Re: [PATCH v3] x86/speculation/l1tf: Add KConfig for setting the L1D cache flush mode

Randy Dunlap <rdunlap@xxxxxxxxxxxxx> · Thu, 2 Jul 2020 16:16:22 -0700

On 7/2/20 3:12 PM, Abhishek Bhardwaj wrote:
> This change adds a new kernel configuration that sets the l1d cache
> flush setting at compile time rather than at run time.
> 
> Signed-off-by: Abhishek Bhardwaj <abhishekbh@xxxxxxxxxx>
> 
> ---
> 
> Changes in v3:
> - Change depends on to only x86_64.
> - Remove copy paste errors at the end of the KConfig.
> 
> Changes in v2:
> - Fix typo in the help of the new KConfig.
> 
>  arch/x86/kernel/cpu/bugs.c |  8 ++++++++
>  arch/x86/kvm/Kconfig       | 13 +++++++++++++
>  2 files changed, 21 insertions(+)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 0b71970d2d3d2..1dcc875cf5547 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -1406,7 +1406,15 @@ enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH;
>  #if IS_ENABLED(CONFIG_KVM_INTEL)
>  EXPORT_SYMBOL_GPL(l1tf_mitigation);
>  #endif
> +#if (CONFIG_KVM_VMENTRY_L1D_FLUSH == 1)
> +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NEVER;
> +#elif (CONFIG_KVM_VMENTRY_L1D_FLUSH == 2)
> +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_COND;
> +#elif (CONFIG_KVM_VMENTRY_L1D_FLUSH == 3)
> +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_ALWAYS;
> +#else
>  enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
> +#endif
>  EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation);
>  
>  /*
> diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
> index b277a2db62676..1f85374a0b812 100644
> --- a/arch/x86/kvm/Kconfig
> +++ b/arch/x86/kvm/Kconfig
> @@ -107,4 +107,17 @@ config KVM_MMU_AUDIT
>  	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
>  	 auditing of KVM MMU events at runtime.
>  
> +config KVM_VMENTRY_L1D_FLUSH
> +	int "L1D cache flush settings (1-3)"
> +	range 1 3
> +	default "2"
> +	depends on KVM && X86_64
> +	help
> +	 This setting determines the L1D cache flush behavior before a VMENTER.
> +	 This is similar to setting the option / parameter to
> +	 kvm-intel.vmentry_l1d_flush.
> +	 1 - Never flush.
> +	 2 - Conditionally flush.
> +	 3 - Always flush.

No hurry on this (wait for other comments), but help text
should be indented by one tab + 2 spaces, per Documentation/process/coding-style.rst:

  Lines under a ``config`` definition
  are indented with one tab, while help text is indented an additional two
  spaces.

> +
>  endif # VIRTUALIZATION
> 
-- 
~Randy