x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()

vmx_l1d_flush() gets invoked only if l1tf_flush_l1d is true. There's no
point in setting l1tf_flush_l1d to true from there again.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Orabug: 28220625
CVE: CVE-2018-3646

(cherry picked from commit 379fd0c7e6a391e5565336a646f19f218fb98c6c)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
	arch/x86/kvm/vmx.c
Contextual: different content caused by not having all static key features.

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 6087eb0a7e4f0094d050c269ccd52dfe863ac462..295ac34fdae8d740850c82f4702a6c1949a36315 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8044,15 +8044,15 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
        /*
         * This code is only executed when the the flush mode is 'cond' or
         * 'always'
-        *
-        * If 'flush always', keep the flush bit set, otherwise clear
-        * it. The flush bit gets set again either from vcpu_run() or from
-        * one of the unsafe VMEXIT handlers.
         */
-       if (unlikely(static_key_enabled(&vmx_l1d_flush_always)))
-               vcpu->arch.l1tf_flush_l1d = true;
-       else
+       if (!unlikely(static_key_enabled(&vmx_l1d_flush_always))) {
+               /*
+                * Clear the flush bit, it gets set again either from
+                * vcpu_run() or from one of the unsafe VMEXIT
+                * handlers.
+                */
                vcpu->arch.l1tf_flush_l1d = false;
+       }
 
        vcpu->stat.l1d_flush++;