrated to a newer instruction set. However, as I pointed out only the instruction set is deprecated. The extension itself is mandated by Armv7-A. > -no reported users for this feature We probably only see the tip of the iceberg in term of the users. If the feature/pain is quite small to the community, then we should try to not drop feature. > -KVM did that Well, KVM fully dropped 32-bit support. But I am not yet in favor of that in Xen. > > If you think we should not do this, then I am ok to abandon this patch. Based on the information you provided, I think we should keep support. Cheers, -- Julien Grall
© 2016 - 2024 Red Hat, Inc.