On 9/27/19 12:05 PM, Paolo Bonzini wrote: > From: Waiman Long <[email protected]> > > The l1tf_vmx_mitigation is only set to VMENTER_L1D_FLUSH_NOT_REQUIRED > when the ARCH_CAPABILITIES MSR indicates that L1D flush is not required. > However, if the CPU is not affected by L1TF, l1tf_vmx_mitigation will > still be set to VMENTER_L1D_FLUSH_AUTO. This is certainly not the best > option for a !X86_BUG_L1TF CPU. > > So force l1tf_vmx_mitigation to VMENTER_L1D_FLUSH_NOT_REQUIRED to make it > more explicit in case users are checking the vmentry_l1d_flush parameter. > > Signed-off-by: Waiman Long <[email protected]> > [Patch rewritten accoring to Borislav Petkov's suggestion. - Paolo] > Signed-off-by: Paolo Bonzini <[email protected]> > --- > arch/x86/kvm/vmx/vmx.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index d4575ffb3cec..e7970a2e8eae 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -209,6 +209,11 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state > l1tf) > struct page *page; > unsigned int i; > > + if (!boot_cpu_has_bug(X86_BUG_L1TF)) { > + l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; > + return 0; > + } > + > if (!enable_ept) { > l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED; > return 0; > @@ -7995,12 +8000,10 @@ static int __init vmx_init(void) > * contain 'auto' which will be turned into the default 'cond' > * mitigation mode. > */ > - if (boot_cpu_has(X86_BUG_L1TF)) { > - r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); > - if (r) { > - vmx_exit(); > - return r; > - } > + r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); > + if (r) { > + vmx_exit(); > + return r; > } > > #ifdef CONFIG_KEXEC_CORE
That looks cleaner. Thanks for the suggestion and rewrite. Cheers, Longman
