1KVM implements the PSCI (Power State Coordination Interface) 2specification in order to provide services such as CPU on/off, reset 3and power-off to the guest. 4 5The PSCI specification is regularly updated to provide new features, 6and KVM implements these updates if they make sense from a virtualization 7point of view. 8 9This means that a guest booted on two different versions of KVM can 10observe two different "firmware" revisions. This could cause issues if 11a given guest is tied to a particular PSCI revision (unlikely), or if 12a migration causes a different PSCI version to be exposed out of the 13blue to an unsuspecting guest. 14 15In order to remedy this situation, KVM exposes a set of "firmware 16pseudo-registers" that can be manipulated using the GET/SET_ONE_REG 17interface. These registers can be saved/restored by userspace, and set 18to a convenient value if required. 19 20The following register is defined: 21 22* KVM_REG_ARM_PSCI_VERSION: 23 24 - Only valid if the vcpu has the KVM_ARM_VCPU_PSCI_0_2 feature set 25 (and thus has already been initialized) 26 - Returns the current PSCI version on GET_ONE_REG (defaulting to the 27 highest PSCI version implemented by KVM and compatible with v0.2) 28 - Allows any PSCI version implemented by KVM and compatible with 29 v0.2 to be set with SET_ONE_REG 30 - Affects the whole VM (even if the register view is per-vcpu) 31 32* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1: 33 Holds the state of the firmware support to mitigate CVE-2017-5715, as 34 offered by KVM to the guest via a HVC call. The workaround is described 35 under SMCCC_ARCH_WORKAROUND_1 in [1]. 36 Accepted values are: 37 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_AVAIL: KVM does not offer 38 firmware support for the workaround. The mitigation status for the 39 guest is unknown. 40 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_AVAIL: The workaround HVC call is 41 available to the guest and required for the mitigation. 42 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_1_NOT_REQUIRED: The workaround HVC call 43 is available to the guest, but it is not needed on this VCPU. 44 45* KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2: 46 Holds the state of the firmware support to mitigate CVE-2018-3639, as 47 offered by KVM to the guest via a HVC call. The workaround is described 48 under SMCCC_ARCH_WORKAROUND_2 in [1]. 49 Accepted values are: 50 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_AVAIL: A workaround is not 51 available. KVM does not offer firmware support for the workaround. 52 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_UNKNOWN: The workaround state is 53 unknown. KVM does not offer firmware support for the workaround. 54 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_AVAIL: The workaround is available, 55 and can be disabled by a vCPU. If 56 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED is set, it is active for 57 this vCPU. 58 KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED: The workaround is 59 always active on this vCPU or it is not needed. 60 61[1] https://developer.arm.com/-/media/developer/pdf/ARM_DEN_0070A_Firmware_interfaces_for_mitigating_CVE-2017-5715.pdf 62