Hi, a minor update compared to v3, addressing the comments from the diligent reviewers, regarding value checking and the API documentation. See below for the changelog. Cheers, Andre ----------------------------- Workarounds for Spectre variant 2 or 4 vulnerabilities require some help from the firmware, so KVM implements an interface to provide that for guests. When such a guest is migrated, we want to make sure we don't loose the protection the guest relies on. This introduces two new firmware registers in KVM's GET/SET_ONE_REG interface, so userland can save the level of protection implemented by the hypervisor and used by the guest. Upon restoring these registers, we make sure we don't downgrade and reject any values that would mean weaker protection. The protection level is encoded in the lower 4 bits, with smaller values indicating weaker protection. Patch 1 implements the two firmware registers, patch 2 adds the documentation. ARM(32) is a bit of a pain (again), as the firmware register interface is shared, but 32-bit does not implement all the workarounds. For now I stuffed two wrappers into kvm_emulate.h, which doesn't sound like the best solution. Happy to hear about better solutions. This has been tested with migration between two Juno systems. Out of the box they advertise identical workaround levels, and migration succeeds. However when disabling the A57 cluster on one system, WORKAROUND_1 is not needed and the host kernel disables this. Migration between the two now fails, as expected. Please have a look and comment! Cheers, Andre [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2019-February/635694.html Changelog: v3 .. v4: - clarify API documentation for WORKAROUND_1 - check for unknown bits in userland provided register values - report proper -ENOENT when register ID is unknown v2 .. v3: - rebase against latest kvm-arm/next - introduce UNAFFECTED value for WORKAROUND_1 - require exact match for WORKAROUND_1 levels v1 .. v2: - complete rework of WORKAROUND_2 presentation to use a linear scale, dropping the complicated comparison routine *** BLURB HERE *** Andre Przywara (2): KVM: arm/arm64: Add save/restore support for firmware workaround state KVM: doc: add API documentation on the KVM_REG_ARM_WORKAROUNDS register Documentation/virtual/kvm/arm/psci.txt | 25 +++++ arch/arm/include/asm/kvm_emulate.h | 10 ++ arch/arm/include/uapi/asm/kvm.h | 10 ++ arch/arm64/include/asm/kvm_emulate.h | 14 +++ arch/arm64/include/uapi/asm/kvm.h | 9 ++ virt/kvm/arm/psci.c | 128 +++++++++++++++++++++---- 6 files changed, 180 insertions(+), 16 deletions(-) -- 2.17.1
