www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Mihai Carabas <mihai.carabas@oracle.com>
	Mon, 11 Feb 2019 13:04:07 +0000 (15:04 +0200)
committer	Brian Maly <brian.maly@oracle.com>
	Tue, 26 Mar 2019 20:32:54 +0000 (16:32 -0400)
commit	3d71c94a6b65a1af82dd08a4cbd53ddc9ea5ff90
tree	5f2ea51c4e41a8ec80bf7250e9d4562092cf2d92	tree
parent	2a9b75ea713843c4ed7e4a87fb9d47f60bbcdbb3	commit \| diff

x86: cpu: microcode: fix late loading SSBD and L1TF bugs eval

On microcode reloading we have to update the status of SpectreV2 mitigations if
they were not present at init time: we have opted for the default mitigation:
seccomp or prctl (so per process).

For L1TF we do not have to do anything as host mitigation does not depend on
any CPU bits and from hypervisor perspective we just call vmentry_l1d_flush_set
to re-assess the mitigation. vmentry_l1d_flush_ops is exposed through this structure:
static const struct kernel_param_ops vmentry_l1d_flush_ops = {
>-------.set = vmentry_l1d_flush_set,
>-------.get = vmentry_l1d_flush_get,
};

And can be set/get using this sysfs entry:
/sys/module/kvm_intel/parameters/vmentry_l1d_flush

It was not possible to use the same functions as most of the logic is using
boot_command_line which is in init data and dropped after booting.

Orabug: 29336760

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>

arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history
arch/x86/kernel/cpu/microcode/core.c		diff \| blob \| history