| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180814171524.999876779@linuxfoundation.org>
Date: Tue, 14 Aug 2018 19:17:30 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Thomas Gleixner <tglx@...utronix.de>,
David Woodhouse <dwmw@...zon.co.uk>
Subject: [PATCH 4.9 067/107] x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
commit 390d975e0c4e60ce70d4157e0dd91ede37824603 upstream
If the L1D flush module parameter is set to 'always' and the IA32_FLUSH_CMD
MSR is available, optimize the VMENTER code with the MSR save list.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Signed-off-by: David Woodhouse <dwmw@...zon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
arch/x86/kvm/vmx.c | 42 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 37 insertions(+), 5 deletions(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5269,6 +5269,16 @@ static void ept_set_mmio_spte_mask(void)
kvm_mmu_set_mmio_spte_mask((0x3ull << 62) | 0x6ull);
}
+static bool vmx_l1d_use_msr_save_list(void)
+{
+ if (!enable_ept || !boot_cpu_has_bug(X86_BUG_L1TF) ||
+ static_cpu_has(X86_FEATURE_HYPERVISOR) ||
+ !static_cpu_has(X86_FEATURE_FLUSH_L1D))
+ return false;
+
+ return vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+}
+
#define VMX_XSS_EXIT_BITMAP 0
/*
* Sets up the vmcs for emulated real mode.
@@ -5618,6 +5628,12 @@ static void vmx_set_nmi_mask(struct kvm_
vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
GUEST_INTR_STATE_NMI);
}
+ /*
+ * If flushing the L1D cache on every VMENTER is enforced and the
+ * MSR is available, use the MSR save list.
+ */
+ if (vmx_l1d_use_msr_save_list())
+ add_atomic_switch_msr(vmx, MSR_IA32_FLUSH_CMD, L1D_FLUSH, 0, true);
}
static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
@@ -8581,11 +8597,26 @@ static void vmx_l1d_flush(struct kvm_vcp
bool always;
/*
- * If the mitigation mode is 'flush always', keep the flush bit
- * set, otherwise clear it. It gets set again either from
- * vcpu_run() or from one of the unsafe VMEXIT handlers.
+ * This code is only executed when:
+ * - the flush mode is 'cond'
+ * - the flush mode is 'always' and the flush MSR is not
+ * available
+ *
+ * If the CPU has the flush MSR then clear the flush bit because
+ * 'always' mode is handled via the MSR save list.
+ *
+ * If the MSR is not avaibable then act depending on the mitigation
+ * mode: If 'flush always', keep the flush bit set, otherwise clear
+ * it.
+ *
+ * The flush bit gets set again either from vcpu_run() or from one
+ * of the unsafe VMEXIT handlers.
*/
- always = vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+ if (static_cpu_has(X86_FEATURE_FLUSH_L1D))
+ always = false;
+ else
+ always = vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+
vcpu->arch.l1tf_flush_l1d = always;
vcpu->stat.l1d_flush++;
@@ -11660,7 +11691,8 @@ static int __init vmx_setup_l1d_flush(vo
struct page *page;
if (vmentry_l1d_flush == VMENTER_L1D_FLUSH_NEVER ||
- !boot_cpu_has_bug(X86_BUG_L1TF))
+ !boot_cpu_has_bug(X86_BUG_L1TF) ||
+ vmx_l1d_use_msr_save_list())
return 0;
if (!boot_cpu_has(X86_FEATURE_FLUSH_L1D)) {
Powered by blists - more mailing lists