From c1bd7825b1cbe0ff34be196effc7a18992cce269 Mon Sep 17 00:00:00 2001

From: Sam Bobroff <sbobroff@redhat.com>

Date: Thu, 29 Aug 2019 05:53:35 +0100

Subject: [PATCH 02/10] target/ppc/spapr: Add workaround option to

 SPAPR_CAP_IBS

RH-Author: Sam Bobroff <sbobroff@redhat.com>

Message-id: <67946d77e95afc19f2afc5f8dfa4e89335dbb58d.1567057498.git.sbobroff@redhat.com>

Patchwork-id: 90188

O-Subject: [RHEL8.1 qemu-kvm BZ1744415 PATCH 1/2] target/ppc/spapr: Add workaround option to SPAPR_CAP_IBS

Bugzilla: 1744415

RH-Acked-by: David Gibson <dgibson@redhat.com>

RH-Acked-by: Laurent Vivier <lvivier@redhat.com>

RH-Acked-by: Thomas Huth <thuth@redhat.com>

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

The spapr_cap SPAPR_CAP_IBS is used to indicate the level of capability

for mitigations for indirect branch speculation. Currently the available

values are broken (default), fixed-ibs (fixed by serialising indirect

branches) and fixed-ccd (fixed by diabling the count cache).

Introduce a new value for this capability denoted workaround, meaning that

software can work around the issue by flushing the count cache on

context switch. This option is available if the hypervisor sets the

H_CPU_BEHAV_FLUSH_COUNT_CACHE flag in the cpu behaviours returned from

the KVM_PPC_GET_CPU_CHAR ioctl.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Message-Id: <20190301031912.28809-1-sjitindarsingh@gmail.com>

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

(cherry picked from commit 399b2896d4948a1ec0278d896ea3a561df768d64)

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1744415

Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23229146

Signed-off-by: Sam Bobroff <sbobroff@redhat.com>

Testing: Start QEMU with -M cap-ibs=workaround, check guest dmesg

Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>

---

 hw/ppc/spapr_caps.c    | 21 ++++++++++-----------

 hw/ppc/spapr_hcall.c   |  5 +++++

 include/hw/ppc/spapr.h |  7 +++++++

 target/ppc/kvm.c       |  8 +++++++-

 4 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c

index 86a7947..dfc8cce 100644

--- a/hw/ppc/spapr_caps.c

+++ b/hw/ppc/spapr_caps.c

@@ -236,11 +236,13 @@ static void cap_safe_bounds_check_apply(sPAPRMachineState *spapr, uint8_t val,

 }

 sPAPRCapPossible cap_ibs_possible = {

-    .num = 4,

+    .num = 5,

     /* Note workaround only maintained for compatibility */

-    .vals = {"broken", "workaround", "fixed-ibs", "fixed-ccd"},

-    .help = "broken - no protection, fixed-ibs - indirect branch serialisation,"

-            " fixed-ccd - cache count disabled",

+    .vals = {"broken", "workaround", "fixed-ibs", "fixed-ccd", "fixed-na"},

+    .help = "broken - no protection, workaround - count cache flush"

+            ", fixed-ibs - indirect branch serialisation,"

+            " fixed-ccd - cache count disabled,"

+            " fixed-na - fixed in hardware (no longer applicable)",

 };

 static void cap_safe_indirect_branch_apply(sPAPRMachineState *spapr,

@@ -248,15 +250,11 @@ static void cap_safe_indirect_branch_apply(sPAPRMachineState *spapr,

 {

     uint8_t kvm_val = kvmppc_get_cap_safe_indirect_branch();

-    if (val == SPAPR_CAP_WORKAROUND) { /* Can only be Broken or Fixed */

-        error_setg(errp,

-"Requested safe indirect branch capability level \"workaround\" not valid, try cap-ibs=%s",

-                   cap_ibs_possible.vals[kvm_val]);

-    } else if (tcg_enabled() && val) {

+    if (tcg_enabled() && val) {

         /* TODO - for now only allow broken for TCG */

         error_setg(errp,

 "Requested safe indirect branch capability level not supported by tcg, try a different value for cap-ibs");

-    } else if (kvm_enabled() && val && (val != kvm_val)) {

+    } else if (kvm_enabled() && (val > kvm_val)) {

         error_setg(errp,

 "Requested safe indirect branch capability level not supported by kvm, try cap-ibs=%s",

                    cap_ibs_possible.vals[kvm_val]);

@@ -338,7 +336,8 @@ sPAPRCapabilityInfo capability_table[SPAPR_CAP_NUM] = {

     [SPAPR_CAP_IBS] = {

         .name = "ibs",

         .description =

-            "Indirect Branch Speculation (broken, fixed-ibs, fixed-ccd)",

+            "Indirect Branch Speculation (broken, workaround, fixed-ibs,"

+            "fixed-ccd, fixed-na)",

         .index = SPAPR_CAP_IBS,

         .get = spapr_cap_get_string,

         .set = spapr_cap_set_string,

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c

index 16bccdd..01c4215 100644

--- a/hw/ppc/spapr_hcall.c

+++ b/hw/ppc/spapr_hcall.c

@@ -1705,12 +1705,17 @@ static target_ulong h_get_cpu_characteristics(PowerPCCPU *cpu,

     }

     switch (safe_indirect_branch) {

+    case SPAPR_CAP_FIXED_NA:

+        break;

     case SPAPR_CAP_FIXED_CCD:

         characteristics |= H_CPU_CHAR_CACHE_COUNT_DIS;

         break;

     case SPAPR_CAP_FIXED_IBS:

         characteristics |= H_CPU_CHAR_BCCTRL_SERIALISED;

         break;

+    case SPAPR_CAP_WORKAROUND:

+        behaviour |= H_CPU_BEHAV_FLUSH_COUNT_CACHE;

+        break;

     default: /* broken */

         assert(safe_indirect_branch == SPAPR_CAP_BROKEN);

         break;

diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h

index 72cfa49..8bb95bb 100644

--- a/include/hw/ppc/spapr.h

+++ b/include/hw/ppc/spapr.h

@@ -77,12 +77,17 @@ typedef enum {

 /* Bool Caps */

 #define SPAPR_CAP_OFF                   0x00

 #define SPAPR_CAP_ON                    0x01

+

 /* Custom Caps */

+

+/* Generic */

 #define SPAPR_CAP_BROKEN                0x00

 #define SPAPR_CAP_WORKAROUND            0x01

 #define SPAPR_CAP_FIXED                 0x02

+/* SPAPR_CAP_IBS (cap-ibs) */

 #define SPAPR_CAP_FIXED_IBS             0x02

 #define SPAPR_CAP_FIXED_CCD             0x03

+#define SPAPR_CAP_FIXED_NA              0x10 /* Lets leave a bit of a gap... */

 typedef struct sPAPRCapabilities sPAPRCapabilities;

 struct sPAPRCapabilities {

@@ -322,9 +327,11 @@ struct sPAPRMachineState {

 #define H_CPU_CHAR_HON_BRANCH_HINTS             PPC_BIT(5)

 #define H_CPU_CHAR_THR_RECONF_TRIG              PPC_BIT(6)

 #define H_CPU_CHAR_CACHE_COUNT_DIS              PPC_BIT(7)

+#define H_CPU_CHAR_BCCTR_FLUSH_ASSIST           PPC_BIT(9)

 #define H_CPU_BEHAV_FAVOUR_SECURITY             PPC_BIT(0)

 #define H_CPU_BEHAV_L1D_FLUSH_PR                PPC_BIT(1)

 #define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR           PPC_BIT(2)

+#define H_CPU_BEHAV_FLUSH_COUNT_CACHE           PPC_BIT(5)

 /* Each control block has to be on a 4K boundary */

 #define H_CB_ALIGNMENT     4096

diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c

index b9858fa..0e94cfc 100644

--- a/target/ppc/kvm.c

+++ b/target/ppc/kvm.c

@@ -2511,7 +2511,13 @@ static int parse_cap_ppc_safe_bounds_check(struct kvm_ppc_cpu_char c)

 static int parse_cap_ppc_safe_indirect_branch(struct kvm_ppc_cpu_char c)

 {

-    if (c.character & c.character_mask & H_CPU_CHAR_CACHE_COUNT_DIS) {

+    if ((~c.behaviour & c.behaviour_mask & H_CPU_BEHAV_FLUSH_COUNT_CACHE) &&

+        (~c.character & c.character_mask & H_CPU_CHAR_CACHE_COUNT_DIS) &&

+        (~c.character & c.character_mask & H_CPU_CHAR_BCCTRL_SERIALISED)) {

+        return SPAPR_CAP_FIXED_NA;

+    } else if (c.behaviour & c.behaviour_mask & H_CPU_BEHAV_FLUSH_COUNT_CACHE) {

+        return SPAPR_CAP_WORKAROUND;

+    } else if (c.character & c.character_mask & H_CPU_CHAR_CACHE_COUNT_DIS) {

         return  SPAPR_CAP_FIXED_CCD;

     } else if (c.character & c.character_mask & H_CPU_CHAR_BCCTRL_SERIALISED) {

         return SPAPR_CAP_FIXED_IBS;

-- 

1.8.3.1