Commit dc17b0f7 authored by Thomas Gleixner's avatar Thomas Gleixner Committed by Stefan Bader

x86/kvm: Add static key for flush always

Avoid the conditional in the L1D flush control path.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Tested-by: default avatarJiri Kosina <jkosina@suse.cz>
Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142322.790914912@linutronix.de

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent dc47bec7
......@@ -177,6 +177,7 @@ module_param(ple_window_max, int, S_IRUGO);
extern const ulong vmx_return;
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_always);
/* Storage for pre module init parameter parsing */
static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO;
......@@ -217,8 +218,12 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
l1tf_vmx_mitigation = l1tf;
if (l1tf != VMENTER_L1D_FLUSH_NEVER)
if (l1tf == VMENTER_L1D_FLUSH_NEVER)
return 0;
static_branch_enable(&vmx_l1d_should_flush);
if (l1tf == VMENTER_L1D_FLUSH_ALWAYS)
static_branch_enable(&vmx_l1d_flush_always);
return 0;
}
......@@ -8354,7 +8359,6 @@ static void *vmx_l1d_flush_pages;
static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
{
int size = PAGE_SIZE << L1D_CACHE_ORDER;
bool always;
/*
* This code is only executed when the the flush mode is 'cond' or
......@@ -8364,8 +8368,10 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
* it. The flush bit gets set again either from vcpu_run() or from
* one of the unsafe VMEXIT handlers.
*/
always = l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_ALWAYS;
vcpu->arch.l1tf_flush_l1d = always;
if (static_branch_unlikely(&vmx_l1d_flush_always))
vcpu->arch.l1tf_flush_l1d = true;
else
vcpu->arch.l1tf_flush_l1d = false;
vcpu->stat.l1d_flush++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment