KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV3=1 if the CPUs are Meltdown-safe

Cores that predate the introduction of ID_AA64PFR0_EL1.CSV3 to
the ARMv8 architecture have this field set to 0, even of some of
them are not affected by the vulnerability.

The kernel maintains a list of unaffected cores (A53, A55 and a few
others) so that it doesn't impose an expensive mitigation uncessarily.

As we do for CSV2, let's expose the CSV3 property to guests that run
on HW that is effectively not vulnerable. This can be reset to zero
by writing to the ID register from userspace, ensuring that VMs can
be migrated despite the new property being set.

Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 0cd9f0f75c135f3bb62e12792eb76d70bfae316c..147347028a2083a07becfc9b15386e058fd74e59 100644 (file)
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -120,6 +120,7 @@ struct kvm_arch {
        unsigned int pmuver;
 
        u8 pfr0_csv2;
+       u8 pfr0_csv3;
 };
 
 struct kvm_vcpu_fault_info {

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index c0ffb019ca8be1132a56ad7747b4ea85bdf9a98b..dc3fa6a0f9e5c3e3c04b5f4f0e05e2652a0292b7 100644 (file)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -102,7 +102,7 @@ static int kvm_arm_default_max_vcpus(void)
        return vgic_present ? kvm_vgic_get_max_vcpus() : KVM_MAX_VCPUS;
 }
 
-static void set_default_csv2(struct kvm *kvm)
+static void set_default_spectre(struct kvm *kvm)
 {
        /*
         * The default is to expose CSV2 == 1 if the HW isn't affected.
@@ -114,6 +114,8 @@ static void set_default_csv2(struct kvm *kvm)
         */
        if (arm64_get_spectre_v2_state() == SPECTRE_UNAFFECTED)
                kvm->arch.pfr0_csv2 = 1;
+       if (arm64_get_meltdown_state() == SPECTRE_UNAFFECTED)
+               kvm->arch.pfr0_csv3 = 1;
 }
 
 /**
@@ -141,7 +143,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
        /* The maximum number of VCPUs is limited by the host's GIC model */
        kvm->arch.max_vcpus = kvm_arm_default_max_vcpus();
 
-       set_default_csv2(kvm);
+       set_default_spectre(kvm);
 
        return ret;
 out_free_stage2_pgd:

diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index c1fac9836af1af88723a2f4432096ee88c36e7c8..6f653c0f60eca9b89d1b11044942643463801f69 100644 (file)
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1122,6 +1122,8 @@ static u64 read_id_reg(const struct kvm_vcpu *vcpu,
                val &= ~(0xfUL << ID_AA64PFR0_AMU_SHIFT);
                val &= ~(0xfUL << ID_AA64PFR0_CSV2_SHIFT);
                val |= ((u64)vcpu->kvm->arch.pfr0_csv2 << ID_AA64PFR0_CSV2_SHIFT);
+               val &= ~(0xfUL << ID_AA64PFR0_CSV3_SHIFT);
+               val |= ((u64)vcpu->kvm->arch.pfr0_csv3 << ID_AA64PFR0_CSV3_SHIFT);
        } else if (id == SYS_ID_AA64PFR1_EL1) {
                val &= ~(0xfUL << ID_AA64PFR1_MTE_SHIFT);
        } else if (id == SYS_ID_AA64ISAR1_EL1 && !vcpu_has_ptrauth(vcpu)) {
@@ -1209,9 +1211,9 @@ static int set_id_aa64pfr0_el1(struct kvm_vcpu *vcpu,
                               const struct kvm_one_reg *reg, void __user *uaddr)
 {
        const u64 id = sys_reg_to_index(rd);
+       u8 csv2, csv3;
        int err;
        u64 val;
-       u8 csv2;
 
        err = reg_from_user(&val, uaddr, id);
        if (err)
@@ -1227,13 +1229,21 @@ static int set_id_aa64pfr0_el1(struct kvm_vcpu *vcpu,
            (csv2 && arm64_get_spectre_v2_state() != SPECTRE_UNAFFECTED))
                return -EINVAL;
 
-       /* We can only differ with CSV2, and anything else is an error */
+       /* Same thing for CSV3 */
+       csv3 = cpuid_feature_extract_unsigned_field(val, ID_AA64PFR0_CSV3_SHIFT);
+       if (csv3 > 1 ||
+           (csv3 && arm64_get_meltdown_state() != SPECTRE_UNAFFECTED))
+               return -EINVAL;
+
+       /* We can only differ with CSV[23], and anything else is an error */
        val ^= read_id_reg(vcpu, rd, false);
-       val &= ~(0xFUL << ID_AA64PFR0_CSV2_SHIFT);
+       val &= ~((0xFUL << ID_AA64PFR0_CSV2_SHIFT) |
+                (0xFUL << ID_AA64PFR0_CSV3_SHIFT));
        if (val)
                return -EINVAL;
 
        vcpu->kvm->arch.pfr0_csv2 = csv2;
+       vcpu->kvm->arch.pfr0_csv3 = csv3 ;
 
        return 0;
 }