x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'

The vmx_l1d_flush_always static key is only ever evaluated if
vmx_l1d_should_flush is enabled. In that case however, there are only two
L1d flushing modes possible: "always" and "conditional".

The "conditional" mode's implementation tends to require more sophisticated
logic than the "always" mode.

Avoid inverted logic by replacing the 'vmx_l1d_flush_always' static key
with a 'vmx_l1d_flush_cond' one.

There is no change in functionality.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Orabug: 28220625
CVE: CVE-2018-3646

(cherry picked from commit 427362a142441f08051369db6fbe7f61c73b3dca)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
	arch/x86/kvm/vmx.c
Contextual: different content caused by not having all static key features

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 295ac34fdae8d740850c82f4702a6c1949a36315..d7dcd2d064e96630ee8d95896bcf642db8b9a8fc 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -164,7 +164,7 @@ module_param(ple_window_max, int, S_IRUGO);
 extern const ulong vmx_return;
 
 struct static_key vmx_l1d_should_flush __read_mostly;
-struct static_key vmx_l1d_flush_always __read_mostly;
+struct static_key vmx_l1d_flush_cond __read_mostly;
 static DEFINE_MUTEX(vmx_l1d_flush_mutex);
 
 /* Storage for pre module init parameter parsing */
@@ -238,10 +238,10 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
        else
                static_key_disable(&vmx_l1d_should_flush);
 
-       if (l1tf == VMENTER_L1D_FLUSH_ALWAYS)
-               static_key_enable(&vmx_l1d_flush_always);
+       if (l1tf == VMENTER_L1D_FLUSH_COND)
+               static_key_enable(&vmx_l1d_flush_cond);
        else
-               static_key_disable(&vmx_l1d_flush_always);
+               static_key_disable(&vmx_l1d_flush_cond);
        return 0;
 }
 
@@ -8045,7 +8045,7 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
         * This code is only executed when the the flush mode is 'cond' or
         * 'always'
         */
-       if (!unlikely(static_key_enabled(&vmx_l1d_flush_always))) {
+       if (likely(static_key_enabled(&vmx_l1d_flush_cond))) {
                /*
                 * Clear the flush bit, it gets set again either from
                 * vcpu_run() or from one of the unsafe VMEXIT