| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220223052223.1202152-40-junaids@google.com>
Date: Tue, 22 Feb 2022 21:22:15 -0800
From: Junaid Shahid <junaids@...gle.com>
To: linux-kernel@...r.kernel.org
Cc: Ofir Weisse <oweisse@...gle.com>, kvm@...r.kernel.org,
pbonzini@...hat.com, jmattson@...gle.com, pjt@...gle.com,
alexandre.chartre@...cle.com, rppt@...ux.ibm.com,
dave.hansen@...ux.intel.com, peterz@...radead.org,
tglx@...utronix.de, luto@...nel.org, linux-mm@...ck.org
Subject: [RFC PATCH 39/47] mm: asi: Skip conventional L1TF/MDS mitigations
From: Ofir Weisse <oweisse@...gle.com>
If ASI is enabled for an mm, then the L1D flushes and MDS mitigations
will be taken care of ASI. We check if asi is enabled by checking
current->mm->asi_enabled. To use ASI, a cgroup flag must be set before
the VM process is forked - causing a flag mm->asi_enabled to be set.
Signed-off-by: Ofir Weisse <oweisse@...gle.com>
---
arch/x86/kvm/vmx/vmx.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e0178b57be75..6549fef39f2b 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6609,7 +6609,11 @@ static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
kvm_guest_enter_irqoff();
- vmx_flush_sensitive_cpu_state(vcpu);
+ /* If Address Space Isolation is enabled, it will take care of L1D
+ * flushes, and will also mitigate MDS. In other words, if no ASI -
+ * flush sensitive cpu state. */
+ if (!static_asi_enabled() || !mm_asi_enabled(current->mm))
+ vmx_flush_sensitive_cpu_state(vcpu);
asi_enter(vcpu->kvm->asi);
--
2.35.1.473.g83b2b277ed-goog
Powered by blists - more mailing lists