Re: [PATCH 1/2] arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED

From: Stephen Boyd
Date: Wed Oct 21 2020 - 18:06:41 EST


Quoting Will Deacon (2020-10-21 14:13:26)
> On Wed, Oct 21, 2020 at 09:12:02AM -0700, Stephen Boyd wrote:
>
> > My read of the spec was that the intent is to remove the call at some
> > point and have the removal of the call mean that it isn't vulnerable.
>
> No, the CSV2 field in whichever ID register is for that. We check that in
> spectre_v2_get_cpu_hw_mitigation_state().

Alright, makes sense!

>
> > Because NOT_SUPPORTED per the spec means "not needed", "maybe needed",
> > or "firmware doesn't know". Aha maybe they wanted us to make the call on
> > each CPU (i.e. PE) and then if any of them return 0 we should consider
> > it vulnerable and if they return NOT_SUPPORTED we should keep calling
> > for each CPU until we are sure we don't see a 0 and only see a 1 or
> > NOT_SUPPORTED? Looks like a saturating value sort of thing, across CPUs
> > that we care/know about.
>
> The mitigation state is always per-cpu because of big/little systems, there
> just isn't a short-cut for the firmware to say "all CPUs are unaffected"
> like there is for SMCCC_ARCH_WORKAROUND_2 with its "NOT_REQUIRED" return
> code.
>

Ok. Can/should kvm be emulating the CSV2 bit that the guest sees? Just
wondering why I'm falling into this (ghost) trap in the first place.