On Mon, Apr 30, 2018 at 04:12:35PM +0100, Marc Zyngier wrote: > On 30/04/18 16:09, Greg KH wrote: > > On Mon, Apr 30, 2018 at 04:37:48PM +0200, Christoffer Dall wrote: > >> On Sun, Apr 29, 2018 at 02:34:45PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > >>> The patch below was submitted to be applied to the 4.16-stable tree. > >>> > >>> I fail to see how this patch meets the stable kernel rules as found at > >>> Documentation/process/stable-kernel-rules.rst. > >>> > >>> I could be totally wrong, and if so, please respond to > >>> <stable@xxxxxxxxxxxxxxx> and let me know why this patch should be > >>> applied. Otherwise, it is now dropped from my patch queues, never to be > >>> seen again. > >> > >> This patch ensures that current userspace drivers of KVM VMs will fail > >> migration to targets that do not support spectre/meltdown mitigations. > >> Without this patch, VMs can be migrated to hosts that do not have > >> mitigation support without any warning to the system admin. We > >> considered this a real security issue as per the stable kernel rules. > >> > >> If you disagree, feel free to drop this patch without further > >> discussion. > >> > >> Thanks, > >> -Christoffer > >> > >>> > >>> ------------------ original commit in Linus's tree ------------------ > >>> > >>> From 85bd0ba1ff9875798fad94218b627ea9f768f3c3 Mon Sep 17 00:00:00 2001 > >>> From: Marc Zyngier <marc.zyngier@xxxxxxx> > >>> Date: Sun, 21 Jan 2018 16:42:56 +0000 > >>> Subject: [PATCH] arm/arm64: KVM: Add PSCI version selection API > >>> > >>> Although we've implemented PSCI 0.1, 0.2 and 1.0, we expose either 0.1 > >>> or 1.0 to a guest, defaulting to the latest version of the PSCI > >>> implementation that is compatible with the requested version. This is > >>> no different from doing a firmware upgrade on KVM. > >>> > >>> But in order to give a chance to hypothetical badly implemented guests > >>> that would have a fit by discovering something other than PSCI 0.2, > >>> let's provide a new API that allows userspace to pick one particular > >>> version of the API. > >>> > >>> This is implemented as a new class of "firmware" registers, where > >>> we expose the PSCI version. This allows the PSCI version to be > >>> save/restored as part of a guest migration, and also set to > >>> any supported version if the guest requires it. > >>> > >>> Cc: stable@xxxxxxxxxxxxxxx #4.16 > >>> Reviewed-by: Christoffer Dall <cdall@xxxxxxxxxx> > >>> Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx> > > > > Also, it looks like this applies cleanly to 4.14.y, do you want it there > > as well? > Yes. It is likely that any backport of the Spectre series will want this > as well. It worked for 4.14.y, but does not apply at all to 4.9.y, which does have the ARM spectre fixes in it. If someone could provide a working backport for there, I would be glad to apply it. thanks, greg k-h