Skip to content

Commit d63d975

Browse files
Marc Zyngierwilldeacon
Marc Zyngier
authored and
willdeacon
committed
KVM: arm64: Convert ARCH_WORKAROUND_2 to arm64_get_spectre_v4_state()
Convert the KVM WA2 code to using the Spectre infrastructure, making the code much more readable. It also allows us to take SSBS into account for the mitigation. Signed-off-by: Marc Zyngier <maz@kernel.org> Signed-off-by: Will Deacon <will@kernel.org>
1 parent 7311467 commit d63d975

3 files changed

Lines changed: 30 additions & 14 deletions

File tree

arch/arm64/kvm/arm.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1292,7 +1292,7 @@ static void cpu_init_hyp_mode(void)
12921292
* at EL2.
12931293
*/
12941294
if (this_cpu_has_cap(ARM64_SSBS) &&
1295-
arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE) {
1295+
arm64_get_spectre_v4_state() == SPECTRE_VULNERABLE) {
12961296
kvm_call_hyp_nvhe(__kvm_enable_ssbs);
12971297
}
12981298
}

arch/arm64/kvm/hypercalls.c

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,24 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
3636
}
3737
break;
3838
case ARM_SMCCC_ARCH_WORKAROUND_2:
39-
switch (arm64_get_ssbd_state()) {
40-
case ARM64_SSBD_FORCE_DISABLE:
41-
case ARM64_SSBD_UNKNOWN:
39+
switch (arm64_get_spectre_v4_state()) {
40+
case SPECTRE_VULNERABLE:
4241
break;
43-
case ARM64_SSBD_KERNEL:
44-
case ARM64_SSBD_FORCE_ENABLE:
45-
case ARM64_SSBD_MITIGATED:
42+
case SPECTRE_MITIGATED:
43+
/*
44+
* SSBS everywhere: Indicate no firmware
45+
* support, as the SSBS support will be
46+
* indicated to the guest and the default is
47+
* safe.
48+
*
49+
* Otherwise, expose a permanent mitigation
50+
* to the guest, and hide SSBS so that the
51+
* guest stays protected.
52+
*/
53+
if (cpus_have_final_cap(ARM64_SSBS))
54+
break;
55+
fallthrough;
56+
case SPECTRE_UNAFFECTED:
4657
val = SMCCC_RET_NOT_REQUIRED;
4758
break;
4859
}

arch/arm64/kvm/psci.c

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -435,14 +435,19 @@ static int get_kernel_wa_level(u64 regid)
435435
}
436436
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL;
437437
case KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:
438-
switch (arm64_get_ssbd_state()) {
439-
case ARM64_SSBD_FORCE_ENABLE:
440-
case ARM64_SSBD_MITIGATED:
441-
case ARM64_SSBD_KERNEL:
438+
switch (arm64_get_spectre_v4_state()) {
439+
case SPECTRE_MITIGATED:
440+
/*
441+
* As for the hypercall discovery, we pretend we
442+
* don't have any FW mitigation if SSBS is there at
443+
* all times.
444+
*/
445+
if (cpus_have_final_cap(ARM64_SSBS))
446+
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
447+
fallthrough;
448+
case SPECTRE_UNAFFECTED:
442449
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED;
443-
case ARM64_SSBD_UNKNOWN:
444-
case ARM64_SSBD_FORCE_DISABLE:
445-
default:
450+
case SPECTRE_VULNERABLE:
446451
return KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL;
447452
}
448453
}

0 commit comments

Comments
 (0)