[PATCH v4] hw/ppc/spapr_hcall: Return host mitigation characteristics in KVM mode

[Gautam Menghani <gautam@linux.ibm.com>]

Currently, on a P10 KVM guest, the mitigations seen in the output of
"lscpu" command are different from the host. The reason for this
behaviour is that when the KVM guest makes the "h_get_cpu_characteristics"
hcall, QEMU does not consider the data it received from the host via the
KVM_PPC_GET_CPU_CHAR ioctl, and just uses the values present in
spapr->eff.caps[], which in turn just contain the default values set in
spapr_machine_class_init().

Fix this behaviour by making sure that h_get_cpu_characteristics()
returns the data received from the KVM ioctl for a KVM guest.

Mitigation status seen in lscpu output:
1. P10 LPAR (host)
$ lscpu | grep -i mitigation
Vulnerability Spectre v1:             Mitigation; __user pointer sanitization, ori31 speculation barrier enabled
Vulnerability Spectre v2:             Mitigation; Software count cache flush (hardware accelerated), Software link stack flush

2. KVM guest on P10 LPAR with upstream QEMU
$ lscpu | grep -i mitig
Vulnerability L1tf:                   Mitigation; RFI Flush, L1D private per thread
Vulnerability Meltdown:               Mitigation; RFI Flush, L1D private per thread
Vulnerability Spec store bypass:      Mitigation; Kernel entry/exit barrier (eieio)
Vulnerability Spectre v1:             Mitigation; __user pointer sanitization
Vulnerability Spectre v2:             Mitigation; Software count cache flush (hardware accelerated), Software link stack flush

3. KVM guest on P10 LPAR (this patch applied)
$ lscpu | grep -i mitigation
Vulnerability Spectre v1:             Mitigation; __user pointer sanitization, ori31 speculation barrier enabled
Vulnerability Spectre v2:             Mitigation; Software count cache flush (hardware accelerated), Software link stack flush

Perf impact:
With null syscall benchmark[1], ~45% improvement is observed.

1. Vanilla QEMU
$ ./null_syscall
132.19 ns     456.54 cycles

2. With this patch
$ ./null_syscall
91.18 ns     314.57 cycles

[1]: https://ozlabs.org/~anton/junkcode/null_syscall.c

Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
---
v1 -> v2:
Handle the case where KVM_PPC_GET_CPU_CHAR ioctl fails

v2 -> v3:
Add the lscpu output in the patch description

v3 -> v4:
Fix QEMU CI build failure

 hw/ppc/spapr_hcall.c | 10 ++++++++++
 target/ppc/kvm.c     | 27 +++++++++++++++++++--------
 target/ppc/kvm_ppc.h |  1 +
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 1e936f35e4..7d695ffc93 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1415,6 +1415,16 @@ static target_ulong h_get_cpu_characteristics(PowerPCCPU *cpu,
     uint8_t count_cache_flush_assist = spapr_get_cap(spapr,
                                                      SPAPR_CAP_CCF_ASSIST);
 
+    #ifdef CONFIG_KVM
+    struct kvm_ppc_cpu_char c = kvmppc_get_cpu_chars();
+
+    if (kvm_enabled() && c.character) {
+        args[0] = c.character;
+        args[1] = c.behaviour;
+        return H_SUCCESS;
+    }
+    #endif
+
     switch (safe_cache) {
     case SPAPR_CAP_WORKAROUND:
         characteristics |= H_CPU_CHAR_L1D_FLUSH_ORI30;
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 015658049e..28dcf62f58 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -93,6 +93,7 @@ static int cap_fwnmi;
 static int cap_rpt_invalidate;
 static int cap_ail_mode_3;
 static int cap_dawr1;
+static struct kvm_ppc_cpu_char cpu_chars = {0};
 
 #ifdef CONFIG_PSERIES
 static int cap_papr;
@@ -2515,7 +2516,6 @@ bool kvmppc_has_cap_xive(void)
 
 static void kvmppc_get_cpu_characteristics(KVMState *s)
 {
-    struct kvm_ppc_cpu_char c;
     int ret;
 
     /* Assume broken */
@@ -2525,18 +2525,29 @@ static void kvmppc_get_cpu_characteristics(KVMState *s)
 
     ret = kvm_vm_check_extension(s, KVM_CAP_PPC_GET_CPU_CHAR);
     if (!ret) {
-        return;
+        goto err;
     }
-    ret = kvm_vm_ioctl(s, KVM_PPC_GET_CPU_CHAR, &c);
+    ret = kvm_vm_ioctl(s, KVM_PPC_GET_CPU_CHAR, &cpu_chars);
     if (ret < 0) {
-        return;
+        goto err;
     }
 
-    cap_ppc_safe_cache = parse_cap_ppc_safe_cache(c);
-    cap_ppc_safe_bounds_check = parse_cap_ppc_safe_bounds_check(c);
-    cap_ppc_safe_indirect_branch = parse_cap_ppc_safe_indirect_branch(c);
+    cap_ppc_safe_cache = parse_cap_ppc_safe_cache(cpu_chars);
+    cap_ppc_safe_bounds_check = parse_cap_ppc_safe_bounds_check(cpu_chars);
+    cap_ppc_safe_indirect_branch =
+        parse_cap_ppc_safe_indirect_branch(cpu_chars);
     cap_ppc_count_cache_flush_assist =
-        parse_cap_ppc_count_cache_flush_assist(c);
+        parse_cap_ppc_count_cache_flush_assist(cpu_chars);
+
+    return;
+
+err:
+    memset(&cpu_chars, 0, sizeof(struct kvm_ppc_cpu_char));
+}
+
+struct kvm_ppc_cpu_char kvmppc_get_cpu_chars(void)
+{
+    return cpu_chars;
 }
 
 int kvmppc_get_cap_safe_cache(void)
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index a1d9ce9f9a..51c1c7d1a0 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -87,6 +87,7 @@ void kvmppc_check_papr_resize_hpt(Error **errp);
 int kvmppc_resize_hpt_prepare(PowerPCCPU *cpu, target_ulong flags, int shift);
 int kvmppc_resize_hpt_commit(PowerPCCPU *cpu, target_ulong flags, int shift);
 bool kvmppc_pvr_workaround_required(PowerPCCPU *cpu);
+struct kvm_ppc_cpu_char kvmppc_get_cpu_chars(void);
 
 bool kvmppc_hpt_needs_host_contiguous_pages(void);
 void kvm_check_mmu(PowerPCCPU *cpu, Error **errp);
-- 
2.39.5 (Apple Git-154)