From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Gibson Subject: Re: [PATCH] KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds Date: Thu, 18 Jan 2018 15:20:02 +1100 Message-ID: <20180118042002.GG30352@umbus.fritz.box> References: <20180116005906.GA5434@fergus.ozlabs.ibm.com> <67f22a14-7192-bc55-b2ed-dfb2f3c33e03@redhat.com> <20180116215100.GB15196@fergus.ozlabs.ibm.com> <20180117142710.GA19817@flask> <19b0b672-ba88-b859-8a03-4a538bfc8c3a@redhat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mOKeRhn3B7HglGBY" Cc: Radim =?utf-8?B?S3LEjW3DocWZ?= , Paul Mackerras , kvm@vger.kernel.org, kvm-ppc@vger.kernel.org To: Paolo Bonzini Return-path: Received: from ozlabs.org ([103.22.144.67]:53907 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753175AbeAREVI (ORCPT ); Wed, 17 Jan 2018 23:21:08 -0500 Content-Disposition: inline In-Reply-To: <19b0b672-ba88-b859-8a03-4a538bfc8c3a@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: --mOKeRhn3B7HglGBY Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 17, 2018 at 07:03:13PM +0100, Paolo Bonzini wrote: > On 17/01/2018 15:27, Radim Kr=C4=8Dm=C3=A1=C5=99 wrote: > > 2018-01-17 08:51+1100, Paul Mackerras: > >> On Tue, Jan 16, 2018 at 03:45:11PM +0100, Paolo Bonzini wrote: > >>> On 16/01/2018 01:59, Paul Mackerras wrote: > >>>> This adds a new ioctl, KVM_PPC_GET_CPU_CHAR, that gives userspace > >>>> information about the underlying machine's level of vulnerability > >>>> to the recently announced vulnerabilities CVE-2017-5715, > >>>> CVE-2017-5753 and CVE-2017-5754, and whether the machine provides > >>>> instructions to assist software to work around the vulnerabilities. > >>>> > >>>> The ioctl returns two u64 words describing characteristics of the > >>>> CPU and required software behaviour respectively, plus two mask > >>>> words which indicate which bits have been filled in by the kernel, > >>>> for extensibility. The bit definitions are the same as for the > >>>> new H_GET_CPU_CHARACTERISTICS hypercall. > >>>> > >>>> There is also a new capability, KVM_CAP_PPC_GET_CPU_CHAR, which > >>>> indicates whether the new ioctl is available. > >>>> > >>>> Signed-off-by: Paul Mackerras > >>>> --- > >>> > >>> Thanks, looks good. Would you like this in 4.15? > >> > >> Yes please. Will you just apply the patch, or do you want me to put > >> it in a branch for you to pull? > >=20 > > I can apply it directly. > >=20 > > Do I understand correctly that the interface is a KVM hypercall because > ^^^^^^^^^ >=20 > ioctl? >=20 > > we need to forward this information into guests and other userspace can > > do nothing with the information? >=20 > There will probably be someone else that can consume it sooner or later. > sysfs or /proc/cpuinfo probably would be a better interface. But I > guess KVM is the prime consumer... Even if we have a more general interface, I think we'll still want a KVM specific one (even if it just draws the info from the general one). It's conceivable that there could be complications which make one of these things behave different from the PoV of a guest than from the PoV of a regular userspace program. For that reason, I think it's best for qemu to draw this information =66rom KVM for passing to guests, even if there is a different source that most userspace programs will use. --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --mOKeRhn3B7HglGBY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlpgIHEACgkQbDjKyiDZ s5K1iRAArr5p/R75OfaQt1gFY+z0uqHQ0BOfOqnIROffgFVNa+fwxyc5wlRb8OM/ JWm2Y/2O2j3cneRsOWadZ4BmyRQQtYLGrXqCnlAJ+P2Rieo9sz9QXQsG3mhQwf9+ 8keEFkoNC0xvIKOzHIMpKl1cFZvX+MlZco1acKrc9fv7fS63czC7d+K9W3/WSLNg T7Ika+nmI219FwbJR3S1qYywDKNGrguwoHpRlRsdLuuBpje3LLMSu8fJSHaZrZte tolMWrbjrrErPC/I1dRL4sm/PNttulzbNQaA2do1UuN+wiztfqmqzPZqCJYmKY+J 30P4AkjdCCMpdOuvvsqznzLqdfC0ojc6MJHnGe5PX+jIZ/3ngsKwD+QILAxaNqAC JJyrGp66hd0Pv8hmDzz/V6WR7Fb6j86Cv5glo50i4LE2K30OA55aXsAaWbJAPF2Z RjMC5r4xFb+gxhUFcjE+MpL/Kt5pvvfC+rjWqWMT2tJR+kjwUcP5WsmU1BvguiPl PIqeA6ZnkYg22Fmz9YDqItAHUtR3nHc+vPh7vLiNQw2jE4mqNruc+klfc55oQGWP DCMCtub/dbrmI3EJM1UiuXTF6KF8dUQAc0S4xIAgtoDChp+LH4eRiz2fPefFhIV+ DasHW6q5/Jpip80n+03TSqq9C5jupdyD0+4bwLJTgYz9Rjwv/Sw= =a94N -----END PGP SIGNATURE----- --mOKeRhn3B7HglGBY--