57 lines
2.0 KiB
Diff
57 lines
2.0 KiB
Diff
From d04d9bffb07223cb687be8f5fbb059e6fa84b25a Mon Sep 17 00:00:00 2001
|
|
From: Thomas Gleixner <tglx@linutronix.de>
|
|
Date: Wed, 27 Feb 2019 12:48:14 +0100
|
|
Subject: [PATCH 11/30] x86/kvm/vmx: Add MDS protection when L1D Flush is not
|
|
active
|
|
|
|
commit 650b68a0622f933444a6d66936abb3103029413b upstream
|
|
|
|
CPUs which are affected by L1TF and MDS mitigate MDS with the L1D Flush on
|
|
VMENTER when updated microcode is installed.
|
|
|
|
If a CPU is not affected by L1TF or if the L1D Flush is not in use, then
|
|
MDS mitigation needs to be invoked explicitly.
|
|
|
|
For these cases, follow the host mitigation state and invoke the MDS
|
|
mitigation before VMENTER.
|
|
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
|
|
Reviewed-by: Borislav Petkov <bp@suse.de>
|
|
Reviewed-by: Jon Masters <jcm@redhat.com>
|
|
Tested-by: Jon Masters <jcm@redhat.com>
|
|
---
|
|
arch/x86/kernel/cpu/bugs.c | 1 +
|
|
arch/x86/kvm/vmx.c | 3 +++
|
|
2 files changed, 4 insertions(+)
|
|
|
|
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
index 2a69046cc38c..c01468ccefc1 100644
|
|
--- a/arch/x86/kernel/cpu/bugs.c
|
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
@@ -63,6 +63,7 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb);
|
|
|
|
/* Control MDS CPU buffer clear before returning to user space */
|
|
DEFINE_STATIC_KEY_FALSE(mds_user_clear);
|
|
+EXPORT_SYMBOL_GPL(mds_user_clear);
|
|
|
|
void __init check_bugs(void)
|
|
{
|
|
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
|
|
index 215339c7d161..e9bf477209dc 100644
|
|
--- a/arch/x86/kvm/vmx.c
|
|
+++ b/arch/x86/kvm/vmx.c
|
|
@@ -10765,8 +10765,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
|
|
evmcs_rsp = static_branch_unlikely(&enable_evmcs) ?
|
|
(unsigned long)¤t_evmcs->host_rsp : 0;
|
|
|
|
+ /* L1D Flush includes CPU buffer clear to mitigate MDS */
|
|
if (static_branch_unlikely(&vmx_l1d_should_flush))
|
|
vmx_l1d_flush(vcpu);
|
|
+ else if (static_branch_unlikely(&mds_user_clear))
|
|
+ mds_clear_cpu_buffers();
|
|
|
|
asm(
|
|
/* Store host registers */
|