Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8e0b2b91 authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Thomas Gleixner
Browse files

x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry 



Bit 3 of ARCH_CAPABILITIES tells a hypervisor that L1D flush on vmentry is
not needed.  Add a new value to enum vmx_l1d_flush_state, which is used
either if there is no L1TF bug at all, or if bit 3 is set in ARCH_CAPABILITIES.

Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
parent ea156d19

arch/x86/include/asm/msr-index.h

+1 −0
Original line number Diff line number Diff line
@@ -70,6 +70,7 @@ 
#define MSR_IA32_ARCH_CAPABILITIES	0x0000010a

#define ARCH_CAP_RDCL_NO		(1 << 0)   /* Not susceptible to Meltdown */

#define ARCH_CAP_IBRS_ALL		(1 << 1)   /* Enhanced IBRS support */

#define ARCH_CAP_SKIP_VMENTRY_L1DFLUSH	(1 << 3)   /* Skip L1D flush on vmentry */

#define ARCH_CAP_SSB_NO			(1 << 4)   /*

						    * Not susceptible to Speculative Store Bypass

						    * attack, so no Speculative Store Bypass

arch/x86/include/asm/vmx.h

+1 −0
Original line number Diff line number Diff line
@@ -582,6 +582,7 @@ enum vmx_l1d_flush_state { 
	VMENTER_L1D_FLUSH_COND,

	VMENTER_L1D_FLUSH_ALWAYS,

	VMENTER_L1D_FLUSH_EPT_DISABLED,

	VMENTER_L1D_FLUSH_NOT_REQUIRED,

};



extern enum vmx_l1d_flush_state l1tf_vmx_mitigation;

arch/x86/kernel/cpu/bugs.c

+1 −0
Original line number Diff line number Diff line
@@ -755,6 +755,7 @@ static const char *l1tf_vmx_states[] = { 
	[VMENTER_L1D_FLUSH_COND]		= "conditional cache flushes",

	[VMENTER_L1D_FLUSH_ALWAYS]		= "cache flushes",

	[VMENTER_L1D_FLUSH_EPT_DISABLED]	= "EPT disabled",

	[VMENTER_L1D_FLUSH_NOT_REQUIRED]	= "flush not necessary"

};



static ssize_t l1tf_show_state(char *buf)

arch/x86/kvm/vmx.c

+10 −0
Original line number Diff line number Diff line
@@ -218,6 +218,16 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) 
		return 0;

	}



       if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {

	       u64 msr;



	       rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);

	       if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {

		       l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;

		       return 0;

	       }

       }



	/* If set to auto use the default l1tf mitigation method */

	if (l1tf == VMENTER_L1D_FLUSH_AUTO) {

		switch (l1tf_mitigation) {