x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required

If the L1D flush module parameter is set to 'always' and the IA32_FLUSH_CMD
MSR is available, optimize the VMENTER code with the MSR save list.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Orabug: 28220674
CVE: CVE-2018-3646

(cherry picked from commit 390d975e0c4e60ce70d4157e0dd91ede37824603)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
	arch/x86/kvm/vmx.c
Contextual: different content

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 01955fd5417ae71ddd82beb6f7743399a4785d56..f76b041d560c275bef9ff1a6d4a13c4ff78bdc4e 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4733,6 +4733,16 @@ static void ept_set_mmio_spte_mask(void)
        kvm_mmu_set_mmio_spte_mask((0x3ull << 62) | 0x6ull);
 }
 
+static bool vmx_l1d_use_msr_save_list(void)
+{
+       if (!enable_ept || !boot_cpu_has_bug(X86_BUG_L1TF) ||
+           static_cpu_has(X86_FEATURE_HYPERVISOR) ||
+           !static_cpu_has(X86_FEATURE_FLUSH_L1D))
+               return false;
+
+       return vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+}
+
 #define VMX_XSS_EXIT_BITMAP 0
 /*
  * Sets up the vmcs for emulated real mode.
@@ -4846,6 +4856,13 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
        if (vmx_xsaves_supported())
                vmcs_write64(XSS_EXIT_BITMAP, VMX_XSS_EXIT_BITMAP);
 
+       /*
+        * If flushing the L1D cache on every VMENTER is enforced and the
+        * MSR is available, use the MSR save list.
+        */
+       if (vmx_l1d_use_msr_save_list())
+               add_atomic_switch_msr(vmx, MSR_IA32_FLUSH_CMD, L1D_FLUSH, 0, true);
+
        return 0;
 }
 
@@ -7955,11 +7972,26 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
        bool always;
 
        /*
-        * If the mitigation mode is 'flush always', keep the flush bit
-        * set, otherwise clear it. It gets set again either from
-        * vcpu_run() or from one of the unsafe VMEXIT handlers.
+        * This code is only executed when:
+        * - the flush mode is 'cond'
+        * - the flush mode is 'always' and the flush MSR is not
+        *   available
+        *
+        * If the CPU has the flush MSR then clear the flush bit because
+        * 'always' mode is handled via the MSR save list.
+        *
+        * If the MSR is not avaibable then act depending on the mitigation
+        * mode: If 'flush always', keep the flush bit set, otherwise clear
+        * it.
+        *
+        * The flush bit gets set again either from vcpu_run() or from one
+        * of the unsafe VMEXIT handlers.
         */
-       always = vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+       if (static_cpu_has(X86_FEATURE_FLUSH_L1D))
+               always = false;
+       else
+               always = vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS;
+
        vcpu->arch.l1tf_flush_l1d = always;
 
        vcpu->stat.l1d_flush++;
@@ -10597,7 +10629,8 @@ static int __init vmx_setup_l1d_flush(void)
        struct page *page;
 
        if (vmentry_l1d_flush == VMENTER_L1D_FLUSH_NEVER ||
-           !boot_cpu_has_bug(X86_BUG_L1TF))
+           !boot_cpu_has_bug(X86_BUG_L1TF) ||
+           vmx_l1d_use_msr_save_list())
                return 0;
 
        if (!boot_cpu_has(X86_FEATURE_FLUSH_L1D)) {