From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 12 Jul 2018 17:16:36 -0000 Received: from mail.linuxfoundation.org ([140.211.169.12]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fdfCl-0002dd-2f for speck@linutronix.de; Thu, 12 Jul 2018 19:16:35 +0200 Date: Thu, 12 Jul 2018 19:16:25 +0200 From: Greg KH Subject: [MODERATED] Re: [patch V10 09/10] Control knobs and Documentation 9 Message-ID: <20180712171625.GA23735@kroah.com> References: <20180712141902.576562442@linutronix.de> <20180712142957.709184145@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20180712142957.709184145@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Thu, Jul 12, 2018 at 04:19:11PM +0200, speck for Thomas Gleixner wrote: > From: Jiri Kosina > Subject: [patch V10 09/10] x86/bugs, kvm: introduce boot-time control of L1TF mitigations > > Introduce the 'l1tf=' kernel command line option to allow for boot-time > switching of mitigation that is used on processors affected by L1TF. > > The possible values are: > > full > Provides all available mitigations for the L1TF vulnerability. Disables > SMT and enables all mitigations in the hypervisors. SMT control via > /sys/devices/system/cpu/smt/control is still possible after boot. > Hypervisors will issue a warning when the first VM is started in > a potentially insecure configuration, i.e. SMT enabled or L1D flush > disabled. > > full,force > Same as 'full', but disables SMT control. Implies the 'nosmt=force' > command line option. sysfs control of SMT and the hypervisor flush > control is disabled. > > flush > Leaves SMT enabled and enables the conditional hypervisor mitigation. > Hypervisors will issue a warning when the first VM is started in a > potentially insecure configuration, i.e. SMT enabled or L1D flush > disabled. > > flush,nosmt > Disables SMT and enables the conditional hypervisor mitigation. SMT > control via /sys/devices/system/cpu/smt/control is still possible > after boot. If SMT is reenabled or flushing disabled at runtime > hypervisors will issue a warning. > > flush,nowarn > Same as 'flush', but hypervisors will not warn when > a VM is started in a potentially insecure configuration. > > off > Disables hypervisor mitigations and doesn't emit any warnings. > > Default is 'flush'. > > Let KVM adhere to these semantics, which means: > > - 'lt1f=full,force' : Performe L1D flushes. No runtime control > possible. > > - 'l1tf=full' > - 'l1tf-flush' > - 'l1tf=flush,nosmt' : Perform L1D flushes and warn on VM start if > SMT has been runtime enabled or L1D flushing > has been run-time enabled > > - 'l1tf=flush,nowarn' : Perform L1D flushes and no warnings are emitted. > > - 'l1tf=off' : L1D flushes are not performed and no warnings > are emitted. > > KVM can always override the L1D flushing behavior using its 'vmentry_l1d_flush' > module parameter except when lt1f=full,force is set. > > This makes KVM's private 'nosmt' option redundant, and as it is a bit > non-systematic anyway (this is something to control globally, not on > hypervisor level), remove that option. > > Signed-off-by: Jiri Kosina > Signed-off-by: Thomas Gleixner Reviewed-by: Greg Kroah-Hartman