From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 11/18] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
Date: Sun, 4 Feb 2018 19:39:01 +0100 [thread overview]
Message-ID: <20180204183901.GO21802@cbox> (raw)
In-Reply-To: <20180201114657.7323-12-marc.zyngier@arm.com>
On Thu, Feb 01, 2018 at 11:46:50AM +0000, Marc Zyngier wrote:
> A new feature of SMCCC 1.1 is that it offers firmware-based CPU
> workarounds. In particular, SMCCC_ARCH_WORKAROUND_1 provides
> BP hardening for CVE-2017-5715.
>
> If the host has some mitigation for this issue, report that
> we deal with it using SMCCC_ARCH_WORKAROUND_1, as we apply the
> host workaround on every guest exit.
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
> arch/arm/include/asm/kvm_host.h | 7 +++++++
> arch/arm64/include/asm/kvm_host.h | 6 ++++++
> include/linux/arm-smccc.h | 5 +++++
> virt/kvm/arm/psci.c | 9 ++++++++-
> 4 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
> index e9d57060d88c..6c05e3b13081 100644
> --- a/arch/arm/include/asm/kvm_host.h
> +++ b/arch/arm/include/asm/kvm_host.h
> @@ -309,4 +309,11 @@ static inline void kvm_fpsimd_flush_cpu_state(void) {}
>
> static inline void kvm_arm_vhe_guest_enter(void) {}
> static inline void kvm_arm_vhe_guest_exit(void) {}
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + /* No way to detect it yet, pretend it is not there. */
> + return false;
> +}
> +
> #endif /* __ARM_KVM_HOST_H__ */
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 10af386642c6..448d3b9a58cb 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -418,4 +418,10 @@ static inline void kvm_arm_vhe_guest_exit(void)
> {
> local_daif_restore(DAIF_PROCCTX_NOIRQ);
> }
> +
> +static inline bool kvm_arm_harden_branch_predictor(void)
> +{
> + return cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR);
> +}
> +
> #endif /* __ARM64_KVM_HOST_H__ */
> diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
> index dc68aa5a7261..e1ef944ef1da 100644
> --- a/include/linux/arm-smccc.h
> +++ b/include/linux/arm-smccc.h
> @@ -73,6 +73,11 @@
> ARM_SMCCC_SMC_32, \
> 0, 1)
>
> +#define ARM_SMCCC_ARCH_WORKAROUND_1 \
> + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
> + ARM_SMCCC_SMC_32, \
> + 0, 0x8000)
> +
> #ifndef __ASSEMBLY__
>
> #include <linux/linkage.h>
> diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
> index 2efacbe7b1a2..22c24561d07d 100644
> --- a/virt/kvm/arm/psci.c
> +++ b/virt/kvm/arm/psci.c
> @@ -406,13 +406,20 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
> {
> u32 func_id = smccc_get_function(vcpu);
> u32 val = PSCI_RET_NOT_SUPPORTED;
> + u32 feature;
>
> switch (func_id) {
> case ARM_SMCCC_VERSION_FUNC_ID:
> val = ARM_SMCCC_VERSION_1_1;
> break;
> case ARM_SMCCC_ARCH_FEATURES_FUNC_ID:
> - /* Nothing supported yet */
> + feature = smccc_get_arg1(vcpu);
> + switch(feature) {
> + case ARM_SMCCC_ARCH_WORKAROUND_1:
> + if (kvm_arm_harden_branch_predictor())
> + val = 0;
> + break;
> + }
> break;
> default:
> return kvm_psci_call(vcpu);
> --
> 2.14.2
>
next prev parent reply other threads:[~2018-02-04 18:39 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 11:46 [PATCH v3 00/18] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 01/18] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 02/18] arm: " Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 03/18] arm64: KVM: Increment PC after handling an SMC trap Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 04/18] arm/arm64: KVM: Consolidate the PSCI include files Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 05/18] arm/arm64: KVM: Add PSCI_VERSION helper Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 06/18] arm/arm64: KVM: Add smccc accessors to PSCI code Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 07/18] arm/arm64: KVM: Implement PSCI 1.0 support Marc Zyngier
2018-02-02 12:33 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 08/18] arm/arm64: KVM: Add PSCI version selection API Marc Zyngier
2018-02-02 20:17 ` Andrew Jones
2018-02-03 11:59 ` Marc Zyngier
2018-02-04 12:37 ` Christoffer Dall
2018-02-05 9:24 ` Marc Zyngier
2018-02-05 9:58 ` Andrew Jones
2018-02-05 10:42 ` Marc Zyngier
2018-02-05 10:50 ` Christoffer Dall
2018-02-05 11:08 ` Marc Zyngier
2018-02-05 9:47 ` Andrew Jones
2018-02-05 9:25 ` Andrew Jones
2018-02-04 12:38 ` Christoffer Dall
2018-02-05 9:30 ` Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 09/18] arm/arm64: KVM: Advertise SMCCC v1.1 Marc Zyngier
2018-02-04 18:38 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 10/18] arm/arm64: KVM: Turn kvm_psci_version into a static inline Marc Zyngier
2018-02-04 18:38 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 11/18] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier
2018-02-04 18:39 ` Christoffer Dall [this message]
2018-02-01 11:46 ` [PATCH v3 12/18] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Marc Zyngier
2018-02-04 18:39 ` Christoffer Dall
2018-02-05 9:08 ` Marc Zyngier
2018-02-05 10:18 ` Christoffer Dall
2018-02-01 11:46 ` [PATCH v3 13/18] firmware/psci: Expose PSCI conduit Marc Zyngier
2018-02-01 12:25 ` Robin Murphy
2018-02-01 11:46 ` [PATCH v3 14/18] firmware/psci: Expose SMCCC version through psci_ops Marc Zyngier
2018-02-01 12:32 ` Robin Murphy
2018-02-01 12:48 ` Marc Zyngier
2018-02-01 21:17 ` Ard Biesheuvel
2018-02-01 11:46 ` [PATCH v3 15/18] arm/arm64: smccc: Make function identifiers an unsigned quantity Marc Zyngier
2018-02-01 12:40 ` Robin Murphy
2018-02-01 12:44 ` Ard Biesheuvel
2018-02-01 11:46 ` [PATCH v3 16/18] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Marc Zyngier
2018-02-01 13:34 ` Robin Murphy
2018-02-01 13:54 ` Marc Zyngier
2018-02-01 14:18 ` Robin Murphy
2018-02-01 11:46 ` [PATCH v3 17/18] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Marc Zyngier
2018-02-01 11:46 ` [PATCH v3 18/18] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Marc Zyngier
2018-02-02 4:05 ` Hanjun Guo
2018-02-02 13:17 ` Marc Zyngier
2018-02-01 13:59 ` [PATCH v3 00/18] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation Ard Biesheuvel
2018-02-01 14:20 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180204183901.GO21802@cbox \
--to=christoffer.dall@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).