| From foo@baz Tue Aug 14 16:14:56 CEST 2018 |
| From: Paolo Bonzini <pbonzini@redhat.com> |
| Date: Sun, 5 Aug 2018 16:07:45 +0200 |
| Subject: x86/speculation: Simplify sysfs report of VMX L1TF vulnerability |
| |
| From: Paolo Bonzini <pbonzini@redhat.com> |
| |
| commit ea156d192f5257a5bf393d33910d3b481bf8a401 upstream |
| |
| Three changes to the content of the sysfs file: |
| |
| - If EPT is disabled, L1TF cannot be exploited even across threads on the |
| same core, and SMT is irrelevant. |
| |
| - If mitigation is completely disabled, and SMT is enabled, print "vulnerable" |
| instead of "vulnerable, SMT vulnerable" |
| |
| - Reorder the two parts so that the main vulnerability state comes first |
| and the detail on SMT is second. |
| |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/kernel/cpu/bugs.c | 12 +++++++++--- |
| 1 file changed, 9 insertions(+), 3 deletions(-) |
| |
| --- a/arch/x86/kernel/cpu/bugs.c |
| +++ b/arch/x86/kernel/cpu/bugs.c |
| @@ -737,9 +737,15 @@ static ssize_t l1tf_show_state(char *buf |
| if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) |
| return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); |
| |
| - return sprintf(buf, "%s; VMX: SMT %s, L1D %s\n", L1TF_DEFAULT_MSG, |
| - cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled", |
| - l1tf_vmx_states[l1tf_vmx_mitigation]); |
| + if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || |
| + (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && |
| + cpu_smt_control == CPU_SMT_ENABLED)) |
| + return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, |
| + l1tf_vmx_states[l1tf_vmx_mitigation]); |
| + |
| + return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, |
| + l1tf_vmx_states[l1tf_vmx_mitigation], |
| + cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled"); |
| } |
| #else |
| static ssize_t l1tf_show_state(char *buf) |