Commit f9a1bc63 authored by Nicolai Stange's avatar Nicolai Stange Committed by Stefan Bader

x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'

The vmx_l1d_flush_always static key is only ever evaluated if
vmx_l1d_should_flush is enabled. In that case however, there are only two
L1d flushing modes possible: "always" and "conditional".

The "conditional" mode's implementation tends to require more sophisticated
logic than the "always" mode.

Avoid inverted logic by replacing the 'vmx_l1d_flush_always' static key
with a 'vmx_l1d_flush_cond' one.

There is no change in functionality.
Signed-off-by: default avatarNicolai Stange <nstange@suse.de>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 0661b923
......@@ -174,7 +174,7 @@ module_param(ple_window_max, int, S_IRUGO);
extern const ulong vmx_return;
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_always);
static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond);
static DEFINE_MUTEX(vmx_l1d_flush_mutex);
/* Storage for pre module init parameter parsing */
......@@ -248,10 +248,10 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
else
static_branch_disable(&vmx_l1d_should_flush);
if (l1tf == VMENTER_L1D_FLUSH_ALWAYS)
static_branch_enable(&vmx_l1d_flush_always);
if (l1tf == VMENTER_L1D_FLUSH_COND)
static_branch_enable(&vmx_l1d_flush_cond);
else
static_branch_disable(&vmx_l1d_flush_always);
static_branch_disable(&vmx_l1d_flush_cond);
return 0;
}
......@@ -8395,7 +8395,7 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
* This code is only executed when the the flush mode is 'cond' or
* 'always'
*/
if (!static_branch_unlikely(&vmx_l1d_flush_always)) {
if (static_branch_likely(&vmx_l1d_flush_cond)) {
/*
* Clear the flush bit, it gets set again either from
* vcpu_run() or from one of the unsafe VMEXIT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment