Received: by 10.223.176.5 with SMTP id f5csp2644829wra; Thu, 1 Feb 2018 03:54:11 -0800 (PST) X-Google-Smtp-Source: AH8x227n2BuciaxfBBufaMVmX/GNi24QElqNAknAtF7KOKchuZFrMXA4QqvKz1ZD7ippHFiBWAA0 X-Received: by 2002:a17:902:5914:: with SMTP id o20-v6mr23283328pli.196.1517486051215; Thu, 01 Feb 2018 03:54:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517486051; cv=none; d=google.com; s=arc-20160816; b=tqQAkEPw/YlAd7YnpW6eVOkTiaWjqRgrSpvb1qmE3ZDX+wcD+Tw7C3fS4MFDKHNGAs e9cxdSx3JTQnjnMs0y+NScQm0unSZqUlf55c1P5YE1L74r5xtHAgJfnfuiF3vooTWe8/ nARreWvq5Dd1HQLsHcr2uiyqgzdqAYzOziPQLjmSPgf6OPBwATW5vmXhhV/ymoMmApNw /BmRfKnVYRcdw4gQCQytqd99a+7KWOAfkkgnfN3HbeuAy0DPsffPcbQSqVpe28AcRg8/ ipQepXCb4V8z84au5XGyksCgVUIjNhEvUisvAVD9GkVQ0rR6pnsE4gdQ8IOUCZs20IEz g/mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=T+q0jynEwucKE3mPKKiWPmBV+LzlsoeJq+WazJ8I1Uw=; b=zo4jpLdIaBnM0DWZYzKKSPmwPdBYMDP136GXPng32LaCd1QGByALu08MX1ImOH6/RZ 6N+s0AearzvmUZRjzWQwbbc1pG32Wwp3HP+42fR5CHTn8rKB+kLsGLrl4RsjzZ0tupi6 nqjo8PPacH/ObPoJUZc9ODzWWQ2RNzB00EVz1GNkIoW4b8vPvjc8vLZhXsWt1z2439wP PpS0DqHiIMez7rAxJ4k6YtDPlE77j1pDdLfkOmwQXObyAekjRl2zqItOwwvC2FfOvsyy Kfkn3DCFHRkN8OmU/1dlK20fLwRZ24E3LYV8GrgjFna5CFAZ/2HkiiTX8amt7xHGM6oF gZKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u2-v6si1024695plm.757.2018.02.01.03.53.56; Thu, 01 Feb 2018 03:54:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752288AbeBALrh (ORCPT + 99 others); Thu, 1 Feb 2018 06:47:37 -0500 Received: from foss.arm.com ([217.140.101.70]:48272 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751909AbeBALrh (ORCPT ); Thu, 1 Feb 2018 06:47:37 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9C5D980D; Thu, 1 Feb 2018 03:47:36 -0800 (PST) Received: from approximate.cambridge.arm.com (approximate.cambridge.arm.com [10.1.207.62]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D30173F25C; Thu, 1 Feb 2018 03:47:33 -0800 (PST) From: Marc Zyngier To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu Cc: Catalin Marinas , Will Deacon , Peter Maydell , Christoffer Dall , Lorenzo Pieralisi , Mark Rutland , Robin Murphy , Ard Biesheuvel , Andrew Jones , Hanjun Guo , Jayachandran C , Jon Masters , Russell King - ARM Linux Subject: [PATCH v3 00/18] arm64: Add SMCCC v1.1 support and CVE-2017-5715 (Spectre variant 2) mitigation Date: Thu, 1 Feb 2018 11:46:39 +0000 Message-Id: <20180201114657.7323-1-marc.zyngier@arm.com> X-Mailer: git-send-email 2.14.2 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ARM has recently published a SMC Calling Convention (SMCCC) specification update[1] that provides an optimised calling convention and optional, discoverable support for mitigating CVE-2017-5715. ARM Trusted Firmware (ATF) has already gained such an implementation[2]. This series addresses a few things: - It provides a KVM implementation of PSCI v1.0, which is a prerequisite for being able to discover SMCCC v1.1, together with a new userspace API to control the PSCI revision number that the guest sees. - It allows KVM to advertise SMCCC v1.1, which is de-facto supported already (it never corrupts any of the guest registers). - It implements KVM support for the ARCH_WORKAROUND_1 function that is used to mitigate CVE-2017-5715 in a guest (if such mitigation is available on the host). - It implements SMCCC v1.1 and ARCH_WORKAROUND_1 discovery support in the kernel itself. - It finally provides firmware callbacks for CVE-2017-5715 for both kernel and KVM and drop the initial PSCI_GET_VERSION based mitigation. Patch 1 is already merged, and included here for reference. Patches on top of arm64/for-next/core. Tested on Seattle and Juno, the latter with ATF implementing SMCCC v1.1. [1]: https://developer.arm.com/support/security-update/downloads/ [2]: https://github.com/ARM-software/arm-trusted-firmware/pull/1240 * From v2: - Fixed SMC handling in KVM - PSCI fixes and tidying up - SMCCC primitive rework for better code generation (both efficiency and correctness) - Remove PSCI_GET_VERSION as a mitigation vector * From v1: - Fixed 32bit build - Fix function number sign extension (Ard) - Inline SMCCC v1.1 primitives (cpp soup) - Prevent SMCCC spamming on feature probing - Random fixes and tidying up Marc Zyngier (18): arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls arm64: KVM: Increment PC after handling an SMC trap arm/arm64: KVM: Consolidate the PSCI include files arm/arm64: KVM: Add PSCI_VERSION helper arm/arm64: KVM: Add smccc accessors to PSCI code arm/arm64: KVM: Implement PSCI 1.0 support arm/arm64: KVM: Add PSCI version selection API arm/arm64: KVM: Advertise SMCCC v1.1 arm/arm64: KVM: Turn kvm_psci_version into a static inline arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling firmware/psci: Expose PSCI conduit firmware/psci: Expose SMCCC version through psci_ops arm/arm64: smccc: Make function identifiers an unsigned quantity arm/arm64: smccc: Implement SMCCC v1.1 inline primitive arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Documentation/virtual/kvm/api.txt | 3 +- Documentation/virtual/kvm/arm/psci.txt | 30 +++++ arch/arm/include/asm/kvm_host.h | 10 ++ arch/arm/include/asm/kvm_psci.h | 27 ----- arch/arm/include/uapi/asm/kvm.h | 6 + arch/arm/kvm/guest.c | 13 +++ arch/arm/kvm/handle_exit.c | 17 ++- arch/arm64/include/asm/kvm_host.h | 9 ++ arch/arm64/include/asm/kvm_psci.h | 27 ----- arch/arm64/include/uapi/asm/kvm.h | 6 + arch/arm64/kernel/bpi.S | 44 ++++---- arch/arm64/kernel/cpu_errata.c | 77 ++++++++++--- arch/arm64/kvm/guest.c | 14 ++- arch/arm64/kvm/handle_exit.c | 18 ++- arch/arm64/kvm/hyp/hyp-entry.S | 20 +++- arch/arm64/kvm/hyp/switch.c | 14 +-- drivers/firmware/psci.c | 47 +++++++- include/kvm/arm_psci.h | 63 +++++++++++ include/linux/arm-smccc.h | 167 +++++++++++++++++++++++++++- include/linux/psci.h | 13 +++ include/uapi/linux/psci.h | 3 + virt/kvm/arm/arm.c | 2 +- virt/kvm/arm/psci.c | 196 +++++++++++++++++++++++++++++---- 23 files changed, 677 insertions(+), 149 deletions(-) create mode 100644 Documentation/virtual/kvm/arm/psci.txt delete mode 100644 arch/arm/include/asm/kvm_psci.h delete mode 100644 arch/arm64/include/asm/kvm_psci.h create mode 100644 include/kvm/arm_psci.h -- 2.14.2