From: Christoffer Dall <christoffer.dall@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Peter Maydell <peter.maydell@linaro.org>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Andrew Jones <drjones@redhat.com>,
Hanjun Guo <guohanjun@huawei.com>,
Jayachandran C <jnair@caviumnetworks.com>,
Jon Masters <jcm@redhat.com>,
Russell King - ARM Linux <linux@armlinux.org.uk>
Subject: Re: [PATCH v3 11/18] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
Date: Sun, 4 Feb 2018 19:39:01 +0100 [thread overview]
Message-ID: <20180204183901.GO21802@cbox> (raw)
In-Reply-To: <20180201114657.7323-12-marc.zyngier@arm.com>
On Thu, Feb 01, 2018 at 11:46:50AM +0000, Marc Zyngier wrote:
> A new feature of SMCCC 1.1 is that it offers firmware-based CPU
> workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides
> BP hardening for CVE-2017-5715.
>
> If the host has some mitigation for this issue, report that
> we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the
> host workaround on every guest exit.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/include/asm/kvm_host.h | 7 +++++++
> arch/arm64/include/asm/kvm_host.h | 6 ++++++
> include/linux/arm-smccc.h | 5 +++++
> virt/kvm/arm/psci.c | 9 ++++++++-
> 4 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index e9d57060d88c..6c05e3b13081 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -309,4 +309,11 @@ static inline void kvm_fpsimd_flush_cpu_state(void) {}
>
> static inline void kvm_arm_vhe_guest_enter(void) {}
> static inline void kvm_arm_vhe_guest_exit(void) {}
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return false;
> +}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 10af386642c6..448d3b9a58cb 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -418,4 +418,10 @@ static inline void kvm_arm_vhe_guest_exit(void)
> {
> local_daif_restore(DAIF_PROCCTX_NOIRQ);
> }
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
> index dc68aa5a7261..e1ef944ef1da 100644
> --- a/include/linux/arm-smccc.h
> +++ b/include/linux/arm-smccc.h
> @@ -73,6 +73,11 @@
> ARM_SMCCC_SMC_32, \
> 0, 1)
>
> +#define ARM_SMCCC_ARCH_WORKAROUND_1 \
> + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
> + ARM_SMCCC_SMC_32, \
> + 0, 0x8000)
> +
> #ifndef __ASSEMBLY__
>
> #include <linux/linkage.h>
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index 2efacbe7b1a2..22c24561d07d 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -406,13 +406,20 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 feature;
>
> switch (func_id) {
> case ARM_SMCCC_VERSION_FUNC_ID:
> val = ARM_SMCCC_VERSION_1_1;
> break;
> case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:
> - /* Nothing supported yet */
> + feature = smccc_get_arg1(vcpu);
> + switch(feature) {
> + case ARM_SMCCC_ARCH_WORKAROUND_1:
> + if (kvm_arm_harden_branch_predictor())
> + val = 0;
> + break;
> + }
> break;
> default:
> return kvm_psci_call(vcpu);
> --
> 2.14.2
>
WARNING: multiple messages have this Message-ID (diff)
From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 11/18] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
Date: Sun, 4 Feb 2018 19:39:01 +0100 [thread overview]
Message-ID: <20180204183901.GO21802@cbox> (raw)
In-Reply-To: <20180201114657.7323-12-marc.zyngier@arm.com>
On Thu, Feb 01, 2018 at 11:46:50AM +0000, Marc Zyngier wrote:
> A new feature of SMCCC 1.1 is that it offers firmware-based CPU
> workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides
> BP hardening for CVE-2017-5715.
>
> If the host has some mitigation for this issue, report that
> we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the
> host workaround on every guest exit.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/include/asm/kvm_host.h | 7 +++++++
> arch/arm64/include/asm/kvm_host.h | 6 ++++++
> include/linux/arm-smccc.h | 5 +++++
> virt/kvm/arm/psci.c | 9 ++++++++-
> 4 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index e9d57060d88c..6c05e3b13081 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -309,4 +309,11 @@ static inline void kvm_fpsimd_flush_cpu_state(void) {}
>
> static inline void kvm_arm_vhe_guest_enter(void) {}
> static inline void kvm_arm_vhe_guest_exit(void) {}
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return false;
> +}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 10af386642c6..448d3b9a58cb 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -418,4 +418,10 @@ static inline void kvm_arm_vhe_guest_exit(void)
> {
> local_daif_restore(DAIF_PROCCTX_NOIRQ);
> }
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
> index dc68aa5a7261..e1ef944ef1da 100644
> --- a/include/linux/arm-smccc.h
> +++ b/include/linux/arm-smccc.h
> @@ -73,6 +73,11 @@
> ARM_SMCCC_SMC_32, \
> 0, 1)
>
> +#define ARM_SMCCC_ARCH_WORKAROUND_1 \
> + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
> + ARM_SMCCC_SMC_32, \
> + 0, 0x8000)
> +
> #ifndef __ASSEMBLY__
>
> #include <linux/linkage.h>
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index 2efacbe7b1a2..22c24561d07d 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -406,13 +406,20 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 feature;
>
> switch (func_id) {
> case ARM_SMCCC_VERSION_FUNC_ID:
> val = ARM_SMCCC_VERSION_1_1;
> break;
> case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:
> - /* Nothing supported yet */
> + feature = smccc_get_arg1(vcpu);
> + switch(feature) {
> + case ARM_SMCCC_ARCH_WORKAROUND_1:
> + if (kvm_arm_harden_branch_predictor())
> + val = 0;
> + break;
> + }
> break;
> default:
> return kvm_psci_call(vcpu);
> --
> 2.14.2
>
next prev parent reply other threads:[~2018-02-04 18:39 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 11:46 [PATCH v3 00/18] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 01/18] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 02/18] arm: " Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 03/18] arm64: KVM: Increment PC after handling an SMC trap Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 04/18] arm/arm64: KVM: Consolidate the PSCI include files Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 05/18] arm/arm64: KVM: Add PSCI_VERSION helper Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 06/18] arm/arm64: KVM: Add smccc accessors to PSCI code Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 07/18] arm/arm64: KVM: Implement PSCI 1.0 support Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 08/18] arm/arm64: KVM: Add PSCI version selection API Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 20:17 ` Andrew Jones
2018-02-02 20:17 ` Andrew Jones
2018-02-02 20:17 ` Andrew Jones
2018-02-03 11:59 ` Marc Zyngier
2018-02-03 11:59 ` Marc Zyngier
2018-02-03 11:59 ` Marc Zyngier
2018-02-04 12:37 ` Christoffer Dall
2018-02-04 12:37 ` Christoffer Dall
2018-02-05 9:24 ` Marc Zyngier
2018-02-05 9:24 ` Marc Zyngier
2018-02-05 9:24 ` Marc Zyngier
2018-02-05 9:58 ` Andrew Jones
2018-02-05 9:58 ` Andrew Jones
2018-02-05 9:58 ` Andrew Jones
2018-02-05 10:42 ` Marc Zyngier
2018-02-05 10:42 ` Marc Zyngier
2018-02-05 10:50 ` Christoffer Dall
2018-02-05 10:50 ` Christoffer Dall
2018-02-05 11:08 ` Marc Zyngier
2018-02-05 11:08 ` Marc Zyngier
2018-02-05 9:47 ` Andrew Jones
2018-02-05 9:47 ` Andrew Jones
2018-02-05 9:47 ` Andrew Jones
2018-02-05 9:25 ` Andrew Jones
2018-02-05 9:25 ` Andrew Jones
2018-02-04 12:38 ` Christoffer Dall
2018-02-04 12:38 ` Christoffer Dall
2018-02-05 9:30 ` Marc Zyngier
2018-02-05 9:30 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 09/18] arm/arm64: KVM: Advertise SMCCC v1.1 Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-04 18:38 ` Christoffer Dall
2018-02-04 18:38 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 10/18] arm/arm64: KVM: Turn kvm_psci_version into a static inline Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-04 18:38 ` Christoffer Dall
2018-02-04 18:38 ` Christoffer Dall
2018-02-04 18:38 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 11/18] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-04 18:39 ` Christoffer Dall [this message]
2018-02-04 18:39 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 12/18] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-04 18:39 ` Christoffer Dall
2018-02-04 18:39 ` Christoffer Dall
2018-02-05 9:08 ` Marc Zyngier
2018-02-05 9:08 ` Marc Zyngier
2018-02-05 9:08 ` Marc Zyngier
2018-02-05 10:18 ` Christoffer Dall
2018-02-05 10:18 ` Christoffer Dall
2018-02-05 10:18 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 13/18] firmware/psci: Expose PSCI conduit Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 12:25 ` Robin Murphy
2018-02-01 12:25 ` Robin Murphy
2018-02-01 11:46 ` [PATCH v3 14/18] firmware/psci: Expose SMCCC version through psci_ops Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 12:32 ` Robin Murphy
2018-02-01 12:32 ` Robin Murphy
2018-02-01 12:48 ` Marc Zyngier
2018-02-01 12:48 ` Marc Zyngier
2018-02-01 12:48 ` Marc Zyngier
2018-02-01 21:17 ` Ard Biesheuvel
2018-02-01 21:17 ` Ard Biesheuvel
2018-02-01 11:46 ` [PATCH v3 15/18] arm/arm64: smccc: Make function identifiers an unsigned quantity Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 12:40 ` Robin Murphy
2018-02-01 12:40 ` Robin Murphy
2018-02-01 12:40 ` Robin Murphy
2018-02-01 12:44 ` Ard Biesheuvel
2018-02-01 12:44 ` Ard Biesheuvel
2018-02-01 11:46 ` [PATCH v3 16/18] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 13:34 ` Robin Murphy
2018-02-01 13:34 ` Robin Murphy
2018-02-01 13:54 ` Marc Zyngier
2018-02-01 13:54 ` Marc Zyngier
2018-02-01 14:18 ` Robin Murphy
2018-02-01 14:18 ` Robin Murphy
2018-02-01 11:46 ` [PATCH v3 17/18] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 18/18] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Marc Zyngier
2018-02-01 11:46 ` Marc Zyngier
2018-02-02 4:05 ` Hanjun Guo
2018-02-02 4:05 ` Hanjun Guo
2018-02-02 4:05 ` Hanjun Guo
2018-02-02 13:17 ` Marc Zyngier
2018-02-02 13:17 ` Marc Zyngier
2018-02-02 13:17 ` Marc Zyngier
2018-02-01 13:59 ` [PATCH v3 00/18] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation Ard Biesheuvel
2018-02-01 13:59 ` Ard Biesheuvel
2018-02-01 14:20 ` Marc Zyngier
2018-02-01 14:20 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180204183901.GO21802@cbox \
--to=christoffer.dall@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=drjones@redhat.com \
--cc=guohanjun@huawei.com \
--cc=jcm@redhat.com \
--cc=jnair@caviumnetworks.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=lorenzo.pieralisi@arm.com \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=peter.maydell@linaro.org \
--cc=robin.murphy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.