From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 03 Mar 2019 02:54:54 -0000 Received: from mail.kernel.org ([198.145.29.99]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1h0HHA-0006i8-Gk for speck@linutronix.de; Sun, 03 Mar 2019 03:54:53 +0100 Received: from localhost (lfbn-1-18527-45.w90-101.abo.wanadoo.fr [90.101.69.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 125B520838 for ; Sun, 3 Mar 2019 02:54:44 +0000 (UTC) Date: Sun, 3 Mar 2019 03:54:42 +0100 From: Frederic Weisbecker Subject: [MODERATED] Re: [patch V6 08/14] MDS basics 8 Message-ID: <20190303025441.GA27786@lerouge> References: <20190301214738.281554861@linutronix.de> <20190301214847.896222054@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20190301214847.896222054@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Fri, Mar 01, 2019 at 10:47:46PM +0100, speck for Thomas Gleixner wrote: > CPUs which are affected by L1TF and MDS mitigate MDS with the L1D Flush on > VMENTER when updated microcode is installed. > > If a CPU is not affected by L1TF or if the L1D Flush is not in use, then > MDS mitigation needs to be invoked explicit. > > For these cases, follow the host mitigation state and invoke the MDS > mitigation before VMENTER. > > Signed-off-by: Thomas Gleixner > Reviewed-by: Greg Kroah-Hartman > --- > V4 --> V5: Fix changelog > --- > arch/x86/kernel/cpu/bugs.c | 1 + > arch/x86/kvm/vmx/vmx.c | 2 ++ > 2 files changed, 3 insertions(+) > > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -65,6 +65,7 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_always > > /* Control MDS CPU buffer clear before returning to user space */ > DEFINE_STATIC_KEY_FALSE(mds_user_clear); > +EXPORT_SYMBOL_GPL(mds_user_clear); > > void __init check_bugs(void) > { > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -6371,6 +6371,8 @@ static void __vmx_vcpu_run(struct kvm_vc We may want to add a comment below to summarize what's explained in the changelog. git blame tends to lose prime history after any future most unsignificant variable rename. Something like: + /* l1tf mitigation, if present, spares us mds mitigation */ > if (static_branch_unlikely(&vmx_l1d_should_flush)) > vmx_l1d_flush(vcpu); > + else if (static_branch_unlikely(&mds_user_clear)) > + mds_clear_cpu_buffers(); Reviewed-by: Frederic Weisbecker Thanks.