Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3316707imm; Tue, 29 May 2018 05:15:56 -0700 (PDT) X-Google-Smtp-Source: AB8JxZopQVXcWJ+xg/CnDurm0ejgo9c8b3m8WvAnCth4UIzYTVSnWreSCCyr0ayHQ/+3NVWX05Xo X-Received: by 2002:a63:9205:: with SMTP id o5-v6mr13689614pgd.233.1527596155974; Tue, 29 May 2018 05:15:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527596155; cv=none; d=google.com; s=arc-20160816; b=Gnb5EIxvK1hw/0l2+sUy+6axSofYWaPNnjuqam2qLAZqxXUagvKtyhLO/lv4rdIbS6 ccLs8V1AXjZeRhHcT4pCzazoGnqKBzXJNhJ/kAi6fFpkhI1D4C5p5lrEODgqdBiBO8Jh g6eSYjm/PIltbMwsBkb+bDfTsbRmuZG/9Jrl+NrX0cpeYEFJ9Y5IMLRoJUiQHJmXHnfj /s2VrIvVphSV1V6M7tIIgN3/kXHflxDrrgI52WWgP4HJ28SQj5V46eyaAkN2ukoM1Uhq 01/6lHtD+a6z1LQzMGWlUZgLin9UJQbs3LM+87mL6A1nxnpWB8ZRCcpXzNEQA1UleY1M 1yng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Xh8v/rxh9L4MIMXsVTSGiTh53GusMaCY+IDRMz1mKAY=; b=LPIwnMO7TqLyCz1TMdXGGggAvZc0Ot1m+cAxkhL3mv3xV7CgTGg6HjzFX0snc5WLoV P8RMOvtgsAQt0P5cvbnJj3GYh6C3NyVpASLkqREA9WZJQB7HuzeJ/KPp+Gkk4WhX29Hq JqJrNey1jlMRFTjn/oJzv7KmJMhoJ7Qqm0TKOi7kfgOwUyyswuh3E8Dm6irkXnrFmYuP jxEKWzAf07CpdxBDARnK92/eAmXoxn8TlBlB4uzUOtvcQXJTcaiFpE0W04kte0aD7wPT tGY1OQUzhhFcnLSr6mnjfDcGnsk2V0sSFSXzRrK7sf+FKwr/gXqe2mnynTR2MiE2jxgW sDPQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b17-v6si25232180pgv.196.2018.05.29.05.15.41; Tue, 29 May 2018 05:15:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933923AbeE2MNp (ORCPT + 99 others); Tue, 29 May 2018 08:13:45 -0400 Received: from foss.arm.com ([217.140.101.70]:38614 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933818AbeE2MME (ORCPT ); Tue, 29 May 2018 08:12:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6F7421688; Tue, 29 May 2018 05:12:04 -0700 (PDT) Received: from approximate.cambridge.arm.com (approximate.cambridge.arm.com [10.1.206.75]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 18FAA3F53D; Tue, 29 May 2018 05:12:01 -0700 (PDT) From: Marc Zyngier To: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: Will Deacon , Catalin Marinas , Thomas Gleixner , Andy Lutomirski , Kees Cook , Greg Kroah-Hartman , Christoffer Dall , Randy Dunlap , Dominik Brodowski , Julien Grall , Mark Rutland Subject: [PATCH v2 13/17] arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests Date: Tue, 29 May 2018 13:11:17 +0100 Message-Id: <20180529121121.24927-14-marc.zyngier@arm.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180529121121.24927-1-marc.zyngier@arm.com> References: <20180529121121.24927-1-marc.zyngier@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In order to forward the guest's ARCH_WORKAROUND_2 calls to EL3, add a small(-ish) sequence to handle it at EL2. Special care must be taken to track the state of the guest itself by updating the workaround flags. We also rely on patching to enable calls into the firmware. Note that since we need to execute branches, this always executes after the Spectre-v2 mitigation has been applied. Reviewed-by: Mark Rutland Signed-off-by: Marc Zyngier --- arch/arm64/kernel/asm-offsets.c | 1 + arch/arm64/kvm/hyp/hyp-entry.S | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index 5bdda651bd05..323aeb5f2fe6 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -136,6 +136,7 @@ int main(void) #ifdef CONFIG_KVM_ARM_HOST DEFINE(VCPU_CONTEXT, offsetof(struct kvm_vcpu, arch.ctxt)); DEFINE(VCPU_FAULT_DISR, offsetof(struct kvm_vcpu, arch.fault.disr_el1)); + DEFINE(VCPU_WORKAROUND_FLAGS, offsetof(struct kvm_vcpu, arch.workaround_flags)); DEFINE(CPU_GP_REGS, offsetof(struct kvm_cpu_context, gp_regs)); DEFINE(CPU_USER_PT_REGS, offsetof(struct kvm_regs, regs)); DEFINE(CPU_FP_REGS, offsetof(struct kvm_regs, fp_regs)); diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S index bffece27b5c1..05d836979032 100644 --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -106,8 +106,44 @@ el1_hvc_guest: */ ldr x1, [sp] // Guest's x0 eor w1, w1, #ARM_SMCCC_ARCH_WORKAROUND_1 + cbz w1, wa_epilogue + + /* ARM_SMCCC_ARCH_WORKAROUND_2 handling */ + eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_1 ^ \ + ARM_SMCCC_ARCH_WORKAROUND_2) cbnz w1, el1_trap - mov x0, x1 + +#ifdef CONFIG_ARM64_SSBD +alternative_cb arm64_enable_wa2_handling + b wa2_end +alternative_cb_end + get_vcpu_ptr x2, x0 + ldr x0, [x2, #VCPU_WORKAROUND_FLAGS] + + // Sanitize the argument and update the guest flags + ldr x1, [sp, #8] // Guest's x1 + clz w1, w1 // Murphy's device: + lsr w1, w1, #5 // w1 = !!w1 without using + eor w1, w1, #1 // the flags... + bfi x0, x1, #VCPU_WORKAROUND_2_FLAG_SHIFT, #1 + str x0, [x2, #VCPU_WORKAROUND_FLAGS] + + /* Check that we actually need to perform the call */ + hyp_ldr_this_cpu x0, arm64_ssbd_callback_required, x2 + cbz x0, wa2_end + + mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2 + smc #0 + + /* Don't leak data from the SMC call */ + mov x3, xzr +wa2_end: + mov x2, xzr + mov x1, xzr +#endif + +wa_epilogue: + mov x0, xzr add sp, sp, #16 eret -- 2.14.2