From: Will Deacon <will@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Catalin Marinas <catalin.marinas@arm.com>,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 18/19] KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()
Date: Fri, 18 Sep 2020 17:47:28 +0100 [thread overview]
Message-ID: <20200918164729.31994-19-will@kernel.org> (raw)
In-Reply-To: <20200918164729.31994-1-will@kernel.org>
From: Marc Zyngier <maz@kernel.org>
Convert the KVM WA2 code to using the Spectre infrastructure,
making the code much more readable. It also allows us to
take SSBS into account for the mitigation.
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
arch/arm64/kvm/arm.c | 2 +-
arch/arm64/kvm/hypercalls.c | 23 +++++++++++++++++------
arch/arm64/kvm/psci.c | 19 ++++++++++++-------
3 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 0a316dee491f..dd28c325db34 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1295,7 +1295,7 @@ static void cpu_init_hyp_mode(void)
* at EL2.
*/
if (this_cpu_has_cap(ARM64_SSBS) &&
- arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) {
+ arm64_get_spectre_v4_state() == SPECTRE_VULNERABLE) {
kvm_call_hyp_nvhe(__kvm_enable_ssbs);
}
}
diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 69e023dfafce..9824025ccc5c 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -36,13 +36,24 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
}
break;
case ARM_SMCCC_ARCH_WORKAROUND_2:
- switch (arm64_get_ssbd_state()) {
- case ARM64_SSBD_FORCE_DISABLE:
- case ARM64_SSBD_UNKNOWN:
+ switch (arm64_get_spectre_v4_state()) {
+ case SPECTRE_VULNERABLE:
break;
- case ARM64_SSBD_KERNEL:
- case ARM64_SSBD_FORCE_ENABLE:
- case ARM64_SSBD_MITIGATED:
+ case SPECTRE_MITIGATED:
+ /*
+ * SSBS everywhere: Indicate no firmware
+ * support, as the SSBS support will be
+ * indicated to the guest and the default is
+ * safe.
+ *
+ * Otherwise, expose a permanent mitigation
+ * to the guest, and hide SSBS so that the
+ * guest stays protected.
+ */
+ if (cpus_have_final_cap(ARM64_SSBS))
+ break;
+ fallthrough;
+ case SPECTRE_UNAFFECTED:
val = SMCCC_RET_NOT_REQUIRED;
break;
}
diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c
index 87e6e3818fb5..db4056ecccfd 100644
--- a/arch/arm64/kvm/psci.c
+++ b/arch/arm64/kvm/psci.c
@@ -435,14 +435,19 @@ static int get_kernel_wa_level(u64 regid)
}
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;
case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:
- switch (arm64_get_ssbd_state()) {
- case ARM64_SSBD_FORCE_ENABLE:
- case ARM64_SSBD_MITIGATED:
- case ARM64_SSBD_KERNEL:
+ switch (arm64_get_spectre_v4_state()) {
+ case SPECTRE_MITIGATED:
+ /*
+ * As for the hypercall discovery, we pretend we
+ * don't have any FW mitigation if SSBS is there at
+ * all times.
+ */
+ if (cpus_have_final_cap(ARM64_SSBS))
+ return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
+ fallthrough;
+ case SPECTRE_UNAFFECTED:
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;
- case ARM64_SSBD_UNKNOWN:
- case ARM64_SSBD_FORCE_DISABLE:
- default:
+ case SPECTRE_VULNERABLE:
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
}
}
--
2.28.0.681.g6f77f65b4e-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-09-18 16:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 16:47 [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Will Deacon
2020-09-18 16:47 ` [PATCH 01/19] arm64: Make use of ARCH_WORKAROUND_1 even when KVM is not enabled Will Deacon
2020-09-18 16:47 ` [PATCH 02/19] arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs Will Deacon
2020-09-21 12:54 ` Sasha Levin
2020-09-18 16:47 ` [PATCH 03/19] arm64: Run ARCH_WORKAROUND_2 " Will Deacon
2020-09-18 17:13 ` Suzuki K Poulose
2020-09-18 16:47 ` [PATCH 04/19] arm64: Remove Spectre-related CONFIG_* options Will Deacon
2020-09-18 16:47 ` [PATCH 05/19] KVM: arm64: Replace CONFIG_KVM_INDIRECT_VECTORS with CONFIG_RANDOMIZE_BASE Will Deacon
2020-09-18 16:47 ` [PATCH 06/19] KVM: arm64: Simplify install_bp_hardening_cb() Will Deacon
2020-09-18 16:47 ` [PATCH 07/19] arm64: Rename ARM64_HARDEN_BRANCH_PREDICTOR to ARM64_SPECTRE_V2 Will Deacon
2020-09-18 16:47 ` [PATCH 08/19] arm64: Introduce separate file for spectre mitigations and reporting Will Deacon
2020-09-18 16:47 ` [PATCH 09/19] arm64: Rewrite Spectre-v2 mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 10/19] KVM: arm64: Set CSV2 for guests on hardware unaffected by Spectre-v2 Will Deacon
2020-09-18 16:47 ` [PATCH 11/19] arm64: Group start_thread() functions together Will Deacon
2020-09-18 16:47 ` [PATCH 12/19] arm64: Treat SSBS as a non-strict system feature Will Deacon
2020-09-18 16:47 ` [PATCH 13/19] arm64: Rename ARM64_SSBD to ARM64_SPECTRE_V4 Will Deacon
2020-09-18 16:47 ` [PATCH 14/19] arm64: Move SSBD prctl() handler alongside other spectre mitigation code Will Deacon
2020-09-18 16:47 ` [PATCH 15/19] arm64: Rewrite Spectre-v4 " Will Deacon
2020-09-18 16:47 ` [PATCH 16/19] KVM: arm64: Simplify handling of ARCH_WORKAROUND_2 Will Deacon
2020-09-18 16:47 ` [PATCH 17/19] KVM: arm64: Get rid of kvm_arm_have_ssbd() Will Deacon
2020-09-18 16:47 ` Will Deacon [this message]
2020-09-18 16:47 ` [PATCH 19/19] arm64: Get rid of arm64_ssbd_state Will Deacon
2020-09-18 16:59 ` [PATCH 00/19] Fix and rewrite arm64 spectre mitigations Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200918164729.31994-19-will@kernel.org \
--to=will@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dbrazdil@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).