From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbonzini@redhat.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 01 Nov
  2019 07:07:39 -0000
Received: from us-smtp-1.mimecast.com ([205.139.110.61]
 helo=us-smtp-delivery-1.mimecast.com)	by Galois.linutronix.de with esmtps
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)	(Exim 4.80)	(envelope-from
 <pbonzini@redhat.com>)	id 1iQR21-0005JM-Cd	for speck@linutronix.de; Fri, 01
 Nov 2019 08:07:38 +0100
Received: by mail-wr1-f72.google.com with SMTP id e14so4987767wrm.21
        for <speck@linutronix.de>; Fri, 01 Nov 2019 00:07:31 -0700 (PDT)
Received: from [192.168.20.130] (94.222.26.109.rev.sfr.net. [109.26.222.94])
        by smtp.gmail.com with ESMTPSA id
 17sm6034594wmg.29.2019.11.01.00.07.28        for <speck@linutronix.de>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);       
 Fri, 01 Nov 2019 00:07:29 -0700 (PDT)
Subject: [MODERATED] Re: [PATCH v8 3/5] NX 3
References: <1572564827-26288-1-git-send-email-pbonzini@redhat.com>
 <1572564827-26288-4-git-send-email-pbonzini@redhat.com>
 <20191101002350.GA26083@guptapadev.amr>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <91ff125b-068d-9f4a-fa3c-ca0bfec38c17@redhat.com>
Date: Fri, 1 Nov 2019 08:07:27 +0100
MIME-Version: 1.0
In-Reply-To: <20191101002350.GA26083@guptapadev.amr>
Content-Type: multipart/mixed; boundary="PELKxgBM7oYaU6WKdw9CtVAPuAH0eQduQ";
 protected-headers="v1"
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
--PELKxgBM7oYaU6WKdw9CtVAPuAH0eQduQ
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 01/11/19 01:24, speck for Pawan Gupta wrote:
> On Fri, Nov 01, 2019 at 12:33:45AM +0100, speck for Paolo Bonzini wrote=
:
>> From: Paolo Bonzini <pbonzini@redhat.com>
>> Subject: [PATCH v8 3/5] kvm: mmu: ITLB_MULTIHIT mitigation
>> =20
>> +	kvm.nx_huge_pages=3D
>> +			[KVM] Controls the sw workaround for bug
>> +			X86_BUG_ITLB_MULTIHIT.
>> +			force	: Always deploy workaround.
>> +			off	: Default. Never deploy workaround.
>=20
> off is not the default in the code, so the default should be "auto" her=
e.
>=20
>> +			auto	: Deploy workaround based on presence of
>> +				  X86_BUG_ITLB_MULTIHIT.
>=20
> Also mitigations=3Doff is not disabling this mitigation. Below patch do=
es
> that when mitigations=3Doff and kvm.nx_huge_pages=3Dauto.
>=20
> ---
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Date: Wed, 30 Oct 2019 21:28:24 -0700
> Subject: [PATCH] kvm: x86: mmu: Apply global mitigations knob to ITLB_M=
ULTIHIT
>=20
> Problem: The global mitigation knob mitigations=3Doff does not turn off=

> X86_BUG_ITLB_MULTIHIT mitigation.
>=20
> Fix: Turn off the mitigation when ITLB_MULTIHIT mitigation mode is
> "auto" and mitigations are turned off globally via cmdline
> mitigations=3Doff.
>=20
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>

Thanks, I'll post v9 soon.  Are you going to post backports as bundles
on top of Thomas's?

Paolo

> ---
>  Documentation/admin-guide/kernel-parameters.txt |  6 ++++++
>  arch/x86/kvm/mmu.c                              | 10 ++++++++--
>  2 files changed, 14 insertions(+), 2 deletions(-)
>=20
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Document=
ation/admin-guide/kernel-parameters.txt
> index c667844c1c42..422da241a4cb 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2653,6 +2653,12 @@
>  					       ssbd=3Dforce-off [ARM64]
>  					       l1tf=3Doff [X86]
>  					       mds=3Doff [X86]
> +					       kvm.nx_huge_pages=3Doff [X86].
> +
> +				Exceptions:
> +					       This does not have any effect on
> +					       kvm.nx_huge_pages when
> +					       kvm.nx_huge_pages=3Dforce.
> =20
>  			auto (default)
>  				Mitigate all CPU vulnerabilities, but leave SMT
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index e6a5748a12d5..529589a42afb 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -6250,6 +6250,12 @@ static void kvm_set_mmio_spte_mask(void)
>  	kvm_mmu_set_mmio_spte_mask(mask, mask, ACC_WRITE_MASK | ACC_USER_MASK=
);
>  }
> =20
> +static bool get_nx_auto_mode(void)
> +{
> +	/* Return true when CPU has the bug, and mitigations are ON */
> +	return boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT) && !cpu_mitigations_of=
f();
> +}
> +
>  static void __set_nx_huge_pages(bool val)
>  {
>  	nx_huge_pages =3D itlb_multihit_kvm_mitigation =3D val;
> @@ -6266,7 +6272,7 @@ static int set_nx_huge_pages(const char *val, con=
st struct kernel_param *kp)
>  	else if (sysfs_streq(val, "force"))
>  		new_val =3D 1;
>  	else if (sysfs_streq(val, "auto"))
> -		new_val =3D boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT);
> +		new_val =3D get_nx_auto_mode();
>  	else if (strtobool(val, &new_val) < 0)
>  		return -EINVAL;
> =20
> @@ -6296,7 +6302,7 @@ int kvm_mmu_module_init(void)
>  	int ret =3D -ENOMEM;
> =20
>  	if (nx_huge_pages =3D=3D -1)
> -		__set_nx_huge_pages(boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT));
> +		__set_nx_huge_pages(get_nx_auto_mode());
> =20
>  	/*
>  	 * MMU roles use union aliasing which is, generally speaking, an
>=20



--PELKxgBM7oYaU6WKdw9CtVAPuAH0eQduQ--