Commit d63d975a authored by Marc Zyngier's avatar Marc Zyngier Committed by Will Deacon

KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()

Convert the KVM WA2 code to using the Spectre infrastructure,
making the code much more readable. It also allows us to
take SSBS into account for the mitigation.
Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent 73114677
...@@ -1292,7 +1292,7 @@ static void cpu_init_hyp_mode(void) ...@@ -1292,7 +1292,7 @@ static void cpu_init_hyp_mode(void)
* at EL2. * at EL2.
*/ */
if (this_cpu_has_cap(ARM64_SSBS) && if (this_cpu_has_cap(ARM64_SSBS) &&
arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) { arm64_get_spectre_v4_state() == SPECTRE_VULNERABLE) {
kvm_call_hyp_nvhe(__kvm_enable_ssbs); kvm_call_hyp_nvhe(__kvm_enable_ssbs);
} }
} }
......
...@@ -36,13 +36,24 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) ...@@ -36,13 +36,24 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
} }
break; break;
case ARM_SMCCC_ARCH_WORKAROUND_2: case ARM_SMCCC_ARCH_WORKAROUND_2:
switch (arm64_get_ssbd_state()) { switch (arm64_get_spectre_v4_state()) {
case ARM64_SSBD_FORCE_DISABLE: case SPECTRE_VULNERABLE:
case ARM64_SSBD_UNKNOWN: break;
case SPECTRE_MITIGATED:
/*
* SSBS everywhere: Indicate no firmware
* support, as the SSBS support will be
* indicated to the guest and the default is
* safe.
*
* Otherwise, expose a permanent mitigation
* to the guest, and hide SSBS so that the
* guest stays protected.
*/
if (cpus_have_final_cap(ARM64_SSBS))
break; break;
case ARM64_SSBD_KERNEL: fallthrough;
case ARM64_SSBD_FORCE_ENABLE: case SPECTRE_UNAFFECTED:
case ARM64_SSBD_MITIGATED:
val = SMCCC_RET_NOT_REQUIRED; val = SMCCC_RET_NOT_REQUIRED;
break; break;
} }
......
...@@ -435,14 +435,19 @@ static int get_kernel_wa_level(u64 regid) ...@@ -435,14 +435,19 @@ static int get_kernel_wa_level(u64 regid)
} }
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL; return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;
case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2: case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:
switch (arm64_get_ssbd_state()) { switch (arm64_get_spectre_v4_state()) {
case ARM64_SSBD_FORCE_ENABLE: case SPECTRE_MITIGATED:
case ARM64_SSBD_MITIGATED: /*
case ARM64_SSBD_KERNEL: * As for the hypercall discovery, we pretend we
* don't have any FW mitigation if SSBS is there at
* all times.
*/
if (cpus_have_final_cap(ARM64_SSBS))
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
fallthrough;
case SPECTRE_UNAFFECTED:
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED; return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;
case ARM64_SSBD_UNKNOWN: case SPECTRE_VULNERABLE:
case ARM64_SSBD_FORCE_DISABLE:
default:
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL; return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment