[PATCH v2 10/16] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support

[PATCH v2 00/16] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 01/16] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 03/16] arm/arm64: KVM: Consolidate the PSCI include files · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 05/16] arm/arm64: KVM: Add smccc accessors to PSCI code · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Andrew Jones <hidden> · 2018-01-31
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Marc Zyngier <hidden> · 2018-01-31
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Andrew Jones <hidden> · 2018-01-31
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Marc Zyngier <hidden> · 2018-01-31
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · Andrew Jones <hidden> · 2018-01-31
Re: [PATCH v2 07/16] arm/arm64: KVM: Add PSCI version selection API · kbuild test robot <hidden> · 2018-01-31
[PATCH v2 09/16] arm/arm64: KVM: Turn kvm_psci_version into a static inline · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 10/16] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 10/16] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support · Robin Murphy <robin.murphy@arm.com> · 2018-01-30
[PATCH v2 08/16] arm/arm64: KVM: Advertise SMCCC v1.1 · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 08/16] arm/arm64: KVM: Advertise SMCCC v1.1 · Russell King - ARM Linux <linux@armlinux.org.uk> · 2018-01-30
Re: [PATCH v2 08/16] arm/arm64: KVM: Advertise SMCCC v1.1 · Marc Zyngier <hidden> · 2018-01-30
[PATCH v2 06/16] arm/arm64: KVM: Implement PSCI 1.0 support · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 04/16] arm/arm64: KVM: Add PSCI_VERSION helper · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 04/16] arm/arm64: KVM: Add PSCI_VERSION helper · Robin Murphy <robin.murphy@arm.com> · 2018-01-30
Re: [PATCH v2 04/16] arm/arm64: KVM: Add PSCI_VERSION helper · Marc Zyngier <hidden> · 2018-01-30
[PATCH v2 02/16] arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 13/16] firmware/psci: Expose SMCCC version through psci_ops · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 13/16] firmware/psci: Expose SMCCC version through psci_ops · Lorenzo Pieralisi <hidden> · 2018-01-29
Re: [PATCH v2 13/16] firmware/psci: Expose SMCCC version through psci_ops · Marc Zyngier <hidden> · 2018-01-30
Re: [PATCH v2 13/16] firmware/psci: Expose SMCCC version through psci_ops · Robin Murphy <robin.murphy@arm.com> · 2018-01-30
Re: [PATCH v2 13/16] firmware/psci: Expose SMCCC version through psci_ops · Marc Zyngier <hidden> · 2018-01-30
[PATCH v2 12/16] firmware/psci: Expose PSCI conduit · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 12/16] firmware/psci: Expose PSCI conduit · Lorenzo Pieralisi <hidden> · 2018-01-29
[PATCH v2 11/16] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 14/16] arm/arm64: smccc: Make function identifiers an unsigned quantity · Marc Zyngier <hidden> · 2018-01-29
[PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Ard Biesheuvel <hidden> · 2018-01-29
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-01-30
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Hanjun Guo <guohanjun@huawei.com> · 2018-01-31
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-01-31
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Ard Biesheuvel <hidden> · 2018-01-31
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Ard Biesheuvel <hidden> · 2018-01-31
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-01-31
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Hanjun Guo <guohanjun@huawei.com> · 2018-02-01
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Hanjun Guo <guohanjun@huawei.com> · 2018-02-01
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Marc Zyngier <hidden> · 2018-02-01
Re: [PATCH v2 16/16] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support · Hanjun Guo <guohanjun@huawei.com> · 2018-02-02
[PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Marc Zyngier <hidden> · 2018-01-29
Re: [PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Robin Murphy <robin.murphy@arm.com> · 2018-01-29
Re: [PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Marc Zyngier <hidden> · 2018-01-30
Re: [PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Ard Biesheuvel <hidden> · 2018-01-29
Re: [PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Marc Zyngier <hidden> · 2018-01-30
Re: [PATCH v2 15/16] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive · Ard Biesheuvel <hidden> · 2018-01-30
Re: [PATCH v2 00/16] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation · Jon Masters <hidden> · 2018-06-09
Re: [PATCH v2 00/16] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation · Marc Zyngier <hidden> · 2018-06-09

From: robin.murphy@arm.com (Robin Murphy)
Date: 2018-01-30 12:38:40
Also in: kvmarm, lkml

On 29/01/18 17:45, Marc Zyngier wrote:

quoted hunk ↗ jump to hunk

A new feature of SMCCC 1.1 is that it offers firmware-based CPU
workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides
BP hardening for CVE-2017-5715.

If the host has some mitigation for this issue, report that
we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the
host workaround on every guest exit.

Signed-off-by: Marc Zyngier <redacted>
---
  include/linux/arm-smccc.h |  5 +++++
  virt/kvm/arm/psci.c       | 17 +++++++++++++++--
  2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
index dc68aa5a7261..e1ef944ef1da 100644
--- a/include/linux/arm-smccc.h
+++ b/include/linux/arm-smccc.h

@@ -73,6 +73,11 @@
  			   ARM_SMCCC_SMC_32,				\
  			   0, 1)
  
+#define ARM_SMCCC_ARCH_WORKAROUND_1					\
+	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL,				\
+			   ARM_SMCCC_SMC_32,				\
+			   0, 0x8000)
+
  #ifndef __ASSEMBLY__
  
  #include <linux/linkage.h>

diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
index a021b62ed762..5677d16abc71 100644
--- a/virt/kvm/arm/psci.c
+++ b/virt/kvm/arm/psci.c

@@ -407,14 +407,27 @@ static int kvm_psci_call(struct kvm_vcpu *vcpu)
  int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
  {
  	u32 func_id = smccc_get_function(vcpu);
-	u32 val;
+	u32 val, feature;
  
  	switch (func_id) {
  	case ARM_SMCCC_VERSION_FUNC_ID:
  		val = ARM_SMCCC_VERSION_1_1;
  		break;
  	case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:
-		val = -1;	/* Nothing supported yet */

Conceptually, might it still make sense to initialise val to 
NOT_SUPPORTED here, then overwrite it if and when a feature actually is 
present? It would in this case save a few lines as well, but I know 
multiple assignment can be one of those religious issues, so I'm not too 
fussed either way.

Robin.

+		feature = smccc_get_arg1(vcpu);
+		switch(feature) {
+#ifdef CONFIG_ARM64
+		case ARM_SMCCC_ARCH_WORKAROUND_1:
+			if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR))
+				val = 0;
+			else
+				val = -1;
+			break;
+#endif
+		default:
+			val = -1;
+			break;
+		}
  		break;
  	default:
  		return kvm_psci_call(vcpu);

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help