From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 09 Oct 2019 22:43:11 -0000 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1iIKfi-0002y8-FJ for speck@linutronix.de; Thu, 10 Oct 2019 00:43:07 +0200 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iIKff-0003Kc-IF for speck@linutronix.de; Wed, 09 Oct 2019 23:43:03 +0100 Received: from ben by deadeye with local (Exim 4.92.2) (envelope-from ) id 1iIKff-0000Sa-Cv for speck@linutronix.de; Wed, 09 Oct 2019 23:43:03 +0100 Message-ID: <973c85efc96c05cba9ddfc2f5bf53c9482801924.camel@decadent.org.uk> Subject: [MODERATED] Re: [PATCH v5 6/8] NX 6 From: Ben Hutchings Date: Wed, 09 Oct 2019 23:42:51 +0100 In-Reply-To: <1561989149-17323-7-git-send-email-pbonzini@redhat.com> References: <1561989149-17323-1-git-send-email-pbonzini@redhat.com> <1561989149-17323-7-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-1OespG+1TEjfFXF+tsLw" To: speck@linutronix.de List-ID: --=-1OespG+1TEjfFXF+tsLw Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2019-07-01 at 15:52 +0200, speck for Paolo Bonzini wrote: > From: Paolo Bonzini > Subject: [PATCH 6/8] kvm: mmu: ITLB_MULTIHIT mitigation [...] > +static int set_nx_huge_pages(const char *val, const struct kernel_param = *kp) > +{ > + bool old_val =3D nx_huge_pages; > + bool new_val; > + > + /* In "auto" mode deploy workaround only if CPU has the bug. */ > + if (sysfs_streq(val, "off")) > + new_val =3D 0; > + else if (sysfs_streq(val, "force")) > + new_val =3D 1; > + else if (sysfs_streq(val, "auto")) > + new_val =3D boot_cpu_has_bug(X86_BUG_ITLB_MULTIHIT); > + else if (strtobool(val, &new_val) < 0) > + return -EINVAL; > + > + __set_nx_huge_pages(new_val); > + > + if (new_val !=3D old_val) { > + struct kvm *kvm; > + int idx; > + > + mutex_lock(&kvm_lock); > + > + list_for_each_entry(kvm, &vm_list, vm_list) { > + idx =3D srcu_read_lock(&kvm->srcu); > + kvm_mmu_zap_all(kvm); > + srcu_read_unlock(&kvm->srcu, idx); > + } > + mutex_unlock(&kvm_lock); > + } [...] I've started trying to backport the NX patches to stable branches, and I think I can take them back as far as 4.9. However, kvm_mmu_zap_all() is a relatively new addition and looks hard to backport. I intend to make the nx_huge_pages parameter read-only (0444 permissions) and delete this "if (new_val !=3D old_val)" block.=20 Does that seem reasonable? Ben. --=20 Ben Hutchings Humans are not rational beings; they are rationalising beings. --=-1OespG+1TEjfFXF+tsLw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl2eYmsACgkQ57/I7JWG EQm3lw/+PcvfLJ4hq67i5J2WYOdIGDufqUjp3uTbJN6bSzipzU9L76u67RuP6omI DeoUU6Cdy7Bztr+dcoau3HcPY5qvymmOyN0oqbb/gNzPUCdiXNl811mVyTv4wbW1 z3UEZfcowl0yiU6cNb3Y1AA3tWGHLeJ+zHE3bS81/Ei07zUlYeMCCy2ADUYGvqn7 TwHzt2kdeNsMSvIvqPdOSBXxcIHzJgxJ2gNasj+50Jx1hRFs3nkX8YsaepfDjLdV /+QfDhCPoWrbQppk1T+7bHCsu/15trlMZLRbkUOOQc4GICRBU9UMsB7lNOhyckvp t3VfExkxx5rnHH4Iq8PswtyxjYpEtis42+ymyO8b5xm8UVjwV9hE7QnCykTxlIQk qV1BIpyGezAVC6i+9MU4PXZjeIcP7iGMBNTMJqYlhjgFUNqmt3X6lhSUk+waqPda jnAamquNHiAdIv0/C7j31qqnWu2+Vk1VGaUqqpFNZjop4yIMbO3nhbhr7kjBF4fB xFnwEqWyMNQW3sOCACuPYj5vLBJR33XGsl9JaP1Kgltg3/fbvfXbNa7nb3H3Y1nJ vmTJn3B6vTAuRVA6EHXLCwHw1HhmIDj79xepsPDVion1Nr6wIHMb4Fc4tQrxhI5l 0QPlUOkRzIGvggaij92STiCBoYjlQyREYGIv6GeavQ9SgRYJXIo= =I5DD -----END PGP SIGNATURE----- --=-1OespG+1TEjfFXF+tsLw--