From: Stephen Rothwell <sfr@canb•auug.org.au>
To: "Paolo Bonzini" <pbonzini@redhat•com>,
"Radim Krčmář" <rkrcmar@redhat•com>, KVM <kvm@vger•kernel.org>
Cc: Linux-Next Mailing List <linux-next@vger•kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger•kernel.org>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle•com>,
Thomas Gleixner <tglx@linutronix•de>,
Tianyu Lan <Tianyu.Lan@microsoft•com>
Subject: linux-next: manual merge of the kvm tree with Linus' tree
Date: Wed, 15 Aug 2018 14:20:37 +1000 [thread overview]
Message-ID: <20180815142037.7488cb2c@canb.auug.org.au> (raw)
[-- Attachment #1: Type: text/plain, Size: 8549 bytes --]
Hi all,
Today's linux-next merge of the kvm tree got a conflict in:
arch/x86/kvm/vmx.c
between commit:
a399477e52c1 ("x86/KVM/VMX: Add module argument for L1TF mitigation")
from Linus' tree and commit:
877ad952be3d ("KVM: vmx: Add tlb_remote_flush callback support")
from the kvm tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc arch/x86/kvm/vmx.c
index 46b428c0990e,16f9373c01de..000000000000
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@@ -188,150 -189,12 +189,156 @@@ module_param(ple_window_max, uint, 0444
extern const ulong vmx_return;
+static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush);
+static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond);
+static DEFINE_MUTEX(vmx_l1d_flush_mutex);
+
+/* Storage for pre module init parameter parsing */
+static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO;
+
+static const struct {
+ const char *option;
+ enum vmx_l1d_flush_state cmd;
+} vmentry_l1d_param[] = {
+ {"auto", VMENTER_L1D_FLUSH_AUTO},
+ {"never", VMENTER_L1D_FLUSH_NEVER},
+ {"cond", VMENTER_L1D_FLUSH_COND},
+ {"always", VMENTER_L1D_FLUSH_ALWAYS},
+};
+
+#define L1D_CACHE_ORDER 4
+static void *vmx_l1d_flush_pages;
+
+static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
+{
+ struct page *page;
+ unsigned int i;
+
+ if (!enable_ept) {
+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED;
+ return 0;
+ }
+
+ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) {
+ u64 msr;
+
+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr);
+ if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) {
+ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
+ return 0;
+ }
+ }
+
+ /* If set to auto use the default l1tf mitigation method */
+ if (l1tf == VMENTER_L1D_FLUSH_AUTO) {
+ switch (l1tf_mitigation) {
+ case L1TF_MITIGATION_OFF:
+ l1tf = VMENTER_L1D_FLUSH_NEVER;
+ break;
+ case L1TF_MITIGATION_FLUSH_NOWARN:
+ case L1TF_MITIGATION_FLUSH:
+ case L1TF_MITIGATION_FLUSH_NOSMT:
+ l1tf = VMENTER_L1D_FLUSH_COND;
+ break;
+ case L1TF_MITIGATION_FULL:
+ case L1TF_MITIGATION_FULL_FORCE:
+ l1tf = VMENTER_L1D_FLUSH_ALWAYS;
+ break;
+ }
+ } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) {
+ l1tf = VMENTER_L1D_FLUSH_ALWAYS;
+ }
+
+ if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages &&
+ !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) {
+ page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER);
+ if (!page)
+ return -ENOMEM;
+ vmx_l1d_flush_pages = page_address(page);
+
+ /*
+ * Initialize each page with a different pattern in
+ * order to protect against KSM in the nested
+ * virtualization case.
+ */
+ for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) {
+ memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1,
+ PAGE_SIZE);
+ }
+ }
+
+ l1tf_vmx_mitigation = l1tf;
+
+ if (l1tf != VMENTER_L1D_FLUSH_NEVER)
+ static_branch_enable(&vmx_l1d_should_flush);
+ else
+ static_branch_disable(&vmx_l1d_should_flush);
+
+ if (l1tf == VMENTER_L1D_FLUSH_COND)
+ static_branch_enable(&vmx_l1d_flush_cond);
+ else
+ static_branch_disable(&vmx_l1d_flush_cond);
+ return 0;
+}
+
+static int vmentry_l1d_flush_parse(const char *s)
+{
+ unsigned int i;
+
+ if (s) {
+ for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) {
+ if (sysfs_streq(s, vmentry_l1d_param[i].option))
+ return vmentry_l1d_param[i].cmd;
+ }
+ }
+ return -EINVAL;
+}
+
+static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp)
+{
+ int l1tf, ret;
+
+ if (!boot_cpu_has(X86_BUG_L1TF))
+ return 0;
+
+ l1tf = vmentry_l1d_flush_parse(s);
+ if (l1tf < 0)
+ return l1tf;
+
+ /*
+ * Has vmx_init() run already? If not then this is the pre init
+ * parameter parsing. In that case just store the value and let
+ * vmx_init() do the proper setup after enable_ept has been
+ * established.
+ */
+ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) {
+ vmentry_l1d_flush_param = l1tf;
+ return 0;
+ }
+
+ mutex_lock(&vmx_l1d_flush_mutex);
+ ret = vmx_setup_l1d_flush(l1tf);
+ mutex_unlock(&vmx_l1d_flush_mutex);
+ return ret;
+}
+
+static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp)
+{
+ return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option);
+}
+
+static const struct kernel_param_ops vmentry_l1d_flush_ops = {
+ .set = vmentry_l1d_flush_set,
+ .get = vmentry_l1d_flush_get,
+};
+module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644);
+
+ enum ept_pointers_status {
+ EPT_POINTERS_CHECK = 0,
+ EPT_POINTERS_MATCH = 1,
+ EPT_POINTERS_MISMATCH = 2
+ };
+
struct kvm_vmx {
struct kvm kvm;
@@@ -937,21 -828,14 +977,13 @@@ struct vcpu_vmx
*/
struct loaded_vmcs vmcs01;
struct loaded_vmcs *loaded_vmcs;
+ struct loaded_vmcs *loaded_cpu_state;
bool __launched; /* temporary, used in vmx_vcpu_run */
struct msr_autoload {
- unsigned nr;
- struct vmx_msr_entry guest[NR_AUTOLOAD_MSRS];
- struct vmx_msr_entry host[NR_AUTOLOAD_MSRS];
+ struct vmx_msrs guest;
+ struct vmx_msrs host;
} msr_autoload;
- struct {
- int loaded;
- u16 fs_sel, gs_sel, ldt_sel;
- #ifdef CONFIG_X86_64
- u16 ds_sel, es_sel;
- #endif
- int gs_ldt_reload_needed;
- int fs_reload_needed;
- u64 msr_host_bndcfgs;
- } host_state;
+
struct {
int vm86_active;
ulong save_rflags;
@@@ -10647,37 -10779,12 +11021,39 @@@ free_vcpu
return ERR_PTR(err);
}
+#define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.\n"
+#define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.\n"
+
static int vmx_vm_init(struct kvm *kvm)
{
+ spin_lock_init(&to_kvm_vmx(kvm)->ept_pointer_lock);
+
if (!ple_gap)
kvm->arch.pause_in_guest = true;
+
+ if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) {
+ switch (l1tf_mitigation) {
+ case L1TF_MITIGATION_OFF:
+ case L1TF_MITIGATION_FLUSH_NOWARN:
+ /* 'I explicitly don't care' is set */
+ break;
+ case L1TF_MITIGATION_FLUSH:
+ case L1TF_MITIGATION_FLUSH_NOSMT:
+ case L1TF_MITIGATION_FULL:
+ /*
+ * Warn upon starting the first VM in a potentially
+ * insecure environment.
+ */
+ if (cpu_smt_control == CPU_SMT_ENABLED)
+ pr_warn_once(L1TF_MSG_SMT);
+ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER)
+ pr_warn_once(L1TF_MSG_L1D);
+ break;
+ case L1TF_MITIGATION_FULL_FORCE:
+ /* Flush is enforced */
+ break;
+ }
+ }
return 0;
}
@@@ -12164,15 -12375,25 +12644,28 @@@ static int nested_vmx_run(struct kvm_vc
*/
vmx->nested.nested_run_pending = 1;
- ret = enter_vmx_non_root_mode(vcpu);
+ ret = enter_vmx_non_root_mode(vcpu, &exit_qual);
if (ret) {
+ nested_vmx_entry_failure(vcpu, vmcs12, ret, exit_qual);
vmx->nested.nested_run_pending = 0;
- return ret;
+ return 1;
}
+ /* Hide L1D cache contents from the nested guest. */
+ vmx->vcpu.arch.l1tf_flush_l1d = true;
+
+ /*
+ * Must happen outside of enter_vmx_non_root_mode() as it will
+ * also be used as part of restoring nVMX state for
+ * snapshot restore (migration).
+ *
+ * In this flow, it is assumed that vmcs12 cache was
+ * trasferred as part of captured nVMX state and should
+ * therefore not be read from guest memory (which may not
+ * exist on destination host yet).
+ */
+ nested_cache_shadow_vmcs12(vcpu, vmcs12);
+
/*
* If we're entering a halted L2 vcpu and the L2 vcpu won't be woken
* by event injection, halt vcpu.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next reply other threads:[~2018-08-15 4:20 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 4:20 Stephen Rothwell [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-10-10 1:31 linux-next: manual merge of the kvm tree with Linus' tree Stephen Rothwell
2022-07-13 6:02 Stephen Rothwell
2022-07-13 6:09 ` Paolo Bonzini
2022-06-09 0:33 Stephen Rothwell
2022-05-13 3:53 Stephen Rothwell
2022-03-30 23:42 Stephen Rothwell
2021-04-22 4:29 linux-next: manual merge of the kvm tree with Linus tree Stephen Rothwell
2020-12-17 2:56 linux-next: manual merge of the kvm tree with Linus' tree Stephen Rothwell
2020-04-02 2:36 Stephen Rothwell
2020-04-02 8:15 ` Paolo Bonzini
2020-04-02 10:44 ` Paolo Bonzini
2020-01-24 2:57 Stephen Rothwell
2019-05-17 1:16 Stephen Rothwell
2019-05-17 1:10 Stephen Rothwell
2019-05-17 1:04 Stephen Rothwell
2019-03-04 2:50 Stephen Rothwell
2018-10-18 2:37 Stephen Rothwell
2018-08-15 4:24 Stephen Rothwell
2018-08-06 5:21 Stephen Rothwell
2018-06-04 7:04 Stephen Rothwell
2018-02-05 2:06 Stephen Rothwell
2018-02-05 1:06 Stephen Rothwell
2018-02-01 1:55 Stephen Rothwell
2018-02-01 10:47 ` Christoffer Dall
2018-02-01 13:22 ` Stephen Rothwell
2018-02-01 14:05 ` Christoffer Dall
2018-02-01 14:21 ` Paolo Bonzini
2018-02-01 15:22 ` Radim Krčmář
2018-02-01 15:30 ` Paolo Bonzini
2018-02-02 0:20 ` Stephen Rothwell
2018-02-02 17:22 ` Radim Krčmář
2018-01-25 21:07 Stephen Rothwell
2018-01-17 3:48 Stephen Rothwell
2018-01-17 11:45 ` Thomas Gleixner
2018-01-17 12:17 ` Paolo Bonzini
2018-01-17 12:23 ` Thomas Gleixner
2018-01-17 12:35 ` Paolo Bonzini
2018-01-17 12:37 ` Thomas Gleixner
2018-01-17 12:43 ` Stephen Rothwell
2018-01-17 12:53 ` Thomas Gleixner
2018-01-29 4:02 ` Stephen Rothwell
2018-01-29 10:35 ` Paolo Bonzini
2017-08-25 4:34 Stephen Rothwell
2017-09-04 6:04 ` Stephen Rothwell
2016-07-27 4:50 Stephen Rothwell
2015-05-25 7:25 Stephen Rothwell
2015-05-25 14:11 ` Paolo Bonzini
2015-02-09 6:11 Stephen Rothwell
2015-02-02 5:05 Stephen Rothwell
2015-02-02 5:03 Stephen Rothwell
2013-03-01 2:51 Stephen Rothwell
2013-02-07 3:20 Stephen Rothwell
2013-02-02 5:52 Stephen Rothwell
2012-09-12 4:33 Stephen Rothwell
2012-07-06 5:12 Stephen Rothwell
2010-05-13 3:43 Stephen Rothwell
2010-01-27 1:57 Stephen Rothwell
2010-01-27 16:38 ` Marcelo Tosatti
2009-11-06 0:21 Stephen Rothwell
2009-07-01 4:57 Stephen Rothwell
2009-07-01 7:10 ` Davide Libenzi
[not found] ` <4A4B1106.8000506@redhat.com>
2009-07-01 12:30 ` Gregory Haskins
2009-07-01 15:11 ` Davide Libenzi
2009-07-01 12:31 ` Gregory Haskins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180815142037.7488cb2c@canb.auug.org.au \
--to=sfr@canb$(echo .)auug.org.au \
--cc=Tianyu.Lan@microsoft$(echo .)com \
--cc=konrad.wilk@oracle$(echo .)com \
--cc=kvm@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linux-next@vger$(echo .)kernel.org \
--cc=pbonzini@redhat$(echo .)com \
--cc=rkrcmar@redhat$(echo .)com \
--cc=tglx@linutronix$(echo .)de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox