On 9/27/19 12:05 PM, Paolo Bonzini wrote:
> From: Waiman Long <longman@xxxxxxxxxx>
>
> The l1tf_vmx_mitigation is only set to VMENTER_L1D_FLUSH_NOT_REQUIRED
> when the ARCH_CAPABILITIES MSR indicates that L1D flush is not required.
> However, if the CPU is not affected by L1TF, l1tf_vmx_mitigation will
> still be set to VMENTER_L1D_FLUSH_AUTO. This is certainly not the best
> option for a !X86_BUG_L1TF CPU.
>
> So force l1tf_vmx_mitigation to VMENTER_L1D_FLUSH_NOT_REQUIRED to make it
> more explicit in case users are checking the vmentry_l1d_flush parameter.
>
> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
> [Patch rewritten accoring to Borislav Petkov's suggestion. - Paolo]
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> ---
> arch/x86/kvm/vmx/vmx.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index d4575ffb3cec..e7970a2e8eae 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -209,6 +209,11 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
> struct page *page;
> unsigned int i;
>
> + if (!boot_cpu_has_bug(X86_BUG_L1TF)) {
> + l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
> + return 0;
> + }
> +
> if (!enable_ept) {
> l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED;
> return 0;
> @@ -7995,12 +8000,10 @@ static int __init vmx_init(void)
> * contain 'auto' which will be turned into the default 'cond'
> * mitigation mode.
> */
> - if (boot_cpu_has(X86_BUG_L1TF)) {
> - r = vmx_setup_l1d_flush(vmentry_l1d_flush_param);
> - if (r) {
> - vmx_exit();
> - return r;
> - }
> + r = vmx_setup_l1d_flush(vmentry_l1d_flush_param);
> + if (r) {
> + vmx_exit();
> + return r;
> }
>
> #ifdef CONFIG_KEXEC_CORE
That looks cleaner. Thanks for the suggestion and rewrite.
Cheers,
Longman
