| From foo@baz Tue Aug 14 16:14:56 CEST 2018 |
| From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
| Date: Wed, 20 Jun 2018 11:29:53 -0400 |
| Subject: x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present |
| |
| From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
| |
| commit 26acfb666a473d960f0fd971fe68f3e3ad16c70b upstream |
| |
| If the L1TF CPU bug is present we allow the KVM module to be loaded as the |
| major of users that use Linux and KVM have trusted guests and do not want a |
| broken setup. |
| |
| Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and as |
| such they are the ones that should set nosmt to one. |
| |
| Setting 'nosmt' means that the system administrator also needs to disable |
| SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line |
| parameter, or via the /sys/devices/system/cpu/smt/control. See commit |
| 05736e4ac13c ("cpu/hotplug: Provide knobs to control SMT"). |
| |
| Other mitigations are to use task affinity, cpu sets, interrupt binding, |
| etc - anything to make sure that _only_ the same guests vCPUs are running |
| on sibling threads. |
| |
| Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| Documentation/kernel-parameters.txt | 6 ++++++ |
| arch/x86/kvm/vmx.c | 19 +++++++++++++++++++ |
| kernel/cpu.c | 1 + |
| 3 files changed, 26 insertions(+) |
| |
| --- a/Documentation/kernel-parameters.txt |
| +++ b/Documentation/kernel-parameters.txt |
| @@ -1989,6 +1989,12 @@ bytes respectively. Such letter suffixes |
| for all guests. |
| Default is 1 (enabled) if in 64-bit or 32-bit PAE mode. |
| |
| + kvm-intel.nosmt=[KVM,Intel] If the L1TF CPU bug is present (CVE-2018-3620) |
| + and the system has SMT (aka Hyper-Threading) enabled then |
| + don't allow guests to be created. |
| + |
| + Default is 0 (allow guests to be created). |
| + |
| kvm-intel.ept= [KVM,Intel] Disable extended page tables |
| (virtualized MMU) support on capable Intel chips. |
| Default is 1 (enabled) |
| --- a/arch/x86/kvm/vmx.c |
| +++ b/arch/x86/kvm/vmx.c |
| @@ -69,6 +69,9 @@ static const struct x86_cpu_id vmx_cpu_i |
| }; |
| MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id); |
| |
| +static bool __read_mostly nosmt; |
| +module_param(nosmt, bool, S_IRUGO); |
| + |
| static bool __read_mostly enable_vpid = 1; |
| module_param_named(vpid, enable_vpid, bool, 0444); |
| |
| @@ -9298,6 +9301,20 @@ free_vcpu: |
| return ERR_PTR(err); |
| } |
| |
| +#define L1TF_MSG "SMT enabled with L1TF CPU bug present. Refer to CVE-2018-3620 for details.\n" |
| + |
| +static int vmx_vm_init(struct kvm *kvm) |
| +{ |
| + if (boot_cpu_has(X86_BUG_L1TF) && cpu_smt_control == CPU_SMT_ENABLED) { |
| + if (nosmt) { |
| + pr_err(L1TF_MSG); |
| + return -EOPNOTSUPP; |
| + } |
| + pr_warn(L1TF_MSG); |
| + } |
| + return 0; |
| +} |
| + |
| static void __init vmx_check_processor_compat(void *rtn) |
| { |
| struct vmcs_config vmcs_conf; |
| @@ -11367,6 +11384,8 @@ static struct kvm_x86_ops vmx_x86_ops __ |
| .cpu_has_accelerated_tpr = report_flexpriority, |
| .has_emulated_msr = vmx_has_emulated_msr, |
| |
| + .vm_init = vmx_vm_init, |
| + |
| .vcpu_create = vmx_create_vcpu, |
| .vcpu_free = vmx_free_vcpu, |
| .vcpu_reset = vmx_vcpu_reset, |
| --- a/kernel/cpu.c |
| +++ b/kernel/cpu.c |
| @@ -358,6 +358,7 @@ EXPORT_SYMBOL_GPL(cpu_hotplug_enable); |
| |
| #ifdef CONFIG_HOTPLUG_SMT |
| enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; |
| +EXPORT_SYMBOL_GPL(cpu_smt_control); |
| |
| static int __init smt_cmdline_disable(char *str) |
| { |