From: Mark Rutland <mark.rutland@arm.com>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
Will Deacon <will.deacon@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andy Lutomirski <luto@kernel.org>,
Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christoffer Dall <christoffer.dall@arm.com>
Subject: Re: [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
Date: Thu, 24 May 2018 13:25:37 +0100 [thread overview]
Message-ID: <20180524122537.er2oate3oiybchze@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <20180522150648.28297-15-marc.zyngier@arm.com>
On Tue, May 22, 2018 at 04:06:48PM +0100, Marc Zyngier wrote:
> Now that all our infrastructure is in place, let's expose the
> availability of ARCH_WORKAROUND_2 to guests. We take this opportunity
> to tidy up a couple of SMCCC constants.
>
> Acked-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm/include/asm/kvm_host.h | 12 ++++++++++++
> arch/arm64/include/asm/kvm_host.h | 23 +++++++++++++++++++++++
> arch/arm64/kvm/reset.c | 4 ++++
> virt/kvm/arm/psci.c | 18 ++++++++++++++++--
> 4 files changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index c7c28c885a19..d478766b56c1 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -315,6 +315,18 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return false;
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return KVM_SSBD_UNKNOWN;
> +}
> +
> static inline void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu) {}
> static inline void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu) {}
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 9bef3f69bdcd..082b0dbb85c6 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -455,6 +455,29 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + switch (arm64_get_ssbd_state()) {
> + case ARM64_SSBD_FORCE_DISABLE:
> + return KVM_SSBD_FORCE_DISABLE;
> + case ARM64_SSBD_EL1_ENTRY:
> + return KVM_SSBD_EL1_ENTRY;
> + case ARM64_SSBD_FORCE_ENABLE:
> + return KVM_SSBD_FORCE_ENABLE;
> + case ARM64_SSBD_MITIGATED:
> + return KVM_SSBD_MITIGATED;
> + case ARM64_SSBD_UNKNOWN:
> + default:
> + return KVM_SSBD_UNKNOWN;
> + }
> +}
> +
> void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu);
> void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu);
>
> diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
> index 3256b9228e75..20a7dfee8494 100644
> --- a/arch/arm64/kvm/reset.c
> +++ b/arch/arm64/kvm/reset.c
> @@ -122,6 +122,10 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
> /* Reset PMU */
> kvm_pmu_vcpu_reset(vcpu);
>
> + /* Default workaround setup is enabled (if supported) */
> + if (kvm_arm_have_ssbd() == KVM_SSBD_EL1_ENTRY)
> + vcpu->arch.workaround_flags |= VCPU_WORKAROUND_2_FLAG;
> +
> /* Reset timer */
> return kvm_timer_vcpu_reset(vcpu);
> }
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index c4762bef13c6..4843bfa1f986 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -405,7 +405,7 @@ static int kvm_psci_call(struct kvm_vcpu *vcpu)
> int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> - u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 val = SMCCC_RET_NOT_SUPPORTED;
> u32 feature;
>
> switch (func_id) {
> @@ -417,7 +417,21 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> switch(feature) {
> case ARM_SMCCC_ARCH_WORKAROUND_1:
> if (kvm_arm_harden_branch_predictor())
> - val = 0;
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case ARM_SMCCC_ARCH_WORKAROUND_2:
> + switch (kvm_arm_have_ssbd()) {
> + case KVM_SSBD_FORCE_DISABLE:
> + case KVM_SSBD_UNKNOWN:
> + break;
> + case KVM_SSBD_EL1_ENTRY:
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case KVM_SSBD_FORCE_ENABLE:
> + case KVM_SSBD_MITIGATED:
> + val = SMCCC_RET_NOT_REQUIRED;
> + break;
> + }
> break;
> }
> break;
> --
> 2.14.2
>
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
Date: Thu, 24 May 2018 13:25:37 +0100 [thread overview]
Message-ID: <20180524122537.er2oate3oiybchze@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <20180522150648.28297-15-marc.zyngier@arm.com>
On Tue, May 22, 2018 at 04:06:48PM +0100, Marc Zyngier wrote:
> Now that all our infrastructure is in place, let's expose the
> availability of ARCH_WORKAROUND_2 to guests. We take this opportunity
> to tidy up a couple of SMCCC constants.
>
> Acked-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm/include/asm/kvm_host.h | 12 ++++++++++++
> arch/arm64/include/asm/kvm_host.h | 23 +++++++++++++++++++++++
> arch/arm64/kvm/reset.c | 4 ++++
> virt/kvm/arm/psci.c | 18 ++++++++++++++++--
> 4 files changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index c7c28c885a19..d478766b56c1 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -315,6 +315,18 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return false;
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return KVM_SSBD_UNKNOWN;
> +}
> +
> static inline void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu) {}
> static inline void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu) {}
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 9bef3f69bdcd..082b0dbb85c6 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -455,6 +455,29 @@ static inline bool kvm_arm_harden_branch_predictor(void)
> return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> }
>
> +#define KVM_SSBD_UNKNOWN -1
> +#define KVM_SSBD_FORCE_DISABLE 0
> +#define KVM_SSBD_EL1_ENTRY 1
> +#define KVM_SSBD_FORCE_ENABLE 2
> +#define KVM_SSBD_MITIGATED 3
> +
> +static inline int kvm_arm_have_ssbd(void)
> +{
> + switch (arm64_get_ssbd_state()) {
> + case ARM64_SSBD_FORCE_DISABLE:
> + return KVM_SSBD_FORCE_DISABLE;
> + case ARM64_SSBD_EL1_ENTRY:
> + return KVM_SSBD_EL1_ENTRY;
> + case ARM64_SSBD_FORCE_ENABLE:
> + return KVM_SSBD_FORCE_ENABLE;
> + case ARM64_SSBD_MITIGATED:
> + return KVM_SSBD_MITIGATED;
> + case ARM64_SSBD_UNKNOWN:
> + default:
> + return KVM_SSBD_UNKNOWN;
> + }
> +}
> +
> void kvm_vcpu_load_sysregs(struct kvm_vcpu *vcpu);
> void kvm_vcpu_put_sysregs(struct kvm_vcpu *vcpu);
>
> diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
> index 3256b9228e75..20a7dfee8494 100644
> --- a/arch/arm64/kvm/reset.c
> +++ b/arch/arm64/kvm/reset.c
> @@ -122,6 +122,10 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
> /* Reset PMU */
> kvm_pmu_vcpu_reset(vcpu);
>
> + /* Default workaround setup is enabled (if supported) */
> + if (kvm_arm_have_ssbd() == KVM_SSBD_EL1_ENTRY)
> + vcpu->arch.workaround_flags |= VCPU_WORKAROUND_2_FLAG;
> +
> /* Reset timer */
> return kvm_timer_vcpu_reset(vcpu);
> }
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index c4762bef13c6..4843bfa1f986 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -405,7 +405,7 @@ static int kvm_psci_call(struct kvm_vcpu *vcpu)
> int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> - u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 val = SMCCC_RET_NOT_SUPPORTED;
> u32 feature;
>
> switch (func_id) {
> @@ -417,7 +417,21 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> switch(feature) {
> case ARM_SMCCC_ARCH_WORKAROUND_1:
> if (kvm_arm_harden_branch_predictor())
> - val = 0;
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case ARM_SMCCC_ARCH_WORKAROUND_2:
> + switch (kvm_arm_have_ssbd()) {
> + case KVM_SSBD_FORCE_DISABLE:
> + case KVM_SSBD_UNKNOWN:
> + break;
> + case KVM_SSBD_EL1_ENTRY:
> + val = SMCCC_RET_SUCCESS;
> + break;
> + case KVM_SSBD_FORCE_ENABLE:
> + case KVM_SSBD_MITIGATED:
> + val = SMCCC_RET_NOT_REQUIRED;
> + break;
> + }
> break;
> }
> break;
> --
> 2.14.2
>
next prev parent reply other threads:[~2018-05-24 12:25 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-22 15:06 [PATCH 00/14] arm64 SSBD (aka Spectre-v4) mitigation Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 01/14] arm/arm64: smccc: Add SMCCC-specific return codes Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 10:55 ` Mark Rutland
2018-05-24 10:55 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 9:23 ` Julien Grall
2018-05-23 9:23 ` Julien Grall
2018-05-24 10:52 ` Mark Rutland
2018-05-24 10:52 ` Mark Rutland
2018-05-24 12:10 ` Robin Murphy
2018-05-24 12:10 ` Robin Murphy
2018-05-24 11:00 ` Mark Rutland
2018-05-24 11:00 ` Mark Rutland
2018-05-24 11:23 ` Mark Rutland
2018-05-24 11:23 ` Mark Rutland
2018-05-24 11:28 ` Marc Zyngier
2018-05-24 11:28 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 03/14] arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 10:03 ` Julien Grall
2018-05-23 10:03 ` Julien Grall
2018-05-24 11:14 ` Mark Rutland
2018-05-24 11:14 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 10:06 ` Julien Grall
2018-05-23 10:06 ` Julien Grall
2018-05-24 9:58 ` Suzuki K Poulose
2018-05-24 9:58 ` Suzuki K Poulose
2018-05-24 11:39 ` Will Deacon
2018-05-24 11:39 ` Will Deacon
2018-05-24 13:34 ` Suzuki K Poulose
2018-05-24 13:34 ` Suzuki K Poulose
2018-05-24 11:27 ` Mark Rutland
2018-05-24 11:27 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 05/14] arm64: Add 'ssbd' command-line option Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:29 ` Randy Dunlap
2018-05-22 15:29 ` Randy Dunlap
2018-05-22 15:29 ` Randy Dunlap
2018-05-23 10:08 ` Julien Grall
2018-05-23 10:08 ` Julien Grall
2018-05-24 11:40 ` Mark Rutland
2018-05-24 11:40 ` Mark Rutland
2018-05-24 11:52 ` Marc Zyngier
2018-05-24 11:52 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 06/14] arm64: ssbd: Add global mitigation state accessor Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 10:11 ` Julien Grall
2018-05-23 10:11 ` Julien Grall
2018-05-24 11:41 ` Mark Rutland
2018-05-24 11:41 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 07/14] arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 10:13 ` Julien Grall
2018-05-23 10:13 ` Julien Grall
2018-05-24 11:43 ` Mark Rutland
2018-05-24 11:43 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 08/14] arm64: ssbd: Disable mitigation on CPU resume if required by user Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-23 10:52 ` Julien Grall
2018-05-23 10:52 ` Julien Grall
2018-05-24 11:55 ` Mark Rutland
2018-05-24 11:55 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 12:01 ` Mark Rutland
2018-05-24 12:01 ` Mark Rutland
2018-05-24 12:16 ` Marc Zyngier
2018-05-24 12:16 ` Marc Zyngier
2018-05-24 12:19 ` Will Deacon
2018-05-24 12:19 ` Will Deacon
2018-05-24 12:36 ` Marc Zyngier
2018-05-24 12:36 ` Marc Zyngier
2018-05-22 15:06 ` [PATCH 10/14] arm64: ssbd: Add prctl interface for per-thread mitigation Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-22 15:48 ` Dominik Brodowski
2018-05-22 15:48 ` Dominik Brodowski
2018-05-22 16:30 ` Marc Zyngier
2018-05-22 16:30 ` Marc Zyngier
2018-05-22 16:30 ` Marc Zyngier
2018-05-24 12:10 ` Mark Rutland
2018-05-24 12:10 ` Mark Rutland
2018-05-24 12:24 ` Will Deacon
2018-05-24 12:24 ` Will Deacon
2018-05-22 15:06 ` [PATCH 11/14] arm64: KVM: Add HYP per-cpu accessors Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 12:11 ` Mark Rutland
2018-05-24 12:11 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 12/14] arm64: KVM: Add ARCH_WORKAROUND_2 support for guests Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 12:15 ` Mark Rutland
2018-05-24 12:15 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 13/14] arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 12:22 ` Mark Rutland
2018-05-24 12:22 ` Mark Rutland
2018-05-22 15:06 ` [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID Marc Zyngier
2018-05-22 15:06 ` Marc Zyngier
2018-05-24 12:25 ` Mark Rutland [this message]
2018-05-24 12:25 ` Mark Rutland
2018-07-20 9:47 [PATCH 00/14] arm64: 4.17 backport of the SSBD mitigation patches Marc Zyngier
2018-07-20 9:47 ` [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180524122537.er2oate3oiybchze@lakrids.cambridge.arm.com \
--to=mark.rutland@arm.com \
--cc=catalin.marinas@arm.com \
--cc=christoffer.dall@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=marc.zyngier@arm.com \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.