Commit bf502aa8 authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Stefan Bader

x86/kvm: Serialize L1D flush parameter setter

Writes to the parameter files are not serialized at the sysfs core
level, so local serialization is required.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Tested-by: default avatarJiri Kosina <jkosina@suse.cz>
Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142322.873642605@linutronix.de

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent dc17b0f7
...@@ -178,6 +178,7 @@ extern const ulong vmx_return; ...@@ -178,6 +178,7 @@ extern const ulong vmx_return;
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush); static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_always); static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_always);
static DEFINE_MUTEX(vmx_l1d_flush_mutex);
/* Storage for pre module init parameter parsing */ /* Storage for pre module init parameter parsing */
static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO; static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO;
...@@ -242,7 +243,7 @@ static int vmentry_l1d_flush_parse(const char *s) ...@@ -242,7 +243,7 @@ static int vmentry_l1d_flush_parse(const char *s)
static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
{ {
int l1tf; int l1tf, ret;
if (!boot_cpu_has(X86_BUG_L1TF)) if (!boot_cpu_has(X86_BUG_L1TF))
return 0; return 0;
...@@ -262,7 +263,10 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) ...@@ -262,7 +263,10 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
return 0; return 0;
} }
return vmx_setup_l1d_flush(l1tf); mutex_lock(&vmx_l1d_flush_mutex);
ret = vmx_setup_l1d_flush(l1tf);
mutex_unlock(&vmx_l1d_flush_mutex);
return ret;
} }
static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment