| Message ID | 20190227051859.26026-1-sjitindarsingh@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [QEMU-PPC] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type | expand |
On Wed, Feb 27, 2019 at 04:18:59PM +1100, Suraj Jitindar Singh wrote: > There are currently 3 vulnerability mitigations controlled by the > spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these > mitigations by default for the pseries-4.0 machine type. > > By now machine firmware should have been upgraded to allow these > settings. > Note: This means these caps will have to be set to broken for tcg > > Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> There was a conflict because you've diffed this against a tree which already has your large decrementer patches, but I've fixed that up and applied. > --- > hw/ppc/spapr.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c > index 73aba70aa9..1ef8865dc5 100644 > --- a/hw/ppc/spapr.c > +++ b/hw/ppc/spapr.c > @@ -4313,9 +4313,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data) > smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF; > smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON; > smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON; > - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN; > - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN; > - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN; > + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND; > + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND; > + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD; > smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */ > smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF; > smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 1; > @@ -4394,6 +4394,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc) > mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0"); > smc->update_dt_enabled = false; > smc->dr_phb_enabled = false; > + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN; > + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN; > + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN; > smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 0; > } >
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 73aba70aa9..1ef8865dc5 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -4313,9 +4313,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data) smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF; smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON; smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON; - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN; - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN; - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN; + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND; + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND; + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_FIXED_CCD; smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */ smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF; smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 1; @@ -4394,6 +4394,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc) mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0"); smc->update_dt_enabled = false; smc->dr_phb_enabled = false; + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN; + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN; + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN; smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = 0; }
There are currently 3 vulnerability mitigations controlled by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these mitigations by default for the pseries-4.0 machine type. By now machine firmware should have been upgraded to allow these settings. Note: This means these caps will have to be set to broken for tcg Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com> --- hw/ppc/spapr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)