Re: [PATCH v4] hw/ppc/spapr_hcall: Return host mitigation characteristics in KVM mode

[Shivaprasad G Bhat <sbhat@linux.ibm.com>]

On 9/16/25 11:47 AM, Gautam Menghani wrote:
> Currently, on a P10 KVM guest, the mitigations seen in the output of
> "lscpu" command are different from the host. The reason for this
> behaviour is that when the KVM guest makes the "h_get_cpu_characteristics"
> hcall, QEMU does not consider the data it received from the host via the
> KVM_PPC_GET_CPU_CHAR ioctl, and just uses the values present in
> spapr->eff.caps[], which in turn just contain the default values set in
> spapr_machine_class_init().
>
> Fix this behaviour by making sure that h_get_cpu_characteristics()
> returns the data received from the KVM ioctl for a KVM guest.
>
> Mitigation status seen in lscpu output:
> 1. P10 LPAR (host)
> $ lscpu | grep -i mitigation
> Vulnerability Spectre v1:             Mitigation; __user pointer sanitization, ori31 speculation barrier enabled
> Vulnerability Spectre v2:             Mitigation; Software count cache flush (hardware accelerated), Software link stack flush

<snip>

> [1]: https://ozlabs.org/~anton/junkcode/null_syscall.c
>
> Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
> ---
> v1 -> v2:
> Handle the case where KVM_PPC_GET_CPU_CHAR ioctl fails
>
> v2 -> v3:
> Add the lscpu output in the patch description
>
> v3 -> v4:
> Fix QEMU CI build failure
>
>   hw/ppc/spapr_hcall.c | 10 ++++++++++
>   target/ppc/kvm.c     | 27 +++++++++++++++++++--------
>   target/ppc/kvm_ppc.h |  1 +
>   3 files changed, 30 insertions(+), 8 deletions(-)
>
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 1e936f35e4..7d695ffc93 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1415,6 +1415,16 @@ static target_ulong h_get_cpu_characteristics(PowerPCCPU *cpu,
>       uint8_t count_cache_flush_assist = spapr_get_cap(spapr,
>                                                        SPAPR_CAP_CCF_ASSIST);
>   
> +    #ifdef CONFIG_KVM
> +    struct kvm_ppc_cpu_char c = kvmppc_get_cpu_chars();

Callingkvmppc_get_cpu_char() before kvm_enabled() below looks

counter intuitive. May be move it inside and handle the error checks

accordingly. I don't see any side effects of it here in this patch though.

Thanks,

Shivaprasad

> +
> +    if (kvm_enabled() && c.character) {
> +        args[0] = c.character;
> +        args[1] = c.behaviour;
> +        return H_SUCCESS;
> +    }
> +    #endif
> +
>       switch (safe_cache) {
>       case SPAPR_CAP_WORKAROUND:
>           characteristics |= H_CPU_CHAR_L1D_FLUSH_ORI30;
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 015658049e..28dcf62f58 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -93,6 +93,7 @@ static int cap_fwnmi;
>   static int cap_rpt_invalidate;
>   static int cap_ail_mode_3;
>   static int cap_dawr1;
> +static struct kvm_ppc_cpu_char cpu_chars = {0};
<snip>