From: Marc Zyngier <marc.zyngier@arm.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>
Cc: Andre Przywara <andre.przywara@arm.com>,
Andrew Murray <andrew.murray@arm.com>,
Dave Martin <Dave.Martin@arm.com>,
Eric Auger <eric.auger@redhat.com>,
James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry@arm.com>,
Steven Price <steven.price@arm.com>,
Sudeep Holla <sudeep.holla@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 16/18] KVM: doc: Add API documentation on the KVM_REG_ARM_WORKAROUNDS register
Date: Tue, 9 Jul 2019 13:25:05 +0100 [thread overview]
Message-ID: <20190709122507.214494-17-marc.zyngier@arm.com> (raw)
In-Reply-To: <20190709122507.214494-1-marc.zyngier@arm.com>
From: Andre Przywara <andre.przywara@arm.com>
Add documentation for the newly defined firmware registers to save and
restore any vulnerability mitigation status.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
Documentation/virtual/kvm/arm/psci.txt | 31 ++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/Documentation/virtual/kvm/arm/psci.txt b/Documentation/virtual/kvm/arm/psci.txt
index aafdab887b04..559586fc9d37 100644
--- a/Documentation/virtual/kvm/arm/psci.txt
+++ b/Documentation/virtual/kvm/arm/psci.txt
@@ -28,3 +28,34 @@ The following register is defined:
- Allows any PSCI version implemented by KVM and compatible with
v0.2 to be set with SET_ONE_REG
- Affects the whole VM (even if the register view is per-vcpu)
+
+* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:
+ Holds the state of the firmware support to mitigate CVE-2017-5715, as
+ offered by KVM to the guest via a HVC call. The workaround is described
+ under SMCCC_ARCH_WORKAROUND_1 in [1].
+ Accepted values are:
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL: KVM does not offer
+ firmware support for the workaround. The mitigation status for the
+ guest is unknown.
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL: The workaround HVC call is
+ available to the guest and required for the mitigation.
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED: The workaround HVC call
+ is available to the guest, but it is not needed on this VCPU.
+
+* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:
+ Holds the state of the firmware support to mitigate CVE-2018-3639, as
+ offered by KVM to the guest via a HVC call. The workaround is described
+ under SMCCC_ARCH_WORKAROUND_2 in [1].
+ Accepted values are:
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL: A workaround is not
+ available. KVM does not offer firmware support for the workaround.
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN: The workaround state is
+ unknown. KVM does not offer firmware support for the workaround.
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL: The workaround is available,
+ and can be disabled by a vCPU. If
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED is set, it is active for
+ this vCPU.
+ KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED: The workaround is
+ always active on this vCPU or it is not needed.
+
+[1] https://developer.arm.com/-/media/developer/pdf/ARM_DEN_0070A_Firmware_interfaces_for_mitigating_CVE-2017-5715.pdf
--
2.20.1
next prev parent reply other threads:[~2019-07-09 12:25 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-09 12:24 [GIT PULL] KVM/arm updates for Linux 5.3 Marc Zyngier
2019-07-09 12:24 ` [PATCH 01/18] arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS Marc Zyngier
2019-07-09 12:24 ` [PATCH 02/18] KVM: arm64: Abstract the size of the HYP vectors pre-amble Marc Zyngier
2019-07-09 12:24 ` [PATCH 03/18] KVM: arm64: Make indirect vectors preamble behaviour symmetric Marc Zyngier
2019-07-09 12:24 ` [PATCH 04/18] KVM: arm64: Consume pending SError as early as possible Marc Zyngier
2019-07-09 12:24 ` [PATCH 05/18] KVM: arm64: Defer guest entry when an asynchronous exception is pending Marc Zyngier
2019-07-09 12:24 ` [PATCH 06/18] arm64: Update silicon-errata.txt for Neoverse-N1 #1349291 Marc Zyngier
2019-07-09 12:24 ` [PATCH 07/18] KVM: arm64: Re-mask SError after the one instruction window Marc Zyngier
2019-07-09 12:24 ` [PATCH 08/18] KVM: arm64: Skip more of the SError vaxorcism Marc Zyngier
2019-07-09 12:24 ` [PATCH 09/18] KVM: arm/arm64: Rename kvm_pmu_{enable/disable}_counter functions Marc Zyngier
2019-07-09 12:24 ` [PATCH 10/18] KVM: arm/arm64: Extract duplicated code to own function Marc Zyngier
2019-07-09 12:25 ` [PATCH 11/18] KVM: arm/arm64: Re-create event when setting counter value Marc Zyngier
2019-07-09 12:25 ` [PATCH 12/18] KVM: arm/arm64: Remove pmc->bitmask Marc Zyngier
2019-07-09 12:25 ` [PATCH 13/18] KVM: arm/arm64: Support chained PMU counters Marc Zyngier
2019-07-09 12:25 ` [PATCH 14/18] arm64: KVM: Propagate full Spectre v2 workaround state to KVM guests Marc Zyngier
2019-07-09 12:25 ` [PATCH 15/18] KVM: arm/arm64: Add save/restore support for firmware workaround state Marc Zyngier
2019-07-09 12:25 ` Marc Zyngier [this message]
2019-07-09 12:25 ` [PATCH 17/18] KVM: arm64: Migrate _elx sysreg accessors to msr_s/mrs_s Marc Zyngier
2019-07-09 12:25 ` [PATCH 18/18] KVM: arm/arm64: Initialise host's MPIDRs by reading the actual register Marc Zyngier
2019-07-11 13:40 ` [GIT PULL] KVM/arm updates for Linux 5.3 Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190709122507.214494-17-marc.zyngier@arm.com \
--to=marc.zyngier@arm.com \
--cc=Dave.Martin@arm.com \
--cc=andre.przywara@arm.com \
--cc=andrew.murray@arm.com \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=julien.thierry@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=steven.price@arm.com \
--cc=sudeep.holla@arm.com \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).