[x86] Update TAA (Borislav v2) and NX (v9) fixes
The upstream commits for these are now finalised, so we shouldn't need to replace patches after this (but might need to add more).
This commit is contained in:
parent
cd92ab49c4
commit
37baed7166
|
@ -1,20 +1,5 @@
|
||||||
linux (4.19.67-2+deb10u2) UNRELEASED; urgency=medium
|
linux (4.19.67-2+deb10u2) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
|
|
||||||
(aka iTLB multi-hit, CVE-2018-12207):
|
|
||||||
- KVM: x86: adjust kvm_mmu_page member to save 8 bytes
|
|
||||||
- kvm: Convert kvm_lock to a mutex
|
|
||||||
- kvm: x86: Do not release the page inside mmu_set_spte()
|
|
||||||
- KVM: x86: make FNAME(fetch) and __direct_map more similar
|
|
||||||
- KVM: x86: remove now unneeded hugepage gfn adjustment
|
|
||||||
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
|
|
||||||
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
|
||||||
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
|
|
||||||
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
|
|
||||||
- x86: Add ITLB_MULTIHIT bug infrastructure
|
|
||||||
- kvm: mmu: ITLB_MULTIHIT mitigation
|
|
||||||
- kvm: Add helper function for creating VM worker threads
|
|
||||||
- kvm: x86: mmu: Recovery of shattered NX large pages
|
|
||||||
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
|
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
|
||||||
- x86/msr: Add the IA32_TSX_CTRL MSR
|
- x86/msr: Add the IA32_TSX_CTRL MSR
|
||||||
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
||||||
|
@ -27,6 +12,23 @@ linux (4.19.67-2+deb10u2) UNRELEASED; urgency=medium
|
||||||
- x86/tsx: Add config options to set tsx=on|off|auto
|
- x86/tsx: Add config options to set tsx=on|off|auto
|
||||||
TSX is now disabled by default; see
|
TSX is now disabled by default; see
|
||||||
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
|
* [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
|
||||||
|
(aka iTLB multi-hit, CVE-2018-12207):
|
||||||
|
- KVM: x86: adjust kvm_mmu_page member to save 8 bytes
|
||||||
|
- kvm: Convert kvm_lock to a mutex
|
||||||
|
- kvm: x86: Do not release the page inside mmu_set_spte()
|
||||||
|
- KVM: x86: make FNAME(fetch) and __direct_map more similar
|
||||||
|
- KVM: x86: remove now unneeded hugepage gfn adjustment
|
||||||
|
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
|
||||||
|
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
|
||||||
|
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
|
||||||
|
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
|
||||||
|
- x86/bugs: Add ITLB_MULTIHIT bug infrastructure
|
||||||
|
- cpu/speculation: Uninline and export CPU mitigations helpers
|
||||||
|
- kvm: mmu: ITLB_MULTIHIT mitigation
|
||||||
|
- kvm: Add helper function for creating VM worker threads
|
||||||
|
- kvm: x86: mmu: Recovery of shattered NX large pages
|
||||||
|
- Documentation: Add ITLB_MULTIHIT documentation
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 20 Oct 2019 14:21:28 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Sun, 20 Oct 2019 14:21:28 +0100
|
||||||
|
|
||||||
|
|
|
@ -27,8 +27,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/include/asm/kvm_host.h | 4 ++--
|
arch/x86/include/asm/kvm_host.h | 4 ++--
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
|
||||||
index 0d3f5cf3ff3e..90dccb5c79d9 100644
|
|
||||||
--- a/arch/x86/include/asm/kvm_host.h
|
--- a/arch/x86/include/asm/kvm_host.h
|
||||||
+++ b/arch/x86/include/asm/kvm_host.h
|
+++ b/arch/x86/include/asm/kvm_host.h
|
||||||
@@ -281,18 +281,18 @@ struct kvm_rmap_head {
|
@@ -281,18 +281,18 @@ struct kvm_rmap_head {
|
|
@ -21,11 +21,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
virt/kvm/kvm_main.c | 30 +++++++++++++--------------
|
virt/kvm/kvm_main.c | 30 +++++++++++++--------------
|
||||||
6 files changed, 28 insertions(+), 30 deletions(-)
|
6 files changed, 28 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
diff --git a/Documentation/virtual/kvm/locking.txt b/Documentation/virtual/kvm/locking.txt
|
|
||||||
index 1bb8bcaf8497..635cd6eaf714 100644
|
|
||||||
--- a/Documentation/virtual/kvm/locking.txt
|
--- a/Documentation/virtual/kvm/locking.txt
|
||||||
+++ b/Documentation/virtual/kvm/locking.txt
|
+++ b/Documentation/virtual/kvm/locking.txt
|
||||||
@@ -15,8 +15,6 @@ KVM Lock Overview
|
@@ -15,8 +15,6 @@ The acquisition orders for mutexes are a
|
||||||
|
|
||||||
On x86, vcpu->mutex is taken outside kvm->arch.hyperv.hv_lock.
|
On x86, vcpu->mutex is taken outside kvm->arch.hyperv.hv_lock.
|
||||||
|
|
||||||
|
@ -34,7 +32,7 @@ index 1bb8bcaf8497..635cd6eaf714 100644
|
||||||
Everything else is a leaf: no other lock is taken inside the critical
|
Everything else is a leaf: no other lock is taken inside the critical
|
||||||
sections.
|
sections.
|
||||||
|
|
||||||
@@ -169,7 +167,7 @@ which time it will be set using the Dirty tracking mechanism described above.
|
@@ -169,7 +167,7 @@ which time it will be set using the Dirt
|
||||||
------------
|
------------
|
||||||
|
|
||||||
Name: kvm_lock
|
Name: kvm_lock
|
||||||
|
@ -43,11 +41,9 @@ index 1bb8bcaf8497..635cd6eaf714 100644
|
||||||
Arch: any
|
Arch: any
|
||||||
Protects: - vm_list
|
Protects: - vm_list
|
||||||
|
|
||||||
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
|
|
||||||
index fac1d4eaa426..3c317bc6b799 100644
|
|
||||||
--- a/arch/s390/kvm/kvm-s390.c
|
--- a/arch/s390/kvm/kvm-s390.c
|
||||||
+++ b/arch/s390/kvm/kvm-s390.c
|
+++ b/arch/s390/kvm/kvm-s390.c
|
||||||
@@ -2110,13 +2110,13 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
|
@@ -2108,13 +2108,13 @@ int kvm_arch_init_vm(struct kvm *kvm, un
|
||||||
kvm->arch.sca = (struct bsca_block *) get_zeroed_page(alloc_flags);
|
kvm->arch.sca = (struct bsca_block *) get_zeroed_page(alloc_flags);
|
||||||
if (!kvm->arch.sca)
|
if (!kvm->arch.sca)
|
||||||
goto out_err;
|
goto out_err;
|
||||||
|
@ -63,11 +59,9 @@ index fac1d4eaa426..3c317bc6b799 100644
|
||||||
|
|
||||||
sprintf(debug_name, "kvm-%u", current->pid);
|
sprintf(debug_name, "kvm-%u", current->pid);
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 88940261fb53..c9d4e02bd73a 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -5819,7 +5819,7 @@ mmu_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
|
@@ -5819,7 +5819,7 @@ mmu_shrink_scan(struct shrinker *shrink,
|
||||||
int nr_to_scan = sc->nr_to_scan;
|
int nr_to_scan = sc->nr_to_scan;
|
||||||
unsigned long freed = 0;
|
unsigned long freed = 0;
|
||||||
|
|
||||||
|
@ -76,7 +70,7 @@ index 88940261fb53..c9d4e02bd73a 100644
|
||||||
|
|
||||||
list_for_each_entry(kvm, &vm_list, vm_list) {
|
list_for_each_entry(kvm, &vm_list, vm_list) {
|
||||||
int idx;
|
int idx;
|
||||||
@@ -5869,7 +5869,7 @@ mmu_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
|
@@ -5869,7 +5869,7 @@ unlock:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,11 +79,9 @@ index 88940261fb53..c9d4e02bd73a 100644
|
||||||
return freed;
|
return freed;
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index 6ae8a013af31..0c085b895e6e 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -6502,7 +6502,7 @@ static void kvm_hyperv_tsc_notifier(void)
|
@@ -6490,7 +6490,7 @@ static void kvm_hyperv_tsc_notifier(void
|
||||||
struct kvm_vcpu *vcpu;
|
struct kvm_vcpu *vcpu;
|
||||||
int cpu;
|
int cpu;
|
||||||
|
|
||||||
|
@ -98,7 +90,7 @@ index 6ae8a013af31..0c085b895e6e 100644
|
||||||
list_for_each_entry(kvm, &vm_list, vm_list)
|
list_for_each_entry(kvm, &vm_list, vm_list)
|
||||||
kvm_make_mclock_inprogress_request(kvm);
|
kvm_make_mclock_inprogress_request(kvm);
|
||||||
|
|
||||||
@@ -6528,7 +6528,7 @@ static void kvm_hyperv_tsc_notifier(void)
|
@@ -6516,7 +6516,7 @@ static void kvm_hyperv_tsc_notifier(void
|
||||||
|
|
||||||
spin_unlock(&ka->pvclock_gtod_sync_lock);
|
spin_unlock(&ka->pvclock_gtod_sync_lock);
|
||||||
}
|
}
|
||||||
|
@ -107,7 +99,7 @@ index 6ae8a013af31..0c085b895e6e 100644
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -6586,17 +6586,17 @@ static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long va
|
@@ -6574,17 +6574,17 @@ static int kvmclock_cpufreq_notifier(str
|
||||||
|
|
||||||
smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
|
smp_call_function_single(freq->cpu, tsc_khz_changed, freq, 1);
|
||||||
|
|
||||||
|
@ -128,7 +120,7 @@ index 6ae8a013af31..0c085b895e6e 100644
|
||||||
|
|
||||||
if (freq->old < freq->new && send_ipi) {
|
if (freq->old < freq->new && send_ipi) {
|
||||||
/*
|
/*
|
||||||
@@ -6722,12 +6722,12 @@ static void pvclock_gtod_update_fn(struct work_struct *work)
|
@@ -6710,12 +6710,12 @@ static void pvclock_gtod_update_fn(struc
|
||||||
struct kvm_vcpu *vcpu;
|
struct kvm_vcpu *vcpu;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
@ -143,11 +135,9 @@ index 6ae8a013af31..0c085b895e6e 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static DECLARE_WORK(pvclock_gtod_work, pvclock_gtod_update_fn);
|
static DECLARE_WORK(pvclock_gtod_work, pvclock_gtod_update_fn);
|
||||||
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
|
|
||||||
index d42a36e4e6c2..5246a480d15a 100644
|
|
||||||
--- a/include/linux/kvm_host.h
|
--- a/include/linux/kvm_host.h
|
||||||
+++ b/include/linux/kvm_host.h
|
+++ b/include/linux/kvm_host.h
|
||||||
@@ -141,7 +141,7 @@ static inline bool is_error_page(struct page *page)
|
@@ -141,7 +141,7 @@ static inline bool is_error_page(struct
|
||||||
|
|
||||||
extern struct kmem_cache *kvm_vcpu_cache;
|
extern struct kmem_cache *kvm_vcpu_cache;
|
||||||
|
|
||||||
|
@ -156,8 +146,6 @@ index d42a36e4e6c2..5246a480d15a 100644
|
||||||
extern struct list_head vm_list;
|
extern struct list_head vm_list;
|
||||||
|
|
||||||
struct kvm_io_range {
|
struct kvm_io_range {
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
|
||||||
index 4a584a575221..6a8fe26198b9 100644
|
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -92,7 +92,7 @@ EXPORT_SYMBOL_GPL(halt_poll_ns_shrink);
|
@@ -92,7 +92,7 @@ EXPORT_SYMBOL_GPL(halt_poll_ns_shrink);
|
||||||
|
@ -169,7 +157,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
static DEFINE_RAW_SPINLOCK(kvm_count_lock);
|
static DEFINE_RAW_SPINLOCK(kvm_count_lock);
|
||||||
LIST_HEAD(vm_list);
|
LIST_HEAD(vm_list);
|
||||||
|
|
||||||
@@ -684,9 +684,9 @@ static struct kvm *kvm_create_vm(unsigned long type)
|
@@ -684,9 +684,9 @@ static struct kvm *kvm_create_vm(unsigne
|
||||||
if (r)
|
if (r)
|
||||||
goto out_err;
|
goto out_err;
|
||||||
|
|
||||||
|
@ -181,7 +169,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
|
|
||||||
preempt_notifier_inc();
|
preempt_notifier_inc();
|
||||||
|
|
||||||
@@ -732,9 +732,9 @@ static void kvm_destroy_vm(struct kvm *kvm)
|
@@ -732,9 +732,9 @@ static void kvm_destroy_vm(struct kvm *k
|
||||||
kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
|
kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
|
||||||
kvm_destroy_vm_debugfs(kvm);
|
kvm_destroy_vm_debugfs(kvm);
|
||||||
kvm_arch_sync_events(kvm);
|
kvm_arch_sync_events(kvm);
|
||||||
|
@ -193,7 +181,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
kvm_free_irq_routing(kvm);
|
kvm_free_irq_routing(kvm);
|
||||||
for (i = 0; i < KVM_NR_BUSES; i++) {
|
for (i = 0; i < KVM_NR_BUSES; i++) {
|
||||||
struct kvm_io_bus *bus = kvm_get_bus(kvm, i);
|
struct kvm_io_bus *bus = kvm_get_bus(kvm, i);
|
||||||
@@ -3828,13 +3828,13 @@ static int vm_stat_get(void *_offset, u64 *val)
|
@@ -3828,13 +3828,13 @@ static int vm_stat_get(void *_offset, u6
|
||||||
u64 tmp_val;
|
u64 tmp_val;
|
||||||
|
|
||||||
*val = 0;
|
*val = 0;
|
||||||
|
@ -209,7 +197,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3847,12 +3847,12 @@ static int vm_stat_clear(void *_offset, u64 val)
|
@@ -3847,12 +3847,12 @@ static int vm_stat_clear(void *_offset,
|
||||||
if (val)
|
if (val)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -224,7 +212,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -3867,13 +3867,13 @@ static int vcpu_stat_get(void *_offset, u64 *val)
|
@@ -3867,13 +3867,13 @@ static int vcpu_stat_get(void *_offset,
|
||||||
u64 tmp_val;
|
u64 tmp_val;
|
||||||
|
|
||||||
*val = 0;
|
*val = 0;
|
||||||
|
@ -240,7 +228,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3886,12 +3886,12 @@ static int vcpu_stat_clear(void *_offset, u64 val)
|
@@ -3886,12 +3886,12 @@ static int vcpu_stat_clear(void *_offset
|
||||||
if (val)
|
if (val)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -255,7 +243,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -3912,7 +3912,7 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
|
@@ -3912,7 +3912,7 @@ static void kvm_uevent_notify_change(uns
|
||||||
if (!kvm_dev.this_device || !kvm)
|
if (!kvm_dev.this_device || !kvm)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -264,7 +252,7 @@ index 4a584a575221..6a8fe26198b9 100644
|
||||||
if (type == KVM_EVENT_CREATE_VM) {
|
if (type == KVM_EVENT_CREATE_VM) {
|
||||||
kvm_createvm_count++;
|
kvm_createvm_count++;
|
||||||
kvm_active_vms++;
|
kvm_active_vms++;
|
||||||
@@ -3921,7 +3921,7 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm)
|
@@ -3921,7 +3921,7 @@ static void kvm_uevent_notify_change(uns
|
||||||
}
|
}
|
||||||
created = kvm_createvm_count;
|
created = kvm_createvm_count;
|
||||||
active = kvm_active_vms;
|
active = kvm_active_vms;
|
|
@ -17,11 +17,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/kvm/paging_tmpl.h | 8 +++-----
|
arch/x86/kvm/paging_tmpl.h | 8 +++-----
|
||||||
2 files changed, 10 insertions(+), 16 deletions(-)
|
2 files changed, 10 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index c9d4e02bd73a..7dc18fb42168 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -3001,8 +3001,6 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep, unsigned pte_access,
|
@@ -3001,8 +3001,6 @@ static int mmu_set_spte(struct kvm_vcpu
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +28,7 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3037,9 +3035,11 @@ static int direct_pte_prefetch_many(struct kvm_vcpu *vcpu,
|
@@ -3037,9 +3035,11 @@ static int direct_pte_prefetch_many(stru
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
@ -43,7 +41,7 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -3445,6 +3445,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3445,6 +3445,7 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
if (handle_abnormal_pfn(vcpu, v, gfn, pfn, ACC_ALL, &r))
|
if (handle_abnormal_pfn(vcpu, v, gfn, pfn, ACC_ALL, &r))
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -51,7 +49,7 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
spin_lock(&vcpu->kvm->mmu_lock);
|
spin_lock(&vcpu->kvm->mmu_lock);
|
||||||
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
@@ -3453,14 +3454,11 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3453,14 +3454,11 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
||||||
r = __direct_map(vcpu, write, map_writable, level, gfn, pfn, prefault);
|
r = __direct_map(vcpu, write, map_writable, level, gfn, pfn, prefault);
|
||||||
|
@ -67,7 +65,7 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static void mmu_free_root_page(struct kvm *kvm, hpa_t *root_hpa,
|
static void mmu_free_root_page(struct kvm *kvm, hpa_t *root_hpa,
|
||||||
@@ -4082,6 +4080,7 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4082,6 +4080,7 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
if (handle_abnormal_pfn(vcpu, 0, gfn, pfn, ACC_ALL, &r))
|
if (handle_abnormal_pfn(vcpu, 0, gfn, pfn, ACC_ALL, &r))
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -75,7 +73,7 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
spin_lock(&vcpu->kvm->mmu_lock);
|
spin_lock(&vcpu->kvm->mmu_lock);
|
||||||
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
@@ -4090,14 +4089,11 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4090,14 +4089,11 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
||||||
r = __direct_map(vcpu, write, map_writable, level, gfn, pfn, prefault);
|
r = __direct_map(vcpu, write, map_writable, level, gfn, pfn, prefault);
|
||||||
|
@ -91,11 +89,9 @@ index c9d4e02bd73a..7dc18fb42168 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static void nonpaging_init_context(struct kvm_vcpu *vcpu,
|
static void nonpaging_init_context(struct kvm_vcpu *vcpu,
|
||||||
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
|
|
||||||
index 14ffd973df54..569c55dae3fa 100644
|
|
||||||
--- a/arch/x86/kvm/paging_tmpl.h
|
--- a/arch/x86/kvm/paging_tmpl.h
|
||||||
+++ b/arch/x86/kvm/paging_tmpl.h
|
+++ b/arch/x86/kvm/paging_tmpl.h
|
||||||
@@ -522,6 +522,7 @@ FNAME(prefetch_gpte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
|
@@ -522,6 +522,7 @@ FNAME(prefetch_gpte)(struct kvm_vcpu *vc
|
||||||
mmu_set_spte(vcpu, spte, pte_access, 0, PT_PAGE_TABLE_LEVEL, gfn, pfn,
|
mmu_set_spte(vcpu, spte, pte_access, 0, PT_PAGE_TABLE_LEVEL, gfn, pfn,
|
||||||
true, true);
|
true, true);
|
||||||
|
|
||||||
|
@ -103,7 +99,7 @@ index 14ffd973df54..569c55dae3fa 100644
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -673,7 +674,6 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -673,7 +674,6 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
out_gpte_changed:
|
out_gpte_changed:
|
||||||
|
@ -111,7 +107,7 @@ index 14ffd973df54..569c55dae3fa 100644
|
||||||
return RET_PF_RETRY;
|
return RET_PF_RETRY;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -821,6 +821,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -821,6 +821,7 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
walker.pte_access &= ~ACC_EXEC_MASK;
|
walker.pte_access &= ~ACC_EXEC_MASK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,7 +115,7 @@ index 14ffd973df54..569c55dae3fa 100644
|
||||||
spin_lock(&vcpu->kvm->mmu_lock);
|
spin_lock(&vcpu->kvm->mmu_lock);
|
||||||
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
if (mmu_notifier_retry(vcpu->kvm, mmu_seq))
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
@@ -834,14 +835,11 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -834,14 +835,11 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
level, pfn, map_writable, prefault);
|
level, pfn, map_writable, prefault);
|
||||||
++vcpu->stat.pf_fixed;
|
++vcpu->stat.pf_fixed;
|
||||||
kvm_mmu_audit(vcpu, AUDIT_POST_PAGE_FAULT);
|
kvm_mmu_audit(vcpu, AUDIT_POST_PAGE_FAULT);
|
|
@ -18,11 +18,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/kvm/paging_tmpl.h | 30 ++++++++++-----------
|
arch/x86/kvm/paging_tmpl.h | 30 ++++++++++-----------
|
||||||
2 files changed, 39 insertions(+), 44 deletions(-)
|
2 files changed, 39 insertions(+), 44 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 7dc18fb42168..42a7120323bb 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -3087,40 +3087,39 @@ static void direct_pte_prefetch(struct kvm_vcpu *vcpu, u64 *sptep)
|
@@ -3087,40 +3087,39 @@ static void direct_pte_prefetch(struct k
|
||||||
__direct_pte_prefetch(vcpu, sp, sptep);
|
__direct_pte_prefetch(vcpu, sp, sptep);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -86,7 +84,7 @@ index 7dc18fb42168..42a7120323bb 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static void kvm_send_hwpoison_signal(unsigned long address, struct task_struct *tsk)
|
static void kvm_send_hwpoison_signal(unsigned long address, struct task_struct *tsk)
|
||||||
@@ -3453,8 +3452,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3453,8 +3452,7 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
||||||
|
@ -96,7 +94,7 @@ index 7dc18fb42168..42a7120323bb 100644
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
kvm_release_pfn_clean(pfn);
|
kvm_release_pfn_clean(pfn);
|
||||||
@@ -4088,8 +4086,7 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4088,8 +4086,7 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, &gfn, &pfn, &level);
|
||||||
|
@ -106,11 +104,9 @@ index 7dc18fb42168..42a7120323bb 100644
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
kvm_release_pfn_clean(pfn);
|
kvm_release_pfn_clean(pfn);
|
||||||
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
|
|
||||||
index 569c55dae3fa..eb95d3672acd 100644
|
|
||||||
--- a/arch/x86/kvm/paging_tmpl.h
|
--- a/arch/x86/kvm/paging_tmpl.h
|
||||||
+++ b/arch/x86/kvm/paging_tmpl.h
|
+++ b/arch/x86/kvm/paging_tmpl.h
|
||||||
@@ -602,6 +602,7 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -602,6 +602,7 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
struct kvm_shadow_walk_iterator it;
|
struct kvm_shadow_walk_iterator it;
|
||||||
unsigned direct_access, access = gw->pt_access;
|
unsigned direct_access, access = gw->pt_access;
|
||||||
int top_level, ret;
|
int top_level, ret;
|
||||||
|
@ -118,7 +114,7 @@ index 569c55dae3fa..eb95d3672acd 100644
|
||||||
|
|
||||||
direct_access = gw->pte_access;
|
direct_access = gw->pte_access;
|
||||||
|
|
||||||
@@ -646,31 +647,29 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -646,31 +647,29 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
link_shadow_page(vcpu, it.sptep, sp);
|
link_shadow_page(vcpu, it.sptep, sp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -163,7 +159,7 @@ index 569c55dae3fa..eb95d3672acd 100644
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
out_gpte_changed:
|
out_gpte_changed:
|
||||||
@@ -833,7 +832,6 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -833,7 +832,6 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
transparent_hugepage_adjust(vcpu, &walker.gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, &walker.gfn, &pfn, &level);
|
||||||
r = FNAME(fetch)(vcpu, addr, &walker, write_fault,
|
r = FNAME(fetch)(vcpu, addr, &walker, write_fault,
|
||||||
level, pfn, map_writable, prefault);
|
level, pfn, map_writable, prefault);
|
|
@ -15,11 +15,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/kvm/paging_tmpl.h | 2 +-
|
arch/x86/kvm/paging_tmpl.h | 2 +-
|
||||||
2 files changed, 4 insertions(+), 7 deletions(-)
|
2 files changed, 4 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 42a7120323bb..96803f996819 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -3155,11 +3155,10 @@ static int kvm_handle_bad_page(struct kvm_vcpu *vcpu, gfn_t gfn, kvm_pfn_t pfn)
|
@@ -3155,11 +3155,10 @@ static int kvm_handle_bad_page(struct kv
|
||||||
}
|
}
|
||||||
|
|
||||||
static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
|
static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
|
||||||
|
@ -32,7 +30,7 @@ index 42a7120323bb..96803f996819 100644
|
||||||
int level = *levelp;
|
int level = *levelp;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -3186,8 +3185,6 @@ static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu,
|
@@ -3186,8 +3185,6 @@ static void transparent_hugepage_adjust(
|
||||||
mask = KVM_PAGES_PER_HPAGE(level) - 1;
|
mask = KVM_PAGES_PER_HPAGE(level) - 1;
|
||||||
VM_BUG_ON((gfn & mask) != (pfn & mask));
|
VM_BUG_ON((gfn & mask) != (pfn & mask));
|
||||||
if (pfn & mask) {
|
if (pfn & mask) {
|
||||||
|
@ -41,7 +39,7 @@ index 42a7120323bb..96803f996819 100644
|
||||||
kvm_release_pfn_clean(pfn);
|
kvm_release_pfn_clean(pfn);
|
||||||
pfn &= ~mask;
|
pfn &= ~mask;
|
||||||
kvm_get_pfn(pfn);
|
kvm_get_pfn(pfn);
|
||||||
@@ -3451,7 +3448,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3451,7 +3448,7 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
if (make_mmu_pages_available(vcpu) < 0)
|
if (make_mmu_pages_available(vcpu) < 0)
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
|
@ -50,7 +48,7 @@ index 42a7120323bb..96803f996819 100644
|
||||||
r = __direct_map(vcpu, v, write, map_writable, level, pfn, prefault);
|
r = __direct_map(vcpu, v, write, map_writable, level, pfn, prefault);
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
@@ -4085,7 +4082,7 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4085,7 +4082,7 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
if (make_mmu_pages_available(vcpu) < 0)
|
if (make_mmu_pages_available(vcpu) < 0)
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
|
@ -59,11 +57,9 @@ index 42a7120323bb..96803f996819 100644
|
||||||
r = __direct_map(vcpu, gpa, write, map_writable, level, pfn, prefault);
|
r = __direct_map(vcpu, gpa, write, map_writable, level, pfn, prefault);
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
|
|
||||||
index eb95d3672acd..4aab953f1d31 100644
|
|
||||||
--- a/arch/x86/kvm/paging_tmpl.h
|
--- a/arch/x86/kvm/paging_tmpl.h
|
||||||
+++ b/arch/x86/kvm/paging_tmpl.h
|
+++ b/arch/x86/kvm/paging_tmpl.h
|
||||||
@@ -829,7 +829,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -829,7 +829,7 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
if (make_mmu_pages_available(vcpu) < 0)
|
if (make_mmu_pages_available(vcpu) < 0)
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (!force_pt_level)
|
if (!force_pt_level)
|
|
@ -15,11 +15,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/kvm/mmu.c | 12 +++++++++---
|
arch/x86/kvm/mmu.c | 12 +++++++++---
|
||||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 96803f996819..68fa10d890ee 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -1027,10 +1027,16 @@ static gfn_t kvm_mmu_page_get_gfn(struct kvm_mmu_page *sp, int index)
|
@@ -1027,10 +1027,16 @@ static gfn_t kvm_mmu_page_get_gfn(struct
|
||||||
|
|
||||||
static void kvm_mmu_page_set_gfn(struct kvm_mmu_page *sp, int index, gfn_t gfn)
|
static void kvm_mmu_page_set_gfn(struct kvm_mmu_page *sp, int index, gfn_t gfn)
|
||||||
{
|
{
|
|
@ -15,8 +15,6 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/kvm/paging_tmpl.h | 2 ++
|
arch/x86/kvm/paging_tmpl.h | 2 ++
|
||||||
3 files changed, 67 insertions(+), 7 deletions(-)
|
3 files changed, 67 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 68fa10d890ee..7f9be921df7c 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -140,9 +140,6 @@ module_param(dbg, bool, 0644);
|
@@ -140,9 +140,6 @@ module_param(dbg, bool, 0644);
|
||||||
|
@ -29,7 +27,7 @@ index 68fa10d890ee..7f9be921df7c 100644
|
||||||
#define SPTE_HOST_WRITEABLE (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
|
#define SPTE_HOST_WRITEABLE (1ULL << PT_FIRST_AVAIL_BITS_SHIFT)
|
||||||
#define SPTE_MMU_WRITEABLE (1ULL << (PT_FIRST_AVAIL_BITS_SHIFT + 1))
|
#define SPTE_MMU_WRITEABLE (1ULL << (PT_FIRST_AVAIL_BITS_SHIFT + 1))
|
||||||
|
|
||||||
@@ -261,9 +258,13 @@ static u64 __read_mostly shadow_nonpresent_or_rsvd_lower_gfn_mask;
|
@@ -261,9 +258,13 @@ static u64 __read_mostly shadow_nonprese
|
||||||
|
|
||||||
|
|
||||||
static void mmu_spte_set(u64 *sptep, u64 spte);
|
static void mmu_spte_set(u64 *sptep, u64 spte);
|
||||||
|
@ -43,7 +41,7 @@ index 68fa10d890ee..7f9be921df7c 100644
|
||||||
void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
|
void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
|
||||||
{
|
{
|
||||||
BUG_ON((mmio_mask & mmio_value) != mmio_value);
|
BUG_ON((mmio_mask & mmio_value) != mmio_value);
|
||||||
@@ -2992,10 +2993,7 @@ static int mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep, unsigned pte_access,
|
@@ -2992,10 +2993,7 @@ static int mmu_set_spte(struct kvm_vcpu
|
||||||
ret = RET_PF_EMULATE;
|
ret = RET_PF_EMULATE;
|
||||||
|
|
||||||
pgprintk("%s: setting spte %llx\n", __func__, *sptep);
|
pgprintk("%s: setting spte %llx\n", __func__, *sptep);
|
||||||
|
@ -55,7 +53,7 @@ index 68fa10d890ee..7f9be921df7c 100644
|
||||||
if (!was_rmapped && is_large_pte(*sptep))
|
if (!was_rmapped && is_large_pte(*sptep))
|
||||||
++vcpu->kvm->stat.lpages;
|
++vcpu->kvm->stat.lpages;
|
||||||
|
|
||||||
@@ -3106,6 +3104,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa, int write,
|
@@ -3106,6 +3104,7 @@ static int __direct_map(struct kvm_vcpu
|
||||||
if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
|
if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
|
||||||
return RET_PF_RETRY;
|
return RET_PF_RETRY;
|
||||||
|
|
||||||
|
@ -63,8 +61,6 @@ index 68fa10d890ee..7f9be921df7c 100644
|
||||||
for_each_shadow_entry(vcpu, gpa, it) {
|
for_each_shadow_entry(vcpu, gpa, it) {
|
||||||
base_gfn = gfn & ~(KVM_PAGES_PER_HPAGE(it.level) - 1);
|
base_gfn = gfn & ~(KVM_PAGES_PER_HPAGE(it.level) - 1);
|
||||||
if (it.level == level)
|
if (it.level == level)
|
||||||
diff --git a/arch/x86/kvm/mmutrace.h b/arch/x86/kvm/mmutrace.h
|
|
||||||
index c73bf4e4988c..918b0d5bf272 100644
|
|
||||||
--- a/arch/x86/kvm/mmutrace.h
|
--- a/arch/x86/kvm/mmutrace.h
|
||||||
+++ b/arch/x86/kvm/mmutrace.h
|
+++ b/arch/x86/kvm/mmutrace.h
|
||||||
@@ -325,6 +325,65 @@ TRACE_EVENT(
|
@@ -325,6 +325,65 @@ TRACE_EVENT(
|
||||||
|
@ -133,11 +129,9 @@ index c73bf4e4988c..918b0d5bf272 100644
|
||||||
#endif /* _TRACE_KVMMMU_H */
|
#endif /* _TRACE_KVMMMU_H */
|
||||||
|
|
||||||
#undef TRACE_INCLUDE_PATH
|
#undef TRACE_INCLUDE_PATH
|
||||||
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
|
|
||||||
index 4aab953f1d31..3b022b08b577 100644
|
|
||||||
--- a/arch/x86/kvm/paging_tmpl.h
|
--- a/arch/x86/kvm/paging_tmpl.h
|
||||||
+++ b/arch/x86/kvm/paging_tmpl.h
|
+++ b/arch/x86/kvm/paging_tmpl.h
|
||||||
@@ -649,6 +649,8 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -649,6 +649,8 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
|
|
||||||
base_gfn = gw->gfn;
|
base_gfn = gw->gfn;
|
||||||
|
|
|
@ -19,11 +19,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
virt/kvm/kvm_main.c | 10 +++++++---
|
virt/kvm/kvm_main.c | 10 +++++++---
|
||||||
3 files changed, 12 insertions(+), 6 deletions(-)
|
3 files changed, 12 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index 0c085b895e6e..2714c1a0e59f 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -92,8 +92,8 @@ u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
|
@@ -92,8 +92,8 @@ u64 __read_mostly efer_reserved_bits = ~
|
||||||
static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
|
static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -34,7 +32,7 @@ index 0c085b895e6e..2714c1a0e59f 100644
|
||||||
|
|
||||||
#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \
|
#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \
|
||||||
KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK)
|
KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK)
|
||||||
@@ -205,7 +205,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
|
@@ -205,7 +205,7 @@ struct kvm_stats_debugfs_item debugfs_en
|
||||||
{ "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
|
{ "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
|
||||||
{ "mmu_unsync", VM_STAT(mmu_unsync) },
|
{ "mmu_unsync", VM_STAT(mmu_unsync) },
|
||||||
{ "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
|
{ "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
|
||||||
|
@ -43,8 +41,6 @@ index 0c085b895e6e..2714c1a0e59f 100644
|
||||||
{ "max_mmu_page_hash_collisions",
|
{ "max_mmu_page_hash_collisions",
|
||||||
VM_STAT(max_mmu_page_hash_collisions) },
|
VM_STAT(max_mmu_page_hash_collisions) },
|
||||||
{ NULL }
|
{ NULL }
|
||||||
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
|
|
||||||
index 5246a480d15a..553a3115a735 100644
|
|
||||||
--- a/include/linux/kvm_host.h
|
--- a/include/linux/kvm_host.h
|
||||||
+++ b/include/linux/kvm_host.h
|
+++ b/include/linux/kvm_host.h
|
||||||
@@ -1034,6 +1034,7 @@ enum kvm_stat_kind {
|
@@ -1034,6 +1034,7 @@ enum kvm_stat_kind {
|
||||||
|
@ -63,11 +59,9 @@ index 5246a480d15a..553a3115a735 100644
|
||||||
};
|
};
|
||||||
extern struct kvm_stats_debugfs_item debugfs_entries[];
|
extern struct kvm_stats_debugfs_item debugfs_entries[];
|
||||||
extern struct dentry *kvm_debugfs_dir;
|
extern struct dentry *kvm_debugfs_dir;
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
|
||||||
index 6a8fe26198b9..5482949b452c 100644
|
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -616,8 +616,9 @@ static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
|
@@ -616,8 +616,9 @@ static int kvm_create_vm_debugfs(struct
|
||||||
|
|
||||||
stat_data->kvm = kvm;
|
stat_data->kvm = kvm;
|
||||||
stat_data->offset = p->offset;
|
stat_data->offset = p->offset;
|
||||||
|
@ -78,7 +72,7 @@ index 6a8fe26198b9..5482949b452c 100644
|
||||||
stat_data, stat_fops_per_vm[p->kind]);
|
stat_data, stat_fops_per_vm[p->kind]);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@@ -3714,7 +3715,9 @@ static int kvm_debugfs_open(struct inode *inode, struct file *file,
|
@@ -3714,7 +3715,9 @@ static int kvm_debugfs_open(struct inode
|
||||||
if (!refcount_inc_not_zero(&stat_data->kvm->users_count))
|
if (!refcount_inc_not_zero(&stat_data->kvm->users_count))
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
|
|
@ -2,7 +2,8 @@ From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
Date: Sun, 27 Oct 2019 16:23:23 +0100
|
Date: Sun, 27 Oct 2019 16:23:23 +0100
|
||||||
Subject: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
|
Subject: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
|
||||||
active
|
active
|
||||||
Origin: https://git.kernel.org/linus/9167ab79936206118cc60e47dcb926c3489f3bd5
|
|
||||||
|
commit 9167ab79936206118cc60e47dcb926c3489f3bd5 upstream.
|
||||||
|
|
||||||
VMX already does so if the host has SMEP, in order to support the combination of
|
VMX already does so if the host has SMEP, in order to support the combination of
|
||||||
CR0.WP=1 and CR4.SMEP=1. However, it is perfectly safe to always do so, and in
|
CR0.WP=1 and CR4.SMEP=1. However, it is perfectly safe to always do so, and in
|
||||||
|
@ -14,14 +15,13 @@ SVM does not have similar code, but it should since recent AMD processors do
|
||||||
support SMEP. So this patch also makes the code for the two vendors more similar
|
support SMEP. So this patch also makes the code for the two vendors more similar
|
||||||
while fixing NPT=0, CR0.WP=1 and CR4.SMEP=1 on AMD processors.
|
while fixing NPT=0, CR0.WP=1 and CR4.SMEP=1 on AMD processors.
|
||||||
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Cc: Joerg Roedel <jroedel@suse.de>
|
Cc: Joerg Roedel <jroedel@suse.de>
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
[Salvatore Bonaccorso: Backport to 4.19: Adjust context, filename change back
|
[bwh: Backported to 4.19: adjust filename]
|
||||||
to arch/x86/kvm/vmx.c]
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
arch/x86/kvm/svm.c | 10 ++++++++--
|
arch/x86/kvm/svm.c | 10 ++++++++--
|
||||||
arch/x86/kvm/vmx.c | 14 +++-----------
|
arch/x86/kvm/vmx.c | 14 +++-----------
|
||||||
2 files changed, 11 insertions(+), 13 deletions(-)
|
2 files changed, 11 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
--- a/arch/x86/kvm/svm.c
|
--- a/arch/x86/kvm/svm.c
|
|
@ -1,36 +1,35 @@
|
||||||
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
From: Vineela Tummalapalli <vineela.tummalapalli@intel.com>
|
||||||
Date: Thu, 24 Oct 2019 18:34:26 +0200
|
Date: Mon, 4 Nov 2019 12:22:01 +0100
|
||||||
Subject: x86: Add ITLB_MULTIHIT bug infrastructure
|
Subject: x86/bugs: Add ITLB_MULTIHIT bug infrastructure
|
||||||
|
|
||||||
Some processors may incur a machine check error possibly
|
commit db4d30fbb71b47e4ecb11c4efa5d8aad4b03dfae upstream.
|
||||||
resulting in an unrecoverable cpu hang when an instruction fetch
|
|
||||||
encounters a TLB multi-hit in the instruction TLB. This can occur
|
Some processors may incur a machine check error possibly resulting in an
|
||||||
when the page size is changed along with either the physical
|
unrecoverable CPU lockup when an instruction fetch encounters a TLB
|
||||||
address or cache type [1].
|
multi-hit in the instruction TLB. This can occur when the page size is
|
||||||
|
changed along with either the physical address or cache type. The relevant
|
||||||
|
erratum can be found here:
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=205195
|
||||||
|
|
||||||
|
There are other processors affected for which the erratum does not fully
|
||||||
|
disclose the impact.
|
||||||
|
|
||||||
This issue affects both bare-metal x86 page tables and EPT.
|
This issue affects both bare-metal x86 page tables and EPT.
|
||||||
|
|
||||||
This can be mitigated by either eliminating the use of large
|
It can be mitigated by either eliminating the use of large pages or by
|
||||||
pages or by using careful TLB invalidations when changing the
|
using careful TLB invalidations when changing the page size in the page
|
||||||
page size in the page tables.
|
tables.
|
||||||
|
|
||||||
Just like Spectre, Meltdown, L1TF and MDS, a new bit has been
|
Just like Spectre, Meltdown, L1TF and MDS, a new bit has been allocated in
|
||||||
allocated in MSR_IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) and will
|
MSR_IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) and will be set on CPUs which
|
||||||
be set on CPUs which are mitigated against this issue.
|
are mitigated against this issue.
|
||||||
|
|
||||||
[1] For example please refer to erratum SKL002 in "6th Generation
|
|
||||||
Intel Processor Family Specification Update"
|
|
||||||
https://www.intel.com/content/www/us/en/products/docs/processors/core/desktop-6th-gen-core-family-spec-update.html
|
|
||||||
https://www.google.com/search?q=site:intel.com+SKL002
|
|
||||||
|
|
||||||
There are a lot of other affected processors outside of Skylake and
|
|
||||||
that the erratum(referred above) does not fully disclose the issue
|
|
||||||
and the impact, both on Skylake and across all the affected CPUs.
|
|
||||||
|
|
||||||
Signed-off-by: Vineela Tummalapalli <vineela.tummalapalli@intel.com>
|
Signed-off-by: Vineela Tummalapalli <vineela.tummalapalli@intel.com>
|
||||||
Co-developed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Co-developed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
[bwh: Backported to 4.19:
|
[bwh: Backported to 4.19:
|
||||||
- No support for X86_VENDOR_HYGON, ATOM_AIRMONT_NP
|
- No support for X86_VENDOR_HYGON, ATOM_AIRMONT_NP
|
||||||
- Adjust context]
|
- Adjust context]
|
||||||
|
@ -38,38 +37,32 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
||||||
arch/x86/include/asm/cpufeatures.h | 1 +
|
arch/x86/include/asm/cpufeatures.h | 1 +
|
||||||
arch/x86/include/asm/msr-index.h | 7 ++
|
arch/x86/include/asm/msr-index.h | 7 +++
|
||||||
arch/x86/kernel/cpu/bugs.c | 13 ++++
|
arch/x86/kernel/cpu/bugs.c | 13 ++++
|
||||||
arch/x86/kernel/cpu/common.c | 67 ++++++++++---------
|
arch/x86/kernel/cpu/common.c | 61 ++++++++++---------
|
||||||
drivers/base/cpu.c | 8 +++
|
drivers/base/cpu.c | 8 +++
|
||||||
include/linux/cpu.h | 2 +
|
include/linux/cpu.h | 2 +
|
||||||
7 files changed, 68 insertions(+), 31 deletions(-)
|
7 files changed, 65 insertions(+), 28 deletions(-)
|
||||||
|
|
||||||
diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
|
||||||
index 8718d4ad227b..a0edcdc7c0b8 100644
|
|
||||||
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||||
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||||
@@ -478,6 +478,7 @@ What: /sys/devices/system/cpu/vulnerabilities
|
@@ -479,6 +479,7 @@ What: /sys/devices/system/cpu/vulnerabi
|
||||||
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
|
|
||||||
/sys/devices/system/cpu/vulnerabilities/l1tf
|
/sys/devices/system/cpu/vulnerabilities/l1tf
|
||||||
/sys/devices/system/cpu/vulnerabilities/mds
|
/sys/devices/system/cpu/vulnerabilities/mds
|
||||||
|
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
||||||
Date: January 2018
|
Date: January 2018
|
||||||
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
||||||
Description: Information about CPU vulnerabilities
|
Description: Information about CPU vulnerabilities
|
||||||
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
|
|
||||||
index 759f0a176612..ccad4f183400 100644
|
|
||||||
--- a/arch/x86/include/asm/cpufeatures.h
|
--- a/arch/x86/include/asm/cpufeatures.h
|
||||||
+++ b/arch/x86/include/asm/cpufeatures.h
|
+++ b/arch/x86/include/asm/cpufeatures.h
|
||||||
@@ -389,5 +389,6 @@
|
@@ -390,5 +390,6 @@
|
||||||
#define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */
|
|
||||||
#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
|
#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
|
||||||
#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
|
#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
|
||||||
+#define X86_BUG_ITLB_MULTIHIT X86_BUG(22) /* CPU may incur MCE during certain page attribute changes */
|
#define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */
|
||||||
|
+#define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */
|
||||||
|
|
||||||
#endif /* _ASM_X86_CPUFEATURES_H */
|
#endif /* _ASM_X86_CPUFEATURES_H */
|
||||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
||||||
index a1d22e4428f6..f58e6921cbf7 100644
|
|
||||||
--- a/arch/x86/include/asm/msr-index.h
|
--- a/arch/x86/include/asm/msr-index.h
|
||||||
+++ b/arch/x86/include/asm/msr-index.h
|
+++ b/arch/x86/include/asm/msr-index.h
|
||||||
@@ -84,6 +84,13 @@
|
@@ -84,6 +84,13 @@
|
||||||
|
@ -83,14 +76,12 @@ index a1d22e4428f6..f58e6921cbf7 100644
|
||||||
+ * physical address or cache type
|
+ * physical address or cache type
|
||||||
+ * without TLB invalidation.
|
+ * without TLB invalidation.
|
||||||
+ */
|
+ */
|
||||||
|
#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
||||||
#define MSR_IA32_FLUSH_CMD 0x0000010b
|
#define ARCH_CAP_TAA_NO BIT(8) /*
|
||||||
#define L1D_FLUSH BIT(0) /*
|
* Not susceptible to
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index ee7d17611ead..60e47e492c2f 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
--- a/arch/x86/kernel/cpu/bugs.c
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||||
@@ -1281,6 +1281,11 @@ static ssize_t l1tf_show_state(char *buf)
|
@@ -1391,6 +1391,11 @@ static ssize_t l1tf_show_state(char *buf
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -102,9 +93,9 @@ index ee7d17611ead..60e47e492c2f 100644
|
||||||
static ssize_t mds_show_state(char *buf)
|
static ssize_t mds_show_state(char *buf)
|
||||||
{
|
{
|
||||||
if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
|
if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) {
|
||||||
@@ -1366,6 +1371,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
|
@@ -1494,6 +1499,9 @@ static ssize_t cpu_show_common(struct de
|
||||||
case X86_BUG_MDS:
|
case X86_BUG_TAA:
|
||||||
return mds_show_state(buf);
|
return tsx_async_abort_show_state(buf);
|
||||||
|
|
||||||
+ case X86_BUG_ITLB_MULTIHIT:
|
+ case X86_BUG_ITLB_MULTIHIT:
|
||||||
+ return itlb_multihit_show_state(buf);
|
+ return itlb_multihit_show_state(buf);
|
||||||
|
@ -112,9 +103,9 @@ index ee7d17611ead..60e47e492c2f 100644
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -1402,4 +1410,9 @@ ssize_t cpu_show_mds(struct device *dev, struct device_attribute *attr, char *bu
|
@@ -1535,4 +1543,9 @@ ssize_t cpu_show_tsx_async_abort(struct
|
||||||
{
|
{
|
||||||
return cpu_show_common(dev, attr, buf, X86_BUG_MDS);
|
return cpu_show_common(dev, attr, buf, X86_BUG_TAA);
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr, char *buf)
|
+ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr, char *buf)
|
||||||
|
@ -122,11 +113,9 @@ index ee7d17611ead..60e47e492c2f 100644
|
||||||
+ return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
|
+ return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
|
||||||
+}
|
+}
|
||||||
#endif
|
#endif
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index b33fdfa0ff49..128808dccd2f 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
--- a/arch/x86/kernel/cpu/common.c
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
+++ b/arch/x86/kernel/cpu/common.c
|
||||||
@@ -946,13 +946,14 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
|
@@ -946,13 +946,14 @@ static void identify_cpu_without_cpuid(s
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -148,7 +137,7 @@ index b33fdfa0ff49..128808dccd2f 100644
|
||||||
|
|
||||||
#define VULNWL(_vendor, _family, _model, _whitelist) \
|
#define VULNWL(_vendor, _family, _model, _whitelist) \
|
||||||
{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
|
{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
|
||||||
@@ -970,26 +971,26 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
|
@@ -970,26 +971,26 @@ static const __initconst struct x86_cpu_
|
||||||
VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
|
VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION),
|
||||||
|
|
||||||
/* Intel Family 6 */
|
/* Intel Family 6 */
|
||||||
|
@ -191,7 +180,7 @@ index b33fdfa0ff49..128808dccd2f 100644
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Technically, swapgs isn't serializing on AMD (despite it previously
|
* Technically, swapgs isn't serializing on AMD (despite it previously
|
||||||
@@ -1000,13 +1001,13 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
|
@@ -1000,13 +1001,13 @@ static const __initconst struct x86_cpu_
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* AMD Family 0xf - 0x12 */
|
/* AMD Family 0xf - 0x12 */
|
||||||
|
@ -210,13 +199,10 @@ index b33fdfa0ff49..128808dccd2f 100644
|
||||||
{}
|
{}
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -1021,15 +1022,19 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
|
@@ -1031,6 +1032,10 @@ static void __init cpu_set_bug_bits(stru
|
||||||
{
|
{
|
||||||
u64 ia32_cap = 0;
|
u64 ia32_cap = x86_read_arch_cap_msr();
|
||||||
|
|
||||||
+ if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
|
|
||||||
+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
|
|
||||||
+
|
|
||||||
+ /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */
|
+ /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */
|
||||||
+ if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO))
|
+ if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO))
|
||||||
+ setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT);
|
+ setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT);
|
||||||
|
@ -224,20 +210,9 @@ index b33fdfa0ff49..128808dccd2f 100644
|
||||||
if (cpu_matches(NO_SPECULATION))
|
if (cpu_matches(NO_SPECULATION))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
|
|
||||||
setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
|
|
||||||
|
|
||||||
- if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
|
|
||||||
- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
|
|
||||||
-
|
|
||||||
if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) &&
|
|
||||||
!cpu_has(c, X86_FEATURE_AMD_SSB_NO))
|
|
||||||
setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
|
|
||||||
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
|
|
||||||
index 2fd6ca1021c2..c21e2aec5cbb 100644
|
|
||||||
--- a/drivers/base/cpu.c
|
--- a/drivers/base/cpu.c
|
||||||
+++ b/drivers/base/cpu.c
|
+++ b/drivers/base/cpu.c
|
||||||
@@ -552,12 +552,19 @@ ssize_t __weak cpu_show_mds(struct device *dev,
|
@@ -559,6 +559,12 @@ ssize_t __weak cpu_show_tsx_async_abort(
|
||||||
return sprintf(buf, "Not affected\n");
|
return sprintf(buf, "Not affected\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -250,29 +225,28 @@ index 2fd6ca1021c2..c21e2aec5cbb 100644
|
||||||
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
||||||
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
||||||
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
||||||
static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
|
@@ -566,6 +572,7 @@ static DEVICE_ATTR(spec_store_bypass, 04
|
||||||
static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
|
static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
|
||||||
static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
|
static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
|
||||||
|
static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL);
|
||||||
+static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
|
+static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
|
||||||
|
|
||||||
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
||||||
&dev_attr_meltdown.attr,
|
&dev_attr_meltdown.attr,
|
||||||
@@ -566,6 +573,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
@@ -575,6 +582,7 @@ static struct attribute *cpu_root_vulner
|
||||||
&dev_attr_spec_store_bypass.attr,
|
|
||||||
&dev_attr_l1tf.attr,
|
&dev_attr_l1tf.attr,
|
||||||
&dev_attr_mds.attr,
|
&dev_attr_mds.attr,
|
||||||
|
&dev_attr_tsx_async_abort.attr,
|
||||||
+ &dev_attr_itlb_multihit.attr,
|
+ &dev_attr_itlb_multihit.attr,
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
|
||||||
index 006f69f9277b..7bb824b0f30e 100644
|
|
||||||
--- a/include/linux/cpu.h
|
--- a/include/linux/cpu.h
|
||||||
+++ b/include/linux/cpu.h
|
+++ b/include/linux/cpu.h
|
||||||
@@ -59,6 +59,8 @@ extern ssize_t cpu_show_l1tf(struct device *dev,
|
@@ -62,6 +62,8 @@ extern ssize_t cpu_show_mds(struct devic
|
||||||
struct device_attribute *attr, char *buf);
|
extern ssize_t cpu_show_tsx_async_abort(struct device *dev,
|
||||||
extern ssize_t cpu_show_mds(struct device *dev,
|
struct device_attribute *attr,
|
||||||
struct device_attribute *attr, char *buf);
|
char *buf);
|
||||||
+extern ssize_t cpu_show_itlb_multihit(struct device *dev,
|
+extern ssize_t cpu_show_itlb_multihit(struct device *dev,
|
||||||
+ struct device_attribute *attr, char *buf);
|
+ struct device_attribute *attr, char *buf);
|
||||||
|
|
|
@ -0,0 +1,98 @@
|
||||||
|
From: Tyler Hicks <tyhicks@canonical.com>
|
||||||
|
Date: Mon, 4 Nov 2019 12:22:02 +0100
|
||||||
|
Subject: cpu/speculation: Uninline and export CPU mitigations helpers
|
||||||
|
|
||||||
|
commit 731dc9df975a5da21237a18c3384f811a7a41cc6 upstream.
|
||||||
|
|
||||||
|
A kernel module may need to check the value of the "mitigations=" kernel
|
||||||
|
command line parameter as part of its setup when the module needs
|
||||||
|
to perform software mitigations for a CPU flaw.
|
||||||
|
|
||||||
|
Uninline and export the helper functions surrounding the cpu_mitigations
|
||||||
|
enum to allow for their usage from a module.
|
||||||
|
|
||||||
|
Lastly, privatize the enum and cpu_mitigations variable since the value of
|
||||||
|
cpu_mitigations can be checked with the exported helper functions.
|
||||||
|
|
||||||
|
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
---
|
||||||
|
include/linux/cpu.h | 25 ++-----------------------
|
||||||
|
kernel/cpu.c | 27 ++++++++++++++++++++++++++-
|
||||||
|
2 files changed, 28 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
--- a/include/linux/cpu.h
|
||||||
|
+++ b/include/linux/cpu.h
|
||||||
|
@@ -198,28 +198,7 @@ static inline int cpuhp_smt_enable(void)
|
||||||
|
static inline int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval) { return 0; }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * These are used for a global "mitigations=" cmdline option for toggling
|
||||||
|
- * optional CPU mitigations.
|
||||||
|
- */
|
||||||
|
-enum cpu_mitigations {
|
||||||
|
- CPU_MITIGATIONS_OFF,
|
||||||
|
- CPU_MITIGATIONS_AUTO,
|
||||||
|
- CPU_MITIGATIONS_AUTO_NOSMT,
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-extern enum cpu_mitigations cpu_mitigations;
|
||||||
|
-
|
||||||
|
-/* mitigations=off */
|
||||||
|
-static inline bool cpu_mitigations_off(void)
|
||||||
|
-{
|
||||||
|
- return cpu_mitigations == CPU_MITIGATIONS_OFF;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-/* mitigations=auto,nosmt */
|
||||||
|
-static inline bool cpu_mitigations_auto_nosmt(void)
|
||||||
|
-{
|
||||||
|
- return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
|
||||||
|
-}
|
||||||
|
+extern bool cpu_mitigations_off(void);
|
||||||
|
+extern bool cpu_mitigations_auto_nosmt(void);
|
||||||
|
|
||||||
|
#endif /* _LINUX_CPU_H_ */
|
||||||
|
--- a/kernel/cpu.c
|
||||||
|
+++ b/kernel/cpu.c
|
||||||
|
@@ -2282,7 +2282,18 @@ void __init boot_cpu_hotplug_init(void)
|
||||||
|
this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
|
||||||
|
}
|
||||||
|
|
||||||
|
-enum cpu_mitigations cpu_mitigations __ro_after_init = CPU_MITIGATIONS_AUTO;
|
||||||
|
+/*
|
||||||
|
+ * These are used for a global "mitigations=" cmdline option for toggling
|
||||||
|
+ * optional CPU mitigations.
|
||||||
|
+ */
|
||||||
|
+enum cpu_mitigations {
|
||||||
|
+ CPU_MITIGATIONS_OFF,
|
||||||
|
+ CPU_MITIGATIONS_AUTO,
|
||||||
|
+ CPU_MITIGATIONS_AUTO_NOSMT,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static enum cpu_mitigations cpu_mitigations __ro_after_init =
|
||||||
|
+ CPU_MITIGATIONS_AUTO;
|
||||||
|
|
||||||
|
static int __init mitigations_parse_cmdline(char *arg)
|
||||||
|
{
|
||||||
|
@@ -2299,3 +2310,17 @@ static int __init mitigations_parse_cmdl
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
early_param("mitigations", mitigations_parse_cmdline);
|
||||||
|
+
|
||||||
|
+/* mitigations=off */
|
||||||
|
+bool cpu_mitigations_off(void)
|
||||||
|
+{
|
||||||
|
+ return cpu_mitigations == CPU_MITIGATIONS_OFF;
|
||||||
|
+}
|
||||||
|
+EXPORT_SYMBOL_GPL(cpu_mitigations_off);
|
||||||
|
+
|
||||||
|
+/* mitigations=auto,nosmt */
|
||||||
|
+bool cpu_mitigations_auto_nosmt(void)
|
||||||
|
+{
|
||||||
|
+ return cpu_mitigations == CPU_MITIGATIONS_AUTO_NOSMT;
|
||||||
|
+}
|
||||||
|
+EXPORT_SYMBOL_GPL(cpu_mitigations_auto_nosmt);
|
|
@ -1,62 +1,79 @@
|
||||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
Date: Thu, 24 Oct 2019 18:34:28 +0200
|
Date: Mon, 4 Nov 2019 12:22:02 +0100
|
||||||
Subject: kvm: mmu: ITLB_MULTIHIT mitigation
|
Subject: kvm: mmu: ITLB_MULTIHIT mitigation
|
||||||
|
|
||||||
|
commit b8e8c8303ff28c61046a4d0f6ea99aea609a7dc0 upstream.
|
||||||
|
|
||||||
With some Intel processors, putting the same virtual address in the TLB
|
With some Intel processors, putting the same virtual address in the TLB
|
||||||
as both a 4 KiB and 2 MiB page can confuse the instruction fetch unit
|
as both a 4 KiB and 2 MiB page can confuse the instruction fetch unit
|
||||||
and cause the processor to issue a machine check. Unfortunately if EPT
|
and cause the processor to issue a machine check resulting in a CPU lockup.
|
||||||
page tables use huge pages, it possible for a malicious guest to cause
|
|
||||||
this situation.
|
|
||||||
|
|
||||||
This patch adds a knob to mark huge pages as non-executable. When the
|
Unfortunately when EPT page tables use huge pages, it is possible for a
|
||||||
nx_huge_pages parameter is enabled (and we are using EPT), all huge pages
|
malicious guest to cause this situation.
|
||||||
are marked as NX. If the guest attempts to execute in one of those pages,
|
|
||||||
the page is broken down into 4K pages, which are then marked executable.
|
Add a knob to mark huge pages as non-executable. When the nx_huge_pages
|
||||||
|
parameter is enabled (and we are using EPT), all huge pages are marked as
|
||||||
|
NX. If the guest attempts to execute in one of those pages, the page is
|
||||||
|
broken down into 4K pages, which are then marked executable.
|
||||||
|
|
||||||
This is not an issue for shadow paging (except nested EPT), because then
|
This is not an issue for shadow paging (except nested EPT), because then
|
||||||
the host is in control of TLB flushes and the problematic situation cannot
|
the host is in control of TLB flushes and the problematic situation cannot
|
||||||
happen. With nested EPT, again the nested guest can cause problems so we
|
happen. With nested EPT, again the nested guest can cause problems shadow
|
||||||
treat shadow and direct EPT the same.
|
and direct EPT is treated in the same way.
|
||||||
|
|
||||||
Signed-off-by: Junaid Shahid <junaids@google.com>
|
[ tglx: Fixup default to auto and massage wording a bit ]
|
||||||
|
|
||||||
|
Originally-by: Junaid Shahid <junaids@google.com>
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
[bwh: Backported to 4.19:
|
[bwh: Backported to 4.19:
|
||||||
- Use kvm_mmu_invalidate_zap_all_pages() instead of kvm_mmu_zap_all_fast()
|
- Use kvm_mmu_invalidate_zap_all_pages() instead of kvm_mmu_zap_all_fast()
|
||||||
- Adjust context]
|
- Adjust context]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
.../admin-guide/kernel-parameters.txt | 11 ++
|
.../admin-guide/kernel-parameters.txt | 19 +++
|
||||||
arch/x86/include/asm/kvm_host.h | 2 +
|
arch/x86/include/asm/kvm_host.h | 2 +
|
||||||
arch/x86/kernel/cpu/bugs.c | 13 +-
|
arch/x86/kernel/cpu/bugs.c | 13 +-
|
||||||
arch/x86/kvm/mmu.c | 135 +++++++++++++++++-
|
arch/x86/kvm/mmu.c | 141 +++++++++++++++++-
|
||||||
arch/x86/kvm/paging_tmpl.h | 29 +++-
|
arch/x86/kvm/paging_tmpl.h | 29 +++-
|
||||||
arch/x86/kvm/x86.c | 9 ++
|
arch/x86/kvm/x86.c | 9 ++
|
||||||
6 files changed, 186 insertions(+), 13 deletions(-)
|
6 files changed, 200 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index 16607b178b47..b2c1a5c63ab3 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -1956,6 +1956,17 @@
|
@@ -1956,6 +1956,19 @@
|
||||||
KVM MMU at runtime.
|
KVM MMU at runtime.
|
||||||
Default is 0 (off)
|
Default is 0 (off)
|
||||||
|
|
||||||
+ kvm.nx_huge_pages=
|
+ kvm.nx_huge_pages=
|
||||||
+ [KVM] Controls the sw workaround for bug
|
+ [KVM] Controls the software workaround for the
|
||||||
+ X86_BUG_ITLB_MULTIHIT.
|
+ X86_BUG_ITLB_MULTIHIT bug.
|
||||||
+ force : Always deploy workaround.
|
+ force : Always deploy workaround.
|
||||||
+ off : Default. Never deploy workaround.
|
+ off : Never deploy workaround.
|
||||||
+ auto : Deploy workaround based on presence of
|
+ auto : Deploy workaround based on the presence of
|
||||||
+ X86_BUG_ITLB_MULTIHIT.
|
+ X86_BUG_ITLB_MULTIHIT.
|
||||||
+
|
+
|
||||||
+ If the sw workaround is enabled for the host, guests
|
+ Default is 'auto'.
|
||||||
+ need not enable it for nested guests.
|
+
|
||||||
|
+ If the software workaround is enabled for the host,
|
||||||
|
+ guests do need not to enable it for nested guests.
|
||||||
+
|
+
|
||||||
kvm-amd.nested= [KVM,AMD] Allow nested virtualization in KVM/SVM.
|
kvm-amd.nested= [KVM,AMD] Allow nested virtualization in KVM/SVM.
|
||||||
Default is 1 (enabled)
|
Default is 1 (enabled)
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
@@ -2522,6 +2535,12 @@
|
||||||
index 90dccb5c79d9..59b44445ed59 100644
|
l1tf=off [X86]
|
||||||
|
mds=off [X86]
|
||||||
|
tsx_async_abort=off [X86]
|
||||||
|
+ kvm.nx_huge_pages=off [X86]
|
||||||
|
+
|
||||||
|
+ Exceptions:
|
||||||
|
+ This does not have any effect on
|
||||||
|
+ kvm.nx_huge_pages when
|
||||||
|
+ kvm.nx_huge_pages=force.
|
||||||
|
|
||||||
|
auto (default)
|
||||||
|
Mitigate all CPU vulnerabilities, but leave SMT
|
||||||
--- a/arch/x86/include/asm/kvm_host.h
|
--- a/arch/x86/include/asm/kvm_host.h
|
||||||
+++ b/arch/x86/include/asm/kvm_host.h
|
+++ b/arch/x86/include/asm/kvm_host.h
|
||||||
@@ -282,6 +282,7 @@ struct kvm_mmu_page {
|
@@ -282,6 +282,7 @@ struct kvm_mmu_page {
|
||||||
|
@ -67,7 +84,7 @@ index 90dccb5c79d9..59b44445ed59 100644
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The following two entries are used to key the shadow page in the
|
* The following two entries are used to key the shadow page in the
|
||||||
@@ -890,6 +891,7 @@ struct kvm_vm_stat {
|
@@ -887,6 +888,7 @@ struct kvm_vm_stat {
|
||||||
ulong mmu_unsync;
|
ulong mmu_unsync;
|
||||||
ulong remote_tlb_flush;
|
ulong remote_tlb_flush;
|
||||||
ulong lpages;
|
ulong lpages;
|
||||||
|
@ -75,11 +92,9 @@ index 90dccb5c79d9..59b44445ed59 100644
|
||||||
ulong max_mmu_page_hash_collisions;
|
ulong max_mmu_page_hash_collisions;
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index 60e47e492c2f..1e764992fa64 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
--- a/arch/x86/kernel/cpu/bugs.c
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||||
@@ -1119,6 +1119,9 @@ void x86_spec_ctrl_setup_ap(void)
|
@@ -1229,6 +1229,9 @@ void x86_spec_ctrl_setup_ap(void)
|
||||||
x86_amd_ssb_disable();
|
x86_amd_ssb_disable();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,7 +104,7 @@ index 60e47e492c2f..1e764992fa64 100644
|
||||||
#undef pr_fmt
|
#undef pr_fmt
|
||||||
#define pr_fmt(fmt) "L1TF: " fmt
|
#define pr_fmt(fmt) "L1TF: " fmt
|
||||||
|
|
||||||
@@ -1274,17 +1277,25 @@ static ssize_t l1tf_show_state(char *buf)
|
@@ -1384,17 +1387,25 @@ static ssize_t l1tf_show_state(char *buf
|
||||||
l1tf_vmx_states[l1tf_vmx_mitigation],
|
l1tf_vmx_states[l1tf_vmx_mitigation],
|
||||||
sched_smt_active() ? "vulnerable" : "disabled");
|
sched_smt_active() ? "vulnerable" : "disabled");
|
||||||
}
|
}
|
||||||
|
@ -116,8 +131,6 @@ index 60e47e492c2f..1e764992fa64 100644
|
||||||
|
|
||||||
static ssize_t mds_show_state(char *buf)
|
static ssize_t mds_show_state(char *buf)
|
||||||
{
|
{
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 7f9be921df7c..19c3dc9b05cb 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -49,6 +49,20 @@
|
@@ -49,6 +49,20 @@
|
||||||
|
@ -141,7 +154,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
/*
|
/*
|
||||||
* When setting this variable to true it enables Two-Dimensional-Paging
|
* When setting this variable to true it enables Two-Dimensional-Paging
|
||||||
* where the hardware walks 2 page tables:
|
* where the hardware walks 2 page tables:
|
||||||
@@ -284,6 +298,11 @@ static inline bool spte_ad_enabled(u64 spte)
|
@@ -284,6 +298,11 @@ static inline bool spte_ad_enabled(u64 s
|
||||||
return !(spte & shadow_acc_track_value);
|
return !(spte & shadow_acc_track_value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,7 +166,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
static inline u64 spte_shadow_accessed_mask(u64 spte)
|
static inline u64 spte_shadow_accessed_mask(u64 spte)
|
||||||
{
|
{
|
||||||
MMU_WARN_ON((spte & shadow_mmio_mask) == shadow_mmio_value);
|
MMU_WARN_ON((spte & shadow_mmio_mask) == shadow_mmio_value);
|
||||||
@@ -1096,6 +1115,15 @@ static void account_shadowed(struct kvm *kvm, struct kvm_mmu_page *sp)
|
@@ -1096,6 +1115,15 @@ static void account_shadowed(struct kvm
|
||||||
kvm_mmu_gfn_disallow_lpage(slot, gfn);
|
kvm_mmu_gfn_disallow_lpage(slot, gfn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -169,7 +182,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
static void unaccount_shadowed(struct kvm *kvm, struct kvm_mmu_page *sp)
|
static void unaccount_shadowed(struct kvm *kvm, struct kvm_mmu_page *sp)
|
||||||
{
|
{
|
||||||
struct kvm_memslots *slots;
|
struct kvm_memslots *slots;
|
||||||
@@ -1113,6 +1141,12 @@ static void unaccount_shadowed(struct kvm *kvm, struct kvm_mmu_page *sp)
|
@@ -1113,6 +1141,12 @@ static void unaccount_shadowed(struct kv
|
||||||
kvm_mmu_gfn_allow_lpage(slot, gfn);
|
kvm_mmu_gfn_allow_lpage(slot, gfn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,7 +195,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
static bool __mmu_gfn_lpage_is_disallowed(gfn_t gfn, int level,
|
static bool __mmu_gfn_lpage_is_disallowed(gfn_t gfn, int level,
|
||||||
struct kvm_memory_slot *slot)
|
struct kvm_memory_slot *slot)
|
||||||
{
|
{
|
||||||
@@ -2665,6 +2699,9 @@ static int kvm_mmu_prepare_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp,
|
@@ -2665,6 +2699,9 @@ static int kvm_mmu_prepare_zap_page(stru
|
||||||
kvm_reload_remote_mmus(kvm);
|
kvm_reload_remote_mmus(kvm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -192,7 +205,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
sp->role.invalid = 1;
|
sp->role.invalid = 1;
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -2873,6 +2910,11 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
|
@@ -2873,6 +2910,11 @@ static int set_spte(struct kvm_vcpu *vcp
|
||||||
if (!speculative)
|
if (!speculative)
|
||||||
spte |= spte_shadow_accessed_mask(spte);
|
spte |= spte_shadow_accessed_mask(spte);
|
||||||
|
|
||||||
|
@ -204,7 +217,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
if (pte_access & ACC_EXEC_MASK)
|
if (pte_access & ACC_EXEC_MASK)
|
||||||
spte |= shadow_x_mask;
|
spte |= shadow_x_mask;
|
||||||
else
|
else
|
||||||
@@ -3091,9 +3133,32 @@ static void direct_pte_prefetch(struct kvm_vcpu *vcpu, u64 *sptep)
|
@@ -3091,9 +3133,32 @@ static void direct_pte_prefetch(struct k
|
||||||
__direct_pte_prefetch(vcpu, sp, sptep);
|
__direct_pte_prefetch(vcpu, sp, sptep);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -238,7 +251,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
{
|
{
|
||||||
struct kvm_shadow_walk_iterator it;
|
struct kvm_shadow_walk_iterator it;
|
||||||
struct kvm_mmu_page *sp;
|
struct kvm_mmu_page *sp;
|
||||||
@@ -3106,6 +3171,12 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa, int write,
|
@@ -3106,6 +3171,12 @@ static int __direct_map(struct kvm_vcpu
|
||||||
|
|
||||||
trace_kvm_mmu_spte_requested(gpa, level, pfn);
|
trace_kvm_mmu_spte_requested(gpa, level, pfn);
|
||||||
for_each_shadow_entry(vcpu, gpa, it) {
|
for_each_shadow_entry(vcpu, gpa, it) {
|
||||||
|
@ -251,7 +264,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
base_gfn = gfn & ~(KVM_PAGES_PER_HPAGE(it.level) - 1);
|
base_gfn = gfn & ~(KVM_PAGES_PER_HPAGE(it.level) - 1);
|
||||||
if (it.level == level)
|
if (it.level == level)
|
||||||
break;
|
break;
|
||||||
@@ -3116,6 +3187,8 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa, int write,
|
@@ -3116,6 +3187,8 @@ static int __direct_map(struct kvm_vcpu
|
||||||
it.level - 1, true, ACC_ALL);
|
it.level - 1, true, ACC_ALL);
|
||||||
|
|
||||||
link_shadow_page(vcpu, it.sptep, sp);
|
link_shadow_page(vcpu, it.sptep, sp);
|
||||||
|
@ -260,7 +273,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3416,11 +3489,14 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3416,11 +3489,14 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
int level;
|
int level;
|
||||||
|
@ -276,7 +289,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
level = mapping_level(vcpu, gfn, &force_pt_level);
|
level = mapping_level(vcpu, gfn, &force_pt_level);
|
||||||
if (likely(!force_pt_level)) {
|
if (likely(!force_pt_level)) {
|
||||||
/*
|
/*
|
||||||
@@ -3454,7 +3530,8 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, u32 error_code,
|
@@ -3454,7 +3530,8 @@ static int nonpaging_map(struct kvm_vcpu
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
|
||||||
|
@ -286,7 +299,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
kvm_release_pfn_clean(pfn);
|
kvm_release_pfn_clean(pfn);
|
||||||
@@ -4048,6 +4125,8 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4048,6 +4125,8 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
unsigned long mmu_seq;
|
unsigned long mmu_seq;
|
||||||
int write = error_code & PFERR_WRITE_MASK;
|
int write = error_code & PFERR_WRITE_MASK;
|
||||||
bool map_writable;
|
bool map_writable;
|
||||||
|
@ -295,7 +308,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
|
|
||||||
MMU_WARN_ON(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
|
MMU_WARN_ON(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
|
||||||
|
|
||||||
@@ -4058,8 +4137,9 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4058,8 +4137,9 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
if (r)
|
if (r)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -307,7 +320,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
level = mapping_level(vcpu, gfn, &force_pt_level);
|
level = mapping_level(vcpu, gfn, &force_pt_level);
|
||||||
if (likely(!force_pt_level)) {
|
if (likely(!force_pt_level)) {
|
||||||
if (level > PT_DIRECTORY_LEVEL &&
|
if (level > PT_DIRECTORY_LEVEL &&
|
||||||
@@ -4088,7 +4168,8 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa, u32 error_code,
|
@@ -4088,7 +4168,8 @@ static int tdp_page_fault(struct kvm_vcp
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
if (likely(!force_pt_level))
|
if (likely(!force_pt_level))
|
||||||
transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, gfn, &pfn, &level);
|
||||||
|
@ -317,10 +330,16 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
out_unlock:
|
out_unlock:
|
||||||
spin_unlock(&vcpu->kvm->mmu_lock);
|
spin_unlock(&vcpu->kvm->mmu_lock);
|
||||||
kvm_release_pfn_clean(pfn);
|
kvm_release_pfn_clean(pfn);
|
||||||
@@ -5886,10 +5967,52 @@ static void mmu_destroy_caches(void)
|
@@ -5886,10 +5967,58 @@ static void mmu_destroy_caches(void)
|
||||||
kmem_cache_destroy(mmu_page_header_cache);
|
kmem_cache_destroy(mmu_page_header_cache);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
+static bool get_nx_auto_mode(void)
|
||||||
|
+{
|
||||||
|
+ /* Return true when CPU has the bug, and mitigations are ON */
|
||||||
|
+ return boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT) && !cpu_mitigations_off();
|
||||||
|
+}
|
||||||
|
+
|
||||||
+static void __set_nx_huge_pages(bool val)
|
+static void __set_nx_huge_pages(bool val)
|
||||||
+{
|
+{
|
||||||
+ nx_huge_pages = itlb_multihit_kvm_mitigation = val;
|
+ nx_huge_pages = itlb_multihit_kvm_mitigation = val;
|
||||||
|
@ -337,7 +356,7 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
+ else if (sysfs_streq(val, "force"))
|
+ else if (sysfs_streq(val, "force"))
|
||||||
+ new_val = 1;
|
+ new_val = 1;
|
||||||
+ else if (sysfs_streq(val, "auto"))
|
+ else if (sysfs_streq(val, "auto"))
|
||||||
+ new_val = boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT);
|
+ new_val = get_nx_auto_mode();
|
||||||
+ else if (strtobool(val, &new_val) < 0)
|
+ else if (strtobool(val, &new_val) < 0)
|
||||||
+ return -EINVAL;
|
+ return -EINVAL;
|
||||||
+
|
+
|
||||||
|
@ -365,16 +384,14 @@ index 7f9be921df7c..19c3dc9b05cb 100644
|
||||||
int ret = -ENOMEM;
|
int ret = -ENOMEM;
|
||||||
|
|
||||||
+ if (nx_huge_pages == -1)
|
+ if (nx_huge_pages == -1)
|
||||||
+ __set_nx_huge_pages(boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT));
|
+ __set_nx_huge_pages(get_nx_auto_mode());
|
||||||
+
|
+
|
||||||
kvm_mmu_reset_all_pte_masks();
|
kvm_mmu_reset_all_pte_masks();
|
||||||
|
|
||||||
pte_list_desc_cache = kmem_cache_create("pte_list_desc",
|
pte_list_desc_cache = kmem_cache_create("pte_list_desc",
|
||||||
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
|
|
||||||
index 3b022b08b577..adf42dc8d38b 100644
|
|
||||||
--- a/arch/x86/kvm/paging_tmpl.h
|
--- a/arch/x86/kvm/paging_tmpl.h
|
||||||
+++ b/arch/x86/kvm/paging_tmpl.h
|
+++ b/arch/x86/kvm/paging_tmpl.h
|
||||||
@@ -596,13 +596,14 @@ static void FNAME(pte_prefetch)(struct kvm_vcpu *vcpu, struct guest_walker *gw,
|
@@ -596,13 +596,14 @@ static void FNAME(pte_prefetch)(struct k
|
||||||
static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
||||||
struct guest_walker *gw,
|
struct guest_walker *gw,
|
||||||
int write_fault, int hlevel,
|
int write_fault, int hlevel,
|
||||||
|
@ -391,7 +408,7 @@ index 3b022b08b577..adf42dc8d38b 100644
|
||||||
|
|
||||||
direct_access = gw->pte_access;
|
direct_access = gw->pte_access;
|
||||||
|
|
||||||
@@ -647,13 +648,25 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -647,13 +648,25 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
link_shadow_page(vcpu, it.sptep, sp);
|
link_shadow_page(vcpu, it.sptep, sp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -419,7 +436,7 @@ index 3b022b08b577..adf42dc8d38b 100644
|
||||||
if (it.level == hlevel)
|
if (it.level == hlevel)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -665,6 +678,8 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
|
@@ -665,6 +678,8 @@ static int FNAME(fetch)(struct kvm_vcpu
|
||||||
sp = kvm_mmu_get_page(vcpu, base_gfn, addr,
|
sp = kvm_mmu_get_page(vcpu, base_gfn, addr,
|
||||||
it.level - 1, true, direct_access);
|
it.level - 1, true, direct_access);
|
||||||
link_shadow_page(vcpu, it.sptep, sp);
|
link_shadow_page(vcpu, it.sptep, sp);
|
||||||
|
@ -428,7 +445,7 @@ index 3b022b08b577..adf42dc8d38b 100644
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -741,9 +756,11 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -741,9 +756,11 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
int r;
|
int r;
|
||||||
kvm_pfn_t pfn;
|
kvm_pfn_t pfn;
|
||||||
int level = PT_PAGE_TABLE_LEVEL;
|
int level = PT_PAGE_TABLE_LEVEL;
|
||||||
|
@ -441,7 +458,7 @@ index 3b022b08b577..adf42dc8d38b 100644
|
||||||
|
|
||||||
pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code);
|
pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code);
|
||||||
|
|
||||||
@@ -833,7 +850,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code,
|
@@ -833,7 +850,7 @@ static int FNAME(page_fault)(struct kvm_
|
||||||
if (!force_pt_level)
|
if (!force_pt_level)
|
||||||
transparent_hugepage_adjust(vcpu, walker.gfn, &pfn, &level);
|
transparent_hugepage_adjust(vcpu, walker.gfn, &pfn, &level);
|
||||||
r = FNAME(fetch)(vcpu, addr, &walker, write_fault,
|
r = FNAME(fetch)(vcpu, addr, &walker, write_fault,
|
||||||
|
@ -450,11 +467,9 @@ index 3b022b08b577..adf42dc8d38b 100644
|
||||||
kvm_mmu_audit(vcpu, AUDIT_POST_PAGE_FAULT);
|
kvm_mmu_audit(vcpu, AUDIT_POST_PAGE_FAULT);
|
||||||
|
|
||||||
out_unlock:
|
out_unlock:
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index 2714c1a0e59f..ec80bb27504f 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -206,6 +206,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
|
@@ -206,6 +206,7 @@ struct kvm_stats_debugfs_item debugfs_en
|
||||||
{ "mmu_unsync", VM_STAT(mmu_unsync) },
|
{ "mmu_unsync", VM_STAT(mmu_unsync) },
|
||||||
{ "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
|
{ "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
|
||||||
{ "largepages", VM_STAT(lpages, .mode = 0444) },
|
{ "largepages", VM_STAT(lpages, .mode = 0444) },
|
||||||
|
@ -462,11 +477,10 @@ index 2714c1a0e59f..ec80bb27504f 100644
|
||||||
{ "max_mmu_page_hash_collisions",
|
{ "max_mmu_page_hash_collisions",
|
||||||
VM_STAT(max_mmu_page_hash_collisions) },
|
VM_STAT(max_mmu_page_hash_collisions) },
|
||||||
{ NULL }
|
{ NULL }
|
||||||
@@ -1130,6 +1131,14 @@ u64 kvm_get_arch_capabilities(void)
|
@@ -1116,6 +1117,14 @@ u64 kvm_get_arch_capabilities(void)
|
||||||
|
|
||||||
rdmsrl_safe(MSR_IA32_ARCH_CAPABILITIES, &data);
|
rdmsrl_safe(MSR_IA32_ARCH_CAPABILITIES, &data);
|
||||||
|
|
||||||
+ /*
|
/*
|
||||||
+ * If nx_huge_pages is enabled, KVM's shadow paging will ensure that
|
+ * If nx_huge_pages is enabled, KVM's shadow paging will ensure that
|
||||||
+ * the nested hypervisor runs with NX huge pages. If it is not,
|
+ * the nested hypervisor runs with NX huge pages. If it is not,
|
||||||
+ * L1 is anyway vulnerable to ITLB_MULTIHIT explots from other
|
+ * L1 is anyway vulnerable to ITLB_MULTIHIT explots from other
|
||||||
|
@ -474,6 +488,7 @@ index 2714c1a0e59f..ec80bb27504f 100644
|
||||||
+ */
|
+ */
|
||||||
+ data |= ARCH_CAP_PSCHANGE_MC_NO;
|
+ data |= ARCH_CAP_PSCHANGE_MC_NO;
|
||||||
+
|
+
|
||||||
/*
|
+ /*
|
||||||
* If we're doing cache flushes (either "always" or "cond")
|
* If we're doing cache flushes (either "always" or "cond")
|
||||||
* we will do one whenever the guest does a vmlaunch/vmresume.
|
* we will do one whenever the guest does a vmlaunch/vmresume.
|
||||||
|
* If an outer hypervisor is doing the cache flush for us
|
|
@ -1,15 +1,16 @@
|
||||||
From: Junaid Shahid <junaids@google.com>
|
From: Junaid Shahid <junaids@google.com>
|
||||||
Date: Thu, 24 Oct 2019 18:34:29 +0200
|
Date: Mon, 4 Nov 2019 12:22:02 +0100
|
||||||
Subject: kvm: Add helper function for creating VM worker
|
Subject: kvm: Add helper function for creating VM worker threads
|
||||||
|
|
||||||
threads
|
commit c57c80467f90e5504c8df9ad3555d2c78800bf94 upstream.
|
||||||
|
|
||||||
This adds a function to create a kernel thread associated with a given
|
Add a function to create a kernel thread associated with a given VM. In
|
||||||
VM. In particular, it ensures that the worker thread inherits the
|
particular, it ensures that the worker thread inherits the priority and
|
||||||
priority and cgroups of the calling thread.
|
cgroups of the calling thread.
|
||||||
|
|
||||||
Signed-off-by: Junaid Shahid <junaids@google.com>
|
Signed-off-by: Junaid Shahid <junaids@google.com>
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
[bwh: Backported to 4.19: adjust context]
|
[bwh: Backported to 4.19: adjust context]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
|
@ -17,11 +18,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
virt/kvm/kvm_main.c | 84 ++++++++++++++++++++++++++++++++++++++++
|
virt/kvm/kvm_main.c | 84 ++++++++++++++++++++++++++++++++++++++++
|
||||||
2 files changed, 90 insertions(+)
|
2 files changed, 90 insertions(+)
|
||||||
|
|
||||||
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
|
|
||||||
index 553a3115a735..96207939d862 100644
|
|
||||||
--- a/include/linux/kvm_host.h
|
--- a/include/linux/kvm_host.h
|
||||||
+++ b/include/linux/kvm_host.h
|
+++ b/include/linux/kvm_host.h
|
||||||
@@ -1305,4 +1305,10 @@ static inline int kvm_arch_vcpu_run_pid_change(struct kvm_vcpu *vcpu)
|
@@ -1305,4 +1305,10 @@ static inline int kvm_arch_vcpu_run_pid_
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE */
|
#endif /* CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE */
|
||||||
|
|
||||||
|
@ -32,8 +31,6 @@ index 553a3115a735..96207939d862 100644
|
||||||
+ struct task_struct **thread_ptr);
|
+ struct task_struct **thread_ptr);
|
||||||
+
|
+
|
||||||
#endif
|
#endif
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
|
||||||
index 5482949b452c..77da54d334b2 100644
|
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -51,6 +51,7 @@
|
@@ -51,6 +51,7 @@
|
|
@ -1,35 +1,38 @@
|
||||||
From: Junaid Shahid <junaids@google.com>
|
From: Junaid Shahid <junaids@google.com>
|
||||||
Date: Thu, 24 Oct 2019 18:34:30 +0200
|
Date: Mon, 4 Nov 2019 12:22:03 +0100
|
||||||
Subject: kvm: x86: mmu: Recovery of shattered NX large pages
|
Subject: kvm: x86: mmu: Recovery of shattered NX large pages
|
||||||
|
|
||||||
The page table pages corresponding to broken down large pages are
|
commit 1aa9b9572b10529c2e64e2b8f44025d86e124308 upstream.
|
||||||
zapped in FIFO order, so that the large page can potentially
|
|
||||||
be recovered, if it is no longer being used for execution. This removes
|
The page table pages corresponding to broken down large pages are zapped in
|
||||||
the performance penalty for walking deeper EPT page tables.
|
FIFO order, so that the large page can potentially be recovered, if it is
|
||||||
|
not longer being used for execution. This removes the performance penalty
|
||||||
|
for walking deeper EPT page tables.
|
||||||
|
|
||||||
By default, one large page will last about one hour once the guest
|
By default, one large page will last about one hour once the guest
|
||||||
reaches a steady state.
|
reaches a steady state.
|
||||||
|
|
||||||
Signed-off-by: Junaid Shahid <junaids@google.com>
|
Signed-off-by: Junaid Shahid <junaids@google.com>
|
||||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
[bwh: Backported to 4.19: adjust context]
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
[bwh: Backported to 4.19:
|
||||||
|
- Update another error path in kvm_create_vm() to use out_err_no_mmu_notifier
|
||||||
|
- Adjust context]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
.../admin-guide/kernel-parameters.txt | 6 +
|
.../admin-guide/kernel-parameters.txt | 6 +
|
||||||
arch/x86/include/asm/kvm_host.h | 5 +
|
arch/x86/include/asm/kvm_host.h | 4 +
|
||||||
arch/x86/kvm/mmu.c | 129 ++++++++++++++++++
|
arch/x86/kvm/mmu.c | 129 ++++++++++++++++++
|
||||||
arch/x86/kvm/mmu.h | 4 +
|
arch/x86/kvm/mmu.h | 4 +
|
||||||
arch/x86/kvm/x86.c | 11 ++
|
arch/x86/kvm/x86.c | 11 ++
|
||||||
virt/kvm/kvm_main.c | 30 +++-
|
virt/kvm/kvm_main.c | 30 +++-
|
||||||
6 files changed, 184 insertions(+), 1 deletion(-)
|
6 files changed, 183 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index b2c1a5c63ab3..efdc471ed0b9 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -1967,6 +1967,12 @@
|
@@ -1969,6 +1969,12 @@
|
||||||
If the sw workaround is enabled for the host, guests
|
If the software workaround is enabled for the host,
|
||||||
need not enable it for nested guests.
|
guests do need not to enable it for nested guests.
|
||||||
|
|
||||||
+ kvm.nx_huge_pages_recovery_ratio=
|
+ kvm.nx_huge_pages_recovery_ratio=
|
||||||
+ [KVM] Controls how many 4KiB pages are periodically zapped
|
+ [KVM] Controls how many 4KiB pages are periodically zapped
|
||||||
|
@ -40,8 +43,6 @@ index b2c1a5c63ab3..efdc471ed0b9 100644
|
||||||
kvm-amd.nested= [KVM,AMD] Allow nested virtualization in KVM/SVM.
|
kvm-amd.nested= [KVM,AMD] Allow nested virtualization in KVM/SVM.
|
||||||
Default is 1 (enabled)
|
Default is 1 (enabled)
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
|
|
||||||
index 59b44445ed59..efe3ba61fc23 100644
|
|
||||||
--- a/arch/x86/include/asm/kvm_host.h
|
--- a/arch/x86/include/asm/kvm_host.h
|
||||||
+++ b/arch/x86/include/asm/kvm_host.h
|
+++ b/arch/x86/include/asm/kvm_host.h
|
||||||
@@ -281,6 +281,8 @@ struct kvm_rmap_head {
|
@@ -281,6 +281,8 @@ struct kvm_rmap_head {
|
||||||
|
@ -53,7 +54,7 @@ index 59b44445ed59..efe3ba61fc23 100644
|
||||||
bool unsync;
|
bool unsync;
|
||||||
bool lpage_disallowed; /* Can't be replaced by an equiv large page */
|
bool lpage_disallowed; /* Can't be replaced by an equiv large page */
|
||||||
|
|
||||||
@@ -808,6 +810,7 @@ struct kvm_arch {
|
@@ -805,6 +807,7 @@ struct kvm_arch {
|
||||||
*/
|
*/
|
||||||
struct list_head active_mmu_pages;
|
struct list_head active_mmu_pages;
|
||||||
struct list_head zapped_obsolete_pages;
|
struct list_head zapped_obsolete_pages;
|
||||||
|
@ -61,17 +62,14 @@ index 59b44445ed59..efe3ba61fc23 100644
|
||||||
struct kvm_page_track_notifier_node mmu_sp_tracker;
|
struct kvm_page_track_notifier_node mmu_sp_tracker;
|
||||||
struct kvm_page_track_notifier_head track_notifier_head;
|
struct kvm_page_track_notifier_head track_notifier_head;
|
||||||
|
|
||||||
@@ -878,6 +881,8 @@ struct kvm_arch {
|
@@ -875,6 +878,7 @@ struct kvm_arch {
|
||||||
bool x2apic_broadcast_quirk_disabled;
|
bool x2apic_broadcast_quirk_disabled;
|
||||||
|
|
||||||
bool guest_can_read_msr_platform_info;
|
bool guest_can_read_msr_platform_info;
|
||||||
+
|
|
||||||
+ struct task_struct *nx_lpage_recovery_thread;
|
+ struct task_struct *nx_lpage_recovery_thread;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct kvm_vm_stat {
|
struct kvm_vm_stat {
|
||||||
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
|
|
||||||
index 19c3dc9b05cb..bafb9001ce94 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.c
|
--- a/arch/x86/kvm/mmu.c
|
||||||
+++ b/arch/x86/kvm/mmu.c
|
+++ b/arch/x86/kvm/mmu.c
|
||||||
@@ -40,6 +40,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
|
@ -109,7 +107,7 @@ index 19c3dc9b05cb..bafb9001ce94 100644
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* When setting this variable to true it enables Two-Dimensional-Paging
|
* When setting this variable to true it enables Two-Dimensional-Paging
|
||||||
@@ -1121,6 +1132,8 @@ static void account_huge_nx_page(struct kvm *kvm, struct kvm_mmu_page *sp)
|
@@ -1121,6 +1132,8 @@ static void account_huge_nx_page(struct
|
||||||
return;
|
return;
|
||||||
|
|
||||||
++kvm->stat.nx_lpage_splits;
|
++kvm->stat.nx_lpage_splits;
|
||||||
|
@ -118,7 +116,7 @@ index 19c3dc9b05cb..bafb9001ce94 100644
|
||||||
sp->lpage_disallowed = true;
|
sp->lpage_disallowed = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1145,6 +1158,7 @@ static void unaccount_huge_nx_page(struct kvm *kvm, struct kvm_mmu_page *sp)
|
@@ -1145,6 +1158,7 @@ static void unaccount_huge_nx_page(struc
|
||||||
{
|
{
|
||||||
--kvm->stat.nx_lpage_splits;
|
--kvm->stat.nx_lpage_splits;
|
||||||
sp->lpage_disallowed = false;
|
sp->lpage_disallowed = false;
|
||||||
|
@ -126,7 +124,7 @@ index 19c3dc9b05cb..bafb9001ce94 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool __mmu_gfn_lpage_is_disallowed(gfn_t gfn, int level,
|
static bool __mmu_gfn_lpage_is_disallowed(gfn_t gfn, int level,
|
||||||
@@ -5999,6 +6013,8 @@ static int set_nx_huge_pages(const char *val, const struct kernel_param *kp)
|
@@ -6005,6 +6019,8 @@ static int set_nx_huge_pages(const char
|
||||||
idx = srcu_read_lock(&kvm->srcu);
|
idx = srcu_read_lock(&kvm->srcu);
|
||||||
kvm_mmu_invalidate_zap_all_pages(kvm);
|
kvm_mmu_invalidate_zap_all_pages(kvm);
|
||||||
srcu_read_unlock(&kvm->srcu, idx);
|
srcu_read_unlock(&kvm->srcu, idx);
|
||||||
|
@ -135,7 +133,7 @@ index 19c3dc9b05cb..bafb9001ce94 100644
|
||||||
}
|
}
|
||||||
mutex_unlock(&kvm_lock);
|
mutex_unlock(&kvm_lock);
|
||||||
}
|
}
|
||||||
@@ -6079,3 +6095,116 @@ void kvm_mmu_module_exit(void)
|
@@ -6086,3 +6102,116 @@ void kvm_mmu_module_exit(void)
|
||||||
unregister_shrinker(&mmu_shrinker);
|
unregister_shrinker(&mmu_shrinker);
|
||||||
mmu_audit_disable();
|
mmu_audit_disable();
|
||||||
}
|
}
|
||||||
|
@ -252,11 +250,9 @@ index 19c3dc9b05cb..bafb9001ce94 100644
|
||||||
+ if (kvm->arch.nx_lpage_recovery_thread)
|
+ if (kvm->arch.nx_lpage_recovery_thread)
|
||||||
+ kthread_stop(kvm->arch.nx_lpage_recovery_thread);
|
+ kthread_stop(kvm->arch.nx_lpage_recovery_thread);
|
||||||
+}
|
+}
|
||||||
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
|
|
||||||
index 65892288bf51..f7b2de7b6382 100644
|
|
||||||
--- a/arch/x86/kvm/mmu.h
|
--- a/arch/x86/kvm/mmu.h
|
||||||
+++ b/arch/x86/kvm/mmu.h
|
+++ b/arch/x86/kvm/mmu.h
|
||||||
@@ -216,4 +216,8 @@ void kvm_mmu_gfn_allow_lpage(struct kvm_memory_slot *slot, gfn_t gfn);
|
@@ -216,4 +216,8 @@ void kvm_mmu_gfn_allow_lpage(struct kvm_
|
||||||
bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
|
bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
|
||||||
struct kvm_memory_slot *slot, u64 gfn);
|
struct kvm_memory_slot *slot, u64 gfn);
|
||||||
int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu);
|
int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu);
|
||||||
|
@ -265,11 +261,9 @@ index 65892288bf51..f7b2de7b6382 100644
|
||||||
+void kvm_mmu_pre_destroy_vm(struct kvm *kvm);
|
+void kvm_mmu_pre_destroy_vm(struct kvm *kvm);
|
||||||
+
|
+
|
||||||
#endif
|
#endif
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index ec80bb27504f..da688e726632 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -8958,6 +8958,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
|
@@ -8952,6 +8952,7 @@ int kvm_arch_init_vm(struct kvm *kvm, un
|
||||||
INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list);
|
INIT_HLIST_HEAD(&kvm->arch.mask_notifier_list);
|
||||||
INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
|
INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
|
||||||
INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages);
|
INIT_LIST_HEAD(&kvm->arch.zapped_obsolete_pages);
|
||||||
|
@ -277,7 +271,7 @@ index ec80bb27504f..da688e726632 100644
|
||||||
INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
|
INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
|
||||||
atomic_set(&kvm->arch.noncoherent_dma_count, 0);
|
atomic_set(&kvm->arch.noncoherent_dma_count, 0);
|
||||||
|
|
||||||
@@ -8989,6 +8990,11 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
|
@@ -8983,6 +8984,11 @@ int kvm_arch_init_vm(struct kvm *kvm, un
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -289,7 +283,7 @@ index ec80bb27504f..da688e726632 100644
|
||||||
static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
|
static void kvm_unload_vcpu_mmu(struct kvm_vcpu *vcpu)
|
||||||
{
|
{
|
||||||
vcpu_load(vcpu);
|
vcpu_load(vcpu);
|
||||||
@@ -9090,6 +9096,11 @@ int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
|
@@ -9084,6 +9090,11 @@ int x86_set_memory_region(struct kvm *kv
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(x86_set_memory_region);
|
EXPORT_SYMBOL_GPL(x86_set_memory_region);
|
||||||
|
|
||||||
|
@ -301,11 +295,9 @@ index ec80bb27504f..da688e726632 100644
|
||||||
void kvm_arch_destroy_vm(struct kvm *kvm)
|
void kvm_arch_destroy_vm(struct kvm *kvm)
|
||||||
{
|
{
|
||||||
if (current->mm == kvm->mm) {
|
if (current->mm == kvm->mm) {
|
||||||
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
|
|
||||||
index 77da54d334b2..7a0d86d52230 100644
|
|
||||||
--- a/virt/kvm/kvm_main.c
|
--- a/virt/kvm/kvm_main.c
|
||||||
+++ b/virt/kvm/kvm_main.c
|
+++ b/virt/kvm/kvm_main.c
|
||||||
@@ -625,6 +625,23 @@ static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
|
@@ -625,6 +625,23 @@ static int kvm_create_vm_debugfs(struct
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -329,7 +321,7 @@ index 77da54d334b2..7a0d86d52230 100644
|
||||||
static struct kvm *kvm_create_vm(unsigned long type)
|
static struct kvm *kvm_create_vm(unsigned long type)
|
||||||
{
|
{
|
||||||
int r, i;
|
int r, i;
|
||||||
@@ -679,10 +696,14 @@ static struct kvm *kvm_create_vm(unsigned long type)
|
@@ -679,11 +696,15 @@ static struct kvm *kvm_create_vm(unsigne
|
||||||
rcu_assign_pointer(kvm->buses[i],
|
rcu_assign_pointer(kvm->buses[i],
|
||||||
kzalloc(sizeof(struct kvm_io_bus), GFP_KERNEL));
|
kzalloc(sizeof(struct kvm_io_bus), GFP_KERNEL));
|
||||||
if (!kvm->buses[i])
|
if (!kvm->buses[i])
|
||||||
|
@ -338,14 +330,15 @@ index 77da54d334b2..7a0d86d52230 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
r = kvm_init_mmu_notifier(kvm);
|
r = kvm_init_mmu_notifier(kvm);
|
||||||
+ if (r)
|
if (r)
|
||||||
+ goto out_err_no_mmu_notifier;
|
+ goto out_err_no_mmu_notifier;
|
||||||
+
|
+
|
||||||
+ r = kvm_arch_post_init_vm(kvm);
|
+ r = kvm_arch_post_init_vm(kvm);
|
||||||
if (r)
|
+ if (r)
|
||||||
goto out_err;
|
goto out_err;
|
||||||
|
|
||||||
@@ -695,6 +716,11 @@ static struct kvm *kvm_create_vm(unsigned long type)
|
mutex_lock(&kvm_lock);
|
||||||
|
@@ -695,6 +716,11 @@ static struct kvm *kvm_create_vm(unsigne
|
||||||
return kvm;
|
return kvm;
|
||||||
|
|
||||||
out_err:
|
out_err:
|
||||||
|
@ -357,7 +350,7 @@ index 77da54d334b2..7a0d86d52230 100644
|
||||||
cleanup_srcu_struct(&kvm->irq_srcu);
|
cleanup_srcu_struct(&kvm->irq_srcu);
|
||||||
out_err_no_irq_srcu:
|
out_err_no_irq_srcu:
|
||||||
cleanup_srcu_struct(&kvm->srcu);
|
cleanup_srcu_struct(&kvm->srcu);
|
||||||
@@ -737,6 +763,8 @@ static void kvm_destroy_vm(struct kvm *kvm)
|
@@ -737,6 +763,8 @@ static void kvm_destroy_vm(struct kvm *k
|
||||||
mutex_lock(&kvm_lock);
|
mutex_lock(&kvm_lock);
|
||||||
list_del(&kvm->vm_list);
|
list_del(&kvm->vm_list);
|
||||||
mutex_unlock(&kvm_lock);
|
mutex_unlock(&kvm_lock);
|
194
debian/patches/bugfix/x86/itlb_multihit/0024-Documentation-Add-ITLB_MULTIHIT-documentation.patch
vendored
Normal file
194
debian/patches/bugfix/x86/itlb_multihit/0024-Documentation-Add-ITLB_MULTIHIT-documentation.patch
vendored
Normal file
|
@ -0,0 +1,194 @@
|
||||||
|
From: "Gomez Iglesias, Antonio" <antonio.gomez.iglesias@intel.com>
|
||||||
|
Date: Mon, 4 Nov 2019 12:22:03 +0100
|
||||||
|
Subject: Documentation: Add ITLB_MULTIHIT documentation
|
||||||
|
|
||||||
|
commit 7f00cc8d4a51074eb0ad4c3f16c15757b1ddfb7d upstream.
|
||||||
|
|
||||||
|
Add the initial ITLB_MULTIHIT documentation.
|
||||||
|
|
||||||
|
[ tglx: Add it to the index so it gets actually built. ]
|
||||||
|
|
||||||
|
Signed-off-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
||||||
|
Signed-off-by: Nelson D'Souza <nelson.dsouza@linux.intel.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
---
|
||||||
|
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
||||||
|
.../admin-guide/hw-vuln/multihit.rst | 163 ++++++++++++++++++
|
||||||
|
2 files changed, 164 insertions(+)
|
||||||
|
create mode 100644 Documentation/admin-guide/hw-vuln/multihit.rst
|
||||||
|
|
||||||
|
--- a/Documentation/admin-guide/hw-vuln/index.rst
|
||||||
|
+++ b/Documentation/admin-guide/hw-vuln/index.rst
|
||||||
|
@@ -13,3 +13,4 @@ are configurable at compile, boot or run
|
||||||
|
l1tf
|
||||||
|
mds
|
||||||
|
tsx_async_abort
|
||||||
|
+ multihit.rst
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Documentation/admin-guide/hw-vuln/multihit.rst
|
||||||
|
@@ -0,0 +1,163 @@
|
||||||
|
+iTLB multihit
|
||||||
|
+=============
|
||||||
|
+
|
||||||
|
+iTLB multihit is an erratum where some processors may incur a machine check
|
||||||
|
+error, possibly resulting in an unrecoverable CPU lockup, when an
|
||||||
|
+instruction fetch hits multiple entries in the instruction TLB. This can
|
||||||
|
+occur when the page size is changed along with either the physical address
|
||||||
|
+or cache type. A malicious guest running on a virtualized system can
|
||||||
|
+exploit this erratum to perform a denial of service attack.
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Affected processors
|
||||||
|
+-------------------
|
||||||
|
+
|
||||||
|
+Variations of this erratum are present on most Intel Core and Xeon processor
|
||||||
|
+models. The erratum is not present on:
|
||||||
|
+
|
||||||
|
+ - non-Intel processors
|
||||||
|
+
|
||||||
|
+ - Some Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont)
|
||||||
|
+
|
||||||
|
+ - Intel processors that have the PSCHANGE_MC_NO bit set in the
|
||||||
|
+ IA32_ARCH_CAPABILITIES MSR.
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Related CVEs
|
||||||
|
+------------
|
||||||
|
+
|
||||||
|
+The following CVE entry is related to this issue:
|
||||||
|
+
|
||||||
|
+ ============== =================================================
|
||||||
|
+ CVE-2018-12207 Machine Check Error Avoidance on Page Size Change
|
||||||
|
+ ============== =================================================
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Problem
|
||||||
|
+-------
|
||||||
|
+
|
||||||
|
+Privileged software, including OS and virtual machine managers (VMM), are in
|
||||||
|
+charge of memory management. A key component in memory management is the control
|
||||||
|
+of the page tables. Modern processors use virtual memory, a technique that creates
|
||||||
|
+the illusion of a very large memory for processors. This virtual space is split
|
||||||
|
+into pages of a given size. Page tables translate virtual addresses to physical
|
||||||
|
+addresses.
|
||||||
|
+
|
||||||
|
+To reduce latency when performing a virtual to physical address translation,
|
||||||
|
+processors include a structure, called TLB, that caches recent translations.
|
||||||
|
+There are separate TLBs for instruction (iTLB) and data (dTLB).
|
||||||
|
+
|
||||||
|
+Under this errata, instructions are fetched from a linear address translated
|
||||||
|
+using a 4 KB translation cached in the iTLB. Privileged software modifies the
|
||||||
|
+paging structure so that the same linear address using large page size (2 MB, 4
|
||||||
|
+MB, 1 GB) with a different physical address or memory type. After the page
|
||||||
|
+structure modification but before the software invalidates any iTLB entries for
|
||||||
|
+the linear address, a code fetch that happens on the same linear address may
|
||||||
|
+cause a machine-check error which can result in a system hang or shutdown.
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Attack scenarios
|
||||||
|
+----------------
|
||||||
|
+
|
||||||
|
+Attacks against the iTLB multihit erratum can be mounted from malicious
|
||||||
|
+guests in a virtualized system.
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+iTLB multihit system information
|
||||||
|
+--------------------------------
|
||||||
|
+
|
||||||
|
+The Linux kernel provides a sysfs interface to enumerate the current iTLB
|
||||||
|
+multihit status of the system:whether the system is vulnerable and which
|
||||||
|
+mitigations are active. The relevant sysfs file is:
|
||||||
|
+
|
||||||
|
+/sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
||||||
|
+
|
||||||
|
+The possible values in this file are:
|
||||||
|
+
|
||||||
|
+.. list-table::
|
||||||
|
+
|
||||||
|
+ * - Not affected
|
||||||
|
+ - The processor is not vulnerable.
|
||||||
|
+ * - KVM: Mitigation: Split huge pages
|
||||||
|
+ - Software changes mitigate this issue.
|
||||||
|
+ * - KVM: Vulnerable
|
||||||
|
+ - The processor is vulnerable, but no mitigation enabled
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Enumeration of the erratum
|
||||||
|
+--------------------------------
|
||||||
|
+
|
||||||
|
+A new bit has been allocated in the IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) msr
|
||||||
|
+and will be set on CPU's which are mitigated against this issue.
|
||||||
|
+
|
||||||
|
+ ======================================= =========== ===============================
|
||||||
|
+ IA32_ARCH_CAPABILITIES MSR Not present Possibly vulnerable,check model
|
||||||
|
+ IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO] '0' Likely vulnerable,check model
|
||||||
|
+ IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO] '1' Not vulnerable
|
||||||
|
+ ======================================= =========== ===============================
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Mitigation mechanism
|
||||||
|
+-------------------------
|
||||||
|
+
|
||||||
|
+This erratum can be mitigated by restricting the use of large page sizes to
|
||||||
|
+non-executable pages. This forces all iTLB entries to be 4K, and removes
|
||||||
|
+the possibility of multiple hits.
|
||||||
|
+
|
||||||
|
+In order to mitigate the vulnerability, KVM initially marks all huge pages
|
||||||
|
+as non-executable. If the guest attempts to execute in one of those pages,
|
||||||
|
+the page is broken down into 4K pages, which are then marked executable.
|
||||||
|
+
|
||||||
|
+If EPT is disabled or not available on the host, KVM is in control of TLB
|
||||||
|
+flushes and the problematic situation cannot happen. However, the shadow
|
||||||
|
+EPT paging mechanism used by nested virtualization is vulnerable, because
|
||||||
|
+the nested guest can trigger multiple iTLB hits by modifying its own
|
||||||
|
+(non-nested) page tables. For simplicity, KVM will make large pages
|
||||||
|
+non-executable in all shadow paging modes.
|
||||||
|
+
|
||||||
|
+Mitigation control on the kernel command line and KVM - module parameter
|
||||||
|
+------------------------------------------------------------------------
|
||||||
|
+
|
||||||
|
+The KVM hypervisor mitigation mechanism for marking huge pages as
|
||||||
|
+non-executable can be controlled with a module parameter "nx_huge_pages=".
|
||||||
|
+The kernel command line allows to control the iTLB multihit mitigations at
|
||||||
|
+boot time with the option "kvm.nx_huge_pages=".
|
||||||
|
+
|
||||||
|
+The valid arguments for these options are:
|
||||||
|
+
|
||||||
|
+ ========== ================================================================
|
||||||
|
+ force Mitigation is enabled. In this case, the mitigation implements
|
||||||
|
+ non-executable huge pages in Linux kernel KVM module. All huge
|
||||||
|
+ pages in the EPT are marked as non-executable.
|
||||||
|
+ If a guest attempts to execute in one of those pages, the page is
|
||||||
|
+ broken down into 4K pages, which are then marked executable.
|
||||||
|
+
|
||||||
|
+ off Mitigation is disabled.
|
||||||
|
+
|
||||||
|
+ auto Enable mitigation only if the platform is affected and the kernel
|
||||||
|
+ was not booted with the "mitigations=off" command line parameter.
|
||||||
|
+ This is the default option.
|
||||||
|
+ ========== ================================================================
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+Mitigation selection guide
|
||||||
|
+--------------------------
|
||||||
|
+
|
||||||
|
+1. No virtualization in use
|
||||||
|
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
+
|
||||||
|
+ The system is protected by the kernel unconditionally and no further
|
||||||
|
+ action is required.
|
||||||
|
+
|
||||||
|
+2. Virtualization with trusted guests
|
||||||
|
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
+
|
||||||
|
+ If the guest comes from a trusted source, you may assume that the guest will
|
||||||
|
+ not attempt to maliciously exploit these errata and no further action is
|
||||||
|
+ required.
|
||||||
|
+
|
||||||
|
+3. Virtualization with untrusted guests
|
||||||
|
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
+ If the guest comes from an untrusted source, the guest host kernel will need
|
||||||
|
+ to apply iTLB multihit mitigation via the kernel command line or kvm
|
||||||
|
+ module parameter.
|
|
@ -2,12 +2,19 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 10:45:50 +0200
|
Date: Wed, 23 Oct 2019 10:45:50 +0200
|
||||||
Subject: x86/msr: Add the IA32_TSX_CTRL MSR
|
Subject: x86/msr: Add the IA32_TSX_CTRL MSR
|
||||||
|
|
||||||
|
commit c2955f270a84762343000f103e0640d29c7a96f3 upstream.
|
||||||
|
|
||||||
Transactional Synchronization Extensions (TSX) may be used on certain
|
Transactional Synchronization Extensions (TSX) may be used on certain
|
||||||
processors as part of a speculative side channel attack. A microcode
|
processors as part of a speculative side channel attack. A microcode
|
||||||
update for existing processors that are vulnerable to this attack will
|
update for existing processors that are vulnerable to this attack will
|
||||||
add a new MSR - IA32_TSX_CTRL to allow the system administrator the
|
add a new MSR - IA32_TSX_CTRL to allow the system administrator the
|
||||||
option to disable TSX as one of the possible mitigations.
|
option to disable TSX as one of the possible mitigations.
|
||||||
|
|
||||||
|
The CPUs which get this new MSR after a microcode upgrade are the ones
|
||||||
|
which do not set MSR_IA32_ARCH_CAPABILITIES.MDS_NO (bit 5) because those
|
||||||
|
CPUs have CPUID.MD_CLEAR, i.e., the VERW implementation which clears all
|
||||||
|
CPU buffers takes care of the TAA case as well.
|
||||||
|
|
||||||
[ Note that future processors that are not vulnerable will also
|
[ Note that future processors that are not vulnerable will also
|
||||||
support the IA32_TSX_CTRL MSR. ]
|
support the IA32_TSX_CTRL MSR. ]
|
||||||
|
|
||||||
|
@ -34,36 +41,33 @@ There are two control bits in IA32_TSX_CTRL MSR:
|
||||||
CPUID(EAX=7).EBX{bit11} read as 0).
|
CPUID(EAX=7).EBX{bit11} read as 0).
|
||||||
|
|
||||||
The other TSX sub-feature, Hardware Lock Elision (HLE), is
|
The other TSX sub-feature, Hardware Lock Elision (HLE), is
|
||||||
unconditionally disabled but still enumerated as present by
|
unconditionally disabled by the new microcode but still enumerated
|
||||||
CPUID(EAX=7).EBX{bit4}.
|
as present by CPUID(EAX=7).EBX{bit4}, unless disabled by
|
||||||
|
IA32_TSX_CTRL_MSR[1] - TSX_CTRL_CPUID_CLEAR.
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
---
|
---
|
||||||
arch/x86/include/asm/msr-index.h | 5 +++++
|
arch/x86/include/asm/msr-index.h | 5 +++++
|
||||||
1 file changed, 5 insertions(+)
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
||||||
index f58e6921cbf7..da7887a9f314 100644
|
|
||||||
--- a/arch/x86/include/asm/msr-index.h
|
--- a/arch/x86/include/asm/msr-index.h
|
||||||
+++ b/arch/x86/include/asm/msr-index.h
|
+++ b/arch/x86/include/asm/msr-index.h
|
||||||
@@ -91,6 +91,7 @@
|
@@ -84,6 +84,7 @@
|
||||||
* physical address or cache type
|
* Microarchitectural Data
|
||||||
* without TLB invalidation.
|
* Sampling (MDS) vulnerabilities.
|
||||||
*/
|
*/
|
||||||
+#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
+#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
||||||
|
|
||||||
#define MSR_IA32_FLUSH_CMD 0x0000010b
|
#define MSR_IA32_FLUSH_CMD 0x0000010b
|
||||||
#define L1D_FLUSH BIT(0) /*
|
#define L1D_FLUSH BIT(0) /*
|
||||||
@@ -101,6 +102,10 @@
|
@@ -94,6 +95,10 @@
|
||||||
#define MSR_IA32_BBL_CR_CTL 0x00000119
|
#define MSR_IA32_BBL_CR_CTL 0x00000119
|
||||||
#define MSR_IA32_BBL_CR_CTL3 0x0000011e
|
#define MSR_IA32_BBL_CR_CTL3 0x0000011e
|
||||||
|
|
|
@ -2,31 +2,26 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 10:52:35 +0200
|
Date: Wed, 23 Oct 2019 10:52:35 +0200
|
||||||
Subject: x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
Subject: x86/cpu: Add a helper function x86_read_arch_cap_msr()
|
||||||
|
|
||||||
|
commit 286836a70433fb64131d2590f4bf512097c255e1 upstream.
|
||||||
|
|
||||||
Add a helper function to read the IA32_ARCH_CAPABILITIES MSR.
|
Add a helper function to read the IA32_ARCH_CAPABILITIES MSR.
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Andy Lutomirski <luto@kernel.org>
|
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
[bwh: Forward-ported on top of NX: Fix conflict (neighbouring changes)
|
|
||||||
in arch/x86/kernel/cpu/common.c]
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
arch/x86/kernel/cpu/common.c | 11 +++++++++--
|
arch/x86/kernel/cpu/common.c | 15 +++++++++++----
|
||||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
arch/x86/kernel/cpu/cpu.h | 2 ++
|
||||||
|
2 files changed, 13 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 128808dccd2f..cee109bd7f00 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
--- a/arch/x86/kernel/cpu/common.c
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
+++ b/arch/x86/kernel/cpu/common.c
|
||||||
@@ -1018,13 +1018,20 @@ static bool __init cpu_matches(unsigned long which)
|
@@ -1017,19 +1017,26 @@ static bool __init cpu_matches(unsigned
|
||||||
return m && !!(m->driver_data & which);
|
return m && !!(m->driver_data & which);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,10 +30,9 @@ index 128808dccd2f..cee109bd7f00 100644
|
||||||
{
|
{
|
||||||
u64 ia32_cap = 0;
|
u64 ia32_cap = 0;
|
||||||
|
|
||||||
- if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
|
|
||||||
+ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))
|
+ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES))
|
||||||
rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
|
+ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
|
||||||
|
+
|
||||||
+ return ia32_cap;
|
+ return ia32_cap;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
|
@ -46,6 +40,24 @@ index 128808dccd2f..cee109bd7f00 100644
|
||||||
+{
|
+{
|
||||||
+ u64 ia32_cap = x86_read_arch_cap_msr();
|
+ u64 ia32_cap = x86_read_arch_cap_msr();
|
||||||
+
|
+
|
||||||
/* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */
|
if (cpu_matches(NO_SPECULATION))
|
||||||
if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO))
|
return;
|
||||||
setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT);
|
|
||||||
|
setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
|
||||||
|
setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
|
||||||
|
|
||||||
|
- if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
|
||||||
|
- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
|
||||||
|
-
|
||||||
|
if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) &&
|
||||||
|
!cpu_has(c, X86_FEATURE_AMD_SSB_NO))
|
||||||
|
setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
|
||||||
|
--- a/arch/x86/kernel/cpu/cpu.h
|
||||||
|
+++ b/arch/x86/kernel/cpu/cpu.h
|
||||||
|
@@ -65,4 +65,6 @@ unsigned int aperfmperf_get_khz(int cpu)
|
||||||
|
|
||||||
|
extern void x86_spec_ctrl_setup_ap(void);
|
||||||
|
|
||||||
|
+extern u64 x86_read_arch_cap_msr(void);
|
||||||
|
+
|
||||||
|
#endif /* ARCH_X86_CPU_H */
|
|
@ -2,6 +2,8 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 11:01:53 +0200
|
Date: Wed, 23 Oct 2019 11:01:53 +0200
|
||||||
Subject: x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
|
Subject: x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
|
||||||
|
|
||||||
|
commit 95c5824f75f3ba4c9e8e5a4b1a623c95390ac266 upstream.
|
||||||
|
|
||||||
Add a kernel cmdline parameter "tsx" to control the Transactional
|
Add a kernel cmdline parameter "tsx" to control the Transactional
|
||||||
Synchronization Extensions (TSX) feature. On CPUs that support TSX
|
Synchronization Extensions (TSX) feature. On CPUs that support TSX
|
||||||
control, use "tsx=on|off" to enable or disable TSX. Not specifying this
|
control, use "tsx=on|off" to enable or disable TSX. Not specifying this
|
||||||
|
@ -12,46 +14,29 @@ Carve out the TSX controlling functionality into a separate compilation
|
||||||
unit because TSX is a CPU feature while the TSX async abort control
|
unit because TSX is a CPU feature while the TSX async abort control
|
||||||
machinery will go to cpu/bugs.c.
|
machinery will go to cpu/bugs.c.
|
||||||
|
|
||||||
[ bp: Massage, shorten and clear the arg buffer. ]
|
[ bp: - Massage, shorten and clear the arg buffer.
|
||||||
|
- Clarifications of the tsx= possible options - Josh.
|
||||||
|
- Expand on TSX_CTRL availability - Pawan. ]
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Cc: Andy Lutomirski <luto@kernel.org>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Babu Moger <Babu.Moger@amd.com>
|
|
||||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
|
||||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
||||||
Cc: Juergen Gross <jgross@suse.com>
|
|
||||||
Cc: Kees Cook <keescook@chromium.org>
|
|
||||||
Cc: linux-doc@vger.kernel.org
|
|
||||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
|
||||||
Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
|
|
||||||
Cc: Rahul Tanwar <rahul.tanwar@linux.intel.com>
|
|
||||||
Cc: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
|
|
||||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
Cc: Zhao Yakui <yakui.zhao@intel.com>
|
|
||||||
[bwh: Backported to 4.19: adjust context]
|
[bwh: Backported to 4.19: adjust context]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
.../admin-guide/kernel-parameters.txt | 11 ++
|
.../admin-guide/kernel-parameters.txt | 26 ++++
|
||||||
arch/x86/kernel/cpu/Makefile | 2 +-
|
arch/x86/kernel/cpu/Makefile | 2 +-
|
||||||
arch/x86/kernel/cpu/common.c | 2 +
|
arch/x86/kernel/cpu/common.c | 2 +
|
||||||
arch/x86/kernel/cpu/cpu.h | 18 +++
|
arch/x86/kernel/cpu/cpu.h | 16 +++
|
||||||
arch/x86/kernel/cpu/intel.c | 5 +
|
arch/x86/kernel/cpu/intel.c | 5 +
|
||||||
arch/x86/kernel/cpu/tsx.c | 119 ++++++++++++++++++
|
arch/x86/kernel/cpu/tsx.c | 125 ++++++++++++++++++
|
||||||
6 files changed, 156 insertions(+), 1 deletion(-)
|
6 files changed, 175 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 arch/x86/kernel/cpu/tsx.c
|
create mode 100644 arch/x86/kernel/cpu/tsx.c
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index efdc471ed0b9..f03756d2addb 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -4707,6 +4707,17 @@
|
@@ -4685,6 +4685,32 @@
|
||||||
marks the TSC unconditionally unstable at bootup and
|
marks the TSC unconditionally unstable at bootup and
|
||||||
avoids any further wobbles once the TSC watchdog notices.
|
avoids any further wobbles once the TSC watchdog notices.
|
||||||
|
|
||||||
|
@ -61,16 +46,29 @@ index efdc471ed0b9..f03756d2addb 100644
|
||||||
+
|
+
|
||||||
+ This parameter controls the TSX feature. The options are:
|
+ This parameter controls the TSX feature. The options are:
|
||||||
+
|
+
|
||||||
+ on - Enable TSX on the system.
|
+ on - Enable TSX on the system. Although there are
|
||||||
+ off - Disable TSX on the system.
|
+ mitigations for all known security vulnerabilities,
|
||||||
|
+ TSX has been known to be an accelerator for
|
||||||
|
+ several previous speculation-related CVEs, and
|
||||||
|
+ so there may be unknown security risks associated
|
||||||
|
+ with leaving it enabled.
|
||||||
|
+
|
||||||
|
+ off - Disable TSX on the system. (Note that this
|
||||||
|
+ option takes effect only on newer CPUs which are
|
||||||
|
+ not vulnerable to MDS, i.e., have
|
||||||
|
+ MSR_IA32_ARCH_CAPABILITIES.MDS_NO=1 and which get
|
||||||
|
+ the new IA32_TSX_CTRL MSR through a microcode
|
||||||
|
+ update. This new MSR allows for the reliable
|
||||||
|
+ deactivation of the TSX functionality.)
|
||||||
+
|
+
|
||||||
+ Not specifying this option is equivalent to tsx=off.
|
+ Not specifying this option is equivalent to tsx=off.
|
||||||
|
+
|
||||||
|
+ See Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
|
+ for more details.
|
||||||
+
|
+
|
||||||
turbografx.map[2|3]= [HW,JOY]
|
turbografx.map[2|3]= [HW,JOY]
|
||||||
TurboGraFX parallel port interface
|
TurboGraFX parallel port interface
|
||||||
Format:
|
Format:
|
||||||
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
|
|
||||||
index 347137e80bf5..320769b4807b 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/Makefile
|
--- a/arch/x86/kernel/cpu/Makefile
|
||||||
+++ b/arch/x86/kernel/cpu/Makefile
|
+++ b/arch/x86/kernel/cpu/Makefile
|
||||||
@@ -28,7 +28,7 @@ obj-y += cpuid-deps.o
|
@@ -28,7 +28,7 @@ obj-y += cpuid-deps.o
|
||||||
|
@ -82,11 +80,9 @@ index 347137e80bf5..320769b4807b 100644
|
||||||
obj-$(CONFIG_CPU_SUP_AMD) += amd.o
|
obj-$(CONFIG_CPU_SUP_AMD) += amd.o
|
||||||
obj-$(CONFIG_CPU_SUP_CYRIX_32) += cyrix.o
|
obj-$(CONFIG_CPU_SUP_CYRIX_32) += cyrix.o
|
||||||
obj-$(CONFIG_CPU_SUP_CENTAUR) += centaur.o
|
obj-$(CONFIG_CPU_SUP_CENTAUR) += centaur.o
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index cee109bd7f00..5f89d78fe132 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
--- a/arch/x86/kernel/cpu/common.c
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
+++ b/arch/x86/kernel/cpu/common.c
|
||||||
@@ -1487,6 +1487,8 @@ void __init identify_boot_cpu(void)
|
@@ -1482,6 +1482,8 @@ void __init identify_boot_cpu(void)
|
||||||
enable_sep_cpu();
|
enable_sep_cpu();
|
||||||
#endif
|
#endif
|
||||||
cpu_detect_tlb(&boot_cpu_data);
|
cpu_detect_tlb(&boot_cpu_data);
|
||||||
|
@ -95,8 +91,6 @@ index cee109bd7f00..5f89d78fe132 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
void identify_secondary_cpu(struct cpuinfo_x86 *c)
|
void identify_secondary_cpu(struct cpuinfo_x86 *c)
|
||||||
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
|
|
||||||
index 7b229afa0a37..236582c90d3f 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/cpu.h
|
--- a/arch/x86/kernel/cpu/cpu.h
|
||||||
+++ b/arch/x86/kernel/cpu/cpu.h
|
+++ b/arch/x86/kernel/cpu/cpu.h
|
||||||
@@ -45,6 +45,22 @@ struct _tlb_table {
|
@@ -45,6 +45,22 @@ struct _tlb_table {
|
||||||
|
@ -122,18 +116,9 @@ index 7b229afa0a37..236582c90d3f 100644
|
||||||
extern void get_cpu_cap(struct cpuinfo_x86 *c);
|
extern void get_cpu_cap(struct cpuinfo_x86 *c);
|
||||||
extern void get_cpu_address_sizes(struct cpuinfo_x86 *c);
|
extern void get_cpu_address_sizes(struct cpuinfo_x86 *c);
|
||||||
extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c);
|
extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c);
|
||||||
@@ -65,4 +81,6 @@ unsigned int aperfmperf_get_khz(int cpu);
|
|
||||||
|
|
||||||
extern void x86_spec_ctrl_setup_ap(void);
|
|
||||||
|
|
||||||
+extern u64 x86_read_arch_cap_msr(void);
|
|
||||||
+
|
|
||||||
#endif /* ARCH_X86_CPU_H */
|
|
||||||
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
|
|
||||||
index fc3c07fe7df5..a5287b18a63f 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/intel.c
|
--- a/arch/x86/kernel/cpu/intel.c
|
||||||
+++ b/arch/x86/kernel/cpu/intel.c
|
+++ b/arch/x86/kernel/cpu/intel.c
|
||||||
@@ -766,6 +766,11 @@ static void init_intel(struct cpuinfo_x86 *c)
|
@@ -766,6 +766,11 @@ static void init_intel(struct cpuinfo_x8
|
||||||
init_intel_energy_perf(c);
|
init_intel_energy_perf(c);
|
||||||
|
|
||||||
init_intel_misc_features(c);
|
init_intel_misc_features(c);
|
||||||
|
@ -145,12 +130,9 @@ index fc3c07fe7df5..a5287b18a63f 100644
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_X86_32
|
#ifdef CONFIG_X86_32
|
||||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000000..e5933ef50add
|
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||||
@@ -0,0 +1,119 @@
|
@@ -0,0 +1,125 @@
|
||||||
+// SPDX-License-Identifier: GPL-2.0
|
+// SPDX-License-Identifier: GPL-2.0
|
||||||
+/*
|
+/*
|
||||||
+ * Intel Transactional Synchronization Extensions (TSX) control.
|
+ * Intel Transactional Synchronization Extensions (TSX) control.
|
||||||
|
@ -213,9 +195,15 @@ index 000000000000..e5933ef50add
|
||||||
+ u64 ia32_cap = x86_read_arch_cap_msr();
|
+ u64 ia32_cap = x86_read_arch_cap_msr();
|
||||||
+
|
+
|
||||||
+ /*
|
+ /*
|
||||||
+ * TSX is controlled via MSR_IA32_TSX_CTRL. However,
|
+ * TSX is controlled via MSR_IA32_TSX_CTRL. However, support for this
|
||||||
+ * support for this MSR is enumerated by ARCH_CAP_TSX_MSR bit
|
+ * MSR is enumerated by ARCH_CAP_TSX_MSR bit in MSR_IA32_ARCH_CAPABILITIES.
|
||||||
+ * in MSR_IA32_ARCH_CAPABILITIES.
|
+ *
|
||||||
|
+ * TSX control (aka MSR_IA32_TSX_CTRL) is only available after a
|
||||||
|
+ * microcode update on CPUs that have their MSR_IA32_ARCH_CAPABILITIES
|
||||||
|
+ * bit MDS_NO=1. CPUs with MDS_NO=0 are not planned to get
|
||||||
|
+ * MSR_IA32_TSX_CTRL support even after a microcode update. Thus,
|
||||||
|
+ * tsx= cmdline requests will do nothing on CPUs without
|
||||||
|
+ * MSR_IA32_TSX_CTRL support.
|
||||||
+ */
|
+ */
|
||||||
+ return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
+ return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
||||||
+}
|
+}
|
|
@ -2,6 +2,8 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 11:30:45 +0200
|
Date: Wed, 23 Oct 2019 11:30:45 +0200
|
||||||
Subject: x86/speculation/taa: Add mitigation for TSX Async Abort
|
Subject: x86/speculation/taa: Add mitigation for TSX Async Abort
|
||||||
|
|
||||||
|
commit 1b42f017415b46c317e71d41c34ec088417a1883 upstream.
|
||||||
|
|
||||||
TSX Async Abort (TAA) is a side channel vulnerability to the internal
|
TSX Async Abort (TAA) is a side channel vulnerability to the internal
|
||||||
buffers in some Intel processors similar to Microachitectural Data
|
buffers in some Intel processors similar to Microachitectural Data
|
||||||
Sampling (MDS). In this case, certain loads may speculatively pass
|
Sampling (MDS). In this case, certain loads may speculatively pass
|
||||||
|
@ -52,22 +54,8 @@ deployed. The effective mitigation state can be read from sysfs.
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Cc: Andy Lutomirski <luto@kernel.org>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
|
||||||
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
||||||
Cc: Kees Cook <keescook@chromium.org>
|
|
||||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
|
|
||||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
[bwh: Forward-ported on top of NX: Renumber bug bit after
|
|
||||||
X86_BUG_ITLB_MULTIHIT]
|
|
||||||
[bwh: Backported to 4.19: Add #include "cpu.h" in bugs.c]
|
[bwh: Backported to 4.19: Add #include "cpu.h" in bugs.c]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
|
@ -75,27 +63,23 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
arch/x86/include/asm/msr-index.h | 4 +
|
arch/x86/include/asm/msr-index.h | 4 +
|
||||||
arch/x86/include/asm/nospec-branch.h | 4 +-
|
arch/x86/include/asm/nospec-branch.h | 4 +-
|
||||||
arch/x86/include/asm/processor.h | 7 ++
|
arch/x86/include/asm/processor.h | 7 ++
|
||||||
arch/x86/kernel/cpu/bugs.c | 112 +++++++++++++++++++++++++++
|
arch/x86/kernel/cpu/bugs.c | 110 +++++++++++++++++++++++++++
|
||||||
arch/x86/kernel/cpu/common.c | 15 ++++
|
arch/x86/kernel/cpu/common.c | 15 ++++
|
||||||
6 files changed, 141 insertions(+), 2 deletions(-)
|
6 files changed, 139 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
|
|
||||||
index ccad4f183400..5a2eecfed727 100644
|
|
||||||
--- a/arch/x86/include/asm/cpufeatures.h
|
--- a/arch/x86/include/asm/cpufeatures.h
|
||||||
+++ b/arch/x86/include/asm/cpufeatures.h
|
+++ b/arch/x86/include/asm/cpufeatures.h
|
||||||
@@ -390,5 +390,6 @@
|
@@ -389,5 +389,6 @@
|
||||||
|
#define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */
|
||||||
#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
|
#define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */
|
||||||
#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
|
#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */
|
||||||
#define X86_BUG_ITLB_MULTIHIT X86_BUG(22) /* CPU may incur MCE during certain page attribute changes */
|
+#define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */
|
||||||
+#define X86_BUG_TAA X86_BUG(23) /* CPU is affected by TSX Async Abort(TAA) */
|
|
||||||
|
|
||||||
#endif /* _ASM_X86_CPUFEATURES_H */
|
#endif /* _ASM_X86_CPUFEATURES_H */
|
||||||
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
|
||||||
index da7887a9f314..0f4feee6d082 100644
|
|
||||||
--- a/arch/x86/include/asm/msr-index.h
|
--- a/arch/x86/include/asm/msr-index.h
|
||||||
+++ b/arch/x86/include/asm/msr-index.h
|
+++ b/arch/x86/include/asm/msr-index.h
|
||||||
@@ -92,6 +92,10 @@
|
@@ -85,6 +85,10 @@
|
||||||
* without TLB invalidation.
|
* Sampling (MDS) vulnerabilities.
|
||||||
*/
|
*/
|
||||||
#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
#define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */
|
||||||
+#define ARCH_CAP_TAA_NO BIT(8) /*
|
+#define ARCH_CAP_TAA_NO BIT(8) /*
|
||||||
|
@ -105,11 +89,9 @@ index da7887a9f314..0f4feee6d082 100644
|
||||||
|
|
||||||
#define MSR_IA32_FLUSH_CMD 0x0000010b
|
#define MSR_IA32_FLUSH_CMD 0x0000010b
|
||||||
#define L1D_FLUSH BIT(0) /*
|
#define L1D_FLUSH BIT(0) /*
|
||||||
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
|
|
||||||
index 28cb2b31527a..09c7466c4880 100644
|
|
||||||
--- a/arch/x86/include/asm/nospec-branch.h
|
--- a/arch/x86/include/asm/nospec-branch.h
|
||||||
+++ b/arch/x86/include/asm/nospec-branch.h
|
+++ b/arch/x86/include/asm/nospec-branch.h
|
||||||
@@ -323,7 +323,7 @@ DECLARE_STATIC_KEY_FALSE(mds_idle_clear);
|
@@ -323,7 +323,7 @@ DECLARE_STATIC_KEY_FALSE(mds_idle_clear)
|
||||||
#include <asm/segment.h>
|
#include <asm/segment.h>
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -118,7 +100,7 @@ index 28cb2b31527a..09c7466c4880 100644
|
||||||
*
|
*
|
||||||
* This uses the otherwise unused and obsolete VERW instruction in
|
* This uses the otherwise unused and obsolete VERW instruction in
|
||||||
* combination with microcode which triggers a CPU buffer flush when the
|
* combination with microcode which triggers a CPU buffer flush when the
|
||||||
@@ -346,7 +346,7 @@ static inline void mds_clear_cpu_buffers(void)
|
@@ -346,7 +346,7 @@ static inline void mds_clear_cpu_buffers
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -127,8 +109,6 @@ index 28cb2b31527a..09c7466c4880 100644
|
||||||
*
|
*
|
||||||
* Clear CPU buffers if the corresponding static key is enabled
|
* Clear CPU buffers if the corresponding static key is enabled
|
||||||
*/
|
*/
|
||||||
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
|
|
||||||
index b54f25697beb..efb44bd3a714 100644
|
|
||||||
--- a/arch/x86/include/asm/processor.h
|
--- a/arch/x86/include/asm/processor.h
|
||||||
+++ b/arch/x86/include/asm/processor.h
|
+++ b/arch/x86/include/asm/processor.h
|
||||||
@@ -1003,4 +1003,11 @@ enum mds_mitigations {
|
@@ -1003,4 +1003,11 @@ enum mds_mitigations {
|
||||||
|
@ -143,8 +123,6 @@ index b54f25697beb..efb44bd3a714 100644
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
#endif /* _ASM_X86_PROCESSOR_H */
|
#endif /* _ASM_X86_PROCESSOR_H */
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index 1e764992fa64..828b2fe4bc0a 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
--- a/arch/x86/kernel/cpu/bugs.c
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||||
@@ -32,11 +32,14 @@
|
@@ -32,11 +32,14 @@
|
||||||
|
@ -170,11 +148,10 @@ index 1e764992fa64..828b2fe4bc0a 100644
|
||||||
|
|
||||||
arch_smt_update();
|
arch_smt_update();
|
||||||
|
|
||||||
@@ -266,6 +270,100 @@ static int __init mds_cmdline(char *str)
|
@@ -267,6 +271,100 @@ static int __init mds_cmdline(char *str)
|
||||||
}
|
|
||||||
early_param("mds", mds_cmdline);
|
early_param("mds", mds_cmdline);
|
||||||
|
|
||||||
+#undef pr_fmt
|
#undef pr_fmt
|
||||||
+#define pr_fmt(fmt) "TAA: " fmt
|
+#define pr_fmt(fmt) "TAA: " fmt
|
||||||
+
|
+
|
||||||
+/* Default mitigation for TAA-affected CPUs */
|
+/* Default mitigation for TAA-affected CPUs */
|
||||||
|
@ -268,9 +245,10 @@ index 1e764992fa64..828b2fe4bc0a 100644
|
||||||
+}
|
+}
|
||||||
+early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
|
+early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);
|
||||||
+
|
+
|
||||||
#undef pr_fmt
|
+#undef pr_fmt
|
||||||
#define pr_fmt(fmt) "Spectre V1 : " fmt
|
#define pr_fmt(fmt) "Spectre V1 : " fmt
|
||||||
|
|
||||||
|
enum spectre_v1_mitigation {
|
||||||
@@ -772,6 +870,7 @@ static void update_mds_branch_idle(void)
|
@@ -772,6 +870,7 @@ static void update_mds_branch_idle(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -279,7 +257,7 @@ index 1e764992fa64..828b2fe4bc0a 100644
|
||||||
|
|
||||||
void arch_smt_update(void)
|
void arch_smt_update(void)
|
||||||
{
|
{
|
||||||
@@ -804,6 +903,19 @@ void arch_smt_update(void)
|
@@ -804,6 +903,17 @@ void arch_smt_update(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -288,8 +266,6 @@ index 1e764992fa64..828b2fe4bc0a 100644
|
||||||
+ case TAA_MITIGATION_UCODE_NEEDED:
|
+ case TAA_MITIGATION_UCODE_NEEDED:
|
||||||
+ if (sched_smt_active())
|
+ if (sched_smt_active())
|
||||||
+ pr_warn_once(TAA_MSG_SMT);
|
+ pr_warn_once(TAA_MSG_SMT);
|
||||||
+ /* TSX is enabled, apply MDS idle buffer clearing. */
|
|
||||||
+ update_mds_branch_idle();
|
|
||||||
+ break;
|
+ break;
|
||||||
+ case TAA_MITIGATION_TSX_DISABLED:
|
+ case TAA_MITIGATION_TSX_DISABLED:
|
||||||
+ case TAA_MITIGATION_OFF:
|
+ case TAA_MITIGATION_OFF:
|
||||||
|
@ -299,11 +275,9 @@ index 1e764992fa64..828b2fe4bc0a 100644
|
||||||
mutex_unlock(&spec_ctrl_mutex);
|
mutex_unlock(&spec_ctrl_mutex);
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
||||||
index 5f89d78fe132..de1e552c9705 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/common.c
|
--- a/arch/x86/kernel/cpu/common.c
|
||||||
+++ b/arch/x86/kernel/cpu/common.c
|
+++ b/arch/x86/kernel/cpu/common.c
|
||||||
@@ -1058,6 +1058,21 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
|
@@ -1053,6 +1053,21 @@ static void __init cpu_set_bug_bits(stru
|
||||||
if (!cpu_matches(NO_SWAPGS))
|
if (!cpu_matches(NO_SWAPGS))
|
||||||
setup_force_cpu_bug(X86_BUG_SWAPGS);
|
setup_force_cpu_bug(X86_BUG_SWAPGS);
|
||||||
|
|
|
@ -2,6 +2,8 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 12:19:51 +0200
|
Date: Wed, 23 Oct 2019 12:19:51 +0200
|
||||||
Subject: x86/speculation/taa: Add sysfs reporting for TSX Async Abort
|
Subject: x86/speculation/taa: Add sysfs reporting for TSX Async Abort
|
||||||
|
|
||||||
|
commit 6608b45ac5ecb56f9e171252229c39580cc85f0f upstream.
|
||||||
|
|
||||||
Add the sysfs reporting file for TSX Async Abort. It exposes the
|
Add the sysfs reporting file for TSX Async Abort. It exposes the
|
||||||
vulnerability and the mitigation state similar to the existing files for
|
vulnerability and the mitigation state similar to the existing files for
|
||||||
the other hardware vulnerabilities.
|
the other hardware vulnerabilities.
|
||||||
|
@ -11,20 +13,12 @@ Sysfs file path is:
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
|
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||||
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Jiri Kosina <jkosina@suse.cz>
|
|
||||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
||||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
[bwh: Forward-ported on top of NX: Fix conflicts (neighbouring
|
|
||||||
insertions) in arch/x86/kernel/cpu/bugs.c, drivers/base/cpu.c,
|
|
||||||
include/linux/cpu.h]
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
arch/x86/kernel/cpu/bugs.c | 23 +++++++++++++++++++++++
|
arch/x86/kernel/cpu/bugs.c | 23 +++++++++++++++++++++++
|
||||||
|
@ -32,11 +26,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
include/linux/cpu.h | 3 +++
|
include/linux/cpu.h | 3 +++
|
||||||
3 files changed, 35 insertions(+)
|
3 files changed, 35 insertions(+)
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
||||||
index 828b2fe4bc0a..1ed43b858c52 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/bugs.c
|
--- a/arch/x86/kernel/cpu/bugs.c
|
||||||
+++ b/arch/x86/kernel/cpu/bugs.c
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
||||||
@@ -1426,6 +1426,21 @@ static ssize_t mds_show_state(char *buf)
|
@@ -1408,6 +1408,21 @@ static ssize_t mds_show_state(char *buf)
|
||||||
sched_smt_active() ? "vulnerable" : "disabled");
|
sched_smt_active() ? "vulnerable" : "disabled");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,9 +50,9 @@ index 828b2fe4bc0a..1ed43b858c52 100644
|
||||||
static char *stibp_state(void)
|
static char *stibp_state(void)
|
||||||
{
|
{
|
||||||
if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
|
if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
|
||||||
@@ -1497,6 +1512,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr
|
@@ -1476,6 +1491,9 @@ static ssize_t cpu_show_common(struct de
|
||||||
case X86_BUG_ITLB_MULTIHIT:
|
case X86_BUG_MDS:
|
||||||
return itlb_multihit_show_state(buf);
|
return mds_show_state(buf);
|
||||||
|
|
||||||
+ case X86_BUG_TAA:
|
+ case X86_BUG_TAA:
|
||||||
+ return tsx_async_abort_show_state(buf);
|
+ return tsx_async_abort_show_state(buf);
|
||||||
|
@ -68,9 +60,9 @@ index 828b2fe4bc0a..1ed43b858c52 100644
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -1538,4 +1556,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr
|
@@ -1512,4 +1530,9 @@ ssize_t cpu_show_mds(struct device *dev,
|
||||||
{
|
{
|
||||||
return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT);
|
return cpu_show_common(dev, attr, buf, X86_BUG_MDS);
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+ssize_t cpu_show_tsx_async_abort(struct device *dev, struct device_attribute *attr, char *buf)
|
+ssize_t cpu_show_tsx_async_abort(struct device *dev, struct device_attribute *attr, char *buf)
|
||||||
|
@ -78,11 +70,9 @@ index 828b2fe4bc0a..1ed43b858c52 100644
|
||||||
+ return cpu_show_common(dev, attr, buf, X86_BUG_TAA);
|
+ return cpu_show_common(dev, attr, buf, X86_BUG_TAA);
|
||||||
+}
|
+}
|
||||||
#endif
|
#endif
|
||||||
diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c
|
|
||||||
index c21e2aec5cbb..e9e7fde0fe00 100644
|
|
||||||
--- a/drivers/base/cpu.c
|
--- a/drivers/base/cpu.c
|
||||||
+++ b/drivers/base/cpu.c
|
+++ b/drivers/base/cpu.c
|
||||||
@@ -558,6 +558,13 @@ ssize_t __weak cpu_show_itlb_multihit(struct device *dev,
|
@@ -552,12 +552,20 @@ ssize_t __weak cpu_show_mds(struct devic
|
||||||
return sprintf(buf, "Not affected\n");
|
return sprintf(buf, "Not affected\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,30 +86,27 @@ index c21e2aec5cbb..e9e7fde0fe00 100644
|
||||||
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
|
||||||
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
|
||||||
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
|
||||||
@@ -565,6 +572,7 @@ static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
|
static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
|
||||||
static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
|
static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL);
|
||||||
static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
|
static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL);
|
||||||
static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL);
|
|
||||||
+static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL);
|
+static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL);
|
||||||
|
|
||||||
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
||||||
&dev_attr_meltdown.attr,
|
&dev_attr_meltdown.attr,
|
||||||
@@ -574,6 +582,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = {
|
@@ -566,6 +574,7 @@ static struct attribute *cpu_root_vulner
|
||||||
|
&dev_attr_spec_store_bypass.attr,
|
||||||
&dev_attr_l1tf.attr,
|
&dev_attr_l1tf.attr,
|
||||||
&dev_attr_mds.attr,
|
&dev_attr_mds.attr,
|
||||||
&dev_attr_itlb_multihit.attr,
|
|
||||||
+ &dev_attr_tsx_async_abort.attr,
|
+ &dev_attr_tsx_async_abort.attr,
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
|
||||||
index 7bb824b0f30e..9d8dba19844e 100644
|
|
||||||
--- a/include/linux/cpu.h
|
--- a/include/linux/cpu.h
|
||||||
+++ b/include/linux/cpu.h
|
+++ b/include/linux/cpu.h
|
||||||
@@ -61,6 +61,9 @@ extern ssize_t cpu_show_mds(struct device *dev,
|
@@ -59,6 +59,9 @@ extern ssize_t cpu_show_l1tf(struct devi
|
||||||
|
struct device_attribute *attr, char *buf);
|
||||||
|
extern ssize_t cpu_show_mds(struct device *dev,
|
||||||
struct device_attribute *attr, char *buf);
|
struct device_attribute *attr, char *buf);
|
||||||
extern ssize_t cpu_show_itlb_multihit(struct device *dev,
|
|
||||||
struct device_attribute *attr, char *buf);
|
|
||||||
+extern ssize_t cpu_show_tsx_async_abort(struct device *dev,
|
+extern ssize_t cpu_show_tsx_async_abort(struct device *dev,
|
||||||
+ struct device_attribute *attr,
|
+ struct device_attribute *attr,
|
||||||
+ char *buf);
|
+ char *buf);
|
|
@ -2,6 +2,8 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 12:23:33 +0200
|
Date: Wed, 23 Oct 2019 12:23:33 +0200
|
||||||
Subject: kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
|
Subject: kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
|
||||||
|
|
||||||
|
commit e1d38b63acd843cfdd4222bf19a26700fd5c699e upstream.
|
||||||
|
|
||||||
Export the IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX
|
Export the IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX
|
||||||
Async Abort(TAA) affected hosts that have TSX enabled and updated
|
Async Abort(TAA) affected hosts that have TSX enabled and updated
|
||||||
microcode. This is required so that the guests don't complain,
|
microcode. This is required so that the guests don't complain,
|
||||||
|
@ -20,26 +22,18 @@ CPUID.MD_CLEAR=1, they deploy MDS mitigation which also mitigates TAA.
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Joerg Roedel <joro@8bytes.org>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Cc: kvm ML <kvm@vger.kernel.org>
|
|
||||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
|
||||||
Cc: "Radim Krcmar" <rkrcmar@redhat.com>
|
|
||||||
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
---
|
---
|
||||||
arch/x86/kvm/x86.c | 19 +++++++++++++++++++
|
arch/x86/kvm/x86.c | 19 +++++++++++++++++++
|
||||||
1 file changed, 19 insertions(+)
|
1 file changed, 19 insertions(+)
|
||||||
|
|
||||||
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
|
|
||||||
index da688e726632..c68ee8d1ef8c 100644
|
|
||||||
--- a/arch/x86/kvm/x86.c
|
--- a/arch/x86/kvm/x86.c
|
||||||
+++ b/arch/x86/kvm/x86.c
|
+++ b/arch/x86/kvm/x86.c
|
||||||
@@ -1151,6 +1151,25 @@ u64 kvm_get_arch_capabilities(void)
|
@@ -1127,6 +1127,25 @@ u64 kvm_get_arch_capabilities(void)
|
||||||
if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER)
|
if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER)
|
||||||
data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH;
|
data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH;
|
||||||
|
|
|
@ -2,6 +2,8 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 12:28:57 +0200
|
Date: Wed, 23 Oct 2019 12:28:57 +0200
|
||||||
Subject: x86/tsx: Add "auto" option to the tsx= cmdline parameter
|
Subject: x86/tsx: Add "auto" option to the tsx= cmdline parameter
|
||||||
|
|
||||||
|
commit 7531a3596e3272d1f6841e0d601a614555dc6b65 upstream.
|
||||||
|
|
||||||
Platforms which are not affected by X86_BUG_TAA may want the TSX feature
|
Platforms which are not affected by X86_BUG_TAA may want the TSX feature
|
||||||
enabled. Add "auto" option to the TSX cmdline parameter. When tsx=auto
|
enabled. Add "auto" option to the TSX cmdline parameter. When tsx=auto
|
||||||
disable TSX when X86_BUG_TAA is present, otherwise enable TSX.
|
disable TSX when X86_BUG_TAA is present, otherwise enable TSX.
|
||||||
|
@ -13,45 +15,30 @@ https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
|
||||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
||||||
Cc: Juergen Gross <jgross@suse.com>
|
|
||||||
Cc: linux-doc@vger.kernel.org
|
|
||||||
Cc: Mark Gross <mgross@linux.intel.com>
|
|
||||||
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
---
|
---
|
||||||
Documentation/admin-guide/kernel-parameters.txt | 5 +++++
|
Documentation/admin-guide/kernel-parameters.txt | 3 +++
|
||||||
arch/x86/kernel/cpu/tsx.c | 7 ++++++-
|
arch/x86/kernel/cpu/tsx.c | 7 ++++++-
|
||||||
2 files changed, 11 insertions(+), 1 deletion(-)
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
||||||
index f03756d2addb..e6a58cbbfab8 100644
|
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -4715,6 +4715,11 @@
|
@@ -4706,6 +4706,9 @@
|
||||||
|
update. This new MSR allows for the reliable
|
||||||
|
deactivation of the TSX functionality.)
|
||||||
|
|
||||||
on - Enable TSX on the system.
|
|
||||||
off - Disable TSX on the system.
|
|
||||||
+ auto - Disable TSX if X86_BUG_TAA is present,
|
+ auto - Disable TSX if X86_BUG_TAA is present,
|
||||||
+ otherwise enable TSX on the system.
|
+ otherwise enable TSX on the system.
|
||||||
+
|
+
|
||||||
+ More details on X86_BUG_TAA here:
|
|
||||||
+ Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
|
||||||
|
|
||||||
Not specifying this option is equivalent to tsx=off.
|
Not specifying this option is equivalent to tsx=off.
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
See Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
index e5933ef50add..89ab91eacd4f 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/tsx.c
|
--- a/arch/x86/kernel/cpu/tsx.c
|
||||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||||
@@ -69,7 +69,7 @@ static bool __init tsx_ctrl_is_supported(void)
|
@@ -75,7 +75,7 @@ static bool __init tsx_ctrl_is_supported
|
||||||
|
|
||||||
void __init tsx_init(void)
|
void __init tsx_init(void)
|
||||||
{
|
{
|
||||||
|
@ -60,7 +47,7 @@ index e5933ef50add..89ab91eacd4f 100644
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!tsx_ctrl_is_supported())
|
if (!tsx_ctrl_is_supported())
|
||||||
@@ -81,6 +81,11 @@ void __init tsx_init(void)
|
@@ -87,6 +87,11 @@ void __init tsx_init(void)
|
||||||
tsx_ctrl_state = TSX_CTRL_ENABLE;
|
tsx_ctrl_state = TSX_CTRL_ENABLE;
|
||||||
} else if (!strcmp(arg, "off")) {
|
} else if (!strcmp(arg, "off")) {
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
|
@ -2,49 +2,42 @@ From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Date: Wed, 23 Oct 2019 12:32:55 +0200
|
Date: Wed, 23 Oct 2019 12:32:55 +0200
|
||||||
Subject: x86/speculation/taa: Add documentation for TSX Async Abort
|
Subject: x86/speculation/taa: Add documentation for TSX Async Abort
|
||||||
|
|
||||||
|
commit a7a248c593e4fd7a67c50b5f5318fe42a0db335e upstream.
|
||||||
|
|
||||||
Add the documenation for TSX Async Abort. Include the description of
|
Add the documenation for TSX Async Abort. Include the description of
|
||||||
the issue, how to check the mitigation state, control the mitigation,
|
the issue, how to check the mitigation state, control the mitigation,
|
||||||
guidance for system administrators.
|
guidance for system administrators.
|
||||||
|
|
||||||
[ bp: Add proper SPDX tags, touch ups. ]
|
[ bp: Add proper SPDX tags, touch ups by Josh and me. ]
|
||||||
|
|
||||||
Co-developed-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
Co-developed-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
||||||
|
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
Signed-off-by: Antonio Gomez Iglesias <antonio.gomez.iglesias@intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
Reviewed-by: Mark Gross <mgross@linux.intel.com>
|
||||||
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
Reviewed-by: Tony Luck <tony.luck@intel.com>
|
||||||
Cc: Andrew Morton <akpm@linux-foundation.org>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Fenghua Yu <fenghua.yu@intel.com>
|
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
|
||||||
Cc: Jonathan Corbet <corbet@lwn.net>
|
|
||||||
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
||||||
Cc: Juergen Gross <jgross@suse.com>
|
|
||||||
Cc: linux-doc@vger.kernel.org
|
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
[bwh: Forward-ported on top of NX: Fix conflict (neighbouring
|
|
||||||
insertions) in Documentation/ABI/testing/sysfs-devices-system-cpu]
|
|
||||||
[bwh: Backported to 4.19: adjust context]
|
[bwh: Backported to 4.19: adjust context]
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
---
|
---
|
||||||
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
.../ABI/testing/sysfs-devices-system-cpu | 1 +
|
||||||
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
Documentation/admin-guide/hw-vuln/index.rst | 1 +
|
||||||
.../admin-guide/hw-vuln/tsx_async_abort.rst | 256 ++++++++++++++++++
|
.../admin-guide/hw-vuln/tsx_async_abort.rst | 276 ++++++++++++++++++
|
||||||
.../admin-guide/kernel-parameters.txt | 36 +++
|
.../admin-guide/kernel-parameters.txt | 38 +++
|
||||||
Documentation/x86/index.rst | 1 +
|
Documentation/x86/index.rst | 1 +
|
||||||
Documentation/x86/tsx_async_abort.rst | 117 ++++++++
|
Documentation/x86/tsx_async_abort.rst | 117 ++++++++
|
||||||
6 files changed, 412 insertions(+)
|
6 files changed, 434 insertions(+)
|
||||||
create mode 100644 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
create mode 100644 Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
create mode 100644 Documentation/x86/tsx_async_abort.rst
|
create mode 100644 Documentation/x86/tsx_async_abort.rst
|
||||||
|
|
||||||
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
--- a/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||||
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
+++ b/Documentation/ABI/testing/sysfs-devices-system-cpu
|
||||||
@@ -479,6 +479,7 @@ What: /sys/devices/system/cpu/vulnerabi
|
@@ -478,6 +478,7 @@ What: /sys/devices/system/cpu/vulnerabi
|
||||||
|
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
|
||||||
/sys/devices/system/cpu/vulnerabilities/l1tf
|
/sys/devices/system/cpu/vulnerabilities/l1tf
|
||||||
/sys/devices/system/cpu/vulnerabilities/mds
|
/sys/devices/system/cpu/vulnerabilities/mds
|
||||||
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
|
|
||||||
+ /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
+ /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
|
||||||
Date: January 2018
|
Date: January 2018
|
||||||
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
|
||||||
|
@ -58,7 +51,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+ tsx_async_abort
|
+ tsx_async_abort
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
+++ b/Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
@@ -0,0 +1,256 @@
|
@@ -0,0 +1,276 @@
|
||||||
+.. SPDX-License-Identifier: GPL-2.0
|
+.. SPDX-License-Identifier: GPL-2.0
|
||||||
+
|
+
|
||||||
+TAA - TSX Asynchronous Abort
|
+TAA - TSX Asynchronous Abort
|
||||||
|
@ -121,7 +114,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+
|
+
|
||||||
+The victim of a malicious actor does not need to make use of TSX. Only the
|
+The victim of a malicious actor does not need to make use of TSX. Only the
|
||||||
+attacker needs to begin a TSX transaction and raise an asynchronous abort
|
+attacker needs to begin a TSX transaction and raise an asynchronous abort
|
||||||
+to try to leak some of data stored in the buffers.
|
+which in turn potenitally leaks data stored in the buffers.
|
||||||
+
|
+
|
||||||
+More detailed technical information is available in the TAA specific x86
|
+More detailed technical information is available in the TAA specific x86
|
||||||
+architecture section: :ref:`Documentation/x86/tsx_async_abort.rst <tsx_async_abort>`.
|
+architecture section: :ref:`Documentation/x86/tsx_async_abort.rst <tsx_async_abort>`.
|
||||||
|
@ -133,9 +126,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+Attacks against the TAA vulnerability can be implemented from unprivileged
|
+Attacks against the TAA vulnerability can be implemented from unprivileged
|
||||||
+applications running on hosts or guests.
|
+applications running on hosts or guests.
|
||||||
+
|
+
|
||||||
+As for MDS, the attacker has no control over the memory addresses that can be
|
+As for MDS, the attacker has no control over the memory addresses that can
|
||||||
+leaked. Only the victim is responsible for bringing data to the CPU. As a
|
+be leaked. Only the victim is responsible for bringing data to the CPU. As
|
||||||
+result, the malicious actor has to first sample as much data as possible and
|
+a result, the malicious actor has to sample as much data as possible and
|
||||||
+then postprocess it to try to infer any useful information from it.
|
+then postprocess it to try to infer any useful information from it.
|
||||||
+
|
+
|
||||||
+A potential attacker only has read access to the data. Also, there is no direct
|
+A potential attacker only has read access to the data. Also, there is no direct
|
||||||
|
@ -202,11 +195,12 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+Virtualization mitigation
|
+Virtualization mitigation
|
||||||
+^^^^^^^^^^^^^^^^^^^^^^^^^
|
+^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
+
|
+
|
||||||
+Affected systems where the host has the TAA microcode and the TAA mitigation is
|
+Affected systems where the host has TAA microcode and TAA is mitigated by
|
||||||
+ON (with TSX disabled) are not vulnerable regardless of the status of the VMs.
|
+having disabled TSX previously, are not vulnerable regardless of the status
|
||||||
|
+of the VMs.
|
||||||
+
|
+
|
||||||
+In all other cases, if the host either does not have the TAA microcode or the
|
+In all other cases, if the host either does not have the TAA microcode or
|
||||||
+kernel is not mitigated, the system might be vulnerable.
|
+the kernel is not mitigated, the system might be vulnerable.
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
+.. _taa_mitigation_control_command_line:
|
+.. _taa_mitigation_control_command_line:
|
||||||
|
@ -244,11 +238,23 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+The valid options are:
|
+The valid options are:
|
||||||
+
|
+
|
||||||
+ ============ =============================================================
|
+ ============ =============================================================
|
||||||
+ off Disables TSX.
|
+ off Disables TSX on the system.
|
||||||
|
+
|
||||||
|
+ Note that this option takes effect only on newer CPUs which are
|
||||||
|
+ not vulnerable to MDS, i.e., have MSR_IA32_ARCH_CAPABILITIES.MDS_NO=1
|
||||||
|
+ and which get the new IA32_TSX_CTRL MSR through a microcode
|
||||||
|
+ update. This new MSR allows for the reliable deactivation of
|
||||||
|
+ the TSX functionality.
|
||||||
+
|
+
|
||||||
+ on Enables TSX.
|
+ on Enables TSX.
|
||||||
+
|
+
|
||||||
+ auto Disables TSX on affected platform, otherwise enables TSX.
|
+ Although there are mitigations for all known security
|
||||||
|
+ vulnerabilities, TSX has been known to be an accelerator for
|
||||||
|
+ several previous speculation-related CVEs, and so there may be
|
||||||
|
+ unknown security risks associated with leaving it enabled.
|
||||||
|
+
|
||||||
|
+ auto Disables TSX if X86_BUG_TAA is present, otherwise enables TSX
|
||||||
|
+ on the system.
|
||||||
+ ============ =============================================================
|
+ ============ =============================================================
|
||||||
+
|
+
|
||||||
+Not specifying this option is equivalent to "tsx=off".
|
+Not specifying this option is equivalent to "tsx=off".
|
||||||
|
@ -256,17 +262,24 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+The following combinations of the "tsx_async_abort" and "tsx" are possible. For
|
+The following combinations of the "tsx_async_abort" and "tsx" are possible. For
|
||||||
+affected platforms tsx=auto is equivalent to tsx=off and the result will be:
|
+affected platforms tsx=auto is equivalent to tsx=off and the result will be:
|
||||||
+
|
+
|
||||||
+ ========= ==================== =========================================
|
+ ========= ========================== =========================================
|
||||||
+ tsx=on tsx_async_abort=full The system will use VERW to clear CPU
|
+ tsx=on tsx_async_abort=full The system will use VERW to clear CPU
|
||||||
+ buffers.
|
+ buffers. Cross-thread attacks are still
|
||||||
+ tsx=on tsx_async_abort=off The system is vulnerable.
|
+ possible on SMT machines.
|
||||||
+ tsx=off tsx_async_abort=full TSX is disabled. System is not vulnerable.
|
+ tsx=on tsx_async_abort=full,nosmt As above, cross-thread attacks on SMT
|
||||||
+ tsx=off tsx_async_abort=off TSX is disabled. System is not vulnerable.
|
+ mitigated.
|
||||||
+ ========= ==================== =========================================
|
+ tsx=on tsx_async_abort=off The system is vulnerable.
|
||||||
|
+ tsx=off tsx_async_abort=full TSX might be disabled if microcode
|
||||||
|
+ provides a TSX control MSR. If so,
|
||||||
|
+ system is not vulnerable.
|
||||||
|
+ tsx=off tsx_async_abort=full,nosmt Ditto
|
||||||
|
+ tsx=off tsx_async_abort=off ditto
|
||||||
|
+ ========= ========================== =========================================
|
||||||
|
+
|
||||||
+
|
+
|
||||||
+For unaffected platforms "tsx=on" and "tsx_async_abort=full" does not clear CPU
|
+For unaffected platforms "tsx=on" and "tsx_async_abort=full" does not clear CPU
|
||||||
+buffers. For platforms without TSX control "tsx" command line argument has no
|
+buffers. For platforms without TSX control (MSR_IA32_ARCH_CAPABILITIES.MDS_NO=0)
|
||||||
+effect.
|
+"tsx" command line argument has no effect.
|
||||||
+
|
+
|
||||||
+For the affected platforms below table indicates the mitigation status for the
|
+For the affected platforms below table indicates the mitigation status for the
|
||||||
+combinations of CPUID bit MD_CLEAR and IA32_ARCH_CAPABILITIES MSR bits MDS_NO
|
+combinations of CPUID bit MD_CLEAR and IA32_ARCH_CAPABILITIES MSR bits MDS_NO
|
||||||
|
@ -275,7 +288,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+ ======= ========= ============= ========================================
|
+ ======= ========= ============= ========================================
|
||||||
+ MDS_NO MD_CLEAR TSX_CTRL_MSR Status
|
+ MDS_NO MD_CLEAR TSX_CTRL_MSR Status
|
||||||
+ ======= ========= ============= ========================================
|
+ ======= ========= ============= ========================================
|
||||||
+ 0 0 0 Vulnerable (needs ucode)
|
+ 0 0 0 Vulnerable (needs microcode)
|
||||||
+ 0 1 0 MDS and TAA mitigated via VERW
|
+ 0 1 0 MDS and TAA mitigated via VERW
|
||||||
+ 1 1 0 MDS fixed, TAA vulnerable if TSX enabled
|
+ 1 1 0 MDS fixed, TAA vulnerable if TSX enabled
|
||||||
+ because MD_CLEAR has no meaning and
|
+ because MD_CLEAR has no meaning and
|
||||||
|
@ -317,7 +330,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+ - Deploy TSX disable mitigation (tsx_async_abort=full tsx=off).
|
+ - Deploy TSX disable mitigation (tsx_async_abort=full tsx=off).
|
||||||
--- a/Documentation/admin-guide/kernel-parameters.txt
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
||||||
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
||||||
@@ -2538,6 +2538,7 @@
|
@@ -2521,6 +2521,7 @@
|
||||||
spec_store_bypass_disable=off [X86,PPC]
|
spec_store_bypass_disable=off [X86,PPC]
|
||||||
l1tf=off [X86]
|
l1tf=off [X86]
|
||||||
mds=off [X86]
|
mds=off [X86]
|
||||||
|
@ -325,7 +338,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
|
||||||
auto (default)
|
auto (default)
|
||||||
Mitigate all CPU vulnerabilities, but leave SMT
|
Mitigate all CPU vulnerabilities, but leave SMT
|
||||||
@@ -2553,6 +2554,7 @@
|
@@ -2536,6 +2537,7 @@
|
||||||
be fully mitigated, even if it means losing SMT.
|
be fully mitigated, even if it means losing SMT.
|
||||||
Equivalent to: l1tf=flush,nosmt [X86]
|
Equivalent to: l1tf=flush,nosmt [X86]
|
||||||
mds=full,nosmt [X86]
|
mds=full,nosmt [X86]
|
||||||
|
@ -333,9 +346,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
|
||||||
mminit_loglevel=
|
mminit_loglevel=
|
||||||
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
|
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
|
||||||
@@ -4718,6 +4720,40 @@
|
@@ -4714,6 +4716,42 @@
|
||||||
|
See Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
|
||||||
Not specifying this option is equivalent to tsx=off.
|
for more details.
|
||||||
|
|
||||||
+ tsx_async_abort= [X86,INTEL] Control mitigation for the TSX Async
|
+ tsx_async_abort= [X86,INTEL] Control mitigation for the TSX Async
|
||||||
+ Abort (TAA) vulnerability.
|
+ Abort (TAA) vulnerability.
|
||||||
|
@ -356,6 +369,8 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
+ options are:
|
+ options are:
|
||||||
+
|
+
|
||||||
+ full - Enable TAA mitigation on vulnerable CPUs
|
+ full - Enable TAA mitigation on vulnerable CPUs
|
||||||
|
+ if TSX is enabled.
|
||||||
|
+
|
||||||
+ full,nosmt - Enable TAA mitigation and disable SMT on
|
+ full,nosmt - Enable TAA mitigation and disable SMT on
|
||||||
+ vulnerable CPUs. If TSX is disabled, SMT
|
+ vulnerable CPUs. If TSX is disabled, SMT
|
||||||
+ is not disabled because CPU is not
|
+ is not disabled because CPU is not
|
|
@ -2,6 +2,8 @@ From: Michal Hocko <mhocko@suse.com>
|
||||||
Date: Wed, 23 Oct 2019 12:35:50 +0200
|
Date: Wed, 23 Oct 2019 12:35:50 +0200
|
||||||
Subject: x86/tsx: Add config options to set tsx=on|off|auto
|
Subject: x86/tsx: Add config options to set tsx=on|off|auto
|
||||||
|
|
||||||
|
commit db616173d787395787ecc93eef075fa975227b10 upstream.
|
||||||
|
|
||||||
There is a general consensus that TSX usage is not largely spread while
|
There is a general consensus that TSX usage is not largely spread while
|
||||||
the history shows there is a non trivial space for side channel attacks
|
the history shows there is a non trivial space for side channel attacks
|
||||||
possible. Therefore the tsx is disabled by default even on platforms
|
possible. Therefore the tsx is disabled by default even on platforms
|
||||||
|
@ -17,22 +19,20 @@ Introduce config options X86_INTEL_TSX_MODE_OFF, X86_INTEL_TSX_MODE_ON
|
||||||
and X86_INTEL_TSX_MODE_AUTO to control the TSX feature. The config
|
and X86_INTEL_TSX_MODE_AUTO to control the TSX feature. The config
|
||||||
setting can be overridden by the tsx cmdline options.
|
setting can be overridden by the tsx cmdline options.
|
||||||
|
|
||||||
|
[ bp: Text cleanups from Josh. ]
|
||||||
|
|
||||||
Suggested-by: Borislav Petkov <bpetkov@suse.de>
|
Suggested-by: Borislav Petkov <bpetkov@suse.de>
|
||||||
Signed-off-by: Michal Hocko <mhocko@suse.com>
|
Signed-off-by: Michal Hocko <mhocko@suse.com>
|
||||||
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
|
||||||
Signed-off-by: Borislav Petkov <bp@suse.de>
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
||||||
Cc: "H. Peter Anvin" <hpa@zytor.com>
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||||
Cc: Ingo Molnar <mingo@redhat.com>
|
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
||||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||||
Cc: Tony Luck <tony.luck@intel.com>
|
|
||||||
Cc: x86-ml <x86@kernel.org>
|
|
||||||
---
|
---
|
||||||
arch/x86/Kconfig | 45 +++++++++++++++++++++++++++++++++++++++
|
arch/x86/Kconfig | 45 +++++++++++++++++++++++++++++++++++++++
|
||||||
arch/x86/kernel/cpu/tsx.c | 22 +++++++++++++------
|
arch/x86/kernel/cpu/tsx.c | 22 +++++++++++++------
|
||||||
2 files changed, 61 insertions(+), 6 deletions(-)
|
2 files changed, 61 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
|
|
||||||
index e76d16ac2776..a47343bb439c 100644
|
|
||||||
--- a/arch/x86/Kconfig
|
--- a/arch/x86/Kconfig
|
||||||
+++ b/arch/x86/Kconfig
|
+++ b/arch/x86/Kconfig
|
||||||
@@ -1903,6 +1903,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
|
@@ -1903,6 +1903,51 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
|
||||||
|
@ -53,13 +53,13 @@ index e76d16ac2776..a47343bb439c 100644
|
||||||
+ will be more of those attacks discovered in the future.
|
+ will be more of those attacks discovered in the future.
|
||||||
+
|
+
|
||||||
+ Therefore TSX is not enabled by default (aka tsx=off). An admin
|
+ Therefore TSX is not enabled by default (aka tsx=off). An admin
|
||||||
+ might override this decision by tsx=on command line parameter. This
|
+ might override this decision by tsx=on the command line parameter.
|
||||||
+ has a risk that TSX will get enabled also on platforms which are
|
+ Even with TSX enabled, the kernel will attempt to enable the best
|
||||||
+ known to be vulnerable to attacks like TAA and a safer option is to
|
+ possible TAA mitigation setting depending on the microcode available
|
||||||
+ use tsx=auto command line parameter.
|
+ for the particular machine.
|
||||||
+
|
+
|
||||||
+ This options allows to set the default tsx mode between tsx=on, off
|
+ This option allows to set the default tsx mode between tsx=on, =off
|
||||||
+ and auto. See Documentation/admin-guide/kernel-parameters.txt for more
|
+ and =auto. See Documentation/admin-guide/kernel-parameters.txt for more
|
||||||
+ details.
|
+ details.
|
||||||
+
|
+
|
||||||
+ Say off if not sure, auto if TSX is in use but it should be used on safe
|
+ Say off if not sure, auto if TSX is in use but it should be used on safe
|
||||||
|
@ -69,29 +69,27 @@ index e76d16ac2776..a47343bb439c 100644
|
||||||
+config X86_INTEL_TSX_MODE_OFF
|
+config X86_INTEL_TSX_MODE_OFF
|
||||||
+ bool "off"
|
+ bool "off"
|
||||||
+ help
|
+ help
|
||||||
+ TSX is always disabled - equals tsx=off command line parameter.
|
+ TSX is disabled if possible - equals to tsx=off command line parameter.
|
||||||
+
|
+
|
||||||
+config X86_INTEL_TSX_MODE_ON
|
+config X86_INTEL_TSX_MODE_ON
|
||||||
+ bool "on"
|
+ bool "on"
|
||||||
+ help
|
+ help
|
||||||
+ TSX is always enabled on TSX capable HW - equals tsx=on command line
|
+ TSX is always enabled on TSX capable HW - equals the tsx=on command
|
||||||
+ parameter.
|
+ line parameter.
|
||||||
+
|
+
|
||||||
+config X86_INTEL_TSX_MODE_AUTO
|
+config X86_INTEL_TSX_MODE_AUTO
|
||||||
+ bool "auto"
|
+ bool "auto"
|
||||||
+ help
|
+ help
|
||||||
+ TSX is enabled on TSX capable HW that is believed to be safe against
|
+ TSX is enabled on TSX capable HW that is believed to be safe against
|
||||||
+ side channel attacks- equals tsx=auto command line parameter.
|
+ side channel attacks- equals the tsx=auto command line parameter.
|
||||||
+endchoice
|
+endchoice
|
||||||
+
|
+
|
||||||
config EFI
|
config EFI
|
||||||
bool "EFI runtime service support"
|
bool "EFI runtime service support"
|
||||||
depends on ACPI
|
depends on ACPI
|
||||||
diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c
|
|
||||||
index 89ab91eacd4f..ab400f8bbfe1 100644
|
|
||||||
--- a/arch/x86/kernel/cpu/tsx.c
|
--- a/arch/x86/kernel/cpu/tsx.c
|
||||||
+++ b/arch/x86/kernel/cpu/tsx.c
|
+++ b/arch/x86/kernel/cpu/tsx.c
|
||||||
@@ -67,6 +67,14 @@ static bool __init tsx_ctrl_is_supported(void)
|
@@ -73,6 +73,14 @@ static bool __init tsx_ctrl_is_supported
|
||||||
return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
return !!(ia32_cap & ARCH_CAP_TSX_CTRL_MSR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,7 +104,7 @@ index 89ab91eacd4f..ab400f8bbfe1 100644
|
||||||
void __init tsx_init(void)
|
void __init tsx_init(void)
|
||||||
{
|
{
|
||||||
char arg[5] = {};
|
char arg[5] = {};
|
||||||
@@ -82,17 +90,19 @@ void __init tsx_init(void)
|
@@ -88,17 +96,19 @@ void __init tsx_init(void)
|
||||||
} else if (!strcmp(arg, "off")) {
|
} else if (!strcmp(arg, "off")) {
|
||||||
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
tsx_ctrl_state = TSX_CTRL_DISABLE;
|
||||||
} else if (!strcmp(arg, "auto")) {
|
} else if (!strcmp(arg, "auto")) {
|
|
@ -258,28 +258,30 @@ bugfix/all/ALSA-usb-audio-Fix-a-stack-buffer-overflow-bug-in-check_input_term.pa
|
||||||
bugfix/all/vhost-make-sure-log_num-in_num.patch
|
bugfix/all/vhost-make-sure-log_num-in_num.patch
|
||||||
bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
|
bugfix/x86/x86-ptrace-fix-up-botched-merge-of-spectrev1-fix.patch
|
||||||
bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch
|
bugfix/all/KVM-coalesced_mmio-add-bounds-checking.patch
|
||||||
bugfix/x86/itlb_multihit/0001-KVM-x86-adjust-kvm_mmu_page-member-to-save-8-bytes.patch
|
bugfix/x86/taa/0001-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch
|
||||||
bugfix/x86/itlb_multihit/0002-kvm-Convert-kvm_lock-to-a-mutex.patch
|
bugfix/x86/taa/0002-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch
|
||||||
bugfix/x86/itlb_multihit/0003-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch
|
bugfix/x86/taa/0003-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch
|
||||||
bugfix/x86/itlb_multihit/0004-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch
|
bugfix/x86/taa/0004-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch
|
||||||
bugfix/x86/itlb_multihit/0005-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch
|
bugfix/x86/taa/0005-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch
|
||||||
bugfix/x86/itlb_multihit/0006-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch
|
bugfix/x86/taa/0006-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch
|
||||||
bugfix/x86/itlb_multihit/0007-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch
|
bugfix/x86/taa/0007-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch
|
||||||
bugfix/x86/itlb_multihit/0008-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch
|
bugfix/x86/taa/0008-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch
|
||||||
bugfix/x86/itlb_multihit/0009-KVM-vmx-svm-always-run-with-EFER.NXE-1-when-shadow-p.patch
|
bugfix/x86/taa/0009-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
|
||||||
bugfix/x86/itlb_multihit/0009-x86-Add-ITLB_MULTIHIT-bug-infrastructure.patch
|
bugfix/x86/itlb_multihit/0010-KVM-x86-adjust-kvm_mmu_page-member-to-save-8-bytes.patch
|
||||||
bugfix/x86/itlb_multihit/0010-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
|
bugfix/x86/itlb_multihit/0011-kvm-Convert-kvm_lock-to-a-mutex.patch
|
||||||
bugfix/x86/itlb_multihit/0011-kvm-Add-helper-function-for-creating-VM-worker.patch
|
bugfix/x86/itlb_multihit/0012-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch
|
||||||
bugfix/x86/itlb_multihit/0012-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
|
bugfix/x86/itlb_multihit/0013-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch
|
||||||
bugfix/x86/taa/0013-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch
|
bugfix/x86/itlb_multihit/0014-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch
|
||||||
bugfix/x86/taa/0014-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch
|
bugfix/x86/itlb_multihit/0015-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch
|
||||||
bugfix/x86/taa/0015-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch
|
bugfix/x86/itlb_multihit/0016-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch
|
||||||
bugfix/x86/taa/0016-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch
|
bugfix/x86/itlb_multihit/0017-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch
|
||||||
bugfix/x86/taa/0017-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch
|
bugfix/x86/itlb_multihit/0018-KVM-vmx-svm-always-run-with-EFER.NXE-1-when-shadow-p.patch
|
||||||
bugfix/x86/taa/0018-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch
|
bugfix/x86/itlb_multihit/0019-x86-bugs-Add-ITLB_MULTIHIT-bug-infrastructure.patch
|
||||||
bugfix/x86/taa/0019-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch
|
bugfix/x86/itlb_multihit/0020-cpu-speculation-Uninline-and-export-CPU-mitigations-.patch
|
||||||
bugfix/x86/taa/0020-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch
|
bugfix/x86/itlb_multihit/0021-kvm-mmu-ITLB_MULTIHIT-mitigation.patch
|
||||||
bugfix/x86/taa/0021-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch
|
bugfix/x86/itlb_multihit/0022-kvm-Add-helper-function-for-creating-VM-worker-threa.patch
|
||||||
|
bugfix/x86/itlb_multihit/0023-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
|
||||||
|
bugfix/x86/itlb_multihit/0024-Documentation-Add-ITLB_MULTIHIT-documentation.patch
|
||||||
|
|
||||||
# ABI maintenance
|
# ABI maintenance
|
||||||
debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch
|
debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch
|
||||||
|
|
Loading…
Reference in New Issue