tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
"ARM:
- fix incorrect huge page mappings on systems using the contiguous
hint for hugetlbfs
- support alternative GICv4 init sequence
- correctly implement the ARM SMCC for HVC and SMC handling

PPC:
- add KVM IOCTL for reporting vulnerability and workaround status

s390:
- provide userspace interface for branch prediction changes in
firmware

x86:
- use correct macros for bits"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: s390: wire up bpb feature
KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds
KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs()
arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: arm64: Fix GICv4 init when called from vgic_its_create
KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2

Linus Torvalds 24b61240 e6252e7f

+245 -11
+46
Documentation/virtual/kvm/api.txt
··· 3403 3403 or if no page table is present for the addresses (e.g. when using 3404 3404 hugepages). 3405 3405 3406 + 4.108 KVM_PPC_GET_CPU_CHAR 3407 + 3408 + Capability: KVM_CAP_PPC_GET_CPU_CHAR 3409 + Architectures: powerpc 3410 + Type: vm ioctl 3411 + Parameters: struct kvm_ppc_cpu_char (out) 3412 + Returns: 0 on successful completion 3413 + -EFAULT if struct kvm_ppc_cpu_char cannot be written 3414 + 3415 + This ioctl gives userspace information about certain characteristics 3416 + of the CPU relating to speculative execution of instructions and 3417 + possible information leakage resulting from speculative execution (see 3418 + CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). The information is 3419 + returned in struct kvm_ppc_cpu_char, which looks like this: 3420 + 3421 + struct kvm_ppc_cpu_char { 3422 + __u64 character; /* characteristics of the CPU */ 3423 + __u64 behaviour; /* recommended software behaviour */ 3424 + __u64 character_mask; /* valid bits in character */ 3425 + __u64 behaviour_mask; /* valid bits in behaviour */ 3426 + }; 3427 + 3428 + For extensibility, the character_mask and behaviour_mask fields 3429 + indicate which bits of character and behaviour have been filled in by 3430 + the kernel. If the set of defined bits is extended in future then 3431 + userspace will be able to tell whether it is running on a kernel that 3432 + knows about the new bits. 3433 + 3434 + The character field describes attributes of the CPU which can help 3435 + with preventing inadvertent information disclosure - specifically, 3436 + whether there is an instruction to flash-invalidate the L1 data cache 3437 + (ori 30,30,0 or mtspr SPRN_TRIG2,rN), whether the L1 data cache is set 3438 + to a mode where entries can only be used by the thread that created 3439 + them, whether the bcctr[l] instruction prevents speculation, and 3440 + whether a speculation barrier instruction (ori 31,31,0) is provided. 3441 + 3442 + The behaviour field describes actions that software should take to 3443 + prevent inadvertent information disclosure, and thus describes which 3444 + vulnerabilities the hardware is subject to; specifically whether the 3445 + L1 data cache should be flushed when returning to user mode from the 3446 + kernel, and whether a speculation barrier should be placed between an 3447 + array bounds check and the array access. 3448 + 3449 + These fields use the same bit definitions as the new 3450 + H_GET_CPU_CHARACTERISTICS hypercall. 3451 + 3406 3452 5. The kvm_run structure 3407 3453 ------------------------ 3408 3454
+2 -2
arch/arm64/kvm/handle_exit.c
··· 45 45 46 46 ret = kvm_psci_call(vcpu); 47 47 if (ret < 0) { 48 - kvm_inject_undefined(vcpu); 48 + vcpu_set_reg(vcpu, 0, ~0UL); 49 49 return 1; 50 50 } 51 51 ··· 54 54 55 55 static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) 56 56 { 57 - kvm_inject_undefined(vcpu); 57 + vcpu_set_reg(vcpu, 0, ~0UL); 58 58 return 1; 59 59 } 60 60
+25
arch/powerpc/include/uapi/asm/kvm.h
··· 443 443 __u32 ap_encodings[8]; 444 444 }; 445 445 446 + /* For KVM_PPC_GET_CPU_CHAR */ 447 + struct kvm_ppc_cpu_char { 448 + __u64 character; /* characteristics of the CPU */ 449 + __u64 behaviour; /* recommended software behaviour */ 450 + __u64 character_mask; /* valid bits in character */ 451 + __u64 behaviour_mask; /* valid bits in behaviour */ 452 + }; 453 + 454 + /* 455 + * Values for character and character_mask. 456 + * These are identical to the values used by H_GET_CPU_CHARACTERISTICS. 457 + */ 458 + #define KVM_PPC_CPU_CHAR_SPEC_BAR_ORI31 (1ULL << 63) 459 + #define KVM_PPC_CPU_CHAR_BCCTRL_SERIALISED (1ULL << 62) 460 + #define KVM_PPC_CPU_CHAR_L1D_FLUSH_ORI30 (1ULL << 61) 461 + #define KVM_PPC_CPU_CHAR_L1D_FLUSH_TRIG2 (1ULL << 60) 462 + #define KVM_PPC_CPU_CHAR_L1D_THREAD_PRIV (1ULL << 59) 463 + #define KVM_PPC_CPU_CHAR_BR_HINT_HONOURED (1ULL << 58) 464 + #define KVM_PPC_CPU_CHAR_MTTRIG_THR_RECONF (1ULL << 57) 465 + #define KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS (1ULL << 56) 466 + 467 + #define KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY (1ULL << 63) 468 + #define KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR (1ULL << 62) 469 + #define KVM_PPC_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ULL << 61) 470 + 446 471 /* Per-vcpu XICS interrupt controller state */ 447 472 #define KVM_REG_PPC_ICP_STATE (KVM_REG_PPC | KVM_REG_SIZE_U64 | 0x8c) 448 473
+131
arch/powerpc/kvm/powerpc.c
··· 39 39 #include <asm/iommu.h> 40 40 #include <asm/switch_to.h> 41 41 #include <asm/xive.h> 42 + #ifdef CONFIG_PPC_PSERIES 43 + #include <asm/hvcall.h> 44 + #include <asm/plpar_wrappers.h> 45 + #endif 42 46 43 47 #include "timing.h" 44 48 #include "irq.h" ··· 552 548 #ifdef CONFIG_KVM_XICS 553 549 case KVM_CAP_IRQ_XICS: 554 550 #endif 551 + case KVM_CAP_PPC_GET_CPU_CHAR: 555 552 r = 1; 556 553 break; 557 554 ··· 1764 1759 return r; 1765 1760 } 1766 1761 1762 + #ifdef CONFIG_PPC_BOOK3S_64 1763 + /* 1764 + * These functions check whether the underlying hardware is safe 1765 + * against attacks based on observing the effects of speculatively 1766 + * executed instructions, and whether it supplies instructions for 1767 + * use in workarounds. The information comes from firmware, either 1768 + * via the device tree on powernv platforms or from an hcall on 1769 + * pseries platforms. 1770 + */ 1771 + #ifdef CONFIG_PPC_PSERIES 1772 + static int pseries_get_cpu_char(struct kvm_ppc_cpu_char *cp) 1773 + { 1774 + struct h_cpu_char_result c; 1775 + unsigned long rc; 1776 + 1777 + if (!machine_is(pseries)) 1778 + return -ENOTTY; 1779 + 1780 + rc = plpar_get_cpu_characteristics(&c); 1781 + if (rc == H_SUCCESS) { 1782 + cp->character = c.character; 1783 + cp->behaviour = c.behaviour; 1784 + cp->character_mask = KVM_PPC_CPU_CHAR_SPEC_BAR_ORI31 | 1785 + KVM_PPC_CPU_CHAR_BCCTRL_SERIALISED | 1786 + KVM_PPC_CPU_CHAR_L1D_FLUSH_ORI30 | 1787 + KVM_PPC_CPU_CHAR_L1D_FLUSH_TRIG2 | 1788 + KVM_PPC_CPU_CHAR_L1D_THREAD_PRIV | 1789 + KVM_PPC_CPU_CHAR_BR_HINT_HONOURED | 1790 + KVM_PPC_CPU_CHAR_MTTRIG_THR_RECONF | 1791 + KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS; 1792 + cp->behaviour_mask = KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY | 1793 + KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR | 1794 + KVM_PPC_CPU_BEHAV_BNDS_CHK_SPEC_BAR; 1795 + } 1796 + return 0; 1797 + } 1798 + #else 1799 + static int pseries_get_cpu_char(struct kvm_ppc_cpu_char *cp) 1800 + { 1801 + return -ENOTTY; 1802 + } 1803 + #endif 1804 + 1805 + static inline bool have_fw_feat(struct device_node *fw_features, 1806 + const char *state, const char *name) 1807 + { 1808 + struct device_node *np; 1809 + bool r = false; 1810 + 1811 + np = of_get_child_by_name(fw_features, name); 1812 + if (np) { 1813 + r = of_property_read_bool(np, state); 1814 + of_node_put(np); 1815 + } 1816 + return r; 1817 + } 1818 + 1819 + static int kvmppc_get_cpu_char(struct kvm_ppc_cpu_char *cp) 1820 + { 1821 + struct device_node *np, *fw_features; 1822 + int r; 1823 + 1824 + memset(cp, 0, sizeof(*cp)); 1825 + r = pseries_get_cpu_char(cp); 1826 + if (r != -ENOTTY) 1827 + return r; 1828 + 1829 + np = of_find_node_by_name(NULL, "ibm,opal"); 1830 + if (np) { 1831 + fw_features = of_get_child_by_name(np, "fw-features"); 1832 + of_node_put(np); 1833 + if (!fw_features) 1834 + return 0; 1835 + if (have_fw_feat(fw_features, "enabled", 1836 + "inst-spec-barrier-ori31,31,0")) 1837 + cp->character |= KVM_PPC_CPU_CHAR_SPEC_BAR_ORI31; 1838 + if (have_fw_feat(fw_features, "enabled", 1839 + "fw-bcctrl-serialized")) 1840 + cp->character |= KVM_PPC_CPU_CHAR_BCCTRL_SERIALISED; 1841 + if (have_fw_feat(fw_features, "enabled", 1842 + "inst-l1d-flush-ori30,30,0")) 1843 + cp->character |= KVM_PPC_CPU_CHAR_L1D_FLUSH_ORI30; 1844 + if (have_fw_feat(fw_features, "enabled", 1845 + "inst-l1d-flush-trig2")) 1846 + cp->character |= KVM_PPC_CPU_CHAR_L1D_FLUSH_TRIG2; 1847 + if (have_fw_feat(fw_features, "enabled", 1848 + "fw-l1d-thread-split")) 1849 + cp->character |= KVM_PPC_CPU_CHAR_L1D_THREAD_PRIV; 1850 + if (have_fw_feat(fw_features, "enabled", 1851 + "fw-count-cache-disabled")) 1852 + cp->character |= KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS; 1853 + cp->character_mask = KVM_PPC_CPU_CHAR_SPEC_BAR_ORI31 | 1854 + KVM_PPC_CPU_CHAR_BCCTRL_SERIALISED | 1855 + KVM_PPC_CPU_CHAR_L1D_FLUSH_ORI30 | 1856 + KVM_PPC_CPU_CHAR_L1D_FLUSH_TRIG2 | 1857 + KVM_PPC_CPU_CHAR_L1D_THREAD_PRIV | 1858 + KVM_PPC_CPU_CHAR_COUNT_CACHE_DIS; 1859 + 1860 + if (have_fw_feat(fw_features, "enabled", 1861 + "speculation-policy-favor-security")) 1862 + cp->behaviour |= KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY; 1863 + if (!have_fw_feat(fw_features, "disabled", 1864 + "needs-l1d-flush-msr-pr-0-to-1")) 1865 + cp->behaviour |= KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR; 1866 + if (!have_fw_feat(fw_features, "disabled", 1867 + "needs-spec-barrier-for-bound-checks")) 1868 + cp->behaviour |= KVM_PPC_CPU_BEHAV_BNDS_CHK_SPEC_BAR; 1869 + cp->behaviour_mask = KVM_PPC_CPU_BEHAV_FAVOUR_SECURITY | 1870 + KVM_PPC_CPU_BEHAV_L1D_FLUSH_PR | 1871 + KVM_PPC_CPU_BEHAV_BNDS_CHK_SPEC_BAR; 1872 + 1873 + of_node_put(fw_features); 1874 + } 1875 + 1876 + return 0; 1877 + } 1878 + #endif 1879 + 1767 1880 long kvm_arch_vm_ioctl(struct file *filp, 1768 1881 unsigned int ioctl, unsigned long arg) 1769 1882 { ··· 1981 1858 goto out; 1982 1859 r = kvm->arch.kvm_ops->get_rmmu_info(kvm, &info); 1983 1860 if (r >= 0 && copy_to_user(argp, &info, sizeof(info))) 1861 + r = -EFAULT; 1862 + break; 1863 + } 1864 + case KVM_PPC_GET_CPU_CHAR: { 1865 + struct kvm_ppc_cpu_char cpuchar; 1866 + 1867 + r = kvmppc_get_cpu_char(&cpuchar); 1868 + if (r >= 0 && copy_to_user(argp, &cpuchar, sizeof(cpuchar))) 1984 1869 r = -EFAULT; 1985 1870 break; 1986 1871 }
+2 -1
arch/s390/include/asm/kvm_host.h
··· 207 207 __u16 ipa; /* 0x0056 */ 208 208 __u32 ipb; /* 0x0058 */ 209 209 __u32 scaoh; /* 0x005c */ 210 - __u8 reserved60; /* 0x0060 */ 210 + #define FPF_BPBC 0x20 211 + __u8 fpf; /* 0x0060 */ 211 212 #define ECB_GS 0x40 212 213 #define ECB_TE 0x10 213 214 #define ECB_SRSI 0x04
+4 -1
arch/s390/include/uapi/asm/kvm.h
··· 224 224 #define KVM_SYNC_RICCB (1UL << 7) 225 225 #define KVM_SYNC_FPRS (1UL << 8) 226 226 #define KVM_SYNC_GSCB (1UL << 9) 227 + #define KVM_SYNC_BPBC (1UL << 10) 227 228 /* length and alignment of the sdnx as a power of two */ 228 229 #define SDNXC 8 229 230 #define SDNXL (1UL << SDNXC) ··· 248 247 }; 249 248 __u8 reserved[512]; /* for future vector expansion */ 250 249 __u32 fpc; /* valid on KVM_SYNC_VRS or KVM_SYNC_FPRS */ 251 - __u8 padding1[52]; /* riccb needs to be 64byte aligned */ 250 + __u8 bpbc : 1; /* bp mode */ 251 + __u8 reserved2 : 7; 252 + __u8 padding1[51]; /* riccb needs to be 64byte aligned */ 252 253 __u8 riccb[64]; /* runtime instrumentation controls block */ 253 254 __u8 padding2[192]; /* sdnx needs to be 256byte aligned */ 254 255 union {
+12
arch/s390/kvm/kvm-s390.c
··· 421 421 case KVM_CAP_S390_GS: 422 422 r = test_facility(133); 423 423 break; 424 + case KVM_CAP_S390_BPB: 425 + r = test_facility(82); 426 + break; 424 427 default: 425 428 r = 0; 426 429 } ··· 2201 2198 kvm_s390_set_prefix(vcpu, 0); 2202 2199 if (test_kvm_facility(vcpu->kvm, 64)) 2203 2200 vcpu->run->kvm_valid_regs |= KVM_SYNC_RICCB; 2201 + if (test_kvm_facility(vcpu->kvm, 82)) 2202 + vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC; 2204 2203 if (test_kvm_facility(vcpu->kvm, 133)) 2205 2204 vcpu->run->kvm_valid_regs |= KVM_SYNC_GSCB; 2206 2205 /* fprs can be synchronized via vrs, even if the guest has no vx. With ··· 2344 2339 current->thread.fpu.fpc = 0; 2345 2340 vcpu->arch.sie_block->gbea = 1; 2346 2341 vcpu->arch.sie_block->pp = 0; 2342 + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; 2347 2343 vcpu->arch.pfault_token = KVM_S390_PFAULT_TOKEN_INVALID; 2348 2344 kvm_clear_async_pf_completion_queue(vcpu); 2349 2345 if (!kvm_s390_user_cpu_state_ctrl(vcpu->kvm)) ··· 3304 3298 vcpu->arch.sie_block->ecd |= ECD_HOSTREGMGMT; 3305 3299 vcpu->arch.gs_enabled = 1; 3306 3300 } 3301 + if ((kvm_run->kvm_dirty_regs & KVM_SYNC_BPBC) && 3302 + test_kvm_facility(vcpu->kvm, 82)) { 3303 + vcpu->arch.sie_block->fpf &= ~FPF_BPBC; 3304 + vcpu->arch.sie_block->fpf |= kvm_run->s.regs.bpbc ? FPF_BPBC : 0; 3305 + } 3307 3306 save_access_regs(vcpu->arch.host_acrs); 3308 3307 restore_access_regs(vcpu->run->s.regs.acrs); 3309 3308 /* save host (userspace) fprs/vrs */ ··· 3355 3344 kvm_run->s.regs.pft = vcpu->arch.pfault_token; 3356 3345 kvm_run->s.regs.pfs = vcpu->arch.pfault_select; 3357 3346 kvm_run->s.regs.pfc = vcpu->arch.pfault_compare; 3347 + kvm_run->s.regs.bpbc = (vcpu->arch.sie_block->fpf & FPF_BPBC) == FPF_BPBC; 3358 3348 save_access_regs(vcpu->run->s.regs.acrs); 3359 3349 restore_access_regs(vcpu->arch.host_acrs); 3360 3350 /* Save guest register state */
+10
arch/s390/kvm/vsie.c
··· 223 223 memcpy(scb_o->gcr, scb_s->gcr, 128); 224 224 scb_o->pp = scb_s->pp; 225 225 226 + /* branch prediction */ 227 + if (test_kvm_facility(vcpu->kvm, 82)) { 228 + scb_o->fpf &= ~FPF_BPBC; 229 + scb_o->fpf |= scb_s->fpf & FPF_BPBC; 230 + } 231 + 226 232 /* interrupt intercept */ 227 233 switch (scb_s->icptcode) { 228 234 case ICPT_PROGI: ··· 271 265 scb_s->ecb3 = 0; 272 266 scb_s->ecd = 0; 273 267 scb_s->fac = 0; 268 + scb_s->fpf = 0; 274 269 275 270 rc = prepare_cpuflags(vcpu, vsie_page); 276 271 if (rc) ··· 331 324 prefix_unmapped(vsie_page); 332 325 scb_s->ecb |= scb_o->ecb & ECB_TE; 333 326 } 327 + /* branch prediction */ 328 + if (test_kvm_facility(vcpu->kvm, 82)) 329 + scb_s->fpf |= scb_o->fpf & FPF_BPBC; 334 330 /* SIMD */ 335 331 if (test_kvm_facility(vcpu->kvm, 129)) { 336 332 scb_s->eca |= scb_o->eca & ECA_VX;
+2 -2
arch/x86/kvm/x86.c
··· 7496 7496 7497 7497 int kvm_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) 7498 7498 { 7499 - if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG_BIT)) { 7499 + if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG)) { 7500 7500 /* 7501 7501 * When EFER.LME and CR0.PG are set, the processor is in 7502 7502 * 64-bit mode (though maybe in a 32-bit code segment). 7503 7503 * CR4.PAE and EFER.LMA must be set. 7504 7504 */ 7505 - if (!(sregs->cr4 & X86_CR4_PAE_BIT) 7505 + if (!(sregs->cr4 & X86_CR4_PAE) 7506 7506 || !(sregs->efer & EFER_LMA)) 7507 7507 return -EINVAL; 7508 7508 } else {
+4
include/uapi/linux/kvm.h
··· 932 932 #define KVM_CAP_HYPERV_SYNIC2 148 933 933 #define KVM_CAP_HYPERV_VP_INDEX 149 934 934 #define KVM_CAP_S390_AIS_MIGRATION 150 935 + #define KVM_CAP_PPC_GET_CPU_CHAR 151 936 + #define KVM_CAP_S390_BPB 152 935 937 936 938 #ifdef KVM_CAP_IRQ_ROUTING 937 939 ··· 1263 1261 #define KVM_PPC_CONFIGURE_V3_MMU _IOW(KVMIO, 0xaf, struct kvm_ppc_mmuv3_cfg) 1264 1262 /* Available with KVM_CAP_PPC_RADIX_MMU */ 1265 1263 #define KVM_PPC_GET_RMMU_INFO _IOW(KVMIO, 0xb0, struct kvm_ppc_rmmu_info) 1264 + /* Available with KVM_CAP_PPC_GET_CPU_CHAR */ 1265 + #define KVM_PPC_GET_CPU_CHAR _IOR(KVMIO, 0xb1, struct kvm_ppc_cpu_char) 1266 1266 1267 1267 /* ioctl for vm fd */ 1268 1268 #define KVM_CREATE_DEVICE _IOWR(KVMIO, 0xe0, struct kvm_create_device)
+1 -1
virt/kvm/arm/mmu.c
··· 1310 1310 return -EFAULT; 1311 1311 } 1312 1312 1313 - if (is_vm_hugetlb_page(vma) && !logging_active) { 1313 + if (vma_kernel_pagesize(vma) == PMD_SIZE && !logging_active) { 1314 1314 hugetlb = true; 1315 1315 gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; 1316 1316 } else {
+5 -3
virt/kvm/arm/vgic/vgic-init.c
··· 285 285 if (ret) 286 286 goto out; 287 287 288 - ret = vgic_v4_init(kvm); 289 - if (ret) 290 - goto out; 288 + if (vgic_has_its(kvm)) { 289 + ret = vgic_v4_init(kvm); 290 + if (ret) 291 + goto out; 292 + } 291 293 292 294 kvm_for_each_vcpu(i, vcpu, kvm) 293 295 kvm_vgic_vcpu_enable(vcpu);
+1 -1
virt/kvm/arm/vgic/vgic-v4.c
··· 118 118 struct kvm_vcpu *vcpu; 119 119 int i, nr_vcpus, ret; 120 120 121 - if (!vgic_supports_direct_msis(kvm)) 121 + if (!kvm_vgic_global_state.has_gicv4) 122 122 return 0; /* Nothing to see here... move along. */ 123 123 124 124 if (dist->its_vm.vpes)