diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2018-07-02 13:07:14 +0200 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2018-07-04 20:49:39 +0200 |
commit | c595ceee45707f00f64f61c54fb64ef0cc0b4e85 (patch) | |
tree | 64b612c6912868ed64c587f65c1ccfabf8717694 /arch/x86/kvm/mmu.c | |
parent | 3fa045be4c720146b18a19cea7a767dc6ad5df94 (diff) | |
download | lwn-c595ceee45707f00f64f61c54fb64ef0cc0b4e85.tar.gz lwn-c595ceee45707f00f64f61c54fb64ef0cc0b4e85.zip |
x86/KVM/VMX: Add L1D flush logic
Add the logic for flushing L1D on VMENTER. The flush depends on the static
key being enabled and the new l1tf_flush_l1d flag being set.
The flags is set:
- Always, if the flush module parameter is 'always'
- Conditionally at:
- Entry to vcpu_run(), i.e. after executing user space
- From the sched_in notifier, i.e. when switching to a vCPU thread.
- From vmexit handlers which are considered unsafe, i.e. where
sensitive data can be brought into L1D:
- The emulator, which could be a good target for other speculative
execution-based threats,
- The MMU, which can bring host page tables in the L1 cache.
- External interrupts
- Nested operations that require the MMU (see above). That is
vmptrld, vmptrst, vmclear,vmwrite,vmread.
- When handling invept,invvpid
[ tglx: Split out from combo patch and reduced to a single flag ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'arch/x86/kvm/mmu.c')
-rw-r--r-- | arch/x86/kvm/mmu.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index d594690d8b95..9beb772b9eb6 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -3840,6 +3840,7 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code, { int r = 1; + vcpu->arch.l1tf_flush_l1d = true; switch (vcpu->arch.apf.host_apf_reason) { default: trace_kvm_page_fault(fault_address, error_code); |