KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds
This adds a new ioctl, KVM_PPC_GET_CPU_CHAR, that gives userspace information about the underlying machine's level of vulnerability to the recently announced vulnerabilities CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754, and whether the machine provides instructions to assist software to work around the vulnerabilities. The ioctl returns two u64 words describing characteristics of the CPU and required software behaviour respectively, plus two mask words which indicate which bits have been filled in by the kernel, for extensibility. The bit definitions are the same as for the new H_GET_CPU_CHARACTERISTICS hypercall. There is also a new capability, KVM_CAP_PPC_GET_CPU_CHAR, which indicates whether the new ioctl is available. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
此提交包含在:
Paul Mackerras
@@ -3403,6 +3403,52 @@ invalid, if invalid pages are written to (e.g. after the end of memory)
|
||||
or if no page table is present for the addresses (e.g. when using
|
||||
hugepages).
|
||||
|
||||
4.108 KVM_PPC_GET_CPU_CHAR
|
||||
|
||||
Capability: KVM_CAP_PPC_GET_CPU_CHAR
|
||||
Architectures: powerpc
|
||||
Type: vm ioctl
|
||||
Parameters: struct kvm_ppc_cpu_char (out)
|
||||
Returns: 0 on successful completion
|
||||
-EFAULT if struct kvm_ppc_cpu_char cannot be written
|
||||
|
||||
This ioctl gives userspace information about certain characteristics
|
||||
of the CPU relating to speculative execution of instructions and
|
||||
possible information leakage resulting from speculative execution (see
|
||||
CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754). The information is
|
||||
returned in struct kvm_ppc_cpu_char, which looks like this:
|
||||
|
||||
struct kvm_ppc_cpu_char {
|
||||
__u64 character; /* characteristics of the CPU */
|
||||
__u64 behaviour; /* recommended software behaviour */
|
||||
__u64 character_mask; /* valid bits in character */
|
||||
__u64 behaviour_mask; /* valid bits in behaviour */
|
||||
};
|
||||
|
||||
For extensibility, the character_mask and behaviour_mask fields
|
||||
indicate which bits of character and behaviour have been filled in by
|
||||
the kernel. If the set of defined bits is extended in future then
|
||||
userspace will be able to tell whether it is running on a kernel that
|
||||
knows about the new bits.
|
||||
|
||||
The character field describes attributes of the CPU which can help
|
||||
with preventing inadvertent information disclosure - specifically,
|
||||
whether there is an instruction to flash-invalidate the L1 data cache
|
||||
(ori 30,30,0 or mtspr SPRN_TRIG2,rN), whether the L1 data cache is set
|
||||
to a mode where entries can only be used by the thread that created
|
||||
them, whether the bcctr[l] instruction prevents speculation, and
|
||||
whether a speculation barrier instruction (ori 31,31,0) is provided.
|
||||
|
||||
The behaviour field describes actions that software should take to
|
||||
prevent inadvertent information disclosure, and thus describes which
|
||||
vulnerabilities the hardware is subject to; specifically whether the
|
||||
L1 data cache should be flushed when returning to user mode from the
|
||||
kernel, and whether a speculation barrier should be placed between an
|
||||
array bounds check and the array access.
|
||||
|
||||
These fields use the same bit definitions as the new
|
||||
H_GET_CPU_CHARACTERISTICS hypercall.
|
||||
|
||||
5. The kvm_run structure
|
||||
------------------------
|
||||
|
||||
|
||||
新增問題並參考
封鎖使用者