From patchwork Tue Oct 20 21:45:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Boyd X-Patchwork-Id: 11847951 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12B9DC4363D for ; Tue, 20 Oct 2020 21:47:30 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8D73522247 for ; Tue, 20 Oct 2020 21:47:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mA6EdB0C"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="cMuGDNC8" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8D73522247 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=YUaJzLZBZCLvdMaYQ5jLRGLfMRm0igQJx1EnlYsCk0A=; b=mA6EdB0CXIfoxR2CsPUMWWkJa kqssgaPMQ/EoBwzPytp0CtVkdcVhCB+0qiCNdWGqxAoZeTgSDj9iijABJGrE1JrFzaldLk9QAyG6F teIJZ667SgRYLJzs7cS3hS9Jrdmmd3YPk5rSnEysO+JyzjA4pPLaqPDjwt/vTC0aBfwL+6iROhNs2 hYZReTZRhVCmoRhREMMQjnqPP53/x/J86EZ0fINuorYcFPehCU3U5xdZWJSsQz0876De/uVObYPWY xgF/Fjw1B+kAuBXnNHDcVbNYk04eITfT5+PxeUigu/FnGXl3IQ2GdNEcE0JJqfJF81Jsy3QYepGo4 UgWFqGm4w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kUzS9-0003Z6-MU; Tue, 20 Oct 2020 21:45:57 +0000 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kUzS3-0003X1-DA for linux-arm-kernel@lists.infradead.org; Tue, 20 Oct 2020 21:45:53 +0000 Received: by mail-pl1-x641.google.com with SMTP id t18so102792plo.1 for ; Tue, 20 Oct 2020 14:45:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HTvFqP0OKw46d5NTFeLwYbOhVPH1h7di/YxBF7zx6kw=; b=cMuGDNC81WjXBMwQZT0mrSYFI9GXZhGCIOf2+Djqd5ATV8Tsbc3epHC4WvyMymDcfx UsqeZPshP6s8qKBmcj8atxWvb4PDBuV2GDFtUqZDoOZa3rKatp6hzi+MK7aL03wzzGhc sNvbtzh4UT1BpdKOqtuppE+enLMZfA5BxckKE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HTvFqP0OKw46d5NTFeLwYbOhVPH1h7di/YxBF7zx6kw=; b=CNfHkY86ICEA9ors2L22LguNVjnWjCPKB6BpJtH2Tbozd8e6RZl5hWcdKBWJYGkabJ 9ryCK0VRn9FB9qbyyEq4ilxuPjkSMfCE6LoSJB2ghLaFZrvro309LXxyrwF2ZB5BFxJM E6ddkwx1GBSUzZ275fCegW6E0XiBDiGWzqrvInzFq/6vckx/vkXaboPd9lK3waiIx/+k GIs318ia0GW7R30K5Yefp/Z2rx3lIKffb0Z1p70NZcJZN6cRGPjv4i9erC/kU6eVGgPU dBWnPKLbTrkTReTlOqgtp9CK4yWA2ZZfpMdkaMPFu+44yE2lI3jAWuIfBzeeqM+CMC9V Lcxg== X-Gm-Message-State: AOAM533XZWir/OBOTS7LwIiYSXxsjDblBfiHg0zKHQGsxlurzifckLz/ rxbQ/94XaaJCsL2SEmL1upJ+AA== X-Google-Smtp-Source: ABdhPJx8uDqzuHW8DCZ0MEijfaTZs5muIAkd9Ybcod9OExm+FrcyxpCyD+FF+GPQJdCYNdLsNH6/1Q== X-Received: by 2002:a17:902:c154:b029:d4:bb6f:6502 with SMTP id 20-20020a170902c154b02900d4bb6f6502mr4916999plj.23.1603230348039; Tue, 20 Oct 2020 14:45:48 -0700 (PDT) Received: from smtp.gmail.com ([2620:15c:202:201:3e52:82ff:fe6c:83ab]) by smtp.gmail.com with ESMTPSA id j23sm130751pgh.31.2020.10.20.14.45.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Oct 2020 14:45:47 -0700 (PDT) From: Stephen Boyd To: Will Deacon , Catalin Marinas Subject: [PATCH 1/2] arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED Date: Tue, 20 Oct 2020 14:45:43 -0700 Message-Id: <20201020214544.3206838-2-swboyd@chromium.org> X-Mailer: git-send-email 2.29.0.rc1.297.gfa9743e501-goog In-Reply-To: <20201020214544.3206838-1-swboyd@chromium.org> References: <20201020214544.3206838-1-swboyd@chromium.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201020_174551_519712_79AD28B0 X-CRM114-Status: GOOD ( 18.08 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andre Przywara , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Steven Price , Marc Zyngier , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org According to the SMCCC spec (7.5.2 Discovery) the ARM_SMCCC_ARCH_WORKAROUND_1 function id only returns 0, 1, and SMCCC_RET_NOT_SUPPORTED corresponding to "workaround required", "workaround not required but implemented", and "who knows, you're on your own" respectively. For kvm hypercalls (hvc), we've implemented this function id to return SMCCC_RET_NOT_SUPPORTED, 1, and SMCCC_RET_NOT_REQUIRED. The SMCCC_RET_NOT_REQUIRED return value is not a thing for this function id, and is probably copy/pasted from the SMCCC_ARCH_WORKAROUND_2 function id that does support it. Clean this up by returning 0, 1, and SMCCC_RET_NOT_SUPPORTED appropriately. Changing this exposes the problem that spectre_v2_get_cpu_fw_mitigation_state() assumes a SMCCC_RET_NOT_SUPPORTED return value means we are vulnerable, but really it means we have no idea and should assume we can't do anything about mitigation. Put another way, it better be unaffected because it can't be mitigated in the firmware (in this case kvm) as the call isn't implemented! Cc: Andre Przywara Cc: Steven Price Cc: Marc Zyngier Cc: stable@vger.kernel.org Fixes: c118bbb52743 ("arm64: KVM: Propagate full Spectre v2 workaround state to KVM guests") Fixes: 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack thereof") Signed-off-by: Stephen Boyd --- This will require a slightly different backport to stable kernels, but at least it looks like this is a problem given that this return value isn't valid per the spec and we've been going around it by returning something invalid for some time. arch/arm64/kernel/proton-pack.c | 3 +-- arch/arm64/kvm/hypercalls.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 68b710f1b43f..00bd54f63f4f 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -149,10 +149,9 @@ static enum mitigation_state spectre_v2_get_cpu_fw_mitigation_state(void) case SMCCC_RET_SUCCESS: return SPECTRE_MITIGATED; case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED: + case SMCCC_RET_NOT_SUPPORTED: /* Good luck w/ the Gatekeeper of Gozer */ return SPECTRE_UNAFFECTED; default: - fallthrough; - case SMCCC_RET_NOT_SUPPORTED: return SPECTRE_VULNERABLE; } } diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c index 9824025ccc5c..868486957808 100644 --- a/arch/arm64/kvm/hypercalls.c +++ b/arch/arm64/kvm/hypercalls.c @@ -31,7 +31,7 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) val = SMCCC_RET_SUCCESS; break; case SPECTRE_UNAFFECTED: - val = SMCCC_RET_NOT_REQUIRED; + val = SMCCC_RET_NOT_SUPPORTED; break; } break;