From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 6.7 04/61] KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
Date: Wed, 13 Mar 2024 12:31:39 -0400 [thread overview]
Message-ID: <20240313163236.613880-5-sashal@kernel.org> (raw)
In-Reply-To: <20240313163236.613880-1-sashal@kernel.org>
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 2a0180129d726a4b953232175857d442651b55a0 upstream.
Mitigation for RFDS requires RFDS_CLEAR capability which is enumerated
by MSR_IA32_ARCH_CAPABILITIES bit 27. If the host has it set, export it
to guests so that they can deploy the mitigation.
RFDS_NO indicates that the system is not vulnerable to RFDS, export it
to guests so that they don't deploy the mitigation unnecessarily. When
the host is not affected by X86_BUG_RFDS, but has RFDS_NO=0, synthesize
RFDS_NO to the guest.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 468870450b8ba..8021c62b0e7b0 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1620,7 +1620,8 @@ static bool kvm_is_immutable_feature_msr(u32 msr)
ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
- ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
+ ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \
+ ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR)
static u64 kvm_get_arch_capabilities(void)
{
@@ -1652,6 +1653,8 @@ static u64 kvm_get_arch_capabilities(void)
data |= ARCH_CAP_SSB_NO;
if (!boot_cpu_has_bug(X86_BUG_MDS))
data |= ARCH_CAP_MDS_NO;
+ if (!boot_cpu_has_bug(X86_BUG_RFDS))
+ data |= ARCH_CAP_RFDS_NO;
if (!boot_cpu_has(X86_FEATURE_RTM)) {
/*
--
2.43.0
next prev parent reply other threads:[~2024-03-13 16:32 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 16:31 [PATCH 6.7 00/61] 6.7.10-rc1 review Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 01/61] x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 02/61] Documentation/hw-vuln: Add documentation for RFDS Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 03/61] x86/rfds: Mitigate Register File Data Sampling (RFDS) Sasha Levin
2024-03-13 16:31 ` Sasha Levin [this message]
2024-03-13 16:31 ` [PATCH 6.7 05/61] dt-bindings: dma: fsl-edma: Add fsl-edma.h to prevent hardcoding in dts Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 06/61] dmaengine: fsl-edma: utilize common dt-binding header file Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 07/61] dmaengine: fsl-edma: correct max_segment_size setting Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 08/61] xfrm: Clear low order bits of ->flowi4_tos in decode_session4() Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 09/61] xfrm: Pass UDP encapsulation in TX packet offload Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 10/61] net: lan78xx: fix runtime PM count underflow on link stop Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 11/61] ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 12/61] i40e: disable NAPI right after disabling irqs when handling xsk_pool Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 13/61] ice: reorder disabling IRQ and NAPI in ice_qp_dis Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 14/61] ice: replace ice_vf_recreate_vsi() with ice_vf_reconfig_vsi() Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 15/61] ice: reconfig host after changing MSI-X on VF Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 16/61] Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 17/61] Revert "net/mlx5e: Check the number of elements before walk TC rhashtable" Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 18/61] net/mlx5: E-switch, Change flow rule destination checking Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 19/61] net/mlx5: Fix fw reporter diagnose output Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 20/61] net/mlx5: Check capability for fw_reset Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 21/61] net/mlx5e: Change the warning when ignore_flow_level is not supported Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 22/61] net/mlx5e: Fix MACsec state loss upon state update in offload path Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 23/61] net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map Sasha Levin
2024-03-13 16:31 ` [PATCH 6.7 24/61] net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 25/61] tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 26/61] geneve: make sure to pull inner header in geneve_rx() Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 27/61] net: sparx5: Fix use after free inside sparx5_del_mact_entry Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 28/61] idpf: disable local BH when scheduling napi for marker packets Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 29/61] ice: virtchnl: stop pretending to support RSS over AQ or registers Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 30/61] net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 31/61] ice: fix uninitialized dplls mutex usage Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 32/61] igc: avoid returning frame twice in XDP_REDIRECT Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 33/61] net/ipv6: avoid possible UAF in ip6_route_mpath_notify() Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 34/61] bpf: check bpf_func_state->callback_depth when pruning states Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 35/61] xdp, bonding: Fix feature flags when there are no slave devs anymore Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 36/61] selftests/bpf: Fix up xdp bonding test wrt feature flags Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 37/61] cpumap: Zero-initialise xdp_rxq_info struct before running XDP program Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 38/61] net: dsa: microchip: fix register write order in ksz8_ind_write8() Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 39/61] net/rds: fix WARNING in rds_conn_connect_if_down Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 40/61] netfilter: nft_ct: fix l3num expectations with inet pseudo family Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 41/61] netfilter: nf_conntrack_h323: Add protection for bmp length out of range Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 42/61] erofs: apply proper VMA alignment for memory mapped files on THP Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 43/61] netrom: Fix a data-race around sysctl_netrom_default_path_quality Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 44/61] netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 45/61] netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 46/61] netrom: Fix a data-race around sysctl_netrom_transport_timeout Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 47/61] netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 48/61] netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 49/61] netrom: Fix a data-race around sysctl_netrom_transport_busy_delay Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 50/61] netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 51/61] netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 52/61] netrom: Fix a data-race around sysctl_netrom_routing_control Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 53/61] netrom: Fix a data-race around sysctl_netrom_link_fails_count Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 54/61] netrom: Fix data-races around sysctl_net_busy_read Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 55/61] net: pds_core: Fix possible double free in error handling path Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 56/61] readahead: avoid multiple marked readahead pages Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 57/61] selftests: mptcp: decrease BW in simult flows Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 58/61] exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 59/61] ARM: 9328/1: mm: try VMA lock-based page fault handling first Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 60/61] arch/arm/mm: fix major fault accounting when retrying under per-VMA lock Sasha Levin
2024-03-13 16:32 ` [PATCH 6.7 61/61] Linux 6.7.10-rc1 Sasha Levin
2024-03-14 8:11 ` [PATCH 6.7 00/61] 6.7.10-rc1 review Bagas Sanjaya
2024-03-14 13:08 ` Naresh Kamboju
2024-03-14 21:13 ` Florian Fainelli
2024-03-14 21:14 ` Florian Fainelli
2024-03-15 1:04 ` Ron Economos
2024-03-15 10:59 ` Shreeya Patel
2024-03-15 15:40 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240313163236.613880-5-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox