From: Nicolai Stange <nstange@suse.de>
Date: Sat, 21 Jul 2018 20:16:56 +0000 (+0200)
Subject: x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
X-Git-Tag: v4.1.12-124.31.3~611
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=78e2d2d36a53421d09aefb1d9b0927a7cd7e8e04;p=users%2Fjedix%2Flinux-maple.git

x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()

vmx_l1d_flush() gets invoked only if l1tf_flush_l1d is true. There's no
point in setting l1tf_flush_l1d to true from there again.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Orabug: 28220625
CVE: CVE-2018-3646

(cherry picked from commit 379fd0c7e6a391e5565336a646f19f218fb98c6c)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

Conflicts:
	arch/x86/kvm/vmx.c
Contextual: different content caused by not having all static key features.
---

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 6087eb0a7e4f..295ac34fdae8 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8044,15 +8044,15 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
 	/*
 	 * This code is only executed when the the flush mode is 'cond' or
 	 * 'always'
-	 *
-	 * If 'flush always', keep the flush bit set, otherwise clear
-	 * it. The flush bit gets set again either from vcpu_run() or from
-	 * one of the unsafe VMEXIT handlers.
 	 */
-	if (unlikely(static_key_enabled(&vmx_l1d_flush_always)))
-		vcpu->arch.l1tf_flush_l1d = true;
-	else
+	if (!unlikely(static_key_enabled(&vmx_l1d_flush_always))) {
+		/*
+		 * Clear the flush bit, it gets set again either from
+		 * vcpu_run() or from one of the unsafe VMEXIT
+		 * handlers.
+		 */
 		vcpu->arch.l1tf_flush_l1d = false;
+	}
 
 	vcpu->stat.l1d_flush++;