From 6be9649873c9932bafbb2b3a9edf990e22afd277 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 3 Nov 2020 21:22:13 +0100 Subject: [PATCH] 5.4-stable patches added patches: kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch --- ...oesn-t-return-smccc_ret_not_required.patch | 83 +++++++++++++++++++ queue-5.4/series | 1 + 2 files changed, 84 insertions(+) create mode 100644 queue-5.4/kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch diff --git a/queue-5.4/kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch b/queue-5.4/kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch new file mode 100644 index 00000000000..4d9ae84c518 --- /dev/null +++ b/queue-5.4/kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch @@ -0,0 +1,83 @@ +From 1de111b51b829bcf01d2e57971f8fd07a665fa3f Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Fri, 23 Oct 2020 08:47:50 -0700 +Subject: KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED + +From: Stephen Boyd + +commit 1de111b51b829bcf01d2e57971f8fd07a665fa3f upstream. + +According to the SMCCC spec[1](7.5.2 Discovery) the +ARM_SMCCC_ARCH_WORKAROUND_1 function id only returns 0, 1, and +SMCCC_RET_NOT_SUPPORTED. + + 0 is "workaround required and safe to call this function" + 1 is "workaround not required but safe to call this function" + SMCCC_RET_NOT_SUPPORTED is "might be vulnerable or might not be, who knows, I give up!" + +SMCCC_RET_NOT_SUPPORTED might as well mean "workaround required, except +calling this function may not work because it isn't implemented in some +cases". Wonderful. We map this SMC call to + + 0 is SPECTRE_MITIGATED + 1 is SPECTRE_UNAFFECTED + SMCCC_RET_NOT_SUPPORTED is SPECTRE_VULNERABLE + +For KVM hypercalls (hvc), we've implemented this function id to return +SMCCC_RET_NOT_SUPPORTED, 0, and SMCCC_RET_NOT_REQUIRED. One of those +isn't supposed to be there. Per the code we call +arm64_get_spectre_v2_state() to figure out what to return for this +feature discovery call. + + 0 is SPECTRE_MITIGATED + SMCCC_RET_NOT_REQUIRED is SPECTRE_UNAFFECTED + SMCCC_RET_NOT_SUPPORTED is SPECTRE_VULNERABLE + +Let's clean this up so that KVM tells the guest this mapping: + + 0 is SPECTRE_MITIGATED + 1 is SPECTRE_UNAFFECTED + SMCCC_RET_NOT_SUPPORTED is SPECTRE_VULNERABLE + +Note: SMCCC_RET_NOT_AFFECTED is 1 but isn't part of the SMCCC spec + +Fixes: c118bbb52743 ("arm64: KVM: Propagate full Spectre v2 workaround state to KVM guests") +Signed-off-by: Stephen Boyd +Acked-by: Marc Zyngier +Acked-by: Will Deacon +Cc: Andre Przywara +Cc: Steven Price +Cc: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://developer.arm.com/documentation/den0028/latest [1] +Link: https://lore.kernel.org/r/20201023154751.1973872-1-swboyd@chromium.org +Signed-off-by: Will Deacon +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/arm-smccc.h | 2 ++ + virt/kvm/arm/psci.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/include/linux/arm-smccc.h ++++ b/include/linux/arm-smccc.h +@@ -76,6 +76,8 @@ + ARM_SMCCC_SMC_32, \ + 0, 0x7fff) + ++#define SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED 1 ++ + #ifndef __ASSEMBLY__ + + #include +--- a/virt/kvm/arm/psci.c ++++ b/virt/kvm/arm/psci.c +@@ -408,7 +408,7 @@ int kvm_hvc_call_handler(struct kvm_vcpu + val = SMCCC_RET_SUCCESS; + break; + case KVM_BP_HARDEN_NOT_REQUIRED: +- val = SMCCC_RET_NOT_REQUIRED; ++ val = SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED; + break; + } + break; diff --git a/queue-5.4/series b/queue-5.4/series index 7647ec9623c..aa6c6fc16a6 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -211,3 +211,4 @@ staging-fieldbus-anybuss-jump-to-correct-label-in-an-error-path.patch staging-comedi-cb_pcidas-allow-2-channel-commands-for-ao-subdevice.patch staging-octeon-repair-fixed-link-support.patch staging-octeon-drop-on-uncorrectable-alignment-or-fcs-error.patch +kvm-arm64-arm_smccc_arch_workaround_1-doesn-t-return-smccc_ret_not_required.patch -- 2.47.3