| Message ID | 20190222121818.30164-1-andre.przywara@arm.com (mailing list archive) |
|---|---|
| Headers | show
Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E0463139A for <patchwork-linux-arm@patchwork.kernel.org>; Fri, 22 Feb 2019 12:18:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB720289BE for <patchwork-linux-arm@patchwork.kernel.org>; Fri, 22 Feb 2019 12:18:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BF28929064; Fri, 22 Feb 2019 12:18:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 64A37289BE for <patchwork-linux-arm@patchwork.kernel.org>; Fri, 22 Feb 2019 12:18:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=P4dgkBeeHUZodpToKs+XKM9vbHc8ChQC4F6yZ8PoUxc=; b=jsv xietTCO8yzgrxA5MMZVaSi6jwRNq4boD3a8DIsnXusJEp0QTPFQsRYjlc8XKZUYbk9SVUMtDM9ejP n3TLMLqfbVZi7VSckBLec9AhI0KUuusss9DKSi6+dxiMna9eiLmd/HRHVaq2H6UpI4r4sIQGlNE5Q 5kX+GJ6RslgTMINjyM9cS+C5t5ZS2DSg7jmF4rR63Wr83G3ybeQdjBv98NiD/F89q0RhOn55KGrAV dOU7YtTD/fwVYeJDodYeK9yTgWfK3D0RZ2M4ta1yd2XkBnl2rKfZK5vP3kCj8iQA+WhJ24QixF5G8 JYqX9908v85nSN9r/D868JVOjPT56eg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gx9mj-0003YE-Sc; Fri, 22 Feb 2019 12:18:33 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gx9mg-0003Ws-K7 for linux-arm-kernel@lists.infradead.org; Fri, 22 Feb 2019 12:18:32 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2A6D7A78; Fri, 22 Feb 2019 04:18:28 -0800 (PST) Received: from donnerap.arm.com (donnerap.cambridge.arm.com [10.1.197.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C785B3F690; Fri, 22 Feb 2019 04:18:26 -0800 (PST) From: Andre Przywara <andre.przywara@arm.com> To: Marc Zyngier <marc.zyngier@arm.com>, Christoffer Dall <christoffer.dall@arm.com> Subject: [PATCH v3 0/2] KVM: arm/arm64: Add VCPU workarounds firmware register Date: Fri, 22 Feb 2019 12:18:16 +0000 Message-Id: <20190222121818.30164-1-andre.przywara@arm.com> X-Mailer: git-send-email 2.17.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190222_041830_669910_BCAB5980 X-CRM114-Status: GOOD ( 14.94 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <linux-arm-kernel.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/> List-Post: <mailto:linux-arm-kernel@lists.infradead.org> List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe> Cc: linux-arm-kernel@lists.infradead.org, Steven Price <steven.price@arm.com>, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, Dave Martin <dave.martin@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP |
| Series |
KVM: arm/arm64: Add VCPU workarounds firmware register
|
expand
|
Hi, Aside from a rebase against kvm-arm/next, this update introduces a new UNAFFECTED value for WORKAROUND_1, which is not used at the moment, but will become useful with some patches extending the host kernel workaround code [1]. We add the value to the ABI already. Also we now require an exact match for the two WORKAROUND_1 levels, as we can't allow a guest to migrate from a system with an effectively unknown workaround state to a system which requires an active guest workaround. Now tested with actual migration, see below. Cheers, Andre ----------------------------- Workarounds for Spectre variant 2 or 4 vulnerabilities require some help from the firmware, so KVM implements an interface to provide that for guests. When such a guest is migrated, we want to make sure we don't loose the protection the guest relies on. This introduces two new firmware registers in KVM's GET/SET_ONE_REG interface, so userland can save the level of protection implemented by the hypervisor and used by the guest. Upon restoring these registers, we make sure we don't downgrade and reject any values that would mean weaker protection. The protection level is encoding in the lower 4 bits, with smaller values indicating weaker protection. Patch 1 implements the two firmware registers, patch 2 adds the documentation. ARM(32) is a bit of a pain (again), as the firmware register interface is shared, but 32-bit does not implement all the workarounds. For now I stuffed two wrappers into kvm_emulate.h, which doesn't sound like the best solution. Happy to hear about better solutions. This has been tested with migration between two Juno systems. Out of the box they advertise identical workaround levels, and migration succeeds. However when disabling the A57 cluster on one system, WORKAROUND_1 is not needed and the host kernel disables this. Migration between the two now fails, as expected. Please have a look and comment! Cheers, Andre [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2019-January/627791.html Changelog: v1 .. v2: - complete rework of WORKAROUND_2 presentation to use a linear scale, dropping the complicated comparison routine v2 .. v3: - rebase against latest kvm-arm/next - introduce UNAFFECTED value for WORKAROUND_1 - require exact match for WORKAROUND_1 levels Andre Przywara (2): KVM: arm/arm64: Add save/restore support for firmware workaround state KVM: doc: add API documentation on the KVM_REG_ARM_WORKAROUNDS register Documentation/virtual/kvm/arm/psci.txt | 24 +++++ arch/arm/include/asm/kvm_emulate.h | 10 +++ arch/arm/include/uapi/asm/kvm.h | 10 +++ arch/arm64/include/asm/kvm_emulate.h | 14 +++ arch/arm64/include/uapi/asm/kvm.h | 9 ++ virt/kvm/arm/psci.c | 119 +++++++++++++++++++++---- 6 files changed, 170 insertions(+), 16 deletions(-)