From: Nicolai Stange <nstange@suse.de>
Date: Sat, 21 Jul 2018 20:25:00 +0000 (+0200)
Subject: x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
X-Git-Tag: v4.1.12-124.31.3~610
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=810580944c34a31905218c97ee8e15190ca53e3f;p=users%2Fjedix%2Flinux-maple.git

x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'

The vmx_l1d_flush_always static key is only ever evaluated if
vmx_l1d_should_flush is enabled. In that case however, there are only two
L1d flushing modes possible: "always" and "conditional".

The "conditional" mode's implementation tends to require more sophisticated
logic than the "always" mode.

Avoid inverted logic by replacing the 'vmx_l1d_flush_always' static key
with a 'vmx_l1d_flush_cond' one.

There is no change in functionality.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Orabug: 28220625
CVE: CVE-2018-3646

(cherry picked from commit 427362a142441f08051369db6fbe7f61c73b3dca)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

Conflicts:
	arch/x86/kvm/vmx.c
Contextual: different content caused by not having all static key features
---

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 295ac34fdae8..d7dcd2d064e9 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -164,7 +164,7 @@ module_param(ple_window_max, int, S_IRUGO);
 extern const ulong vmx_return;
 
 struct static_key vmx_l1d_should_flush __read_mostly;
-struct static_key vmx_l1d_flush_always __read_mostly;
+struct static_key vmx_l1d_flush_cond __read_mostly;
 static DEFINE_MUTEX(vmx_l1d_flush_mutex);
 
 /* Storage for pre module init parameter parsing */
@@ -238,10 +238,10 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
 	else
 		static_key_disable(&vmx_l1d_should_flush);
 
-	if (l1tf == VMENTER_L1D_FLUSH_ALWAYS)
-		static_key_enable(&vmx_l1d_flush_always);
+	if (l1tf == VMENTER_L1D_FLUSH_COND)
+		static_key_enable(&vmx_l1d_flush_cond);
 	else
-		static_key_disable(&vmx_l1d_flush_always);
+		static_key_disable(&vmx_l1d_flush_cond);
 	return 0;
 }
 
@@ -8045,7 +8045,7 @@ static void vmx_l1d_flush(struct kvm_vcpu *vcpu)
 	 * This code is only executed when the the flush mode is 'cond' or
 	 * 'always'
 	 */
-	if (!unlikely(static_key_enabled(&vmx_l1d_flush_always))) {
+	if (likely(static_key_enabled(&vmx_l1d_flush_cond))) {
 		/*
 		 * Clear the flush bit, it gets set again either from
 		 * vcpu_run() or from one of the unsafe VMEXIT