Hi Ben, A couple of options: 1. You could revert 6ca18b6950f8dee29361722f28f69847724b276f with commit 7390de1e99a70895721165d0ccd4a6e16482960a 2. Use kvm_mmu_invalidate_zap_all_pages() -kanth > On Oct 9, 2019, at 6:42 PM, speck for Ben Hutchings wrote: > > On Mon, 2019-07-01 at 15:52 +0200, speck for Paolo Bonzini wrote: >> From: Paolo Bonzini >> Subject: [PATCH 6/8] kvm: mmu: ITLB_MULTIHIT mitigation > [...] >> +static int set_nx_huge_pages(const char *val, const struct kernel_param *kp) >> +{ >> + bool old_val = nx_huge_pages; >> + bool new_val; >> + >> + /* In "auto" mode deploy workaround only if CPU has the bug. */ >> + if (sysfs_streq(val, "off")) >> + new_val = 0; >> + else if (sysfs_streq(val, "force")) >> + new_val = 1; >> + else if (sysfs_streq(val, "auto")) >> + new_val = boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT); >> + else if (strtobool(val, &new_val) < 0) >> + return -EINVAL; >> + >> + __set_nx_huge_pages(new_val); >> + >> + if (new_val != old_val) { >> + struct kvm *kvm; >> + int idx; >> + >> + mutex_lock(&kvm_lock); >> + >> + list_for_each_entry(kvm, &vm_list, vm_list) { >> + idx = srcu_read_lock(&kvm->srcu); >> + kvm_mmu_zap_all(kvm); >> + srcu_read_unlock(&kvm->srcu, idx); >> + } >> + mutex_unlock(&kvm_lock); >> + } > [...] > > I've started trying to backport the NX patches to stable branches, and > I think I can take them back as far as 4.9. > > However, kvm_mmu_zap_all() is a relatively new addition and looks hard > to backport. I intend to make the nx_huge_pages parameter read-only > (0444 permissions) and delete this "if (new_val != old_val)" block. > Does that seem reasonable? > > Ben. > > -- > Ben Hutchings > Humans are not rational beings; they are rationalising beings. >