| From cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 Mon Sep 17 00:00:00 2001 |
| From: Andi Kleen <ak@linux.intel.com> |
| Date: Fri, 24 Aug 2018 10:03:50 -0700 |
| Subject: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ |
| |
| From: Andi Kleen <ak@linux.intel.com> |
| |
| commit cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 upstream. |
| |
| On Nehalem and newer core CPUs the CPU cache internally uses 44 bits |
| physical address space. The L1TF workaround is limited by this internal |
| cache address width, and needs to have one bit free there for the |
| mitigation to work. |
| |
| Older client systems report only 36bit physical address space so the range |
| check decides that L1TF is not mitigated for a 36bit phys/32GB system with |
| some memory holes. |
| |
| But since these actually have the larger internal cache width this warning |
| is bogus because it would only really be needed if the system had more than |
| 43bits of memory. |
| |
| Add a new internal x86_cache_bits field. Normally it is the same as the |
| physical bits field reported by CPUID, but for Nehalem and newerforce it to |
| be at least 44bits. |
| |
| Change the L1TF memory size warning to use the new cache_bits field to |
| avoid bogus warnings and remove the bogus comment about memory size. |
| |
| Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") |
| Reported-by: George Anchev <studio@anchev.net> |
| Reported-by: Christopher Snowhill <kode54@gmail.com> |
| Signed-off-by: Andi Kleen <ak@linux.intel.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Cc: x86@kernel.org |
| Cc: linux-kernel@vger.kernel.org |
| Cc: Michael Hocko <mhocko@suse.com> |
| Cc: vbabka@suse.cz |
| Cc: stable@vger.kernel.org |
| Link: https://lkml.kernel.org/r/20180824170351.34874-1-andi@firstfloor.org |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/include/asm/processor.h | 4 ++- |
| arch/x86/kernel/cpu/bugs.c | 46 ++++++++++++++++++++++++++++++++++----- |
| arch/x86/kernel/cpu/common.c | 1 |
| 3 files changed, 45 insertions(+), 6 deletions(-) |
| |
| --- a/arch/x86/include/asm/processor.h |
| +++ b/arch/x86/include/asm/processor.h |
| @@ -132,6 +132,8 @@ struct cpuinfo_x86 { |
| /* Index into per_cpu list: */ |
| u16 cpu_index; |
| u32 microcode; |
| + /* Address space bits used by the cache internally */ |
| + u8 x86_cache_bits; |
| } __randomize_layout; |
| |
| struct cpuid_regs { |
| @@ -182,7 +184,7 @@ extern void cpu_detect(struct cpuinfo_x8 |
| |
| static inline unsigned long long l1tf_pfn_limit(void) |
| { |
| - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); |
| + return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT); |
| } |
| |
| extern void early_cpu_init(void); |
| --- a/arch/x86/kernel/cpu/bugs.c |
| +++ b/arch/x86/kernel/cpu/bugs.c |
| @@ -652,6 +652,45 @@ EXPORT_SYMBOL_GPL(l1tf_mitigation); |
| enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; |
| EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); |
| |
| +/* |
| + * These CPUs all support 44bits physical address space internally in the |
| + * cache but CPUID can report a smaller number of physical address bits. |
| + * |
| + * The L1TF mitigation uses the top most address bit for the inversion of |
| + * non present PTEs. When the installed memory reaches into the top most |
| + * address bit due to memory holes, which has been observed on machines |
| + * which report 36bits physical address bits and have 32G RAM installed, |
| + * then the mitigation range check in l1tf_select_mitigation() triggers. |
| + * This is a false positive because the mitigation is still possible due to |
| + * the fact that the cache uses 44bit internally. Use the cache bits |
| + * instead of the reported physical bits and adjust them on the affected |
| + * machines to 44bit if the reported bits are less than 44. |
| + */ |
| +static void override_cache_bits(struct cpuinfo_x86 *c) |
| +{ |
| + if (c->x86 != 6) |
| + return; |
| + |
| + switch (c->x86_model) { |
| + case INTEL_FAM6_NEHALEM: |
| + case INTEL_FAM6_WESTMERE: |
| + case INTEL_FAM6_SANDYBRIDGE: |
| + case INTEL_FAM6_IVYBRIDGE: |
| + case INTEL_FAM6_HASWELL_CORE: |
| + case INTEL_FAM6_HASWELL_ULT: |
| + case INTEL_FAM6_HASWELL_GT3E: |
| + case INTEL_FAM6_BROADWELL_CORE: |
| + case INTEL_FAM6_BROADWELL_GT3E: |
| + case INTEL_FAM6_SKYLAKE_MOBILE: |
| + case INTEL_FAM6_SKYLAKE_DESKTOP: |
| + case INTEL_FAM6_KABYLAKE_MOBILE: |
| + case INTEL_FAM6_KABYLAKE_DESKTOP: |
| + if (c->x86_cache_bits < 44) |
| + c->x86_cache_bits = 44; |
| + break; |
| + } |
| +} |
| + |
| static void __init l1tf_select_mitigation(void) |
| { |
| u64 half_pa; |
| @@ -659,6 +698,8 @@ static void __init l1tf_select_mitigatio |
| if (!boot_cpu_has_bug(X86_BUG_L1TF)) |
| return; |
| |
| + override_cache_bits(&boot_cpu_data); |
| + |
| switch (l1tf_mitigation) { |
| case L1TF_MITIGATION_OFF: |
| case L1TF_MITIGATION_FLUSH_NOWARN: |
| @@ -678,11 +719,6 @@ static void __init l1tf_select_mitigatio |
| return; |
| #endif |
| |
| - /* |
| - * This is extremely unlikely to happen because almost all |
| - * systems have far more MAX_PA/2 than RAM can be fit into |
| - * DIMM slots. |
| - */ |
| half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; |
| if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { |
| pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); |
| --- a/arch/x86/kernel/cpu/common.c |
| +++ b/arch/x86/kernel/cpu/common.c |
| @@ -890,6 +890,7 @@ static void identify_cpu_without_cpuid(s |
| } |
| } |
| #endif |
| + c->x86_cache_bits = c->x86_phys_bits; |
| } |
| |
| static const __initconst struct x86_cpu_id cpu_no_speculation[] = { |