From: James Morse <james.morse@xxxxxxx> commit a5905d6af492ee6a4a2205f0d550b3f931b03d03 upstream. KVM allows the guest to discover whether the ARCH_WORKAROUND SMCCC are implemented, and to preserve that state during migration through its firmware register interface. Add the necessary boiler plate for SMCCC_ARCH_WORKAROUND_3. Reviewed-by: Russell King (Oracle) <rmk+kernel@xxxxxxxxxxxxxxx> Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx> [ kvm code moved to virt/kvm/arm, removed fw regs ABI. Added 32bit stub ] Signed-off-by: James Morse <james.morse@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/arm/include/asm/kvm_host.h | 6 ++++++ arch/arm64/include/asm/kvm_host.h | 5 +++++ virt/kvm/arm/psci.c | 12 ++++++++++++ 3 files changed, 23 insertions(+) --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -26,6 +26,7 @@ #include <asm/kvm_asm.h> #include <asm/kvm_mmio.h> #include <asm/fpstate.h> +#include <asm/spectre.h> #include <kvm/arm_arch_timer.h> #define __KVM_HAVE_ARCH_INTC_INITIALIZED @@ -324,4 +325,9 @@ static inline int kvm_arm_have_ssbd(void return KVM_SSBD_UNKNOWN; } +static inline int kvm_arm_get_spectre_bhb_state(void) +{ + /* 32bit guests don't need firmware for this */ + return SPECTRE_VULNERABLE; /* aka SMCCC_RET_NOT_SUPPORTED */ +} #endif /* __ARM_KVM_HOST_H__ */ --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -450,4 +450,9 @@ static inline int kvm_arm_have_ssbd(void } } +static inline enum mitigation_state kvm_arm_get_spectre_bhb_state(void) +{ + return arm64_get_spectre_bhb_state(); +} + #endif /* __ARM64_KVM_HOST_H__ */ --- a/virt/kvm/arm/psci.c +++ b/virt/kvm/arm/psci.c @@ -433,6 +433,18 @@ int kvm_hvc_call_handler(struct kvm_vcpu break; } break; + case ARM_SMCCC_ARCH_WORKAROUND_3: + switch (kvm_arm_get_spectre_bhb_state()) { + case SPECTRE_VULNERABLE: + break; + case SPECTRE_MITIGATED: + val = SMCCC_RET_SUCCESS; + break; + case SPECTRE_UNAFFECTED: + val = SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED; + break; + } + break; } break; default: Patches currently in stable-queue which might be from james.morse@xxxxxxx are queue-4.14/arm64-entry-add-macro-for-reading-symbol-addresses-from-the-trampoline.patch queue-4.14/arm64-use-the-clearbhb-instruction-in-mitigations.patch queue-4.14/arm64-add-percpu-vectors-for-el1.patch queue-4.14/arm64-arch_timer-add-workaround-for-arm-erratum-1188873.patch queue-4.14/arm64-entry-free-up-another-register-on-kpti-s-tramp_exit-path.patch queue-4.14/arm64-entry-don-t-assume-tramp_vectors-is-the-start-of-the-vectors.patch queue-4.14/arm64-entry-make-the-trampoline-cleanup-optional.patch queue-4.14/arm64-add-silicon-errata.txt-entry-for-arm-erratum-1188873.patch queue-4.14/kvm-arm64-add-templates-for-bhb-mitigation-sequences.patch queue-4.14/arm64-entry-add-non-kpti-__bp_harden_el1_vectors-for-mitigations.patch queue-4.14/arm64-add-id_aa64isar2_el1-sys-register.patch queue-4.14/kvm-arm64-allow-smccc_arch_workaround_3-to-be-discovered-and-migrated.patch queue-4.14/arm64-add-neoverse-n2-cortex-a710-cpu-part-definition.patch queue-4.14/arm64-arch_timer-avoid-unused-function-warning.patch queue-4.14/arm64-entry-move-trampoline-macros-out-of-ifdef-d-section.patch queue-4.14/arm64-entry-allow-tramp_alias-to-access-symbols-after-the-4k-boundary.patch queue-4.14/arm64-add-part-number-for-arm-cortex-a77.patch queue-4.14/arm64-entry-move-the-trampoline-data-page-before-the-text-page.patch queue-4.14/arm64-entry.s-add-ventry-overflow-sanity-checks.patch queue-4.14/arm64-add-part-number-for-neoverse-n1.patch queue-4.14/arm64-entry-add-vectors-that-have-the-bhb-mitigation-sequences.patch queue-4.14/arm64-make-arm64_erratum_1188873-depend-on-compat.patch queue-4.14/arm64-mitigate-spectre-style-branch-history-side-channels.patch queue-4.14/arm64-entry-allow-the-trampoline-text-to-occupy-multiple-pages.patch queue-4.14/arm64-proton-pack-report-spectre-bhb-vulnerabilities-as-part-of-spectre-v2.patch queue-4.14/arm64-add-cortex-x2-cpu-part-definition.patch queue-4.14/arm64-entry-make-the-kpti-trampoline-s-kpti-sequence-optional.patch