From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] KVM: PPC: Book3S: Provide information about
 hardware/firmware CVE workarounds
Date: Wed, 17 Jan 2018 19:03:13 +0100
Message-ID: <19b0b672-ba88-b859-8a03-4a538bfc8c3a@redhat.com>
References: <20180116005906.GA5434@fergus.ozlabs.ibm.com>
 <67f22a14-7192-bc55-b2ed-dfb2f3c33e03@redhat.com>
 <20180116215100.GB15196@fergus.ozlabs.ibm.com> <20180117142710.GA19817@flask>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: kvm@vger.kernel.org, kvm-ppc@vger.kernel.org,
        David Gibson <david@gibson.dropbear.id.au>
To: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Paul Mackerras <paulus@ozlabs.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:39400 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752268AbeAQSD2 (ORCPT <rfc822;kvm@vger.kernel.org>);
        Wed, 17 Jan 2018 13:03:28 -0500
In-Reply-To: <20180117142710.GA19817@flask>
Content-Language: en-US
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 17/01/2018 15:27, Radim Krčmář wrote:
> 2018-01-17 08:51+1100, Paul Mackerras:
>> On Tue, Jan 16, 2018 at 03:45:11PM +0100, Paolo Bonzini wrote:
>>> On 16/01/2018 01:59, Paul Mackerras wrote:
>>>> This adds a new ioctl, KVM_PPC_GET_CPU_CHAR, that gives userspace
>>>> information about the underlying machine's level of vulnerability
>>>> to the recently announced vulnerabilities CVE-2017-5715,
>>>> CVE-2017-5753 and CVE-2017-5754, and whether the machine provides
>>>> instructions to assist software to work around the vulnerabilities.
>>>>
>>>> The ioctl returns two u64 words describing characteristics of the
>>>> CPU and required software behaviour respectively, plus two mask
>>>> words which indicate which bits have been filled in by the kernel,
>>>> for extensibility.  The bit definitions are the same as for the
>>>> new H_GET_CPU_CHARACTERISTICS hypercall.
>>>>
>>>> There is also a new capability, KVM_CAP_PPC_GET_CPU_CHAR, which
>>>> indicates whether the new ioctl is available.
>>>>
>>>> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
>>>> ---
>>>
>>> Thanks, looks good.  Would you like this in 4.15?
>>
>> Yes please.  Will you just apply the patch, or do you want me to put
>> it in a branch for you to pull?
> 
> I can apply it directly.
> 
> Do I understand correctly that the interface is a KVM hypercall because
                                                        ^^^^^^^^^

ioctl?

> we need to forward this information into guests and other userspace can
> do nothing with the information?

There will probably be someone else that can consume it sooner or later.
 sysfs or /proc/cpuinfo probably would be a better interface.  But I
guess KVM is the prime consumer...

Paolo

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 17 Jan 2018 18:03:13 +0000
Subject: Re: [PATCH] KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds
Message-Id: <19b0b672-ba88-b859-8a03-4a538bfc8c3a@redhat.com>
List-Id: <kvm-ppc.vger.kernel.org>
References: <20180116005906.GA5434@fergus.ozlabs.ibm.com>
 <67f22a14-7192-bc55-b2ed-dfb2f3c33e03@redhat.com>
 <20180116215100.GB15196@fergus.ozlabs.ibm.com> <20180117142710.GA19817@flask>
In-Reply-To: <20180117142710.GA19817@flask>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
To: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>, Paul Mackerras <paulus@ozlabs.org>
Cc: kvm@vger.kernel.org, kvm-ppc@vger.kernel.org, David Gibson <david@gibson.dropbear.id.au>

On 17/01/2018 15:27, Radim Krčmář wrote:
> 2018-01-17 08:51+1100, Paul Mackerras:
>> On Tue, Jan 16, 2018 at 03:45:11PM +0100, Paolo Bonzini wrote:
>>> On 16/01/2018 01:59, Paul Mackerras wrote:
>>>> This adds a new ioctl, KVM_PPC_GET_CPU_CHAR, that gives userspace
>>>> information about the underlying machine's level of vulnerability
>>>> to the recently announced vulnerabilities CVE-2017-5715,
>>>> CVE-2017-5753 and CVE-2017-5754, and whether the machine provides
>>>> instructions to assist software to work around the vulnerabilities.
>>>>
>>>> The ioctl returns two u64 words describing characteristics of the
>>>> CPU and required software behaviour respectively, plus two mask
>>>> words which indicate which bits have been filled in by the kernel,
>>>> for extensibility.  The bit definitions are the same as for the
>>>> new H_GET_CPU_CHARACTERISTICS hypercall.
>>>>
>>>> There is also a new capability, KVM_CAP_PPC_GET_CPU_CHAR, which
>>>> indicates whether the new ioctl is available.
>>>>
>>>> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
>>>> ---
>>>
>>> Thanks, looks good.  Would you like this in 4.15?
>>
>> Yes please.  Will you just apply the patch, or do you want me to put
>> it in a branch for you to pull?
> 
> I can apply it directly.
> 
> Do I understand correctly that the interface is a KVM hypercall because
                                                        ^^^^^^^^^

ioctl?

> we need to forward this information into guests and other userspace can
> do nothing with the information?

There will probably be someone else that can consume it sooner or later.
 sysfs or /proc/cpuinfo probably would be a better interface.  But I
guess KVM is the prime consumer...

Paolo