| From 472d99b2864eb58a54ec66205991a64d64143390 Mon Sep 17 00:00:00 2001 |
| From: Thomas Gleixner <tglx@linutronix.de> |
| Date: Wed, 27 Feb 2019 12:48:14 +0100 |
| Subject: [PATCH 11/30] x86/kvm/vmx: Add MDS protection when L1D Flush is not |
| active |
| |
| commit 650b68a0622f933444a6d66936abb3103029413b upstream |
| |
| CPUs which are affected by L1TF and MDS mitigate MDS with the L1D Flush on |
| VMENTER when updated microcode is installed. |
| |
| If a CPU is not affected by L1TF or if the L1D Flush is not in use, then |
| MDS mitigation needs to be invoked explicitly. |
| |
| For these cases, follow the host mitigation state and invoke the MDS |
| mitigation before VMENTER. |
| |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| Reviewed-by: Frederic Weisbecker <frederic@kernel.org> |
| Reviewed-by: Borislav Petkov <bp@suse.de> |
| Reviewed-by: Jon Masters <jcm@redhat.com> |
| Tested-by: Jon Masters <jcm@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/kernel/cpu/bugs.c | 1 + |
| arch/x86/kvm/vmx.c | 3 +++ |
| 2 files changed, 4 insertions(+) |
| |
| diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
| index 2a69046cc38c..c01468ccefc1 100644 |
| --- a/arch/x86/kernel/cpu/bugs.c |
| +++ b/arch/x86/kernel/cpu/bugs.c |
| @@ -63,6 +63,7 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); |
| |
| /* Control MDS CPU buffer clear before returning to user space */ |
| DEFINE_STATIC_KEY_FALSE(mds_user_clear); |
| +EXPORT_SYMBOL_GPL(mds_user_clear); |
| |
| void __init check_bugs(void) |
| { |
| diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
| index 215339c7d161..e9bf477209dc 100644 |
| --- a/arch/x86/kvm/vmx.c |
| +++ b/arch/x86/kvm/vmx.c |
| @@ -10765,8 +10765,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
| evmcs_rsp = static_branch_unlikely(&enable_evmcs) ? |
| (unsigned long)¤t_evmcs->host_rsp : 0; |
| |
| + /* L1D Flush includes CPU buffer clear to mitigate MDS */ |
| if (static_branch_unlikely(&vmx_l1d_should_flush)) |
| vmx_l1d_flush(vcpu); |
| + else if (static_branch_unlikely(&mds_user_clear)) |
| + mds_clear_cpu_buffers(); |
| |
| asm( |
| /* Store host registers */ |
| -- |
| 2.21.0 |
| |