Commit 49caebe9 authored by Andre Przywara's avatar Andre Przywara Committed by Marc Zyngier
Browse files

KVM: doc: Add API documentation on the KVM_REG_ARM_WORKAROUNDS register 



Add documentation for the newly defined firmware registers to save and
restore any vulnerability mitigation status.

Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
Reviewed-by: default avatarSteven Price <steven.price@arm.com>
Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
parent 99adb567

Documentation/virtual/kvm/arm/psci.txt

+31 −0
Original line number Diff line number Diff line
@@ -28,3 +28,34 @@ The following register is defined: 
  - Allows any PSCI version implemented by KVM and compatible with

    v0.2 to be set with SET_ONE_REG

  - Affects the whole VM (even if the register view is per-vcpu)



* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1:

  Holds the state of the firmware support to mitigate CVE-2017-5715, as

  offered by KVM to the guest via a HVC call. The workaround is described

  under SMCCC_ARCH_WORKAROUND_1 in [1].

  Accepted values are:

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL: KVM does not offer

      firmware support for the workaround. The mitigation status for the

      guest is unknown.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL: The workaround HVC call is

      available to the guest and required for the mitigation.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED: The workaround HVC call

      is available to the guest, but it is not needed on this VCPU.



* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2:

  Holds the state of the firmware support to mitigate CVE-2018-3639, as

  offered by KVM to the guest via a HVC call. The workaround is described

  under SMCCC_ARCH_WORKAROUND_2 in [1].

  Accepted values are:

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL: A workaround is not

      available. KVM does not offer firmware support for the workaround.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN: The workaround state is

      unknown. KVM does not offer firmware support for the workaround.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL: The workaround is available,

      and can be disabled by a vCPU. If

      KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED is set, it is active for

      this vCPU.

    KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED: The workaround is

      always active on this vCPU or it is not needed.



[1] https://developer.arm.com/-/media/developer/pdf/ARM_DEN_0070A_Firmware_interfaces_for_mitigating_CVE-2017-5715.pdf