Commit 34d382bd authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Stefan Bader

x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry

Bit 3 of ARCH_CAPABILITIES tells a hypervisor that L1D flush on vmentry is
not needed.  Add a new value to enum vmx_l1d_flush_state, which is used
either if there is no L1TF bug at all, or if bit 3 is set in ARCH_CAPABILITIES.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent b2fea1af
...@@ -58,6 +58,7 @@ ...@@ -58,6 +58,7 @@
#define MSR_IA32_ARCH_CAPABILITIES 0x0000010a #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a
#define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */ #define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */
#define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */ #define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */
#define ARCH_CAP_SKIP_VMENTRY_L1DFLUSH (1 << 3) /* Skip L1D flush on vmentry */
#define ARCH_CAP_SSB_NO (1 << 4) /* #define ARCH_CAP_SSB_NO (1 << 4) /*
* Not susceptible to Speculative Store Bypass * Not susceptible to Speculative Store Bypass
* attack, so no Speculative Store Bypass * attack, so no Speculative Store Bypass
......
...@@ -506,6 +506,7 @@ enum vmx_l1d_flush_state { ...@@ -506,6 +506,7 @@ enum vmx_l1d_flush_state {
VMENTER_L1D_FLUSH_COND, VMENTER_L1D_FLUSH_COND,
VMENTER_L1D_FLUSH_ALWAYS, VMENTER_L1D_FLUSH_ALWAYS,
VMENTER_L1D_FLUSH_EPT_DISABLED, VMENTER_L1D_FLUSH_EPT_DISABLED,
VMENTER_L1D_FLUSH_NOT_REQUIRED,
}; };
extern enum vmx_l1d_flush_state l1tf_vmx_mitigation; extern enum vmx_l1d_flush_state l1tf_vmx_mitigation;
......
...@@ -780,6 +780,7 @@ static const char *l1tf_vmx_states[] = { ...@@ -780,6 +780,7 @@ static const char *l1tf_vmx_states[] = {
[VMENTER_L1D_FLUSH_COND] = "conditional cache flushes", [VMENTER_L1D_FLUSH_COND] = "conditional cache flushes",
[VMENTER_L1D_FLUSH_ALWAYS] = "cache flushes", [VMENTER_L1D_FLUSH_ALWAYS] = "cache flushes",
[VMENTER_L1D_FLUSH_EPT_DISABLED] = "EPT disabled", [VMENTER_L1D_FLUSH_EPT_DISABLED] = "EPT disabled",
[VMENTER_L1D_FLUSH_NOT_REQUIRED] = "flush not necessary"
}; };
static ssize_t l1tf_show_state(char *buf) static ssize_t l1tf_show_state(char *buf)
......
...@@ -203,6 +203,16 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) ...@@ -203,6 +203,16 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
return 0; return 0;
} }
if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {
u64 msr;
rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
return 0;
}
}
/* If set to auto use the default l1tf mitigation method */ /* If set to auto use the default l1tf mitigation method */
if (l1tf == VMENTER_L1D_FLUSH_AUTO) { if (l1tf == VMENTER_L1D_FLUSH_AUTO) {
switch (l1tf_mitigation) { switch (l1tf_mitigation) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment