www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Fri, 13 Jul 2018 14:23:17 +0000 (16:23 +0200)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Sat, 11 Aug 2018 00:44:42 +0000 (20:44 -0400)
commit	33e91f445c8b5fa894e7750b724c9d35c6b21eba
tree	27a9d46f6fa7c56fc7928d5a71e1ff57d10f439c	tree
parent	ebccb88e1a085c5b92a096652e7bfa108e698c36	commit \| diff

x86/kvm: Drop L1TF MSR list approach

The VMX module parameter to control the L1D flush should become
writeable.

The MSR list is set up at VM init per guest VCPU, but the run time
switching is based on a static key which is global. Toggling the MSR list
at run time might be feasible, but for now drop this optimization and use
the regular MSR write to make run-time switching possible.

The default mitigation is the conditional flush anyway, so for extra
paranoid setups this will add some small overhead, but the extra code
executed is in the noise compared to the flush itself.

Aside of that the EPT disabled case is not handled correctly at the moment
and the MSR list magic is in the way for fixing that as well.

If it's really providing a significant advantage, then this needs to be
revisited after the code is correct and the control is writable.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lkml.kernel.org/r/20180713142322.516940445@linutronix.de
Orabug: 28220674
CVE: CVE-2018-3646

(cherry picked from commit 2f055947ae5e2741fb2dc5bba1033c417ccf4faa)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
arch/x86/kvm/vmx.c
Contextual: different content