From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Gibson Subject: Re: [PATCH] KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds Date: Thu, 18 Jan 2018 15:20:47 +1100 Message-ID: <20180118042047.GH30352@umbus.fritz.box> References: <20180116005906.GA5434@fergus.ozlabs.ibm.com> <67f22a14-7192-bc55-b2ed-dfb2f3c33e03@redhat.com> <20180116215100.GB15196@fergus.ozlabs.ibm.com> <20180117142710.GA19817@flask> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NncV4Eud7lVzK4Rv" Cc: Paul Mackerras , Paolo Bonzini , kvm@vger.kernel.org, kvm-ppc@vger.kernel.org To: Radim =?utf-8?B?S3LEjW3DocWZ?= Return-path: Received: from ozlabs.org ([103.22.144.67]:33745 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752184AbeAREVI (ORCPT ); Wed, 17 Jan 2018 23:21:08 -0500 Content-Disposition: inline In-Reply-To: <20180117142710.GA19817@flask> Sender: kvm-owner@vger.kernel.org List-ID: --NncV4Eud7lVzK4Rv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 17, 2018 at 03:27:11PM +0100, Radim Kr=C4=8Dm=C3=A1=C5=99 wrote: > 2018-01-17 08:51+1100, Paul Mackerras: > > On Tue, Jan 16, 2018 at 03:45:11PM +0100, Paolo Bonzini wrote: > > > On 16/01/2018 01:59, Paul Mackerras wrote: > > > > This adds a new ioctl, KVM_PPC_GET_CPU_CHAR, that gives userspace > > > > information about the underlying machine's level of vulnerability > > > > to the recently announced vulnerabilities CVE-2017-5715, > > > > CVE-2017-5753 and CVE-2017-5754, and whether the machine provides > > > > instructions to assist software to work around the vulnerabilities. > > > >=20 > > > > The ioctl returns two u64 words describing characteristics of the > > > > CPU and required software behaviour respectively, plus two mask > > > > words which indicate which bits have been filled in by the kernel, > > > > for extensibility. The bit definitions are the same as for the > > > > new H_GET_CPU_CHARACTERISTICS hypercall. > > > >=20 > > > > There is also a new capability, KVM_CAP_PPC_GET_CPU_CHAR, which > > > > indicates whether the new ioctl is available. > > > >=20 > > > > Signed-off-by: Paul Mackerras > > > > --- > > >=20 > > > Thanks, looks good. Would you like this in 4.15? > >=20 > > Yes please. Will you just apply the patch, or do you want me to put > > it in a branch for you to pull? >=20 > I can apply it directly. Can you please do so ASAP; we have a whole raft of bugs downstream waiting on this. > Do I understand correctly that the interface is a KVM hypercall because > we need to forward this information into guests and other userspace can > do nothing with the information? --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --NncV4Eud7lVzK4Rv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlpgIJ8ACgkQbDjKyiDZ s5IMww//YR8oSNrdEsDCu7dd11VlFmn6Uo4Lqd69sMlyrKhTEc8Q5YkqiOZ6+ORW BtuLWP5cRAVZH4VlS1LqNWPY1D7v4ApuL57CtW2+TyjLXX7Va9erwWA0p9/wntuA /WzM4faOjyxhzF06fpy0EBj5k1KNdDrkBB44Dicru8EIHRni/wfJ57/dzKkkFE/3 p3j1zievWeYw2crHVA2ex/X6ny43vNPG3wXyoA/Vc8T5W0San8aqJFCrGziLamrg 7jTatdvIYpRMbcqwk05tkjvAGMjledtZSqej2e2Fd2n+CiPMCnFVOdndr2ZrFu9W LonGuY3/qEf28oCm2wR1cEAhvR1DwO+jUQhz6OEcw74E6f5UVhc0odbJfwncWZ7m dP7Pg/jA1iOxBKxVGdZpGCvICGifYzK7hhtfQEQYkqwjXcOdk+NRT6tXem/P2cGw coA/Tg8Vo3Vibe6a+OddoUgoBpnHYXz1ALxpVbO4TaRzpznBOPkGZImOrddADwpA EHRkEurNg3pkEuMtH7J5WvWEh3Gty4aK6RO0bJUFnaLRajWzkA5oFSTtI0vnrpdw PRtGc7jX+eH0RLU/jVOrv19mV9gFgYPrPah4pGk0RLw5C4sQCklNM1zptYKTOrxH QGVKGap8q8EfuJq2f4+irlouUfyyxMPYZey9oN87c+RKf1SEZY4= =oz2k -----END PGP SIGNATURE----- --NncV4Eud7lVzK4Rv--