Re: [PATCH v10 05/18] KVM: arm64: Convert lazy FPSIMD context switch trap to C

On Wed, May 23, 2018 at 08:35:13PM +0100, Alex Bennée wrote: > > Dave Martin writes: > > > To make the lazy FPSIMD context switch trap code easier to hack on, > > this patch converts it to C. > > > > This is not amazingly efficient, but the trap should typically only > > be

Re: [PATCH v10 04/18] KVM: arm/arm64: Introduce kvm_arch_vcpu_run_pid_change

On Wed, May 23, 2018 at 03:40:26PM +0100, Dave Martin wrote: > On Wed, May 23, 2018 at 03:34:20PM +0100, Alex Bennée wrote: > > > > Dave Martin writes: > > > > > From: Christoffer Dall > > > > > > KVM/ARM differs from other architectures in

Re: [PATCH v10 07/18] arm64: fpsimd: Eliminate task->mm checks

On Wed, May 23, 2018 at 04:03:37PM +0100, Dave Martin wrote: > On Wed, May 23, 2018 at 03:56:57PM +0100, Catalin Marinas wrote: > > On Wed, May 23, 2018 at 02:31:59PM +0100, Dave P Martin wrote: > > > On Wed, May 23, 2018 at 01:48:12PM +0200, Christoffer Dall wrote: > > > > On Tue, May 22, 2018 at

Re: [PATCH v10 17/18] KVM: arm64: Fold redundant exit code checks out of fixup_guest_exit()

On Tue, May 22, 2018 at 05:05:18PM +0100, Dave Martin wrote: > The entire tail of fixup_guest_exit() is contained in if statements > of the form if (x && *exit_code == ARM_EXCEPTION_TRAP). As a result, > we can check just once and bail out of the function early, allowing > the remaining if

Re: [PATCH v10 07/18] arm64: fpsimd: Eliminate task->mm checks

Dave Martin writes: > Currently the FPSIMD handling code uses the condition task->mm == > NULL as a hint that task has no FPSIMD register context. > > The ->mm check is only there to filter out tasks that cannot > possibly have FPSIMD context loaded, for optimisation

Re: [PATCH v10 06/18] arm64: fpsimd: Generalise context saving for non-task contexts

Dave Martin writes: > On Wed, May 23, 2018 at 09:15:11PM +0100, Alex Bennée wrote: >> >> Dave Martin writes: >> >> > In preparation for allowing non-task (i.e., KVM vcpu) FPSIMD >> > contexts to be handled by the fpsimd common code, this patch adapts

Re: [PATCH v10 07/18] arm64: fpsimd: Eliminate task->mm checks

On Thu, May 24, 2018 at 10:50:56AM +0100, Dave Martin wrote: > On Thu, May 24, 2018 at 10:33:50AM +0200, Christoffer Dall wrote: > > On Wed, May 23, 2018 at 04:03:37PM +0100, Dave Martin wrote: > > > On Wed, May 23, 2018 at 03:56:57PM +0100, Catalin Marinas wrote: > > > > On Wed, May 23, 2018 at

Re: [PATCH v10 05/18] KVM: arm64: Convert lazy FPSIMD context switch trap to C

Dave Martin writes: > On Thu, May 24, 2018 at 10:12:20AM +0200, Christoffer Dall wrote: >> On Wed, May 23, 2018 at 08:35:13PM +0100, Alex Bennée wrote: >> > >> > Dave Martin writes: >> > >> > > To make the lazy FPSIMD context switch trap code easier to

Re: [PATCH v10 07/18] arm64: fpsimd: Eliminate task->mm checks

Christoffer Dall writes: > On Wed, May 23, 2018 at 04:03:37PM +0100, Dave Martin wrote: >> On Wed, May 23, 2018 at 03:56:57PM +0100, Catalin Marinas wrote: >> > On Wed, May 23, 2018 at 02:31:59PM +0100, Dave P Martin wrote: >> > > On Wed, May 23, 2018 at 01:48:12PM

Re: [PATCH v10 09/18] KVM: arm64: Repurpose vcpu_arch.debug_flags for general-purpose flags

Dave Martin writes: > In struct vcpu_arch, the debug_flags field is used to store > debug-related flags about the vcpu state. > > Since we are about to add some more flags related to FPSIMD and > SVE, it makes sense to add them to the existing flags field rather > than

Re: [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing

On 22/05/18 16:06, Marc Zyngier wrote: As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery mechanism for detecting the SSBD mitigation. A new capability is also allocated for that purpose, and a config option. Signed-off-by: Marc Zyngier +static

Re: [PATCH v10 05/18] KVM: arm64: Convert lazy FPSIMD context switch trap to C

On Thu, May 24, 2018 at 10:12:20AM +0200, Christoffer Dall wrote: > On Wed, May 23, 2018 at 08:35:13PM +0100, Alex Bennée wrote: > > > > Dave Martin writes: > > > > > To make the lazy FPSIMD context switch trap code easier to hack on, > > > this patch converts it to C. > >

Re: [PATCH v10 14/18] KVM: arm64: Save host SVE context as appropriate

On Tue, May 22, 2018 at 05:05:15PM +0100, Dave Martin wrote: > This patch adds SVE context saving to the hyp FPSIMD context switch > path. This means that it is no longer necessary to save the host > SVE state in advance of entering the guest, when in use. > > In order to avoid adding pointless

Re: [PATCH v10 16/18] KVM: arm64: Remove redundant *exit_code changes in fpsimd_guest_exit()

On Tue, May 22, 2018 at 05:05:17PM +0100, Dave Martin wrote: > In fixup_guest_exit(), there are a couple of cases where after > checking what the exit code was, we assign it explicitly with the > value it already had. > > Assuming this is not indicative of a bug, these assignments are not >

Re: [PATCH v10 04/18] KVM: arm/arm64: Introduce kvm_arch_vcpu_run_pid_change

Christoffer Dall writes: > On Wed, May 23, 2018 at 03:40:26PM +0100, Dave Martin wrote: >> On Wed, May 23, 2018 at 03:34:20PM +0100, Alex Bennée wrote: >> > >> > Dave Martin writes: >> > >> > > From: Christoffer Dall

Re: [PATCH v10 07/18] arm64: fpsimd: Eliminate task->mm checks

On Thu, May 24, 2018 at 10:33:50AM +0200, Christoffer Dall wrote: > On Wed, May 23, 2018 at 04:03:37PM +0100, Dave Martin wrote: > > On Wed, May 23, 2018 at 03:56:57PM +0100, Catalin Marinas wrote: > > > On Wed, May 23, 2018 at 02:31:59PM +0100, Dave P Martin wrote: > > > > On Wed, May 23, 2018 at

Re: [PATCH v10 04/18] KVM: arm/arm64: Introduce kvm_arch_vcpu_run_pid_change

On Thu, May 24, 2018 at 10:18:39AM +0100, Alex Bennée wrote: > > Christoffer Dall writes: > > > On Wed, May 23, 2018 at 03:40:26PM +0100, Dave Martin wrote: > >> On Wed, May 23, 2018 at 03:34:20PM +0100, Alex Bennée wrote: > >> > > >> > Dave Martin

Re: [PATCH v10 10/18] KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing

Dave Martin writes: > This patch refactors KVM to align the host and guest FPSIMD > save/restore logic with each other for arm64. This reduces the > number of redundant save/restore operations that must occur, and > reduces the common-case IRQ blackout time during guest

Re: [PATCH v10 11/18] arm64/sve: Move read_zcr_features() out of cpufeature.h

Dave Martin writes: > Having read_zcr_features() inline in cpufeature.h results in that > header requiring #includes which make it hard to include > elsewhere without triggering header inclusion > cycles. > > This is not a hot-path function and arguably should not be in >

Re: [PATCH v10 12/18] arm64/sve: Switch sve_pffr() argument from task to thread

Dave Martin writes: > sve_pffr(), which is used to derive the base address used for > low-level SVE save/restore routines, currently takes the relevant > task_struct as an argument. > > The only accessed fields are actually part of thread_struct, so > this patch changes the

Re: [PATCH v10 10/18] KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing

On Thu, May 24, 2018 at 11:09:02AM +0100, Alex Bennée wrote: > > Dave Martin writes: > > > This patch refactors KVM to align the host and guest FPSIMD > > save/restore logic with each other for arm64. This reduces the > > number of redundant save/restore operations that

Re: [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1

On Wed, May 23, 2018 at 10:23:20AM +0100, Julien Grall wrote: > Hi Marc, > > On 05/22/2018 04:06 PM, Marc Zyngier wrote: > > diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S > > index ec2ee720e33e..f33e6aed3037 100644 > > --- a/arch/arm64/kernel/entry.S > > +++

Re: [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1

On Tue, May 22, 2018 at 04:06:36PM +0100, Marc Zyngier wrote: > In order for the kernel to protect itself, let's call the SSBD mitigation > implemented by the higher exception level (either hypervisor or firmware) > on each transition between userspace and kernel. > > We must take the PSCI

Re: [PATCH v10 13/18] arm64/sve: Move sve_pffr() to fpsimd.h and make inline

On Thu, May 24, 2018 at 11:20:59AM +0100, Alex Bennée wrote: > > Dave Martin writes: > > > In order to make sve_save_state()/sve_load_state() more easily > > reusable and to get rid of a potential branch on context switch > > critical paths, this patch makes sve_pffr()

Re: [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1

On Thu, May 24, 2018 at 12:00:58PM +0100, Mark Rutland wrote: > On Tue, May 22, 2018 at 04:06:36PM +0100, Marc Zyngier wrote: > > In order for the kernel to protect itself, let's call the SSBD mitigation > > implemented by the higher exception level (either hypervisor or firmware) > > on each

Re: [PATCH v10 13/18] arm64/sve: Move sve_pffr() to fpsimd.h and make inline

Dave Martin writes: > In order to make sve_save_state()/sve_load_state() more easily > reusable and to get rid of a potential branch on context switch > critical paths, this patch makes sve_pffr() inline and moves it to > fpsimd.h. > > must be included in fpsimd.h in order

Re: [PATCH 03/14] arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2

On Tue, May 22, 2018 at 04:06:37PM +0100, Marc Zyngier wrote: > In a heterogeneous system, we can end up with both affected and > unaffected CPUs. Let's check their status before calling into the > firmware. > > Signed-off-by: Marc Zyngier Ah, I guess this may fix the

Re: [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation

On Thu, May 24, 2018 at 01:16:38PM +0100, Marc Zyngier wrote: > On 24/05/18 13:01, Mark Rutland wrote: > > On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote: > >> In order to allow userspace to be mitigated on demand, let's > >> introduce a new thread flag that prevents the mitigation

Re: [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening

On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote: > On 23/05/18 20:45, Russell King - ARM Linux wrote: > > On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote: > >> On 21/05/18 12:45, Russell King wrote: > >>> +#ifdef CONFIG_ARM_PSCI > >>> + if (psci_ops.smccc_version !=

Re: [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1

On 24/05/18 11:52, Mark Rutland wrote: On Wed, May 23, 2018 at 10:23:20AM +0100, Julien Grall wrote: Hi Marc, On 05/22/2018 04:06 PM, Marc Zyngier wrote: diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index ec2ee720e33e..f33e6aed3037 100644 --- a/arch/arm64/kernel/entry.S

Re: [PATCH 10/14] arm64: ssbd: Add prctl interface for per-thread mitigation

On Tue, May 22, 2018 at 04:06:44PM +0100, Marc Zyngier wrote: > If running on a system that performs dynamic SSBD mitigation, allow > userspace to request the mitigation for itself. This is implemented > as a prctl call, allowing the mitigation to be enabled or disabled at > will for this

Re: [PATCH 14/14] arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID

On Tue, May 22, 2018 at 04:06:48PM +0100, Marc Zyngier wrote: > Now that all our infrastructure is in place, let's expose the > availability of ARCH_WORKAROUND_2 to guests. We take this opportunity > to tidy up a couple of SMCCC constants. > > Acked-by: Christoffer Dall

Re: [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening

On Thu, May 24, 2018 at 01:49:51PM +0100, Marc Zyngier wrote: > On 24/05/18 13:30, Russell King - ARM Linux wrote: > > On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote: > >> On 23/05/18 20:45, Russell King - ARM Linux wrote: > >>> On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier

Re: [PATCH v10 15/18] KVM: arm64: Remove eager host SVE state saving

Dave Martin writes: > Now that the host SVE context can be saved on demand from Hyp, > there is no longer any need to save this state in advance before > entering the guest. > > This patch removes the relevant call to > kvm_fpsimd_flush_cpu_state(). > > Since the problem

Re: [PATCH 13/14] arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests

On Tue, May 22, 2018 at 04:06:47PM +0100, Marc Zyngier wrote: > In order to forward the guest's ARCH_WORKAROUND_2 calls to EL3, > add a small(-ish) sequence to handle it at EL2. Special care must > be taken to track the state of the guest itself by updating the > workaround flags. We also rely on

Re: [PATCH v10 14/18] KVM: arm64: Save host SVE context as appropriate

Dave Martin writes: > This patch adds SVE context saving to the hyp FPSIMD context switch > path. This means that it is no longer necessary to save the host > SVE state in advance of entering the guest, when in use. > > In order to avoid adding pointless complexity to the

Re: [PATCH v10 16/18] KVM: arm64: Remove redundant *exit_code changes in fpsimd_guest_exit()

Dave Martin writes: > In fixup_guest_exit(), there are a couple of cases where after > checking what the exit code was, we assign it explicitly with the > value it already had. > > Assuming this is not indicative of a bug, these assignments are not > needed. > > This patch

Re: [PATCH 11/14] arm64: KVM: Add HYP per-cpu accessors

On Tue, May 22, 2018 at 04:06:45PM +0100, Marc Zyngier wrote: > As we're going to require to access per-cpu variables at EL2, > let's craft the minimum set of accessors required to implement > reading a per-cpu variable, relying on tpidr_el2 to contain the > per-cpu offset. > > Reviewed-by:

Re: [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening

On 24/05/18 13:30, Russell King - ARM Linux wrote: > On Thu, May 24, 2018 at 01:03:50PM +0100, Marc Zyngier wrote: >> On 23/05/18 20:45, Russell King - ARM Linux wrote: >>> On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote: On 21/05/18 12:45, Russell King wrote: > +#ifdef

Re: [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing

On 24/05/18 12:39, Will Deacon wrote: On Thu, May 24, 2018 at 10:58:43AM +0100, Suzuki K Poulose wrote: On 22/05/18 16:06, Marc Zyngier wrote: As for Spectre variant-2, we rely on SMCCC 1.1 to provide the discovery mechanism for detecting the SSBD mitigation. A new capability is also

[PATCH v11 18/19] KVM: arm64: Fold redundant exit code checks out of fixup_guest_exit()

The entire tail of fixup_guest_exit() is contained in if statements of the form if (x && *exit_code == ARM_EXCEPTION_TRAP). As a result, we can check just once and bail out of the function early, allowing the remaining if conditions to be simplified. The only awkward case is where *exit_code is

[PATCH v11 14/19] arm64/sve: Move sve_pffr() to fpsimd.h and make inline

In order to make sve_save_state()/sve_load_state() more easily reusable and to get rid of a potential branch on context switch critical paths, this patch makes sve_pffr() inline and moves it to fpsimd.h. must be included in fpsimd.h in order to make this work, and this creates an #include cycle

Re: [PATCH v10 17/18] KVM: arm64: Fold redundant exit code checks out of fixup_guest_exit()

Dave Martin writes: > The entire tail of fixup_guest_exit() is contained in if statements > of the form if (x && *exit_code == ARM_EXCEPTION_TRAP). As a result, > we can check just once and bail out of the function early, allowing > the remaining if conditions to be

[PATCH v11 01/19] arm64: fpsimd: Fix TIF_FOREIGN_FPSTATE after invalidating cpu regs

fpsimd_last_state.st is set to NULL as a way of indicating that current's FPSIMD registers are no longer loaded in the cpu. In particular, this is done when the kernel temporarily uses or clobbers the FPSIMD registers for its own purposes, as in CPU PM or kernel-mode NEON, resulting in them being

[PATCH v11 02/19] thread_info: Add update_thread_flag() helpers

There are a number of bits of code sprinkled around the kernel to set a thread flag if a certain condition is true, and clear it otherwise. To help make those call sites terser and less cumbersome, this patch adds a new family of thread flag manipulators update*_thread_flag([...,] flag,

[PATCH v11 03/19] arm64: Use update{,_tsk}_thread_flag()

This patch uses the new update_thread_flag() helpers to simplify a couple of if () set; else clear; constructs. No functional change. Signed-off-by: Dave Martin Reviewed-by: Alex Bennée Acked-by: Marc Zyngier Acked-by: Catalin

[PATCH v11 04/19] KVM: arm/arm64: Introduce kvm_arch_vcpu_run_pid_change

From: Christoffer Dall KVM/ARM differs from other architectures in having to maintain an additional virtual address space from that of the host and the guest, because we split the execution of KVM across both EL1 and EL2. This results in a need to explicitly map

Re: [PATCH v11 02/19] thread_info: Add update_thread_flag() helpers

On Thu, May 24, 2018 at 05:56:31PM +0100, Dave Martin wrote: > There are a number of bits of code sprinkled around the kernel to > set a thread flag if a certain condition is true, and clear it > otherwise. > > To help make those call sites terser and less cumbersome, this > patch adds a new

[PATCH v11 10/19] KVM: arm64: Repurpose vcpu_arch.debug_flags for general-purpose flags

In struct vcpu_arch, the debug_flags field is used to store debug-related flags about the vcpu state. Since we are about to add some more flags related to FPSIMD and SVE, it makes sense to add them to the existing flags field rather than adding new fields. Since there is only one debug_flags

[PATCH v11 15/19] KVM: arm64: Save host SVE context as appropriate

This patch adds SVE context saving to the hyp FPSIMD context switch path. This means that it is no longer necessary to save the host SVE state in advance of entering the guest, when in use. In order to avoid adding pointless complexity to the code, VHE is assumed if SVE is in use. VHE is an

[PATCH v11 11/19] KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing

This patch refactors KVM to align the host and guest FPSIMD save/restore logic with each other for arm64. This reduces the number of redundant save/restore operations that must occur, and reduces the common-case IRQ blackout time during guest exit storms by saving the host state lazily and

Re: [PATCH 3/4] KVM: arm/arm64: Remove unnecessary CMOs when creating HYP page tables

On Thu, May 17, 2018 at 11:35:47AM +0100, Marc Zyngier wrote: > There is no need to perform cache maintenance operations when > creating the HYP page tables if we have the multiprocessing > extensions. ARMv7 mandates them with the virtualization support, > and ARMv8 just mandates them

[PATCH v11 00/19] KVM: arm64: Optimise FPSIMD context switching

Note: Most of these patches are Arm-specific. People not Cc'd on the whole series can find it in the linux-arm-kernel archive [2]. Git: see [3] This series aims to improve the way FPSIMD context is handled by KVM. Changes since the previous v10 [1] are minor, but one patch has been split. **

[PATCH v11 08/19] arm64: fpsimd: Eliminate task->mm checks

Currently the FPSIMD handling code uses the condition task->mm == NULL as a hint that task has no FPSIMD register context. The ->mm check is only there to filter out tasks that cannot possibly have FPSIMD context loaded, for optimisation purposes. Also, TIF_FOREIGN_FPSTATE must always be checked

[PATCH v11 12/19] arm64/sve: Move read_zcr_features() out of cpufeature.h

Having read_zcr_features() inline in cpufeature.h results in that header requiring #includes which make it hard to include elsewhere without triggering header inclusion cycles. This is not a hot-path function and arguably should not be in cpufeature.h in the first place, so this patch moves it

[PATCH v11 13/19] arm64/sve: Switch sve_pffr() argument from task to thread

sve_pffr(), which is used to derive the base address used for low-level SVE save/restore routines, currently takes the relevant task_struct as an argument. The only accessed fields are actually part of thread_struct, so this patch changes the argument type accordingly. This is done in

[PATCH v11 09/19] arm64/sve: Refactor user SVE trap maintenance for external use

In preparation for optimising the way KVM manages switching the guest and host FPSIMD state, it is necessary to provide a means for code outside arch/arm64/kernel/fpsimd.c to restore the user trap configuration for SVE correctly for the current task. Rather than requiring external code to

[PATCH v11 06/19] arm64: fpsimd: Generalise context saving for non-task contexts

In preparation for allowing non-task (i.e., KVM vcpu) FPSIMD contexts to be handled by the fpsimd common code, this patch adapts task_fpsimd_save() to save back the currently loaded context, removing the explicit dependency on current. The relevant storage to write back to in memory is now found

[PATCH v11 07/19] arm64: fpsimd: Avoid FPSIMD context leakage for the init task

The init task is started with thread_flags equal to 0, which means that TIF_FOREIGN_FPSTATE is initially clear. It is theoretically possible (if unlikely) that the init task could reach userspace without ever being scheduled out. If this occurs, data left in the FPSIMD registers by the kernel

[PATCH v11 05/19] KVM: arm64: Convert lazy FPSIMD context switch trap to C

To make the lazy FPSIMD context switch trap code easier to hack on, this patch converts it to C. This is not amazingly efficient, but the trap should typically only be taken once per host context switch. Signed-off-by: Dave Martin Reviewed-by: Marc Zyngier

[PATCH v11 19/19] KVM: arm64: Invoke FPSIMD context switch trap from C

The conversion of the FPSIMD context switch trap code to C has added some overhead to calling it, due to the need to save registers that the procedure call standard defines as caller-saved. So, perhaps it is no longer worth invoking this trap handler quite so early. Instead, we can invoke it

[PATCH v11 17/19] KVM: arm64: Remove redundant *exit_code changes in fpsimd_guest_exit()

In fixup_guest_exit(), there are a couple of cases where after checking what the exit code was, we assign it explicitly with the value it already had. Assuming this is not indicative of a bug, these assignments are not needed. This patch removes the redundant assignments, and simplifies some

Re: [PATCH 3/4] KVM: arm/arm64: Remove unnecessary CMOs when creating HYP page tables

On Thu, May 17, 2018 at 11:35:47AM +0100, Marc Zyngier wrote: > There is no need to perform cache maintenance operations when > creating the HYP page tables if we have the multiprocessing > extensions. ARMv7 mandates them with the virtualization support, > and ARMv8 just mandates them

[PATCH v11 16/19] KVM: arm64: Remove eager host SVE state saving

Now that the host SVE context can be saved on demand from Hyp, there is no longer any need to save this state in advance before entering the guest. This patch removes the relevant call to kvm_fpsimd_flush_cpu_state(). Since the problem that function was intended to solve now no longer exists,

Re: [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation

On 24/05/18 13:19, Will Deacon wrote: > On Thu, May 24, 2018 at 01:16:38PM +0100, Marc Zyngier wrote: >> On 24/05/18 13:01, Mark Rutland wrote: >>> On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote: In order to allow userspace to be mitigated on demand, let's introduce a new

Re: [PATCH 12/14] arm64: KVM: Add ARCH_WORKAROUND_2 support for guests

On Tue, May 22, 2018 at 04:06:46PM +0100, Marc Zyngier wrote: > In order to offer ARCH_WORKAROUND_2 support to guests, we need > a bit of infrastructure. > > Let's add a flag indicating whether or not the guest uses > SSBD mitigation. Depending on the state of this flag, allow > KVM to disable

Re: [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation

On 24/05/18 13:01, Mark Rutland wrote: > On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote: >> In order to allow userspace to be mitigated on demand, let's >> introduce a new thread flag that prevents the mitigation from >> being turned off when exiting to userspace, and doesn't turn >>

Re: [PATCH 10/14] arm64: ssbd: Add prctl interface for per-thread mitigation

On Tue, May 22, 2018 at 04:06:44PM +0100, Marc Zyngier wrote: > If running on a system that performs dynamic SSBD mitigation, allow > userspace to request the mitigation for itself. This is implemented > as a prctl call, allowing the mitigation to be enabled or disabled at > will for this

Re: [PATCH v2 00/14] ARM Spectre variant 2 fixes

On 05/21/2018 04:42 AM, Russell King - ARM Linux wrote: > This is the second posting - the original cover note is below. Comments > from previous series addresesd: > - Drop R7 and R8 changes. > - Remove "PSCI" from the hypervisor version of the workaround. > > arch/arm/include/asm/bugs.h

Re: [PATCH 03/14] ARM: bugs: hook processor bug checking into SMP and suspend paths

On 05/21/2018 04:44 AM, Russell King wrote: > Check for CPU bugs when secondary processors are being brought online, > and also when CPUs are resuming from a low power mode. This gives an > opportunity to check that processor specific bug workarounds are > correctly enabled for all paths that a

Re: [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing

On Tue, May 22, 2018 at 04:06:38PM +0100, Marc Zyngier wrote: > As for Spectre variant-2, we rely on SMCCC 1.1 to provide the > discovery mechanism for detecting the SSBD mitigation. > > A new capability is also allocated for that purpose, and a > config option. > > Signed-off-by: Marc Zyngier

Re: [PATCH 02/14] arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1

On 24/05/18 12:23, Mark Rutland wrote: > On Thu, May 24, 2018 at 12:00:58PM +0100, Mark Rutland wrote: >> On Tue, May 22, 2018 at 04:06:36PM +0100, Marc Zyngier wrote: >>> In order for the kernel to protect itself, let's call the SSBD mitigation >>> implemented by the higher exception level

Re: [PATCH 04/14] arm64: Add ARCH_WORKAROUND_2 probing

On Thu, May 24, 2018 at 10:58:43AM +0100, Suzuki K Poulose wrote: > On 22/05/18 16:06, Marc Zyngier wrote: > >As for Spectre variant-2, we rely on SMCCC 1.1 to provide the > >discovery mechanism for detecting the SSBD mitigation. > > > >A new capability is also allocated for that purpose, and a >

Re: [PATCH 05/14] arm64: Add 'ssbd' command-line option

On Tue, May 22, 2018 at 04:06:39PM +0100, Marc Zyngier wrote: > On a system where the firmware implements ARCH_WORKAROUND_2, > it may be useful to either permanently enable or disable the > workaround for cases where the user decides that they'd rather > not get a trap overhead, and keep the

Re: [PATCH 07/14] arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation

On Tue, May 22, 2018 at 04:06:41PM +0100, Marc Zyngier wrote: > In order to avoid checking arm64_ssbd_callback_required on each > kernel entry/exit even if no mitigation is required, let's > add yet another alternative that by default jumps over the mitigation, > and that gets nop'ed out if we're

Re: [PATCH 05/14] arm64: Add 'ssbd' command-line option

On 24/05/18 12:40, Mark Rutland wrote: > On Tue, May 22, 2018 at 04:06:39PM +0100, Marc Zyngier wrote: >> On a system where the firmware implements ARCH_WORKAROUND_2, >> it may be useful to either permanently enable or disable the >> workaround for cases where the user decides that they'd rather

Re: [PATCH 09/14] arm64: ssbd: Introduce thread flag to control userspace mitigation

On Tue, May 22, 2018 at 04:06:43PM +0100, Marc Zyngier wrote: > In order to allow userspace to be mitigated on demand, let's > introduce a new thread flag that prevents the mitigation from > being turned off when exiting to userspace, and doesn't turn > it on on entry into the kernel (with the

Re: [PATCH 09/14] ARM: spectre-v2: add PSCI based hardening

On 23/05/18 20:45, Russell King - ARM Linux wrote: > On Tue, May 22, 2018 at 06:24:13PM +0100, Marc Zyngier wrote: >> On 21/05/18 12:45, Russell King wrote: >>> +#ifdef CONFIG_ARM_PSCI >>> + if (psci_ops.smccc_version != SMCCC_VERSION_1_0) { >>> + struct arm_smccc_res res; >>> + >>> +