From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbonzini@redhat.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 12 Dec
  2018 14:02:38 -0000
Received: from mail-wm1-f65.google.com ([209.85.128.65])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <pbonzini@redhat.com>)
	id 1gX55w-0003cW-Lr
	for speck@linutronix.de; Wed, 12 Dec 2018 15:02:36 +0100
Received: by mail-wm1-f65.google.com with SMTP id a18so6106036wmj.1
        for <speck@linutronix.de>; Wed, 12 Dec 2018 06:02:35 -0800 (PST)
Received: from ?IPv6:2001:b07:6468:f312:7020:93c3:970b:67cb?
 ([2001:b07:6468:f312:7020:93c3:970b:67cb])        by smtp.gmail.com with
 ESMTPSA id o9sm2738903wmh.3.2018.12.12.06.02.29        for
 <speck@linutronix.de>        (version=TLS1_2
 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Wed, 12 Dec 2018
 06:02:29 -0800 (PST)
Subject: [MODERATED] Re: [PATCH v2 3/8] MDSv2 5
References: <cover.1544464266.git.ak@linux.intel.com>
 <0d6a3fbe4c511152a0f5350e62e9e09ec545f709.1544464266.git.ak@linux.intel.com>
 <CAHk-=wg8+Dkp0abqFa6TZAWJq-KT9sgSr=XZuw7w96fmufuoyA@mail.gmail.com>
 <20181211000303.GB16024@tassilo.jf.intel.com>
 <CAHk-=wh-Kxi6PHzy8bU2zjApv9njzkNzjnY74vf62TTNbcXxZA@mail.gmail.com>
 <CAHk-=wgQB8Et-mGmNXbdVH084f1jd8GcNiK9iYG+309gHpp4BA@mail.gmail.com>
 <CAHk-=whn9zNZG8bWi1HkYtNxuzi9Ry5O2STGsS1zJ4Q=EoncKg@mail.gmail.com>
 <20181211032503.GB25620@tassilo.jf.intel.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <f25be739-0d13-50a5-0b60-682e16eb7eab@redhat.com>
Date: Wed, 12 Dec 2018 15:02:23 +0100
MIME-Version: 1.0
In-Reply-To: <20181211032503.GB25620@tassilo.jf.intel.com>
Content-Type: multipart/mixed; boundary="ZqAl4uMclFAubhRwouawEpgqZLCo2MtSS"; protected-headers="v1"
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--ZqAl4uMclFAubhRwouawEpgqZLCo2MtSS
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 11/12/18 04:25, speck for Andi Kleen wrote:
> Okay.
>=20
> We'll have to disable interrupts in that window, but that
> should be ok.
>=20
> I guess it could be also set in some skb_* functions to catch
> the network cases.
>=20
> Or maybe setting when calling into unaudited code in interrupts/timers?=

>=20
> And the flag would allow a "paranoid" mode which sets
> it unconditionally.=20

That sounds a lot like kvm_get_cpu_l1tf_flush_l1d and
kvm_clear_cpu_l1tf_flush_l1d.  Maybe we can just add another bit in
irq_cpustat_t's kvm_cpu_l1tf_flush_l1d, which would be cleared on return
to userspace before doing the verw stuff.

Paolo


--ZqAl4uMclFAubhRwouawEpgqZLCo2MtSS--