linux/arch/x86
Nicolai Stange 45b575c00d x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
Part of the L1TF mitigation for vmx includes flushing the L1D cache upon
VMENTRY.

L1D flushes are costly and two modes of operations are provided to users:
"always" and the more selective "conditional" mode.

If operating in the latter, the cache would get flushed only if a host side
code path considered unconfined had been traversed. "Unconfined" in this
context means that it might have pulled in sensitive data like user data
or kernel crypto keys.

The need for L1D flushes is tracked by means of the per-vcpu flag
l1tf_flush_l1d. KVM exit handlers considered unconfined set it. A
vmx_l1d_flush() subsequently invoked before the next VMENTER will conduct a
L1d flush based on its value and reset that flag again.

Currently, interrupts delivered "normally" while in root operation between
VMEXIT and VMENTER are not taken into account. Part of the reason is that
these don't leave any traces and thus, the vmx code is unable to tell if
any such has happened.

As proposed by Paolo Bonzini, prepare for tracking all interrupts by
introducing a new per-cpu flag, "kvm_cpu_l1tf_flush_l1d". It will be in
strong analogy to the per-vcpu ->l1tf_flush_l1d.

A later patch will make interrupt handlers set it.

For the sake of cache locality, group kvm_cpu_l1tf_flush_l1d into x86'
per-cpu irq_cpustat_t as suggested by Peter Zijlstra.

Provide the helpers kvm_set_cpu_l1tf_flush_l1d(),
kvm_clear_cpu_l1tf_flush_l1d() and kvm_get_cpu_l1tf_flush_l1d(). Make them
trivial resp. non-existent for !CONFIG_KVM_INTEL as appropriate.

Let vmx_l1d_flush() handle kvm_cpu_l1tf_flush_l1d in the same way as
l1tf_flush_l1d.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-05 09:53:12 +02:00
..
boot Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-06-10 09:44:53 -07:00
configs x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*' 2017-10-14 10:12:12 +02:00
crypto crypto: x86/salsa20 - remove x86 salsa20 implementations 2018-05-31 00:13:57 +08:00
entry docs: Fix some broken references 2018-06-15 18:10:01 -03:00
events treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
hyperv x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header 2018-05-26 14:14:33 +02:00
ia32 syscalls/x86: auto-create compat_sys_*() prototypes 2018-04-02 20:16:18 +02:00
include x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d 2018-08-05 09:53:12 +02:00
kernel x86/bugs, kvm: Introduce boot-time control of L1TF mitigations 2018-07-13 16:29:56 +02:00
kvm x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d 2018-08-05 09:53:12 +02:00
lib libnvdimm for 4.18 2018-06-08 17:21:52 -07:00
math-emu License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mm x86/speculation/l1tf: Protect PAE swap entries against L1TF 2018-06-27 11:10:22 +02:00
net treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
oprofile x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() 2018-02-21 09:54:17 +01:00
pci treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
platform treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
power x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
purgatory kernel/kexec_file.c: move purgatories sha256 to common code 2018-04-13 17:10:28 -07:00
ras License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
realmode x86-64/realmode: Add instruction suffix 2018-02-20 09:33:41 +01:00
tools x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 2018-02-22 09:01:10 -08:00
um Kconfig updates for v4.18 2018-06-06 11:31:45 -07:00
video
xen xen: fixes and features for v4-18-rc1 2018-06-08 09:24:54 -07:00
.gitignore x86/build: Add arch/x86/tools/insn_decoder_test to .gitignore 2018-02-13 14:10:29 +01:00
Kbuild Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-07 09:25:15 -07:00
Kconfig cpu/hotplug: Provide knobs to control SMT 2018-06-21 14:20:58 +02:00
Kconfig.cpu Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-03-25 07:36:02 -10:00
Kconfig.debug x86, nfit_test: Add unit test for memcpy_mcsafe() 2018-05-22 23:18:31 -07:00
Makefile kbuild: add machine size to CHECKFLAGS 2018-06-01 11:36:58 +09:00
Makefile_32.cpu License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile.um License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00