From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 02 Jul 2018 16:36:09 -0000 Received: from userp2130.oracle.com ([156.151.31.86]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fa1o8-0007D5-2A for speck@linutronix.de; Mon, 02 Jul 2018 18:36:08 +0200 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w62GThKR102907 for ; Mon, 2 Jul 2018 16:36:01 GMT Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2jx19sn9p2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 02 Jul 2018 16:36:01 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w62Ga0jf026329 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 2 Jul 2018 16:36:00 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w62Ga0Ld010358 for ; Mon, 2 Jul 2018 16:36:00 GMT Date: Mon, 2 Jul 2018 12:35:59 -0400 From: Konrad Rzeszutek Wilk Subject: [MODERATED] Re: [patch V5 05/10] KVM magic # 5 Message-ID: <20180702163559.GD17137@char.US.ORACLE.com> References: <20180702154426.910579106@linutronix.de> <20180702160528.906801335@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20180702160528.906801335@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: ..snip.. > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -9576,9 +9576,20 @@ static int vmx_handle_exit(struct kvm_vc > #define L1D_CACHE_ORDER 4 > static void *vmx_l1d_flush_pages; > > -static void __maybe_unused vmx_l1d_flush(void) > +static void vmx_l1d_flush(struct kvm_vcpu *vcpu) > { > int size = PAGE_SIZE << L1D_CACHE_ORDER; > + bool always; > + > + /* > + * If the mitigation mode is 'flush always', keep the flush bit > + * set, otherwise clear it. It gets set again either from > + * vcpu_run() or from one of the unsafe VMEXIT handlers. > + */ > + always = vmentry_l1d_flush == VMENTER_L1D_FLUSH_ALWAYS; > + vcpu->arch.l1tf_flush_l1d = always; You did the reset of arch.l1tf_flush_l1d _after_ we have done this vmx_l1d_flush call, nice!! So obvious in retrospect. See below one tiny comment. ..snip.. > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -195,6 +195,7 @@ struct kvm_stats_debugfs_item debugfs_en > { "irq_injections", VCPU_STAT(irq_injections) }, > { "nmi_injections", VCPU_STAT(nmi_injections) }, > { "req_event", VCPU_STAT(req_event) }, > + { "l1d_flush", VCPU_STAT(l1d_flush) }, > { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) }, > { "mmu_pte_write", VM_STAT(mmu_pte_write) }, > { "mmu_pte_updated", VM_STAT(mmu_pte_updated) }, > @@ -4799,6 +4800,8 @@ int kvm_read_guest_virt(struct kvm_vcpu > { > u32 access = (kvm_x86_ops->get_cpl(vcpu) == 3) ? PFERR_USER_MASK : 0; > > + /* The gva_to_pa walker can pull in tons of pages. */ > + vcpu->arch.l1tf_flush_l1d = true; I think also kvm_write_guest_virt_system ? That covers vmptrs and vmread. > return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, access, > exception); > } > @@ -6050,6 +6053,8 @@ int x86_emulate_instruction(struct kvm_v > bool writeback = true; > bool write_fault_to_spt = vcpu->arch.write_fault_to_shadow_pgtable; > > + vcpu->arch.l1tf_flush_l1d = true; > + > /* > * Clear write_fault_to_shadow_pgtable here to ensure it is > * never reused. > @@ -7579,6 +7584,7 @@ static int vcpu_run(struct kvm_vcpu *vcp > struct kvm *kvm = vcpu->kvm; > > vcpu->srcu_idx = srcu_read_lock(&kvm->srcu); > + vcpu->arch.l1tf_flush_l1d = true; > > for (;;) { > if (kvm_vcpu_running(vcpu)) { > @@ -8698,6 +8704,7 @@ void kvm_arch_vcpu_uninit(struct kvm_vcp > > void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) > { > + vcpu->arch.l1tf_flush_l1d = true; > kvm_x86_ops->sched_in(vcpu, cpu); > } > >