1 |
commit: c9b6e13d4252980748af407d3541b2b2dea60567 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 15 16:48:03 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 14 14:00:40 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c9b6e13d |
7 |
|
8 |
Linux patch 4.14.63 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1062_linux-4.14.63.patch | 5609 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 5613 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index b530931..4c5f97e 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -291,6 +291,10 @@ Patch: 1061_linux-4.14.62.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.14.62 |
23 |
|
24 |
+Patch: 1062_linux-4.14.63.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.14.63 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1062_linux-4.14.63.patch b/1062_linux-4.14.63.patch |
33 |
new file mode 100644 |
34 |
index 0000000..cff73c5 |
35 |
--- /dev/null |
36 |
+++ b/1062_linux-4.14.63.patch |
37 |
@@ -0,0 +1,5609 @@ |
38 |
+diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu |
39 |
+index 8355e79350b7..6cae60929cb6 100644 |
40 |
+--- a/Documentation/ABI/testing/sysfs-devices-system-cpu |
41 |
++++ b/Documentation/ABI/testing/sysfs-devices-system-cpu |
42 |
+@@ -379,6 +379,7 @@ What: /sys/devices/system/cpu/vulnerabilities |
43 |
+ /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
44 |
+ /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
45 |
+ /sys/devices/system/cpu/vulnerabilities/spec_store_bypass |
46 |
++ /sys/devices/system/cpu/vulnerabilities/l1tf |
47 |
+ Date: January 2018 |
48 |
+ Contact: Linux kernel mailing list <linux-kernel@×××××××××××.org> |
49 |
+ Description: Information about CPU vulnerabilities |
50 |
+@@ -390,3 +391,26 @@ Description: Information about CPU vulnerabilities |
51 |
+ "Not affected" CPU is not affected by the vulnerability |
52 |
+ "Vulnerable" CPU is affected and no mitigation in effect |
53 |
+ "Mitigation: $M" CPU is affected and mitigation $M is in effect |
54 |
++ |
55 |
++ Details about the l1tf file can be found in |
56 |
++ Documentation/admin-guide/l1tf.rst |
57 |
++ |
58 |
++What: /sys/devices/system/cpu/smt |
59 |
++ /sys/devices/system/cpu/smt/active |
60 |
++ /sys/devices/system/cpu/smt/control |
61 |
++Date: June 2018 |
62 |
++Contact: Linux kernel mailing list <linux-kernel@×××××××××××.org> |
63 |
++Description: Control Symetric Multi Threading (SMT) |
64 |
++ |
65 |
++ active: Tells whether SMT is active (enabled and siblings online) |
66 |
++ |
67 |
++ control: Read/write interface to control SMT. Possible |
68 |
++ values: |
69 |
++ |
70 |
++ "on" SMT is enabled |
71 |
++ "off" SMT is disabled |
72 |
++ "forceoff" SMT is force disabled. Cannot be changed. |
73 |
++ "notsupported" SMT is not supported by the CPU |
74 |
++ |
75 |
++ If control status is "forceoff" or "notsupported" writes |
76 |
++ are rejected. |
77 |
+diff --git a/Documentation/admin-guide/index.rst b/Documentation/admin-guide/index.rst |
78 |
+index 5bb9161dbe6a..78f8f00c369f 100644 |
79 |
+--- a/Documentation/admin-guide/index.rst |
80 |
++++ b/Documentation/admin-guide/index.rst |
81 |
+@@ -17,6 +17,15 @@ etc. |
82 |
+ kernel-parameters |
83 |
+ devices |
84 |
+ |
85 |
++This section describes CPU vulnerabilities and provides an overview of the |
86 |
++possible mitigations along with guidance for selecting mitigations if they |
87 |
++are configurable at compile, boot or run time. |
88 |
++ |
89 |
++.. toctree:: |
90 |
++ :maxdepth: 1 |
91 |
++ |
92 |
++ l1tf |
93 |
++ |
94 |
+ Here is a set of documents aimed at users who are trying to track down |
95 |
+ problems and bugs in particular. |
96 |
+ |
97 |
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
98 |
+index d6d7669e667f..9841bad6f271 100644 |
99 |
+--- a/Documentation/admin-guide/kernel-parameters.txt |
100 |
++++ b/Documentation/admin-guide/kernel-parameters.txt |
101 |
+@@ -1888,10 +1888,84 @@ |
102 |
+ (virtualized real and unpaged mode) on capable |
103 |
+ Intel chips. Default is 1 (enabled) |
104 |
+ |
105 |
++ kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault |
106 |
++ CVE-2018-3620. |
107 |
++ |
108 |
++ Valid arguments: never, cond, always |
109 |
++ |
110 |
++ always: L1D cache flush on every VMENTER. |
111 |
++ cond: Flush L1D on VMENTER only when the code between |
112 |
++ VMEXIT and VMENTER can leak host memory. |
113 |
++ never: Disables the mitigation |
114 |
++ |
115 |
++ Default is cond (do L1 cache flush in specific instances) |
116 |
++ |
117 |
+ kvm-intel.vpid= [KVM,Intel] Disable Virtual Processor Identification |
118 |
+ feature (tagged TLBs) on capable Intel chips. |
119 |
+ Default is 1 (enabled) |
120 |
+ |
121 |
++ l1tf= [X86] Control mitigation of the L1TF vulnerability on |
122 |
++ affected CPUs |
123 |
++ |
124 |
++ The kernel PTE inversion protection is unconditionally |
125 |
++ enabled and cannot be disabled. |
126 |
++ |
127 |
++ full |
128 |
++ Provides all available mitigations for the |
129 |
++ L1TF vulnerability. Disables SMT and |
130 |
++ enables all mitigations in the |
131 |
++ hypervisors, i.e. unconditional L1D flush. |
132 |
++ |
133 |
++ SMT control and L1D flush control via the |
134 |
++ sysfs interface is still possible after |
135 |
++ boot. Hypervisors will issue a warning |
136 |
++ when the first VM is started in a |
137 |
++ potentially insecure configuration, |
138 |
++ i.e. SMT enabled or L1D flush disabled. |
139 |
++ |
140 |
++ full,force |
141 |
++ Same as 'full', but disables SMT and L1D |
142 |
++ flush runtime control. Implies the |
143 |
++ 'nosmt=force' command line option. |
144 |
++ (i.e. sysfs control of SMT is disabled.) |
145 |
++ |
146 |
++ flush |
147 |
++ Leaves SMT enabled and enables the default |
148 |
++ hypervisor mitigation, i.e. conditional |
149 |
++ L1D flush. |
150 |
++ |
151 |
++ SMT control and L1D flush control via the |
152 |
++ sysfs interface is still possible after |
153 |
++ boot. Hypervisors will issue a warning |
154 |
++ when the first VM is started in a |
155 |
++ potentially insecure configuration, |
156 |
++ i.e. SMT enabled or L1D flush disabled. |
157 |
++ |
158 |
++ flush,nosmt |
159 |
++ |
160 |
++ Disables SMT and enables the default |
161 |
++ hypervisor mitigation. |
162 |
++ |
163 |
++ SMT control and L1D flush control via the |
164 |
++ sysfs interface is still possible after |
165 |
++ boot. Hypervisors will issue a warning |
166 |
++ when the first VM is started in a |
167 |
++ potentially insecure configuration, |
168 |
++ i.e. SMT enabled or L1D flush disabled. |
169 |
++ |
170 |
++ flush,nowarn |
171 |
++ Same as 'flush', but hypervisors will not |
172 |
++ warn when a VM is started in a potentially |
173 |
++ insecure configuration. |
174 |
++ |
175 |
++ off |
176 |
++ Disables hypervisor mitigations and doesn't |
177 |
++ emit any warnings. |
178 |
++ |
179 |
++ Default is 'flush'. |
180 |
++ |
181 |
++ For details see: Documentation/admin-guide/l1tf.rst |
182 |
++ |
183 |
+ l2cr= [PPC] |
184 |
+ |
185 |
+ l3cr= [PPC] |
186 |
+@@ -2595,6 +2669,10 @@ |
187 |
+ nosmt [KNL,S390] Disable symmetric multithreading (SMT). |
188 |
+ Equivalent to smt=1. |
189 |
+ |
190 |
++ [KNL,x86] Disable symmetric multithreading (SMT). |
191 |
++ nosmt=force: Force disable SMT, cannot be undone |
192 |
++ via the sysfs control file. |
193 |
++ |
194 |
+ nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 |
195 |
+ (indirect branch prediction) vulnerability. System may |
196 |
+ allow data leaks with this option, which is equivalent |
197 |
+diff --git a/Documentation/admin-guide/l1tf.rst b/Documentation/admin-guide/l1tf.rst |
198 |
+new file mode 100644 |
199 |
+index 000000000000..bae52b845de0 |
200 |
+--- /dev/null |
201 |
++++ b/Documentation/admin-guide/l1tf.rst |
202 |
+@@ -0,0 +1,610 @@ |
203 |
++L1TF - L1 Terminal Fault |
204 |
++======================== |
205 |
++ |
206 |
++L1 Terminal Fault is a hardware vulnerability which allows unprivileged |
207 |
++speculative access to data which is available in the Level 1 Data Cache |
208 |
++when the page table entry controlling the virtual address, which is used |
209 |
++for the access, has the Present bit cleared or other reserved bits set. |
210 |
++ |
211 |
++Affected processors |
212 |
++------------------- |
213 |
++ |
214 |
++This vulnerability affects a wide range of Intel processors. The |
215 |
++vulnerability is not present on: |
216 |
++ |
217 |
++ - Processors from AMD, Centaur and other non Intel vendors |
218 |
++ |
219 |
++ - Older processor models, where the CPU family is < 6 |
220 |
++ |
221 |
++ - A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, |
222 |
++ Penwell, Pineview, Silvermont, Airmont, Merrifield) |
223 |
++ |
224 |
++ - The Intel XEON PHI family |
225 |
++ |
226 |
++ - Intel processors which have the ARCH_CAP_RDCL_NO bit set in the |
227 |
++ IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected |
228 |
++ by the Meltdown vulnerability either. These CPUs should become |
229 |
++ available by end of 2018. |
230 |
++ |
231 |
++Whether a processor is affected or not can be read out from the L1TF |
232 |
++vulnerability file in sysfs. See :ref:`l1tf_sys_info`. |
233 |
++ |
234 |
++Related CVEs |
235 |
++------------ |
236 |
++ |
237 |
++The following CVE entries are related to the L1TF vulnerability: |
238 |
++ |
239 |
++ ============= ================= ============================== |
240 |
++ CVE-2018-3615 L1 Terminal Fault SGX related aspects |
241 |
++ CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects |
242 |
++ CVE-2018-3646 L1 Terminal Fault Virtualization related aspects |
243 |
++ ============= ================= ============================== |
244 |
++ |
245 |
++Problem |
246 |
++------- |
247 |
++ |
248 |
++If an instruction accesses a virtual address for which the relevant page |
249 |
++table entry (PTE) has the Present bit cleared or other reserved bits set, |
250 |
++then speculative execution ignores the invalid PTE and loads the referenced |
251 |
++data if it is present in the Level 1 Data Cache, as if the page referenced |
252 |
++by the address bits in the PTE was still present and accessible. |
253 |
++ |
254 |
++While this is a purely speculative mechanism and the instruction will raise |
255 |
++a page fault when it is retired eventually, the pure act of loading the |
256 |
++data and making it available to other speculative instructions opens up the |
257 |
++opportunity for side channel attacks to unprivileged malicious code, |
258 |
++similar to the Meltdown attack. |
259 |
++ |
260 |
++While Meltdown breaks the user space to kernel space protection, L1TF |
261 |
++allows to attack any physical memory address in the system and the attack |
262 |
++works across all protection domains. It allows an attack of SGX and also |
263 |
++works from inside virtual machines because the speculation bypasses the |
264 |
++extended page table (EPT) protection mechanism. |
265 |
++ |
266 |
++ |
267 |
++Attack scenarios |
268 |
++---------------- |
269 |
++ |
270 |
++1. Malicious user space |
271 |
++^^^^^^^^^^^^^^^^^^^^^^^ |
272 |
++ |
273 |
++ Operating Systems store arbitrary information in the address bits of a |
274 |
++ PTE which is marked non present. This allows a malicious user space |
275 |
++ application to attack the physical memory to which these PTEs resolve. |
276 |
++ In some cases user-space can maliciously influence the information |
277 |
++ encoded in the address bits of the PTE, thus making attacks more |
278 |
++ deterministic and more practical. |
279 |
++ |
280 |
++ The Linux kernel contains a mitigation for this attack vector, PTE |
281 |
++ inversion, which is permanently enabled and has no performance |
282 |
++ impact. The kernel ensures that the address bits of PTEs, which are not |
283 |
++ marked present, never point to cacheable physical memory space. |
284 |
++ |
285 |
++ A system with an up to date kernel is protected against attacks from |
286 |
++ malicious user space applications. |
287 |
++ |
288 |
++2. Malicious guest in a virtual machine |
289 |
++^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
290 |
++ |
291 |
++ The fact that L1TF breaks all domain protections allows malicious guest |
292 |
++ OSes, which can control the PTEs directly, and malicious guest user |
293 |
++ space applications, which run on an unprotected guest kernel lacking the |
294 |
++ PTE inversion mitigation for L1TF, to attack physical host memory. |
295 |
++ |
296 |
++ A special aspect of L1TF in the context of virtualization is symmetric |
297 |
++ multi threading (SMT). The Intel implementation of SMT is called |
298 |
++ HyperThreading. The fact that Hyperthreads on the affected processors |
299 |
++ share the L1 Data Cache (L1D) is important for this. As the flaw allows |
300 |
++ only to attack data which is present in L1D, a malicious guest running |
301 |
++ on one Hyperthread can attack the data which is brought into the L1D by |
302 |
++ the context which runs on the sibling Hyperthread of the same physical |
303 |
++ core. This context can be host OS, host user space or a different guest. |
304 |
++ |
305 |
++ If the processor does not support Extended Page Tables, the attack is |
306 |
++ only possible, when the hypervisor does not sanitize the content of the |
307 |
++ effective (shadow) page tables. |
308 |
++ |
309 |
++ While solutions exist to mitigate these attack vectors fully, these |
310 |
++ mitigations are not enabled by default in the Linux kernel because they |
311 |
++ can affect performance significantly. The kernel provides several |
312 |
++ mechanisms which can be utilized to address the problem depending on the |
313 |
++ deployment scenario. The mitigations, their protection scope and impact |
314 |
++ are described in the next sections. |
315 |
++ |
316 |
++ The default mitigations and the rationale for choosing them are explained |
317 |
++ at the end of this document. See :ref:`default_mitigations`. |
318 |
++ |
319 |
++.. _l1tf_sys_info: |
320 |
++ |
321 |
++L1TF system information |
322 |
++----------------------- |
323 |
++ |
324 |
++The Linux kernel provides a sysfs interface to enumerate the current L1TF |
325 |
++status of the system: whether the system is vulnerable, and which |
326 |
++mitigations are active. The relevant sysfs file is: |
327 |
++ |
328 |
++/sys/devices/system/cpu/vulnerabilities/l1tf |
329 |
++ |
330 |
++The possible values in this file are: |
331 |
++ |
332 |
++ =========================== =============================== |
333 |
++ 'Not affected' The processor is not vulnerable |
334 |
++ 'Mitigation: PTE Inversion' The host protection is active |
335 |
++ =========================== =============================== |
336 |
++ |
337 |
++If KVM/VMX is enabled and the processor is vulnerable then the following |
338 |
++information is appended to the 'Mitigation: PTE Inversion' part: |
339 |
++ |
340 |
++ - SMT status: |
341 |
++ |
342 |
++ ===================== ================ |
343 |
++ 'VMX: SMT vulnerable' SMT is enabled |
344 |
++ 'VMX: SMT disabled' SMT is disabled |
345 |
++ ===================== ================ |
346 |
++ |
347 |
++ - L1D Flush mode: |
348 |
++ |
349 |
++ ================================ ==================================== |
350 |
++ 'L1D vulnerable' L1D flushing is disabled |
351 |
++ |
352 |
++ 'L1D conditional cache flushes' L1D flush is conditionally enabled |
353 |
++ |
354 |
++ 'L1D cache flushes' L1D flush is unconditionally enabled |
355 |
++ ================================ ==================================== |
356 |
++ |
357 |
++The resulting grade of protection is discussed in the following sections. |
358 |
++ |
359 |
++ |
360 |
++Host mitigation mechanism |
361 |
++------------------------- |
362 |
++ |
363 |
++The kernel is unconditionally protected against L1TF attacks from malicious |
364 |
++user space running on the host. |
365 |
++ |
366 |
++ |
367 |
++Guest mitigation mechanisms |
368 |
++--------------------------- |
369 |
++ |
370 |
++.. _l1d_flush: |
371 |
++ |
372 |
++1. L1D flush on VMENTER |
373 |
++^^^^^^^^^^^^^^^^^^^^^^^ |
374 |
++ |
375 |
++ To make sure that a guest cannot attack data which is present in the L1D |
376 |
++ the hypervisor flushes the L1D before entering the guest. |
377 |
++ |
378 |
++ Flushing the L1D evicts not only the data which should not be accessed |
379 |
++ by a potentially malicious guest, it also flushes the guest |
380 |
++ data. Flushing the L1D has a performance impact as the processor has to |
381 |
++ bring the flushed guest data back into the L1D. Depending on the |
382 |
++ frequency of VMEXIT/VMENTER and the type of computations in the guest |
383 |
++ performance degradation in the range of 1% to 50% has been observed. For |
384 |
++ scenarios where guest VMEXIT/VMENTER are rare the performance impact is |
385 |
++ minimal. Virtio and mechanisms like posted interrupts are designed to |
386 |
++ confine the VMEXITs to a bare minimum, but specific configurations and |
387 |
++ application scenarios might still suffer from a high VMEXIT rate. |
388 |
++ |
389 |
++ The kernel provides two L1D flush modes: |
390 |
++ - conditional ('cond') |
391 |
++ - unconditional ('always') |
392 |
++ |
393 |
++ The conditional mode avoids L1D flushing after VMEXITs which execute |
394 |
++ only audited code paths before the corresponding VMENTER. These code |
395 |
++ paths have been verified that they cannot expose secrets or other |
396 |
++ interesting data to an attacker, but they can leak information about the |
397 |
++ address space layout of the hypervisor. |
398 |
++ |
399 |
++ Unconditional mode flushes L1D on all VMENTER invocations and provides |
400 |
++ maximum protection. It has a higher overhead than the conditional |
401 |
++ mode. The overhead cannot be quantified correctly as it depends on the |
402 |
++ workload scenario and the resulting number of VMEXITs. |
403 |
++ |
404 |
++ The general recommendation is to enable L1D flush on VMENTER. The kernel |
405 |
++ defaults to conditional mode on affected processors. |
406 |
++ |
407 |
++ **Note**, that L1D flush does not prevent the SMT problem because the |
408 |
++ sibling thread will also bring back its data into the L1D which makes it |
409 |
++ attackable again. |
410 |
++ |
411 |
++ L1D flush can be controlled by the administrator via the kernel command |
412 |
++ line and sysfs control files. See :ref:`mitigation_control_command_line` |
413 |
++ and :ref:`mitigation_control_kvm`. |
414 |
++ |
415 |
++.. _guest_confinement: |
416 |
++ |
417 |
++2. Guest VCPU confinement to dedicated physical cores |
418 |
++^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
419 |
++ |
420 |
++ To address the SMT problem, it is possible to make a guest or a group of |
421 |
++ guests affine to one or more physical cores. The proper mechanism for |
422 |
++ that is to utilize exclusive cpusets to ensure that no other guest or |
423 |
++ host tasks can run on these cores. |
424 |
++ |
425 |
++ If only a single guest or related guests run on sibling SMT threads on |
426 |
++ the same physical core then they can only attack their own memory and |
427 |
++ restricted parts of the host memory. |
428 |
++ |
429 |
++ Host memory is attackable, when one of the sibling SMT threads runs in |
430 |
++ host OS (hypervisor) context and the other in guest context. The amount |
431 |
++ of valuable information from the host OS context depends on the context |
432 |
++ which the host OS executes, i.e. interrupts, soft interrupts and kernel |
433 |
++ threads. The amount of valuable data from these contexts cannot be |
434 |
++ declared as non-interesting for an attacker without deep inspection of |
435 |
++ the code. |
436 |
++ |
437 |
++ **Note**, that assigning guests to a fixed set of physical cores affects |
438 |
++ the ability of the scheduler to do load balancing and might have |
439 |
++ negative effects on CPU utilization depending on the hosting |
440 |
++ scenario. Disabling SMT might be a viable alternative for particular |
441 |
++ scenarios. |
442 |
++ |
443 |
++ For further information about confining guests to a single or to a group |
444 |
++ of cores consult the cpusets documentation: |
445 |
++ |
446 |
++ https://www.kernel.org/doc/Documentation/cgroup-v1/cpusets.txt |
447 |
++ |
448 |
++.. _interrupt_isolation: |
449 |
++ |
450 |
++3. Interrupt affinity |
451 |
++^^^^^^^^^^^^^^^^^^^^^ |
452 |
++ |
453 |
++ Interrupts can be made affine to logical CPUs. This is not universally |
454 |
++ true because there are types of interrupts which are truly per CPU |
455 |
++ interrupts, e.g. the local timer interrupt. Aside of that multi queue |
456 |
++ devices affine their interrupts to single CPUs or groups of CPUs per |
457 |
++ queue without allowing the administrator to control the affinities. |
458 |
++ |
459 |
++ Moving the interrupts, which can be affinity controlled, away from CPUs |
460 |
++ which run untrusted guests, reduces the attack vector space. |
461 |
++ |
462 |
++ Whether the interrupts with are affine to CPUs, which run untrusted |
463 |
++ guests, provide interesting data for an attacker depends on the system |
464 |
++ configuration and the scenarios which run on the system. While for some |
465 |
++ of the interrupts it can be assumed that they won't expose interesting |
466 |
++ information beyond exposing hints about the host OS memory layout, there |
467 |
++ is no way to make general assumptions. |
468 |
++ |
469 |
++ Interrupt affinity can be controlled by the administrator via the |
470 |
++ /proc/irq/$NR/smp_affinity[_list] files. Limited documentation is |
471 |
++ available at: |
472 |
++ |
473 |
++ https://www.kernel.org/doc/Documentation/IRQ-affinity.txt |
474 |
++ |
475 |
++.. _smt_control: |
476 |
++ |
477 |
++4. SMT control |
478 |
++^^^^^^^^^^^^^^ |
479 |
++ |
480 |
++ To prevent the SMT issues of L1TF it might be necessary to disable SMT |
481 |
++ completely. Disabling SMT can have a significant performance impact, but |
482 |
++ the impact depends on the hosting scenario and the type of workloads. |
483 |
++ The impact of disabling SMT needs also to be weighted against the impact |
484 |
++ of other mitigation solutions like confining guests to dedicated cores. |
485 |
++ |
486 |
++ The kernel provides a sysfs interface to retrieve the status of SMT and |
487 |
++ to control it. It also provides a kernel command line interface to |
488 |
++ control SMT. |
489 |
++ |
490 |
++ The kernel command line interface consists of the following options: |
491 |
++ |
492 |
++ =========== ========================================================== |
493 |
++ nosmt Affects the bring up of the secondary CPUs during boot. The |
494 |
++ kernel tries to bring all present CPUs online during the |
495 |
++ boot process. "nosmt" makes sure that from each physical |
496 |
++ core only one - the so called primary (hyper) thread is |
497 |
++ activated. Due to a design flaw of Intel processors related |
498 |
++ to Machine Check Exceptions the non primary siblings have |
499 |
++ to be brought up at least partially and are then shut down |
500 |
++ again. "nosmt" can be undone via the sysfs interface. |
501 |
++ |
502 |
++ nosmt=force Has the same effect as "nosmt" but it does not allow to |
503 |
++ undo the SMT disable via the sysfs interface. |
504 |
++ =========== ========================================================== |
505 |
++ |
506 |
++ The sysfs interface provides two files: |
507 |
++ |
508 |
++ - /sys/devices/system/cpu/smt/control |
509 |
++ - /sys/devices/system/cpu/smt/active |
510 |
++ |
511 |
++ /sys/devices/system/cpu/smt/control: |
512 |
++ |
513 |
++ This file allows to read out the SMT control state and provides the |
514 |
++ ability to disable or (re)enable SMT. The possible states are: |
515 |
++ |
516 |
++ ============== =================================================== |
517 |
++ on SMT is supported by the CPU and enabled. All |
518 |
++ logical CPUs can be onlined and offlined without |
519 |
++ restrictions. |
520 |
++ |
521 |
++ off SMT is supported by the CPU and disabled. Only |
522 |
++ the so called primary SMT threads can be onlined |
523 |
++ and offlined without restrictions. An attempt to |
524 |
++ online a non-primary sibling is rejected |
525 |
++ |
526 |
++ forceoff Same as 'off' but the state cannot be controlled. |
527 |
++ Attempts to write to the control file are rejected. |
528 |
++ |
529 |
++ notsupported The processor does not support SMT. It's therefore |
530 |
++ not affected by the SMT implications of L1TF. |
531 |
++ Attempts to write to the control file are rejected. |
532 |
++ ============== =================================================== |
533 |
++ |
534 |
++ The possible states which can be written into this file to control SMT |
535 |
++ state are: |
536 |
++ |
537 |
++ - on |
538 |
++ - off |
539 |
++ - forceoff |
540 |
++ |
541 |
++ /sys/devices/system/cpu/smt/active: |
542 |
++ |
543 |
++ This file reports whether SMT is enabled and active, i.e. if on any |
544 |
++ physical core two or more sibling threads are online. |
545 |
++ |
546 |
++ SMT control is also possible at boot time via the l1tf kernel command |
547 |
++ line parameter in combination with L1D flush control. See |
548 |
++ :ref:`mitigation_control_command_line`. |
549 |
++ |
550 |
++5. Disabling EPT |
551 |
++^^^^^^^^^^^^^^^^ |
552 |
++ |
553 |
++ Disabling EPT for virtual machines provides full mitigation for L1TF even |
554 |
++ with SMT enabled, because the effective page tables for guests are |
555 |
++ managed and sanitized by the hypervisor. Though disabling EPT has a |
556 |
++ significant performance impact especially when the Meltdown mitigation |
557 |
++ KPTI is enabled. |
558 |
++ |
559 |
++ EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. |
560 |
++ |
561 |
++There is ongoing research and development for new mitigation mechanisms to |
562 |
++address the performance impact of disabling SMT or EPT. |
563 |
++ |
564 |
++.. _mitigation_control_command_line: |
565 |
++ |
566 |
++Mitigation control on the kernel command line |
567 |
++--------------------------------------------- |
568 |
++ |
569 |
++The kernel command line allows to control the L1TF mitigations at boot |
570 |
++time with the option "l1tf=". The valid arguments for this option are: |
571 |
++ |
572 |
++ ============ ============================================================= |
573 |
++ full Provides all available mitigations for the L1TF |
574 |
++ vulnerability. Disables SMT and enables all mitigations in |
575 |
++ the hypervisors, i.e. unconditional L1D flushing |
576 |
++ |
577 |
++ SMT control and L1D flush control via the sysfs interface |
578 |
++ is still possible after boot. Hypervisors will issue a |
579 |
++ warning when the first VM is started in a potentially |
580 |
++ insecure configuration, i.e. SMT enabled or L1D flush |
581 |
++ disabled. |
582 |
++ |
583 |
++ full,force Same as 'full', but disables SMT and L1D flush runtime |
584 |
++ control. Implies the 'nosmt=force' command line option. |
585 |
++ (i.e. sysfs control of SMT is disabled.) |
586 |
++ |
587 |
++ flush Leaves SMT enabled and enables the default hypervisor |
588 |
++ mitigation, i.e. conditional L1D flushing |
589 |
++ |
590 |
++ SMT control and L1D flush control via the sysfs interface |
591 |
++ is still possible after boot. Hypervisors will issue a |
592 |
++ warning when the first VM is started in a potentially |
593 |
++ insecure configuration, i.e. SMT enabled or L1D flush |
594 |
++ disabled. |
595 |
++ |
596 |
++ flush,nosmt Disables SMT and enables the default hypervisor mitigation, |
597 |
++ i.e. conditional L1D flushing. |
598 |
++ |
599 |
++ SMT control and L1D flush control via the sysfs interface |
600 |
++ is still possible after boot. Hypervisors will issue a |
601 |
++ warning when the first VM is started in a potentially |
602 |
++ insecure configuration, i.e. SMT enabled or L1D flush |
603 |
++ disabled. |
604 |
++ |
605 |
++ flush,nowarn Same as 'flush', but hypervisors will not warn when a VM is |
606 |
++ started in a potentially insecure configuration. |
607 |
++ |
608 |
++ off Disables hypervisor mitigations and doesn't emit any |
609 |
++ warnings. |
610 |
++ ============ ============================================================= |
611 |
++ |
612 |
++The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`. |
613 |
++ |
614 |
++ |
615 |
++.. _mitigation_control_kvm: |
616 |
++ |
617 |
++Mitigation control for KVM - module parameter |
618 |
++------------------------------------------------------------- |
619 |
++ |
620 |
++The KVM hypervisor mitigation mechanism, flushing the L1D cache when |
621 |
++entering a guest, can be controlled with a module parameter. |
622 |
++ |
623 |
++The option/parameter is "kvm-intel.vmentry_l1d_flush=". It takes the |
624 |
++following arguments: |
625 |
++ |
626 |
++ ============ ============================================================== |
627 |
++ always L1D cache flush on every VMENTER. |
628 |
++ |
629 |
++ cond Flush L1D on VMENTER only when the code between VMEXIT and |
630 |
++ VMENTER can leak host memory which is considered |
631 |
++ interesting for an attacker. This still can leak host memory |
632 |
++ which allows e.g. to determine the hosts address space layout. |
633 |
++ |
634 |
++ never Disables the mitigation |
635 |
++ ============ ============================================================== |
636 |
++ |
637 |
++The parameter can be provided on the kernel command line, as a module |
638 |
++parameter when loading the modules and at runtime modified via the sysfs |
639 |
++file: |
640 |
++ |
641 |
++/sys/module/kvm_intel/parameters/vmentry_l1d_flush |
642 |
++ |
643 |
++The default is 'cond'. If 'l1tf=full,force' is given on the kernel command |
644 |
++line, then 'always' is enforced and the kvm-intel.vmentry_l1d_flush |
645 |
++module parameter is ignored and writes to the sysfs file are rejected. |
646 |
++ |
647 |
++ |
648 |
++Mitigation selection guide |
649 |
++-------------------------- |
650 |
++ |
651 |
++1. No virtualization in use |
652 |
++^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
653 |
++ |
654 |
++ The system is protected by the kernel unconditionally and no further |
655 |
++ action is required. |
656 |
++ |
657 |
++2. Virtualization with trusted guests |
658 |
++^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
659 |
++ |
660 |
++ If the guest comes from a trusted source and the guest OS kernel is |
661 |
++ guaranteed to have the L1TF mitigations in place the system is fully |
662 |
++ protected against L1TF and no further action is required. |
663 |
++ |
664 |
++ To avoid the overhead of the default L1D flushing on VMENTER the |
665 |
++ administrator can disable the flushing via the kernel command line and |
666 |
++ sysfs control files. See :ref:`mitigation_control_command_line` and |
667 |
++ :ref:`mitigation_control_kvm`. |
668 |
++ |
669 |
++ |
670 |
++3. Virtualization with untrusted guests |
671 |
++^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
672 |
++ |
673 |
++3.1. SMT not supported or disabled |
674 |
++"""""""""""""""""""""""""""""""""" |
675 |
++ |
676 |
++ If SMT is not supported by the processor or disabled in the BIOS or by |
677 |
++ the kernel, it's only required to enforce L1D flushing on VMENTER. |
678 |
++ |
679 |
++ Conditional L1D flushing is the default behaviour and can be tuned. See |
680 |
++ :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. |
681 |
++ |
682 |
++3.2. EPT not supported or disabled |
683 |
++"""""""""""""""""""""""""""""""""" |
684 |
++ |
685 |
++ If EPT is not supported by the processor or disabled in the hypervisor, |
686 |
++ the system is fully protected. SMT can stay enabled and L1D flushing on |
687 |
++ VMENTER is not required. |
688 |
++ |
689 |
++ EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. |
690 |
++ |
691 |
++3.3. SMT and EPT supported and active |
692 |
++""""""""""""""""""""""""""""""""""""" |
693 |
++ |
694 |
++ If SMT and EPT are supported and active then various degrees of |
695 |
++ mitigations can be employed: |
696 |
++ |
697 |
++ - L1D flushing on VMENTER: |
698 |
++ |
699 |
++ L1D flushing on VMENTER is the minimal protection requirement, but it |
700 |
++ is only potent in combination with other mitigation methods. |
701 |
++ |
702 |
++ Conditional L1D flushing is the default behaviour and can be tuned. See |
703 |
++ :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. |
704 |
++ |
705 |
++ - Guest confinement: |
706 |
++ |
707 |
++ Confinement of guests to a single or a group of physical cores which |
708 |
++ are not running any other processes, can reduce the attack surface |
709 |
++ significantly, but interrupts, soft interrupts and kernel threads can |
710 |
++ still expose valuable data to a potential attacker. See |
711 |
++ :ref:`guest_confinement`. |
712 |
++ |
713 |
++ - Interrupt isolation: |
714 |
++ |
715 |
++ Isolating the guest CPUs from interrupts can reduce the attack surface |
716 |
++ further, but still allows a malicious guest to explore a limited amount |
717 |
++ of host physical memory. This can at least be used to gain knowledge |
718 |
++ about the host address space layout. The interrupts which have a fixed |
719 |
++ affinity to the CPUs which run the untrusted guests can depending on |
720 |
++ the scenario still trigger soft interrupts and schedule kernel threads |
721 |
++ which might expose valuable information. See |
722 |
++ :ref:`interrupt_isolation`. |
723 |
++ |
724 |
++The above three mitigation methods combined can provide protection to a |
725 |
++certain degree, but the risk of the remaining attack surface has to be |
726 |
++carefully analyzed. For full protection the following methods are |
727 |
++available: |
728 |
++ |
729 |
++ - Disabling SMT: |
730 |
++ |
731 |
++ Disabling SMT and enforcing the L1D flushing provides the maximum |
732 |
++ amount of protection. This mitigation is not depending on any of the |
733 |
++ above mitigation methods. |
734 |
++ |
735 |
++ SMT control and L1D flushing can be tuned by the command line |
736 |
++ parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run |
737 |
++ time with the matching sysfs control files. See :ref:`smt_control`, |
738 |
++ :ref:`mitigation_control_command_line` and |
739 |
++ :ref:`mitigation_control_kvm`. |
740 |
++ |
741 |
++ - Disabling EPT: |
742 |
++ |
743 |
++ Disabling EPT provides the maximum amount of protection as well. It is |
744 |
++ not depending on any of the above mitigation methods. SMT can stay |
745 |
++ enabled and L1D flushing is not required, but the performance impact is |
746 |
++ significant. |
747 |
++ |
748 |
++ EPT can be disabled in the hypervisor via the 'kvm-intel.ept' |
749 |
++ parameter. |
750 |
++ |
751 |
++3.4. Nested virtual machines |
752 |
++"""""""""""""""""""""""""""" |
753 |
++ |
754 |
++When nested virtualization is in use, three operating systems are involved: |
755 |
++the bare metal hypervisor, the nested hypervisor and the nested virtual |
756 |
++machine. VMENTER operations from the nested hypervisor into the nested |
757 |
++guest will always be processed by the bare metal hypervisor. If KVM is the |
758 |
++bare metal hypervisor it wiil: |
759 |
++ |
760 |
++ - Flush the L1D cache on every switch from the nested hypervisor to the |
761 |
++ nested virtual machine, so that the nested hypervisor's secrets are not |
762 |
++ exposed to the nested virtual machine; |
763 |
++ |
764 |
++ - Flush the L1D cache on every switch from the nested virtual machine to |
765 |
++ the nested hypervisor; this is a complex operation, and flushing the L1D |
766 |
++ cache avoids that the bare metal hypervisor's secrets are exposed to the |
767 |
++ nested virtual machine; |
768 |
++ |
769 |
++ - Instruct the nested hypervisor to not perform any L1D cache flush. This |
770 |
++ is an optimization to avoid double L1D flushing. |
771 |
++ |
772 |
++ |
773 |
++.. _default_mitigations: |
774 |
++ |
775 |
++Default mitigations |
776 |
++------------------- |
777 |
++ |
778 |
++ The kernel default mitigations for vulnerable processors are: |
779 |
++ |
780 |
++ - PTE inversion to protect against malicious user space. This is done |
781 |
++ unconditionally and cannot be controlled. |
782 |
++ |
783 |
++ - L1D conditional flushing on VMENTER when EPT is enabled for |
784 |
++ a guest. |
785 |
++ |
786 |
++ The kernel does not by default enforce the disabling of SMT, which leaves |
787 |
++ SMT systems vulnerable when running untrusted guests with EPT enabled. |
788 |
++ |
789 |
++ The rationale for this choice is: |
790 |
++ |
791 |
++ - Force disabling SMT can break existing setups, especially with |
792 |
++ unattended updates. |
793 |
++ |
794 |
++ - If regular users run untrusted guests on their machine, then L1TF is |
795 |
++ just an add on to other malware which might be embedded in an untrusted |
796 |
++ guest, e.g. spam-bots or attacks on the local network. |
797 |
++ |
798 |
++ There is no technical way to prevent a user from running untrusted code |
799 |
++ on their machines blindly. |
800 |
++ |
801 |
++ - It's technically extremely unlikely and from today's knowledge even |
802 |
++ impossible that L1TF can be exploited via the most popular attack |
803 |
++ mechanisms like JavaScript because these mechanisms have no way to |
804 |
++ control PTEs. If this would be possible and not other mitigation would |
805 |
++ be possible, then the default might be different. |
806 |
++ |
807 |
++ - The administrators of cloud and hosting setups have to carefully |
808 |
++ analyze the risk for their scenarios and make the appropriate |
809 |
++ mitigation choices, which might even vary across their deployed |
810 |
++ machines and also result in other changes of their overall setup. |
811 |
++ There is no way for the kernel to provide a sensible default for this |
812 |
++ kind of scenarios. |
813 |
+diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt |
814 |
+index 88ad78c6f605..5d12166bd66b 100644 |
815 |
+--- a/Documentation/virtual/kvm/api.txt |
816 |
++++ b/Documentation/virtual/kvm/api.txt |
817 |
+@@ -123,14 +123,15 @@ memory layout to fit in user mode), check KVM_CAP_MIPS_VZ and use the |
818 |
+ flag KVM_VM_MIPS_VZ. |
819 |
+ |
820 |
+ |
821 |
+-4.3 KVM_GET_MSR_INDEX_LIST |
822 |
++4.3 KVM_GET_MSR_INDEX_LIST, KVM_GET_MSR_FEATURE_INDEX_LIST |
823 |
+ |
824 |
+-Capability: basic |
825 |
++Capability: basic, KVM_CAP_GET_MSR_FEATURES for KVM_GET_MSR_FEATURE_INDEX_LIST |
826 |
+ Architectures: x86 |
827 |
+-Type: system |
828 |
++Type: system ioctl |
829 |
+ Parameters: struct kvm_msr_list (in/out) |
830 |
+ Returns: 0 on success; -1 on error |
831 |
+ Errors: |
832 |
++ EFAULT: the msr index list cannot be read from or written to |
833 |
+ E2BIG: the msr index list is to be to fit in the array specified by |
834 |
+ the user. |
835 |
+ |
836 |
+@@ -139,16 +140,23 @@ struct kvm_msr_list { |
837 |
+ __u32 indices[0]; |
838 |
+ }; |
839 |
+ |
840 |
+-This ioctl returns the guest msrs that are supported. The list varies |
841 |
+-by kvm version and host processor, but does not change otherwise. The |
842 |
+-user fills in the size of the indices array in nmsrs, and in return |
843 |
+-kvm adjusts nmsrs to reflect the actual number of msrs and fills in |
844 |
+-the indices array with their numbers. |
845 |
++The user fills in the size of the indices array in nmsrs, and in return |
846 |
++kvm adjusts nmsrs to reflect the actual number of msrs and fills in the |
847 |
++indices array with their numbers. |
848 |
++ |
849 |
++KVM_GET_MSR_INDEX_LIST returns the guest msrs that are supported. The list |
850 |
++varies by kvm version and host processor, but does not change otherwise. |
851 |
+ |
852 |
+ Note: if kvm indicates supports MCE (KVM_CAP_MCE), then the MCE bank MSRs are |
853 |
+ not returned in the MSR list, as different vcpus can have a different number |
854 |
+ of banks, as set via the KVM_X86_SETUP_MCE ioctl. |
855 |
+ |
856 |
++KVM_GET_MSR_FEATURE_INDEX_LIST returns the list of MSRs that can be passed |
857 |
++to the KVM_GET_MSRS system ioctl. This lets userspace probe host capabilities |
858 |
++and processor features that are exposed via MSRs (e.g., VMX capabilities). |
859 |
++This list also varies by kvm version and host processor, but does not change |
860 |
++otherwise. |
861 |
++ |
862 |
+ |
863 |
+ 4.4 KVM_CHECK_EXTENSION |
864 |
+ |
865 |
+@@ -475,14 +483,22 @@ Support for this has been removed. Use KVM_SET_GUEST_DEBUG instead. |
866 |
+ |
867 |
+ 4.18 KVM_GET_MSRS |
868 |
+ |
869 |
+-Capability: basic |
870 |
++Capability: basic (vcpu), KVM_CAP_GET_MSR_FEATURES (system) |
871 |
+ Architectures: x86 |
872 |
+-Type: vcpu ioctl |
873 |
++Type: system ioctl, vcpu ioctl |
874 |
+ Parameters: struct kvm_msrs (in/out) |
875 |
+-Returns: 0 on success, -1 on error |
876 |
++Returns: number of msrs successfully returned; |
877 |
++ -1 on error |
878 |
++ |
879 |
++When used as a system ioctl: |
880 |
++Reads the values of MSR-based features that are available for the VM. This |
881 |
++is similar to KVM_GET_SUPPORTED_CPUID, but it returns MSR indices and values. |
882 |
++The list of msr-based features can be obtained using KVM_GET_MSR_FEATURE_INDEX_LIST |
883 |
++in a system ioctl. |
884 |
+ |
885 |
++When used as a vcpu ioctl: |
886 |
+ Reads model-specific registers from the vcpu. Supported msr indices can |
887 |
+-be obtained using KVM_GET_MSR_INDEX_LIST. |
888 |
++be obtained using KVM_GET_MSR_INDEX_LIST in a system ioctl. |
889 |
+ |
890 |
+ struct kvm_msrs { |
891 |
+ __u32 nmsrs; /* number of msrs in entries */ |
892 |
+diff --git a/Makefile b/Makefile |
893 |
+index d407ecfdee0b..f3bb9428b3dc 100644 |
894 |
+--- a/Makefile |
895 |
++++ b/Makefile |
896 |
+@@ -1,7 +1,7 @@ |
897 |
+ # SPDX-License-Identifier: GPL-2.0 |
898 |
+ VERSION = 4 |
899 |
+ PATCHLEVEL = 14 |
900 |
+-SUBLEVEL = 62 |
901 |
++SUBLEVEL = 63 |
902 |
+ EXTRAVERSION = |
903 |
+ NAME = Petit Gorille |
904 |
+ |
905 |
+diff --git a/arch/Kconfig b/arch/Kconfig |
906 |
+index 400b9e1b2f27..4e01862f58e4 100644 |
907 |
+--- a/arch/Kconfig |
908 |
++++ b/arch/Kconfig |
909 |
+@@ -13,6 +13,9 @@ config KEXEC_CORE |
910 |
+ config HAVE_IMA_KEXEC |
911 |
+ bool |
912 |
+ |
913 |
++config HOTPLUG_SMT |
914 |
++ bool |
915 |
++ |
916 |
+ config OPROFILE |
917 |
+ tristate "OProfile system profiling" |
918 |
+ depends on PROFILING |
919 |
+diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi |
920 |
+index 6c7eb54be9e2..d64438bfa68b 100644 |
921 |
+--- a/arch/arm/boot/dts/imx6sx.dtsi |
922 |
++++ b/arch/arm/boot/dts/imx6sx.dtsi |
923 |
+@@ -1305,7 +1305,7 @@ |
924 |
+ 0x82000000 0 0x08000000 0x08000000 0 0x00f00000>; |
925 |
+ bus-range = <0x00 0xff>; |
926 |
+ num-lanes = <1>; |
927 |
+- interrupts = <GIC_SPI 123 IRQ_TYPE_LEVEL_HIGH>; |
928 |
++ interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>; |
929 |
+ clocks = <&clks IMX6SX_CLK_PCIE_REF_125M>, |
930 |
+ <&clks IMX6SX_CLK_PCIE_AXI>, |
931 |
+ <&clks IMX6SX_CLK_LVDS1_OUT>, |
932 |
+diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig |
933 |
+index 1fd3eb5b66c6..89e684fd795f 100644 |
934 |
+--- a/arch/parisc/Kconfig |
935 |
++++ b/arch/parisc/Kconfig |
936 |
+@@ -201,7 +201,7 @@ config PREFETCH |
937 |
+ |
938 |
+ config MLONGCALLS |
939 |
+ bool "Enable the -mlong-calls compiler option for big kernels" |
940 |
+- def_bool y if (!MODULES) |
941 |
++ default y |
942 |
+ depends on PA8X00 |
943 |
+ help |
944 |
+ If you configure the kernel to include many drivers built-in instead |
945 |
+diff --git a/arch/parisc/include/asm/barrier.h b/arch/parisc/include/asm/barrier.h |
946 |
+new file mode 100644 |
947 |
+index 000000000000..dbaaca84f27f |
948 |
+--- /dev/null |
949 |
++++ b/arch/parisc/include/asm/barrier.h |
950 |
+@@ -0,0 +1,32 @@ |
951 |
++/* SPDX-License-Identifier: GPL-2.0 */ |
952 |
++#ifndef __ASM_BARRIER_H |
953 |
++#define __ASM_BARRIER_H |
954 |
++ |
955 |
++#ifndef __ASSEMBLY__ |
956 |
++ |
957 |
++/* The synchronize caches instruction executes as a nop on systems in |
958 |
++ which all memory references are performed in order. */ |
959 |
++#define synchronize_caches() __asm__ __volatile__ ("sync" : : : "memory") |
960 |
++ |
961 |
++#if defined(CONFIG_SMP) |
962 |
++#define mb() do { synchronize_caches(); } while (0) |
963 |
++#define rmb() mb() |
964 |
++#define wmb() mb() |
965 |
++#define dma_rmb() mb() |
966 |
++#define dma_wmb() mb() |
967 |
++#else |
968 |
++#define mb() barrier() |
969 |
++#define rmb() barrier() |
970 |
++#define wmb() barrier() |
971 |
++#define dma_rmb() barrier() |
972 |
++#define dma_wmb() barrier() |
973 |
++#endif |
974 |
++ |
975 |
++#define __smp_mb() mb() |
976 |
++#define __smp_rmb() mb() |
977 |
++#define __smp_wmb() mb() |
978 |
++ |
979 |
++#include <asm-generic/barrier.h> |
980 |
++ |
981 |
++#endif /* !__ASSEMBLY__ */ |
982 |
++#endif /* __ASM_BARRIER_H */ |
983 |
+diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S |
984 |
+index e95207c0565e..1b4732e20137 100644 |
985 |
+--- a/arch/parisc/kernel/entry.S |
986 |
++++ b/arch/parisc/kernel/entry.S |
987 |
+@@ -481,6 +481,8 @@ |
988 |
+ /* Release pa_tlb_lock lock without reloading lock address. */ |
989 |
+ .macro tlb_unlock0 spc,tmp |
990 |
+ #ifdef CONFIG_SMP |
991 |
++ or,COND(=) %r0,\spc,%r0 |
992 |
++ sync |
993 |
+ or,COND(=) %r0,\spc,%r0 |
994 |
+ stw \spc,0(\tmp) |
995 |
+ #endif |
996 |
+diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S |
997 |
+index 67b0f7532e83..3e163df49cf3 100644 |
998 |
+--- a/arch/parisc/kernel/pacache.S |
999 |
++++ b/arch/parisc/kernel/pacache.S |
1000 |
+@@ -354,6 +354,7 @@ ENDPROC_CFI(flush_data_cache_local) |
1001 |
+ .macro tlb_unlock la,flags,tmp |
1002 |
+ #ifdef CONFIG_SMP |
1003 |
+ ldi 1,\tmp |
1004 |
++ sync |
1005 |
+ stw \tmp,0(\la) |
1006 |
+ mtsm \flags |
1007 |
+ #endif |
1008 |
+diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S |
1009 |
+index e775f80ae28c..4886a6db42e9 100644 |
1010 |
+--- a/arch/parisc/kernel/syscall.S |
1011 |
++++ b/arch/parisc/kernel/syscall.S |
1012 |
+@@ -633,6 +633,7 @@ cas_action: |
1013 |
+ sub,<> %r28, %r25, %r0 |
1014 |
+ 2: stw,ma %r24, 0(%r26) |
1015 |
+ /* Free lock */ |
1016 |
++ sync |
1017 |
+ stw,ma %r20, 0(%sr2,%r20) |
1018 |
+ #if ENABLE_LWS_DEBUG |
1019 |
+ /* Clear thread register indicator */ |
1020 |
+@@ -647,6 +648,7 @@ cas_action: |
1021 |
+ 3: |
1022 |
+ /* Error occurred on load or store */ |
1023 |
+ /* Free lock */ |
1024 |
++ sync |
1025 |
+ stw %r20, 0(%sr2,%r20) |
1026 |
+ #if ENABLE_LWS_DEBUG |
1027 |
+ stw %r0, 4(%sr2,%r20) |
1028 |
+@@ -848,6 +850,7 @@ cas2_action: |
1029 |
+ |
1030 |
+ cas2_end: |
1031 |
+ /* Free lock */ |
1032 |
++ sync |
1033 |
+ stw,ma %r20, 0(%sr2,%r20) |
1034 |
+ /* Enable interrupts */ |
1035 |
+ ssm PSW_SM_I, %r0 |
1036 |
+@@ -858,6 +861,7 @@ cas2_end: |
1037 |
+ 22: |
1038 |
+ /* Error occurred on load or store */ |
1039 |
+ /* Free lock */ |
1040 |
++ sync |
1041 |
+ stw %r20, 0(%sr2,%r20) |
1042 |
+ ssm PSW_SM_I, %r0 |
1043 |
+ ldo 1(%r0),%r28 |
1044 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
1045 |
+index 7483cd514c32..1c63a4b5320d 100644 |
1046 |
+--- a/arch/x86/Kconfig |
1047 |
++++ b/arch/x86/Kconfig |
1048 |
+@@ -176,6 +176,7 @@ config X86 |
1049 |
+ select HAVE_SYSCALL_TRACEPOINTS |
1050 |
+ select HAVE_UNSTABLE_SCHED_CLOCK |
1051 |
+ select HAVE_USER_RETURN_NOTIFIER |
1052 |
++ select HOTPLUG_SMT if SMP |
1053 |
+ select IRQ_FORCED_THREADING |
1054 |
+ select PCI_LOCKLESS_CONFIG |
1055 |
+ select PERF_EVENTS |
1056 |
+diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h |
1057 |
+index 5f01671c68f2..a1ed92aae12a 100644 |
1058 |
+--- a/arch/x86/include/asm/apic.h |
1059 |
++++ b/arch/x86/include/asm/apic.h |
1060 |
+@@ -10,6 +10,7 @@ |
1061 |
+ #include <asm/fixmap.h> |
1062 |
+ #include <asm/mpspec.h> |
1063 |
+ #include <asm/msr.h> |
1064 |
++#include <asm/hardirq.h> |
1065 |
+ |
1066 |
+ #define ARCH_APICTIMER_STOPS_ON_C3 1 |
1067 |
+ |
1068 |
+@@ -613,12 +614,20 @@ extern int default_check_phys_apicid_present(int phys_apicid); |
1069 |
+ #endif |
1070 |
+ |
1071 |
+ #endif /* CONFIG_X86_LOCAL_APIC */ |
1072 |
++ |
1073 |
++#ifdef CONFIG_SMP |
1074 |
++bool apic_id_is_primary_thread(unsigned int id); |
1075 |
++#else |
1076 |
++static inline bool apic_id_is_primary_thread(unsigned int id) { return false; } |
1077 |
++#endif |
1078 |
++ |
1079 |
+ extern void irq_enter(void); |
1080 |
+ extern void irq_exit(void); |
1081 |
+ |
1082 |
+ static inline void entering_irq(void) |
1083 |
+ { |
1084 |
+ irq_enter(); |
1085 |
++ kvm_set_cpu_l1tf_flush_l1d(); |
1086 |
+ } |
1087 |
+ |
1088 |
+ static inline void entering_ack_irq(void) |
1089 |
+@@ -631,6 +640,7 @@ static inline void ipi_entering_ack_irq(void) |
1090 |
+ { |
1091 |
+ irq_enter(); |
1092 |
+ ack_APIC_irq(); |
1093 |
++ kvm_set_cpu_l1tf_flush_l1d(); |
1094 |
+ } |
1095 |
+ |
1096 |
+ static inline void exiting_irq(void) |
1097 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
1098 |
+index 403e97d5e243..8418462298e7 100644 |
1099 |
+--- a/arch/x86/include/asm/cpufeatures.h |
1100 |
++++ b/arch/x86/include/asm/cpufeatures.h |
1101 |
+@@ -219,6 +219,7 @@ |
1102 |
+ #define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */ |
1103 |
+ #define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */ |
1104 |
+ #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ |
1105 |
++#define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ |
1106 |
+ |
1107 |
+ /* Virtualization flags: Linux defined, word 8 */ |
1108 |
+ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ |
1109 |
+@@ -338,6 +339,7 @@ |
1110 |
+ #define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ |
1111 |
+ #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ |
1112 |
+ #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ |
1113 |
++#define X86_FEATURE_FLUSH_L1D (18*32+28) /* Flush L1D cache */ |
1114 |
+ #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ |
1115 |
+ #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */ |
1116 |
+ |
1117 |
+@@ -370,5 +372,6 @@ |
1118 |
+ #define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ |
1119 |
+ #define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ |
1120 |
+ #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */ |
1121 |
++#define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */ |
1122 |
+ |
1123 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
1124 |
+diff --git a/arch/x86/include/asm/dmi.h b/arch/x86/include/asm/dmi.h |
1125 |
+index 0ab2ab27ad1f..b825cb201251 100644 |
1126 |
+--- a/arch/x86/include/asm/dmi.h |
1127 |
++++ b/arch/x86/include/asm/dmi.h |
1128 |
+@@ -4,8 +4,8 @@ |
1129 |
+ |
1130 |
+ #include <linux/compiler.h> |
1131 |
+ #include <linux/init.h> |
1132 |
++#include <linux/io.h> |
1133 |
+ |
1134 |
+-#include <asm/io.h> |
1135 |
+ #include <asm/setup.h> |
1136 |
+ |
1137 |
+ static __always_inline __init void *dmi_alloc(unsigned len) |
1138 |
+diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h |
1139 |
+index 51cc979dd364..486c843273c4 100644 |
1140 |
+--- a/arch/x86/include/asm/hardirq.h |
1141 |
++++ b/arch/x86/include/asm/hardirq.h |
1142 |
+@@ -3,10 +3,12 @@ |
1143 |
+ #define _ASM_X86_HARDIRQ_H |
1144 |
+ |
1145 |
+ #include <linux/threads.h> |
1146 |
+-#include <linux/irq.h> |
1147 |
+ |
1148 |
+ typedef struct { |
1149 |
+- unsigned int __softirq_pending; |
1150 |
++ u16 __softirq_pending; |
1151 |
++#if IS_ENABLED(CONFIG_KVM_INTEL) |
1152 |
++ u8 kvm_cpu_l1tf_flush_l1d; |
1153 |
++#endif |
1154 |
+ unsigned int __nmi_count; /* arch dependent */ |
1155 |
+ #ifdef CONFIG_X86_LOCAL_APIC |
1156 |
+ unsigned int apic_timer_irqs; /* arch dependent */ |
1157 |
+@@ -62,4 +64,24 @@ extern u64 arch_irq_stat_cpu(unsigned int cpu); |
1158 |
+ extern u64 arch_irq_stat(void); |
1159 |
+ #define arch_irq_stat arch_irq_stat |
1160 |
+ |
1161 |
++ |
1162 |
++#if IS_ENABLED(CONFIG_KVM_INTEL) |
1163 |
++static inline void kvm_set_cpu_l1tf_flush_l1d(void) |
1164 |
++{ |
1165 |
++ __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); |
1166 |
++} |
1167 |
++ |
1168 |
++static inline void kvm_clear_cpu_l1tf_flush_l1d(void) |
1169 |
++{ |
1170 |
++ __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 0); |
1171 |
++} |
1172 |
++ |
1173 |
++static inline bool kvm_get_cpu_l1tf_flush_l1d(void) |
1174 |
++{ |
1175 |
++ return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); |
1176 |
++} |
1177 |
++#else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ |
1178 |
++static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } |
1179 |
++#endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ |
1180 |
++ |
1181 |
+ #endif /* _ASM_X86_HARDIRQ_H */ |
1182 |
+diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h |
1183 |
+index c4fc17220df9..c14f2a74b2be 100644 |
1184 |
+--- a/arch/x86/include/asm/irqflags.h |
1185 |
++++ b/arch/x86/include/asm/irqflags.h |
1186 |
+@@ -13,6 +13,8 @@ |
1187 |
+ * Interrupt control: |
1188 |
+ */ |
1189 |
+ |
1190 |
++/* Declaration required for gcc < 4.9 to prevent -Werror=missing-prototypes */ |
1191 |
++extern inline unsigned long native_save_fl(void); |
1192 |
+ extern inline unsigned long native_save_fl(void) |
1193 |
+ { |
1194 |
+ unsigned long flags; |
1195 |
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
1196 |
+index 174b9c41efce..4015b88383ce 100644 |
1197 |
+--- a/arch/x86/include/asm/kvm_host.h |
1198 |
++++ b/arch/x86/include/asm/kvm_host.h |
1199 |
+@@ -17,6 +17,7 @@ |
1200 |
+ #include <linux/tracepoint.h> |
1201 |
+ #include <linux/cpumask.h> |
1202 |
+ #include <linux/irq_work.h> |
1203 |
++#include <linux/irq.h> |
1204 |
+ |
1205 |
+ #include <linux/kvm.h> |
1206 |
+ #include <linux/kvm_para.h> |
1207 |
+@@ -506,6 +507,7 @@ struct kvm_vcpu_arch { |
1208 |
+ u64 smbase; |
1209 |
+ bool tpr_access_reporting; |
1210 |
+ u64 ia32_xss; |
1211 |
++ u64 microcode_version; |
1212 |
+ |
1213 |
+ /* |
1214 |
+ * Paging state of the vcpu |
1215 |
+@@ -693,6 +695,9 @@ struct kvm_vcpu_arch { |
1216 |
+ |
1217 |
+ /* be preempted when it's in kernel-mode(cpl=0) */ |
1218 |
+ bool preempted_in_kernel; |
1219 |
++ |
1220 |
++ /* Flush the L1 Data cache for L1TF mitigation on VMENTER */ |
1221 |
++ bool l1tf_flush_l1d; |
1222 |
+ }; |
1223 |
+ |
1224 |
+ struct kvm_lpage_info { |
1225 |
+@@ -862,6 +867,7 @@ struct kvm_vcpu_stat { |
1226 |
+ u64 signal_exits; |
1227 |
+ u64 irq_window_exits; |
1228 |
+ u64 nmi_window_exits; |
1229 |
++ u64 l1d_flush; |
1230 |
+ u64 halt_exits; |
1231 |
+ u64 halt_successful_poll; |
1232 |
+ u64 halt_attempted_poll; |
1233 |
+@@ -1061,6 +1067,8 @@ struct kvm_x86_ops { |
1234 |
+ void (*cancel_hv_timer)(struct kvm_vcpu *vcpu); |
1235 |
+ |
1236 |
+ void (*setup_mce)(struct kvm_vcpu *vcpu); |
1237 |
++ |
1238 |
++ int (*get_msr_feature)(struct kvm_msr_entry *entry); |
1239 |
+ }; |
1240 |
+ |
1241 |
+ struct kvm_arch_async_pf { |
1242 |
+@@ -1366,6 +1374,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v); |
1243 |
+ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event); |
1244 |
+ void kvm_vcpu_reload_apic_access_page(struct kvm_vcpu *vcpu); |
1245 |
+ |
1246 |
++u64 kvm_get_arch_capabilities(void); |
1247 |
+ void kvm_define_shared_msr(unsigned index, u32 msr); |
1248 |
+ int kvm_set_shared_msr(unsigned index, u64 val, u64 mask); |
1249 |
+ |
1250 |
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
1251 |
+index 504b21692d32..ef7eec669a1b 100644 |
1252 |
+--- a/arch/x86/include/asm/msr-index.h |
1253 |
++++ b/arch/x86/include/asm/msr-index.h |
1254 |
+@@ -70,12 +70,19 @@ |
1255 |
+ #define MSR_IA32_ARCH_CAPABILITIES 0x0000010a |
1256 |
+ #define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */ |
1257 |
+ #define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */ |
1258 |
++#define ARCH_CAP_SKIP_VMENTRY_L1DFLUSH (1 << 3) /* Skip L1D flush on vmentry */ |
1259 |
+ #define ARCH_CAP_SSB_NO (1 << 4) /* |
1260 |
+ * Not susceptible to Speculative Store Bypass |
1261 |
+ * attack, so no Speculative Store Bypass |
1262 |
+ * control required. |
1263 |
+ */ |
1264 |
+ |
1265 |
++#define MSR_IA32_FLUSH_CMD 0x0000010b |
1266 |
++#define L1D_FLUSH (1 << 0) /* |
1267 |
++ * Writeback and invalidate the |
1268 |
++ * L1 data cache. |
1269 |
++ */ |
1270 |
++ |
1271 |
+ #define MSR_IA32_BBL_CR_CTL 0x00000119 |
1272 |
+ #define MSR_IA32_BBL_CR_CTL3 0x0000011e |
1273 |
+ |
1274 |
+diff --git a/arch/x86/include/asm/page_32_types.h b/arch/x86/include/asm/page_32_types.h |
1275 |
+index aa30c3241ea7..0d5c739eebd7 100644 |
1276 |
+--- a/arch/x86/include/asm/page_32_types.h |
1277 |
++++ b/arch/x86/include/asm/page_32_types.h |
1278 |
+@@ -29,8 +29,13 @@ |
1279 |
+ #define N_EXCEPTION_STACKS 1 |
1280 |
+ |
1281 |
+ #ifdef CONFIG_X86_PAE |
1282 |
+-/* 44=32+12, the limit we can fit into an unsigned long pfn */ |
1283 |
+-#define __PHYSICAL_MASK_SHIFT 44 |
1284 |
++/* |
1285 |
++ * This is beyond the 44 bit limit imposed by the 32bit long pfns, |
1286 |
++ * but we need the full mask to make sure inverted PROT_NONE |
1287 |
++ * entries have all the host bits set in a guest. |
1288 |
++ * The real limit is still 44 bits. |
1289 |
++ */ |
1290 |
++#define __PHYSICAL_MASK_SHIFT 52 |
1291 |
+ #define __VIRTUAL_MASK_SHIFT 32 |
1292 |
+ |
1293 |
+ #else /* !CONFIG_X86_PAE */ |
1294 |
+diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h |
1295 |
+index 685ffe8a0eaf..60d0f9015317 100644 |
1296 |
+--- a/arch/x86/include/asm/pgtable-2level.h |
1297 |
++++ b/arch/x86/include/asm/pgtable-2level.h |
1298 |
+@@ -95,4 +95,21 @@ static inline unsigned long pte_bitop(unsigned long value, unsigned int rightshi |
1299 |
+ #define __pte_to_swp_entry(pte) ((swp_entry_t) { (pte).pte_low }) |
1300 |
+ #define __swp_entry_to_pte(x) ((pte_t) { .pte = (x).val }) |
1301 |
+ |
1302 |
++/* No inverted PFNs on 2 level page tables */ |
1303 |
++ |
1304 |
++static inline u64 protnone_mask(u64 val) |
1305 |
++{ |
1306 |
++ return 0; |
1307 |
++} |
1308 |
++ |
1309 |
++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask) |
1310 |
++{ |
1311 |
++ return val; |
1312 |
++} |
1313 |
++ |
1314 |
++static inline bool __pte_needs_invert(u64 val) |
1315 |
++{ |
1316 |
++ return false; |
1317 |
++} |
1318 |
++ |
1319 |
+ #endif /* _ASM_X86_PGTABLE_2LEVEL_H */ |
1320 |
+diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h |
1321 |
+index bc4af5453802..9dc19b4a2a87 100644 |
1322 |
+--- a/arch/x86/include/asm/pgtable-3level.h |
1323 |
++++ b/arch/x86/include/asm/pgtable-3level.h |
1324 |
+@@ -206,12 +206,43 @@ static inline pud_t native_pudp_get_and_clear(pud_t *pudp) |
1325 |
+ #endif |
1326 |
+ |
1327 |
+ /* Encode and de-code a swap entry */ |
1328 |
++#define SWP_TYPE_BITS 5 |
1329 |
++ |
1330 |
++#define SWP_OFFSET_FIRST_BIT (_PAGE_BIT_PROTNONE + 1) |
1331 |
++ |
1332 |
++/* We always extract/encode the offset by shifting it all the way up, and then down again */ |
1333 |
++#define SWP_OFFSET_SHIFT (SWP_OFFSET_FIRST_BIT + SWP_TYPE_BITS) |
1334 |
++ |
1335 |
+ #define MAX_SWAPFILES_CHECK() BUILD_BUG_ON(MAX_SWAPFILES_SHIFT > 5) |
1336 |
+ #define __swp_type(x) (((x).val) & 0x1f) |
1337 |
+ #define __swp_offset(x) ((x).val >> 5) |
1338 |
+ #define __swp_entry(type, offset) ((swp_entry_t){(type) | (offset) << 5}) |
1339 |
+-#define __pte_to_swp_entry(pte) ((swp_entry_t){ (pte).pte_high }) |
1340 |
+-#define __swp_entry_to_pte(x) ((pte_t){ { .pte_high = (x).val } }) |
1341 |
++ |
1342 |
++/* |
1343 |
++ * Normally, __swp_entry() converts from arch-independent swp_entry_t to |
1344 |
++ * arch-dependent swp_entry_t, and __swp_entry_to_pte() just stores the result |
1345 |
++ * to pte. But here we have 32bit swp_entry_t and 64bit pte, and need to use the |
1346 |
++ * whole 64 bits. Thus, we shift the "real" arch-dependent conversion to |
1347 |
++ * __swp_entry_to_pte() through the following helper macro based on 64bit |
1348 |
++ * __swp_entry(). |
1349 |
++ */ |
1350 |
++#define __swp_pteval_entry(type, offset) ((pteval_t) { \ |
1351 |
++ (~(pteval_t)(offset) << SWP_OFFSET_SHIFT >> SWP_TYPE_BITS) \ |
1352 |
++ | ((pteval_t)(type) << (64 - SWP_TYPE_BITS)) }) |
1353 |
++ |
1354 |
++#define __swp_entry_to_pte(x) ((pte_t){ .pte = \ |
1355 |
++ __swp_pteval_entry(__swp_type(x), __swp_offset(x)) }) |
1356 |
++/* |
1357 |
++ * Analogically, __pte_to_swp_entry() doesn't just extract the arch-dependent |
1358 |
++ * swp_entry_t, but also has to convert it from 64bit to the 32bit |
1359 |
++ * intermediate representation, using the following macros based on 64bit |
1360 |
++ * __swp_type() and __swp_offset(). |
1361 |
++ */ |
1362 |
++#define __pteval_swp_type(x) ((unsigned long)((x).pte >> (64 - SWP_TYPE_BITS))) |
1363 |
++#define __pteval_swp_offset(x) ((unsigned long)(~((x).pte) << SWP_TYPE_BITS >> SWP_OFFSET_SHIFT)) |
1364 |
++ |
1365 |
++#define __pte_to_swp_entry(pte) (__swp_entry(__pteval_swp_type(pte), \ |
1366 |
++ __pteval_swp_offset(pte))) |
1367 |
+ |
1368 |
+ #define gup_get_pte gup_get_pte |
1369 |
+ /* |
1370 |
+@@ -260,4 +291,6 @@ static inline pte_t gup_get_pte(pte_t *ptep) |
1371 |
+ return pte; |
1372 |
+ } |
1373 |
+ |
1374 |
++#include <asm/pgtable-invert.h> |
1375 |
++ |
1376 |
+ #endif /* _ASM_X86_PGTABLE_3LEVEL_H */ |
1377 |
+diff --git a/arch/x86/include/asm/pgtable-invert.h b/arch/x86/include/asm/pgtable-invert.h |
1378 |
+new file mode 100644 |
1379 |
+index 000000000000..44b1203ece12 |
1380 |
+--- /dev/null |
1381 |
++++ b/arch/x86/include/asm/pgtable-invert.h |
1382 |
+@@ -0,0 +1,32 @@ |
1383 |
++/* SPDX-License-Identifier: GPL-2.0 */ |
1384 |
++#ifndef _ASM_PGTABLE_INVERT_H |
1385 |
++#define _ASM_PGTABLE_INVERT_H 1 |
1386 |
++ |
1387 |
++#ifndef __ASSEMBLY__ |
1388 |
++ |
1389 |
++static inline bool __pte_needs_invert(u64 val) |
1390 |
++{ |
1391 |
++ return !(val & _PAGE_PRESENT); |
1392 |
++} |
1393 |
++ |
1394 |
++/* Get a mask to xor with the page table entry to get the correct pfn. */ |
1395 |
++static inline u64 protnone_mask(u64 val) |
1396 |
++{ |
1397 |
++ return __pte_needs_invert(val) ? ~0ull : 0; |
1398 |
++} |
1399 |
++ |
1400 |
++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask) |
1401 |
++{ |
1402 |
++ /* |
1403 |
++ * When a PTE transitions from NONE to !NONE or vice-versa |
1404 |
++ * invert the PFN part to stop speculation. |
1405 |
++ * pte_pfn undoes this when needed. |
1406 |
++ */ |
1407 |
++ if (__pte_needs_invert(oldval) != __pte_needs_invert(val)) |
1408 |
++ val = (val & ~mask) | (~val & mask); |
1409 |
++ return val; |
1410 |
++} |
1411 |
++ |
1412 |
++#endif /* __ASSEMBLY__ */ |
1413 |
++ |
1414 |
++#endif |
1415 |
+diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h |
1416 |
+index 5c790e93657d..6a4b1a54ff47 100644 |
1417 |
+--- a/arch/x86/include/asm/pgtable.h |
1418 |
++++ b/arch/x86/include/asm/pgtable.h |
1419 |
+@@ -185,19 +185,29 @@ static inline int pte_special(pte_t pte) |
1420 |
+ return pte_flags(pte) & _PAGE_SPECIAL; |
1421 |
+ } |
1422 |
+ |
1423 |
++/* Entries that were set to PROT_NONE are inverted */ |
1424 |
++ |
1425 |
++static inline u64 protnone_mask(u64 val); |
1426 |
++ |
1427 |
+ static inline unsigned long pte_pfn(pte_t pte) |
1428 |
+ { |
1429 |
+- return (pte_val(pte) & PTE_PFN_MASK) >> PAGE_SHIFT; |
1430 |
++ phys_addr_t pfn = pte_val(pte); |
1431 |
++ pfn ^= protnone_mask(pfn); |
1432 |
++ return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT; |
1433 |
+ } |
1434 |
+ |
1435 |
+ static inline unsigned long pmd_pfn(pmd_t pmd) |
1436 |
+ { |
1437 |
+- return (pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT; |
1438 |
++ phys_addr_t pfn = pmd_val(pmd); |
1439 |
++ pfn ^= protnone_mask(pfn); |
1440 |
++ return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT; |
1441 |
+ } |
1442 |
+ |
1443 |
+ static inline unsigned long pud_pfn(pud_t pud) |
1444 |
+ { |
1445 |
+- return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT; |
1446 |
++ phys_addr_t pfn = pud_val(pud); |
1447 |
++ pfn ^= protnone_mask(pfn); |
1448 |
++ return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT; |
1449 |
+ } |
1450 |
+ |
1451 |
+ static inline unsigned long p4d_pfn(p4d_t p4d) |
1452 |
+@@ -400,11 +410,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd) |
1453 |
+ return pmd_set_flags(pmd, _PAGE_RW); |
1454 |
+ } |
1455 |
+ |
1456 |
+-static inline pmd_t pmd_mknotpresent(pmd_t pmd) |
1457 |
+-{ |
1458 |
+- return pmd_clear_flags(pmd, _PAGE_PRESENT | _PAGE_PROTNONE); |
1459 |
+-} |
1460 |
+- |
1461 |
+ static inline pud_t pud_set_flags(pud_t pud, pudval_t set) |
1462 |
+ { |
1463 |
+ pudval_t v = native_pud_val(pud); |
1464 |
+@@ -459,11 +464,6 @@ static inline pud_t pud_mkwrite(pud_t pud) |
1465 |
+ return pud_set_flags(pud, _PAGE_RW); |
1466 |
+ } |
1467 |
+ |
1468 |
+-static inline pud_t pud_mknotpresent(pud_t pud) |
1469 |
+-{ |
1470 |
+- return pud_clear_flags(pud, _PAGE_PRESENT | _PAGE_PROTNONE); |
1471 |
+-} |
1472 |
+- |
1473 |
+ #ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY |
1474 |
+ static inline int pte_soft_dirty(pte_t pte) |
1475 |
+ { |
1476 |
+@@ -528,25 +528,45 @@ static inline pgprotval_t massage_pgprot(pgprot_t pgprot) |
1477 |
+ |
1478 |
+ static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot) |
1479 |
+ { |
1480 |
+- return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) | |
1481 |
+- massage_pgprot(pgprot)); |
1482 |
++ phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT; |
1483 |
++ pfn ^= protnone_mask(pgprot_val(pgprot)); |
1484 |
++ pfn &= PTE_PFN_MASK; |
1485 |
++ return __pte(pfn | massage_pgprot(pgprot)); |
1486 |
+ } |
1487 |
+ |
1488 |
+ static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) |
1489 |
+ { |
1490 |
+- return __pmd(((phys_addr_t)page_nr << PAGE_SHIFT) | |
1491 |
+- massage_pgprot(pgprot)); |
1492 |
++ phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT; |
1493 |
++ pfn ^= protnone_mask(pgprot_val(pgprot)); |
1494 |
++ pfn &= PHYSICAL_PMD_PAGE_MASK; |
1495 |
++ return __pmd(pfn | massage_pgprot(pgprot)); |
1496 |
+ } |
1497 |
+ |
1498 |
+ static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot) |
1499 |
+ { |
1500 |
+- return __pud(((phys_addr_t)page_nr << PAGE_SHIFT) | |
1501 |
+- massage_pgprot(pgprot)); |
1502 |
++ phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT; |
1503 |
++ pfn ^= protnone_mask(pgprot_val(pgprot)); |
1504 |
++ pfn &= PHYSICAL_PUD_PAGE_MASK; |
1505 |
++ return __pud(pfn | massage_pgprot(pgprot)); |
1506 |
+ } |
1507 |
+ |
1508 |
++static inline pmd_t pmd_mknotpresent(pmd_t pmd) |
1509 |
++{ |
1510 |
++ return pfn_pmd(pmd_pfn(pmd), |
1511 |
++ __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); |
1512 |
++} |
1513 |
++ |
1514 |
++static inline pud_t pud_mknotpresent(pud_t pud) |
1515 |
++{ |
1516 |
++ return pfn_pud(pud_pfn(pud), |
1517 |
++ __pgprot(pud_flags(pud) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); |
1518 |
++} |
1519 |
++ |
1520 |
++static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask); |
1521 |
++ |
1522 |
+ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) |
1523 |
+ { |
1524 |
+- pteval_t val = pte_val(pte); |
1525 |
++ pteval_t val = pte_val(pte), oldval = val; |
1526 |
+ |
1527 |
+ /* |
1528 |
+ * Chop off the NX bit (if present), and add the NX portion of |
1529 |
+@@ -554,17 +574,17 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) |
1530 |
+ */ |
1531 |
+ val &= _PAGE_CHG_MASK; |
1532 |
+ val |= massage_pgprot(newprot) & ~_PAGE_CHG_MASK; |
1533 |
+- |
1534 |
++ val = flip_protnone_guard(oldval, val, PTE_PFN_MASK); |
1535 |
+ return __pte(val); |
1536 |
+ } |
1537 |
+ |
1538 |
+ static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot) |
1539 |
+ { |
1540 |
+- pmdval_t val = pmd_val(pmd); |
1541 |
++ pmdval_t val = pmd_val(pmd), oldval = val; |
1542 |
+ |
1543 |
+ val &= _HPAGE_CHG_MASK; |
1544 |
+ val |= massage_pgprot(newprot) & ~_HPAGE_CHG_MASK; |
1545 |
+- |
1546 |
++ val = flip_protnone_guard(oldval, val, PHYSICAL_PMD_PAGE_MASK); |
1547 |
+ return __pmd(val); |
1548 |
+ } |
1549 |
+ |
1550 |
+@@ -1274,6 +1294,14 @@ static inline bool pud_access_permitted(pud_t pud, bool write) |
1551 |
+ return __pte_access_permitted(pud_val(pud), write); |
1552 |
+ } |
1553 |
+ |
1554 |
++#define __HAVE_ARCH_PFN_MODIFY_ALLOWED 1 |
1555 |
++extern bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot); |
1556 |
++ |
1557 |
++static inline bool arch_has_pfn_modify_check(void) |
1558 |
++{ |
1559 |
++ return boot_cpu_has_bug(X86_BUG_L1TF); |
1560 |
++} |
1561 |
++ |
1562 |
+ #include <asm-generic/pgtable.h> |
1563 |
+ #endif /* __ASSEMBLY__ */ |
1564 |
+ |
1565 |
+diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h |
1566 |
+index 1149d2112b2e..4ecb72831938 100644 |
1567 |
+--- a/arch/x86/include/asm/pgtable_64.h |
1568 |
++++ b/arch/x86/include/asm/pgtable_64.h |
1569 |
+@@ -276,7 +276,7 @@ static inline int pgd_large(pgd_t pgd) { return 0; } |
1570 |
+ * |
1571 |
+ * | ... | 11| 10| 9|8|7|6|5| 4| 3|2| 1|0| <- bit number |
1572 |
+ * | ... |SW3|SW2|SW1|G|L|D|A|CD|WT|U| W|P| <- bit names |
1573 |
+- * | OFFSET (14->63) | TYPE (9-13) |0|0|X|X| X| X|X|SD|0| <- swp entry |
1574 |
++ * | TYPE (59-63) | ~OFFSET (9-58) |0|0|X|X| X| X|X|SD|0| <- swp entry |
1575 |
+ * |
1576 |
+ * G (8) is aliased and used as a PROT_NONE indicator for |
1577 |
+ * !present ptes. We need to start storing swap entries above |
1578 |
+@@ -289,20 +289,34 @@ static inline int pgd_large(pgd_t pgd) { return 0; } |
1579 |
+ * |
1580 |
+ * Bit 7 in swp entry should be 0 because pmd_present checks not only P, |
1581 |
+ * but also L and G. |
1582 |
++ * |
1583 |
++ * The offset is inverted by a binary not operation to make the high |
1584 |
++ * physical bits set. |
1585 |
+ */ |
1586 |
+-#define SWP_TYPE_FIRST_BIT (_PAGE_BIT_PROTNONE + 1) |
1587 |
+-#define SWP_TYPE_BITS 5 |
1588 |
+-/* Place the offset above the type: */ |
1589 |
+-#define SWP_OFFSET_FIRST_BIT (SWP_TYPE_FIRST_BIT + SWP_TYPE_BITS) |
1590 |
++#define SWP_TYPE_BITS 5 |
1591 |
++ |
1592 |
++#define SWP_OFFSET_FIRST_BIT (_PAGE_BIT_PROTNONE + 1) |
1593 |
++ |
1594 |
++/* We always extract/encode the offset by shifting it all the way up, and then down again */ |
1595 |
++#define SWP_OFFSET_SHIFT (SWP_OFFSET_FIRST_BIT+SWP_TYPE_BITS) |
1596 |
+ |
1597 |
+ #define MAX_SWAPFILES_CHECK() BUILD_BUG_ON(MAX_SWAPFILES_SHIFT > SWP_TYPE_BITS) |
1598 |
+ |
1599 |
+-#define __swp_type(x) (((x).val >> (SWP_TYPE_FIRST_BIT)) \ |
1600 |
+- & ((1U << SWP_TYPE_BITS) - 1)) |
1601 |
+-#define __swp_offset(x) ((x).val >> SWP_OFFSET_FIRST_BIT) |
1602 |
+-#define __swp_entry(type, offset) ((swp_entry_t) { \ |
1603 |
+- ((type) << (SWP_TYPE_FIRST_BIT)) \ |
1604 |
+- | ((offset) << SWP_OFFSET_FIRST_BIT) }) |
1605 |
++/* Extract the high bits for type */ |
1606 |
++#define __swp_type(x) ((x).val >> (64 - SWP_TYPE_BITS)) |
1607 |
++ |
1608 |
++/* Shift up (to get rid of type), then down to get value */ |
1609 |
++#define __swp_offset(x) (~(x).val << SWP_TYPE_BITS >> SWP_OFFSET_SHIFT) |
1610 |
++ |
1611 |
++/* |
1612 |
++ * Shift the offset up "too far" by TYPE bits, then down again |
1613 |
++ * The offset is inverted by a binary not operation to make the high |
1614 |
++ * physical bits set. |
1615 |
++ */ |
1616 |
++#define __swp_entry(type, offset) ((swp_entry_t) { \ |
1617 |
++ (~(unsigned long)(offset) << SWP_OFFSET_SHIFT >> SWP_TYPE_BITS) \ |
1618 |
++ | ((unsigned long)(type) << (64-SWP_TYPE_BITS)) }) |
1619 |
++ |
1620 |
+ #define __pte_to_swp_entry(pte) ((swp_entry_t) { pte_val((pte)) }) |
1621 |
+ #define __pmd_to_swp_entry(pmd) ((swp_entry_t) { pmd_val((pmd)) }) |
1622 |
+ #define __swp_entry_to_pte(x) ((pte_t) { .pte = (x).val }) |
1623 |
+@@ -346,5 +360,7 @@ static inline bool gup_fast_permitted(unsigned long start, int nr_pages, |
1624 |
+ return true; |
1625 |
+ } |
1626 |
+ |
1627 |
++#include <asm/pgtable-invert.h> |
1628 |
++ |
1629 |
+ #endif /* !__ASSEMBLY__ */ |
1630 |
+ #endif /* _ASM_X86_PGTABLE_64_H */ |
1631 |
+diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h |
1632 |
+index 3222c7746cb1..0e856c0628b3 100644 |
1633 |
+--- a/arch/x86/include/asm/processor.h |
1634 |
++++ b/arch/x86/include/asm/processor.h |
1635 |
+@@ -180,6 +180,11 @@ extern const struct seq_operations cpuinfo_op; |
1636 |
+ |
1637 |
+ extern void cpu_detect(struct cpuinfo_x86 *c); |
1638 |
+ |
1639 |
++static inline unsigned long l1tf_pfn_limit(void) |
1640 |
++{ |
1641 |
++ return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; |
1642 |
++} |
1643 |
++ |
1644 |
+ extern void early_cpu_init(void); |
1645 |
+ extern void identify_boot_cpu(void); |
1646 |
+ extern void identify_secondary_cpu(struct cpuinfo_x86 *); |
1647 |
+@@ -969,4 +974,16 @@ bool xen_set_default_idle(void); |
1648 |
+ void stop_this_cpu(void *dummy); |
1649 |
+ void df_debug(struct pt_regs *regs, long error_code); |
1650 |
+ void microcode_check(void); |
1651 |
++ |
1652 |
++enum l1tf_mitigations { |
1653 |
++ L1TF_MITIGATION_OFF, |
1654 |
++ L1TF_MITIGATION_FLUSH_NOWARN, |
1655 |
++ L1TF_MITIGATION_FLUSH, |
1656 |
++ L1TF_MITIGATION_FLUSH_NOSMT, |
1657 |
++ L1TF_MITIGATION_FULL, |
1658 |
++ L1TF_MITIGATION_FULL_FORCE |
1659 |
++}; |
1660 |
++ |
1661 |
++extern enum l1tf_mitigations l1tf_mitigation; |
1662 |
++ |
1663 |
+ #endif /* _ASM_X86_PROCESSOR_H */ |
1664 |
+diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h |
1665 |
+index 461f53d27708..fe2ee61880a8 100644 |
1666 |
+--- a/arch/x86/include/asm/smp.h |
1667 |
++++ b/arch/x86/include/asm/smp.h |
1668 |
+@@ -170,7 +170,6 @@ static inline int wbinvd_on_all_cpus(void) |
1669 |
+ wbinvd(); |
1670 |
+ return 0; |
1671 |
+ } |
1672 |
+-#define smp_num_siblings 1 |
1673 |
+ #endif /* CONFIG_SMP */ |
1674 |
+ |
1675 |
+ extern unsigned disabled_cpus; |
1676 |
+diff --git a/arch/x86/include/asm/topology.h b/arch/x86/include/asm/topology.h |
1677 |
+index c1d2a9892352..453cf38a1c33 100644 |
1678 |
+--- a/arch/x86/include/asm/topology.h |
1679 |
++++ b/arch/x86/include/asm/topology.h |
1680 |
+@@ -123,13 +123,17 @@ static inline int topology_max_smt_threads(void) |
1681 |
+ } |
1682 |
+ |
1683 |
+ int topology_update_package_map(unsigned int apicid, unsigned int cpu); |
1684 |
+-extern int topology_phys_to_logical_pkg(unsigned int pkg); |
1685 |
++int topology_phys_to_logical_pkg(unsigned int pkg); |
1686 |
++bool topology_is_primary_thread(unsigned int cpu); |
1687 |
++bool topology_smt_supported(void); |
1688 |
+ #else |
1689 |
+ #define topology_max_packages() (1) |
1690 |
+ static inline int |
1691 |
+ topology_update_package_map(unsigned int apicid, unsigned int cpu) { return 0; } |
1692 |
+ static inline int topology_phys_to_logical_pkg(unsigned int pkg) { return 0; } |
1693 |
+ static inline int topology_max_smt_threads(void) { return 1; } |
1694 |
++static inline bool topology_is_primary_thread(unsigned int cpu) { return true; } |
1695 |
++static inline bool topology_smt_supported(void) { return false; } |
1696 |
+ #endif |
1697 |
+ |
1698 |
+ static inline void arch_fix_phys_package_id(int num, u32 slot) |
1699 |
+diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h |
1700 |
+index 7c300299e12e..08c14aec26ac 100644 |
1701 |
+--- a/arch/x86/include/asm/vmx.h |
1702 |
++++ b/arch/x86/include/asm/vmx.h |
1703 |
+@@ -571,4 +571,15 @@ enum vm_instruction_error_number { |
1704 |
+ VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID = 28, |
1705 |
+ }; |
1706 |
+ |
1707 |
++enum vmx_l1d_flush_state { |
1708 |
++ VMENTER_L1D_FLUSH_AUTO, |
1709 |
++ VMENTER_L1D_FLUSH_NEVER, |
1710 |
++ VMENTER_L1D_FLUSH_COND, |
1711 |
++ VMENTER_L1D_FLUSH_ALWAYS, |
1712 |
++ VMENTER_L1D_FLUSH_EPT_DISABLED, |
1713 |
++ VMENTER_L1D_FLUSH_NOT_REQUIRED, |
1714 |
++}; |
1715 |
++ |
1716 |
++extern enum vmx_l1d_flush_state l1tf_vmx_mitigation; |
1717 |
++ |
1718 |
+ #endif |
1719 |
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
1720 |
+index f48a51335538..2e64178f284d 100644 |
1721 |
+--- a/arch/x86/kernel/apic/apic.c |
1722 |
++++ b/arch/x86/kernel/apic/apic.c |
1723 |
+@@ -34,6 +34,7 @@ |
1724 |
+ #include <linux/dmi.h> |
1725 |
+ #include <linux/smp.h> |
1726 |
+ #include <linux/mm.h> |
1727 |
++#include <linux/irq.h> |
1728 |
+ |
1729 |
+ #include <asm/trace/irq_vectors.h> |
1730 |
+ #include <asm/irq_remapping.h> |
1731 |
+@@ -56,6 +57,7 @@ |
1732 |
+ #include <asm/hypervisor.h> |
1733 |
+ #include <asm/cpu_device_id.h> |
1734 |
+ #include <asm/intel-family.h> |
1735 |
++#include <asm/irq_regs.h> |
1736 |
+ |
1737 |
+ unsigned int num_processors; |
1738 |
+ |
1739 |
+@@ -2092,6 +2094,23 @@ static int cpuid_to_apicid[] = { |
1740 |
+ [0 ... NR_CPUS - 1] = -1, |
1741 |
+ }; |
1742 |
+ |
1743 |
++#ifdef CONFIG_SMP |
1744 |
++/** |
1745 |
++ * apic_id_is_primary_thread - Check whether APIC ID belongs to a primary thread |
1746 |
++ * @id: APIC ID to check |
1747 |
++ */ |
1748 |
++bool apic_id_is_primary_thread(unsigned int apicid) |
1749 |
++{ |
1750 |
++ u32 mask; |
1751 |
++ |
1752 |
++ if (smp_num_siblings == 1) |
1753 |
++ return true; |
1754 |
++ /* Isolate the SMT bit(s) in the APICID and check for 0 */ |
1755 |
++ mask = (1U << (fls(smp_num_siblings) - 1)) - 1; |
1756 |
++ return !(apicid & mask); |
1757 |
++} |
1758 |
++#endif |
1759 |
++ |
1760 |
+ /* |
1761 |
+ * Should use this API to allocate logical CPU IDs to keep nr_logical_cpuids |
1762 |
+ * and cpuid_to_apicid[] synchronized. |
1763 |
+diff --git a/arch/x86/kernel/apic/htirq.c b/arch/x86/kernel/apic/htirq.c |
1764 |
+index 56ccf9346b08..741de281ed5d 100644 |
1765 |
+--- a/arch/x86/kernel/apic/htirq.c |
1766 |
++++ b/arch/x86/kernel/apic/htirq.c |
1767 |
+@@ -16,6 +16,8 @@ |
1768 |
+ #include <linux/device.h> |
1769 |
+ #include <linux/pci.h> |
1770 |
+ #include <linux/htirq.h> |
1771 |
++#include <linux/irq.h> |
1772 |
++ |
1773 |
+ #include <asm/irqdomain.h> |
1774 |
+ #include <asm/hw_irq.h> |
1775 |
+ #include <asm/apic.h> |
1776 |
+diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c |
1777 |
+index 3b89b27945ff..96a8a68f9c79 100644 |
1778 |
+--- a/arch/x86/kernel/apic/io_apic.c |
1779 |
++++ b/arch/x86/kernel/apic/io_apic.c |
1780 |
+@@ -33,6 +33,7 @@ |
1781 |
+ |
1782 |
+ #include <linux/mm.h> |
1783 |
+ #include <linux/interrupt.h> |
1784 |
++#include <linux/irq.h> |
1785 |
+ #include <linux/init.h> |
1786 |
+ #include <linux/delay.h> |
1787 |
+ #include <linux/sched.h> |
1788 |
+diff --git a/arch/x86/kernel/apic/msi.c b/arch/x86/kernel/apic/msi.c |
1789 |
+index 9b18be764422..f10e7f93b0e2 100644 |
1790 |
+--- a/arch/x86/kernel/apic/msi.c |
1791 |
++++ b/arch/x86/kernel/apic/msi.c |
1792 |
+@@ -12,6 +12,7 @@ |
1793 |
+ */ |
1794 |
+ #include <linux/mm.h> |
1795 |
+ #include <linux/interrupt.h> |
1796 |
++#include <linux/irq.h> |
1797 |
+ #include <linux/pci.h> |
1798 |
+ #include <linux/dmar.h> |
1799 |
+ #include <linux/hpet.h> |
1800 |
+diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c |
1801 |
+index 2ce1c708b8ee..b958082c74a7 100644 |
1802 |
+--- a/arch/x86/kernel/apic/vector.c |
1803 |
++++ b/arch/x86/kernel/apic/vector.c |
1804 |
+@@ -11,6 +11,7 @@ |
1805 |
+ * published by the Free Software Foundation. |
1806 |
+ */ |
1807 |
+ #include <linux/interrupt.h> |
1808 |
++#include <linux/irq.h> |
1809 |
+ #include <linux/init.h> |
1810 |
+ #include <linux/compiler.h> |
1811 |
+ #include <linux/slab.h> |
1812 |
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c |
1813 |
+index 90574f731c05..dda741bd5789 100644 |
1814 |
+--- a/arch/x86/kernel/cpu/amd.c |
1815 |
++++ b/arch/x86/kernel/cpu/amd.c |
1816 |
+@@ -298,7 +298,6 @@ static int nearby_node(int apicid) |
1817 |
+ } |
1818 |
+ #endif |
1819 |
+ |
1820 |
+-#ifdef CONFIG_SMP |
1821 |
+ /* |
1822 |
+ * Fix up cpu_core_id for pre-F17h systems to be in the |
1823 |
+ * [0 .. cores_per_node - 1] range. Not really needed but |
1824 |
+@@ -315,6 +314,13 @@ static void legacy_fixup_core_id(struct cpuinfo_x86 *c) |
1825 |
+ c->cpu_core_id %= cus_per_node; |
1826 |
+ } |
1827 |
+ |
1828 |
++ |
1829 |
++static void amd_get_topology_early(struct cpuinfo_x86 *c) |
1830 |
++{ |
1831 |
++ if (cpu_has(c, X86_FEATURE_TOPOEXT)) |
1832 |
++ smp_num_siblings = ((cpuid_ebx(0x8000001e) >> 8) & 0xff) + 1; |
1833 |
++} |
1834 |
++ |
1835 |
+ /* |
1836 |
+ * Fixup core topology information for |
1837 |
+ * (1) AMD multi-node processors |
1838 |
+@@ -333,7 +339,6 @@ static void amd_get_topology(struct cpuinfo_x86 *c) |
1839 |
+ cpuid(0x8000001e, &eax, &ebx, &ecx, &edx); |
1840 |
+ |
1841 |
+ node_id = ecx & 0xff; |
1842 |
+- smp_num_siblings = ((ebx >> 8) & 0xff) + 1; |
1843 |
+ |
1844 |
+ if (c->x86 == 0x15) |
1845 |
+ c->cu_id = ebx & 0xff; |
1846 |
+@@ -376,7 +381,6 @@ static void amd_get_topology(struct cpuinfo_x86 *c) |
1847 |
+ legacy_fixup_core_id(c); |
1848 |
+ } |
1849 |
+ } |
1850 |
+-#endif |
1851 |
+ |
1852 |
+ /* |
1853 |
+ * On a AMD dual core setup the lower bits of the APIC id distinguish the cores. |
1854 |
+@@ -384,7 +388,6 @@ static void amd_get_topology(struct cpuinfo_x86 *c) |
1855 |
+ */ |
1856 |
+ static void amd_detect_cmp(struct cpuinfo_x86 *c) |
1857 |
+ { |
1858 |
+-#ifdef CONFIG_SMP |
1859 |
+ unsigned bits; |
1860 |
+ int cpu = smp_processor_id(); |
1861 |
+ |
1862 |
+@@ -396,16 +399,11 @@ static void amd_detect_cmp(struct cpuinfo_x86 *c) |
1863 |
+ /* use socket ID also for last level cache */ |
1864 |
+ per_cpu(cpu_llc_id, cpu) = c->phys_proc_id; |
1865 |
+ amd_get_topology(c); |
1866 |
+-#endif |
1867 |
+ } |
1868 |
+ |
1869 |
+ u16 amd_get_nb_id(int cpu) |
1870 |
+ { |
1871 |
+- u16 id = 0; |
1872 |
+-#ifdef CONFIG_SMP |
1873 |
+- id = per_cpu(cpu_llc_id, cpu); |
1874 |
+-#endif |
1875 |
+- return id; |
1876 |
++ return per_cpu(cpu_llc_id, cpu); |
1877 |
+ } |
1878 |
+ EXPORT_SYMBOL_GPL(amd_get_nb_id); |
1879 |
+ |
1880 |
+@@ -579,6 +577,7 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) |
1881 |
+ |
1882 |
+ static void early_init_amd(struct cpuinfo_x86 *c) |
1883 |
+ { |
1884 |
++ u64 value; |
1885 |
+ u32 dummy; |
1886 |
+ |
1887 |
+ early_init_amd_mc(c); |
1888 |
+@@ -668,6 +667,22 @@ static void early_init_amd(struct cpuinfo_x86 *c) |
1889 |
+ clear_cpu_cap(c, X86_FEATURE_SME); |
1890 |
+ } |
1891 |
+ } |
1892 |
++ |
1893 |
++ /* Re-enable TopologyExtensions if switched off by BIOS */ |
1894 |
++ if (c->x86 == 0x15 && |
1895 |
++ (c->x86_model >= 0x10 && c->x86_model <= 0x6f) && |
1896 |
++ !cpu_has(c, X86_FEATURE_TOPOEXT)) { |
1897 |
++ |
1898 |
++ if (msr_set_bit(0xc0011005, 54) > 0) { |
1899 |
++ rdmsrl(0xc0011005, value); |
1900 |
++ if (value & BIT_64(54)) { |
1901 |
++ set_cpu_cap(c, X86_FEATURE_TOPOEXT); |
1902 |
++ pr_info_once(FW_INFO "CPU: Re-enabling disabled Topology Extensions Support.\n"); |
1903 |
++ } |
1904 |
++ } |
1905 |
++ } |
1906 |
++ |
1907 |
++ amd_get_topology_early(c); |
1908 |
+ } |
1909 |
+ |
1910 |
+ static void init_amd_k8(struct cpuinfo_x86 *c) |
1911 |
+@@ -759,19 +774,6 @@ static void init_amd_bd(struct cpuinfo_x86 *c) |
1912 |
+ { |
1913 |
+ u64 value; |
1914 |
+ |
1915 |
+- /* re-enable TopologyExtensions if switched off by BIOS */ |
1916 |
+- if ((c->x86_model >= 0x10) && (c->x86_model <= 0x6f) && |
1917 |
+- !cpu_has(c, X86_FEATURE_TOPOEXT)) { |
1918 |
+- |
1919 |
+- if (msr_set_bit(0xc0011005, 54) > 0) { |
1920 |
+- rdmsrl(0xc0011005, value); |
1921 |
+- if (value & BIT_64(54)) { |
1922 |
+- set_cpu_cap(c, X86_FEATURE_TOPOEXT); |
1923 |
+- pr_info_once(FW_INFO "CPU: Re-enabling disabled Topology Extensions Support.\n"); |
1924 |
+- } |
1925 |
+- } |
1926 |
+- } |
1927 |
+- |
1928 |
+ /* |
1929 |
+ * The way access filter has a performance penalty on some workloads. |
1930 |
+ * Disable it on the affected CPUs. |
1931 |
+@@ -835,15 +837,8 @@ static void init_amd(struct cpuinfo_x86 *c) |
1932 |
+ |
1933 |
+ cpu_detect_cache_sizes(c); |
1934 |
+ |
1935 |
+- /* Multi core CPU? */ |
1936 |
+- if (c->extended_cpuid_level >= 0x80000008) { |
1937 |
+- amd_detect_cmp(c); |
1938 |
+- srat_detect_node(c); |
1939 |
+- } |
1940 |
+- |
1941 |
+-#ifdef CONFIG_X86_32 |
1942 |
+- detect_ht(c); |
1943 |
+-#endif |
1944 |
++ amd_detect_cmp(c); |
1945 |
++ srat_detect_node(c); |
1946 |
+ |
1947 |
+ init_amd_cacheinfo(c); |
1948 |
+ |
1949 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
1950 |
+index 7416fc206b4a..edfc64a8a154 100644 |
1951 |
+--- a/arch/x86/kernel/cpu/bugs.c |
1952 |
++++ b/arch/x86/kernel/cpu/bugs.c |
1953 |
+@@ -22,14 +22,17 @@ |
1954 |
+ #include <asm/processor-flags.h> |
1955 |
+ #include <asm/fpu/internal.h> |
1956 |
+ #include <asm/msr.h> |
1957 |
++#include <asm/vmx.h> |
1958 |
+ #include <asm/paravirt.h> |
1959 |
+ #include <asm/alternative.h> |
1960 |
+ #include <asm/pgtable.h> |
1961 |
+ #include <asm/set_memory.h> |
1962 |
+ #include <asm/intel-family.h> |
1963 |
++#include <asm/e820/api.h> |
1964 |
+ |
1965 |
+ static void __init spectre_v2_select_mitigation(void); |
1966 |
+ static void __init ssb_select_mitigation(void); |
1967 |
++static void __init l1tf_select_mitigation(void); |
1968 |
+ |
1969 |
+ /* |
1970 |
+ * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any |
1971 |
+@@ -55,6 +58,12 @@ void __init check_bugs(void) |
1972 |
+ { |
1973 |
+ identify_boot_cpu(); |
1974 |
+ |
1975 |
++ /* |
1976 |
++ * identify_boot_cpu() initialized SMT support information, let the |
1977 |
++ * core code know. |
1978 |
++ */ |
1979 |
++ cpu_smt_check_topology_early(); |
1980 |
++ |
1981 |
+ if (!IS_ENABLED(CONFIG_SMP)) { |
1982 |
+ pr_info("CPU: "); |
1983 |
+ print_cpu_info(&boot_cpu_data); |
1984 |
+@@ -81,6 +90,8 @@ void __init check_bugs(void) |
1985 |
+ */ |
1986 |
+ ssb_select_mitigation(); |
1987 |
+ |
1988 |
++ l1tf_select_mitigation(); |
1989 |
++ |
1990 |
+ #ifdef CONFIG_X86_32 |
1991 |
+ /* |
1992 |
+ * Check whether we are able to run this kernel safely on SMP. |
1993 |
+@@ -311,23 +322,6 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1994 |
+ return cmd; |
1995 |
+ } |
1996 |
+ |
1997 |
+-/* Check for Skylake-like CPUs (for RSB handling) */ |
1998 |
+-static bool __init is_skylake_era(void) |
1999 |
+-{ |
2000 |
+- if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && |
2001 |
+- boot_cpu_data.x86 == 6) { |
2002 |
+- switch (boot_cpu_data.x86_model) { |
2003 |
+- case INTEL_FAM6_SKYLAKE_MOBILE: |
2004 |
+- case INTEL_FAM6_SKYLAKE_DESKTOP: |
2005 |
+- case INTEL_FAM6_SKYLAKE_X: |
2006 |
+- case INTEL_FAM6_KABYLAKE_MOBILE: |
2007 |
+- case INTEL_FAM6_KABYLAKE_DESKTOP: |
2008 |
+- return true; |
2009 |
+- } |
2010 |
+- } |
2011 |
+- return false; |
2012 |
+-} |
2013 |
+- |
2014 |
+ static void __init spectre_v2_select_mitigation(void) |
2015 |
+ { |
2016 |
+ enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); |
2017 |
+@@ -388,22 +382,15 @@ retpoline_auto: |
2018 |
+ pr_info("%s\n", spectre_v2_strings[mode]); |
2019 |
+ |
2020 |
+ /* |
2021 |
+- * If neither SMEP nor PTI are available, there is a risk of |
2022 |
+- * hitting userspace addresses in the RSB after a context switch |
2023 |
+- * from a shallow call stack to a deeper one. To prevent this fill |
2024 |
+- * the entire RSB, even when using IBRS. |
2025 |
++ * If spectre v2 protection has been enabled, unconditionally fill |
2026 |
++ * RSB during a context switch; this protects against two independent |
2027 |
++ * issues: |
2028 |
+ * |
2029 |
+- * Skylake era CPUs have a separate issue with *underflow* of the |
2030 |
+- * RSB, when they will predict 'ret' targets from the generic BTB. |
2031 |
+- * The proper mitigation for this is IBRS. If IBRS is not supported |
2032 |
+- * or deactivated in favour of retpolines the RSB fill on context |
2033 |
+- * switch is required. |
2034 |
++ * - RSB underflow (and switch to BTB) on Skylake+ |
2035 |
++ * - SpectreRSB variant of spectre v2 on X86_BUG_SPECTRE_V2 CPUs |
2036 |
+ */ |
2037 |
+- if ((!boot_cpu_has(X86_FEATURE_PTI) && |
2038 |
+- !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { |
2039 |
+- setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
2040 |
+- pr_info("Spectre v2 mitigation: Filling RSB on context switch\n"); |
2041 |
+- } |
2042 |
++ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
2043 |
++ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); |
2044 |
+ |
2045 |
+ /* Initialize Indirect Branch Prediction Barrier if supported */ |
2046 |
+ if (boot_cpu_has(X86_FEATURE_IBPB)) { |
2047 |
+@@ -654,8 +641,121 @@ void x86_spec_ctrl_setup_ap(void) |
2048 |
+ x86_amd_ssb_disable(); |
2049 |
+ } |
2050 |
+ |
2051 |
++#undef pr_fmt |
2052 |
++#define pr_fmt(fmt) "L1TF: " fmt |
2053 |
++ |
2054 |
++/* Default mitigation for L1TF-affected CPUs */ |
2055 |
++enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; |
2056 |
++#if IS_ENABLED(CONFIG_KVM_INTEL) |
2057 |
++EXPORT_SYMBOL_GPL(l1tf_mitigation); |
2058 |
++ |
2059 |
++enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; |
2060 |
++EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); |
2061 |
++#endif |
2062 |
++ |
2063 |
++static void __init l1tf_select_mitigation(void) |
2064 |
++{ |
2065 |
++ u64 half_pa; |
2066 |
++ |
2067 |
++ if (!boot_cpu_has_bug(X86_BUG_L1TF)) |
2068 |
++ return; |
2069 |
++ |
2070 |
++ switch (l1tf_mitigation) { |
2071 |
++ case L1TF_MITIGATION_OFF: |
2072 |
++ case L1TF_MITIGATION_FLUSH_NOWARN: |
2073 |
++ case L1TF_MITIGATION_FLUSH: |
2074 |
++ break; |
2075 |
++ case L1TF_MITIGATION_FLUSH_NOSMT: |
2076 |
++ case L1TF_MITIGATION_FULL: |
2077 |
++ cpu_smt_disable(false); |
2078 |
++ break; |
2079 |
++ case L1TF_MITIGATION_FULL_FORCE: |
2080 |
++ cpu_smt_disable(true); |
2081 |
++ break; |
2082 |
++ } |
2083 |
++ |
2084 |
++#if CONFIG_PGTABLE_LEVELS == 2 |
2085 |
++ pr_warn("Kernel not compiled for PAE. No mitigation for L1TF\n"); |
2086 |
++ return; |
2087 |
++#endif |
2088 |
++ |
2089 |
++ /* |
2090 |
++ * This is extremely unlikely to happen because almost all |
2091 |
++ * systems have far more MAX_PA/2 than RAM can be fit into |
2092 |
++ * DIMM slots. |
2093 |
++ */ |
2094 |
++ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; |
2095 |
++ if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { |
2096 |
++ pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); |
2097 |
++ return; |
2098 |
++ } |
2099 |
++ |
2100 |
++ setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV); |
2101 |
++} |
2102 |
++ |
2103 |
++static int __init l1tf_cmdline(char *str) |
2104 |
++{ |
2105 |
++ if (!boot_cpu_has_bug(X86_BUG_L1TF)) |
2106 |
++ return 0; |
2107 |
++ |
2108 |
++ if (!str) |
2109 |
++ return -EINVAL; |
2110 |
++ |
2111 |
++ if (!strcmp(str, "off")) |
2112 |
++ l1tf_mitigation = L1TF_MITIGATION_OFF; |
2113 |
++ else if (!strcmp(str, "flush,nowarn")) |
2114 |
++ l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOWARN; |
2115 |
++ else if (!strcmp(str, "flush")) |
2116 |
++ l1tf_mitigation = L1TF_MITIGATION_FLUSH; |
2117 |
++ else if (!strcmp(str, "flush,nosmt")) |
2118 |
++ l1tf_mitigation = L1TF_MITIGATION_FLUSH_NOSMT; |
2119 |
++ else if (!strcmp(str, "full")) |
2120 |
++ l1tf_mitigation = L1TF_MITIGATION_FULL; |
2121 |
++ else if (!strcmp(str, "full,force")) |
2122 |
++ l1tf_mitigation = L1TF_MITIGATION_FULL_FORCE; |
2123 |
++ |
2124 |
++ return 0; |
2125 |
++} |
2126 |
++early_param("l1tf", l1tf_cmdline); |
2127 |
++ |
2128 |
++#undef pr_fmt |
2129 |
++ |
2130 |
+ #ifdef CONFIG_SYSFS |
2131 |
+ |
2132 |
++#define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion" |
2133 |
++ |
2134 |
++#if IS_ENABLED(CONFIG_KVM_INTEL) |
2135 |
++static const char *l1tf_vmx_states[] = { |
2136 |
++ [VMENTER_L1D_FLUSH_AUTO] = "auto", |
2137 |
++ [VMENTER_L1D_FLUSH_NEVER] = "vulnerable", |
2138 |
++ [VMENTER_L1D_FLUSH_COND] = "conditional cache flushes", |
2139 |
++ [VMENTER_L1D_FLUSH_ALWAYS] = "cache flushes", |
2140 |
++ [VMENTER_L1D_FLUSH_EPT_DISABLED] = "EPT disabled", |
2141 |
++ [VMENTER_L1D_FLUSH_NOT_REQUIRED] = "flush not necessary" |
2142 |
++}; |
2143 |
++ |
2144 |
++static ssize_t l1tf_show_state(char *buf) |
2145 |
++{ |
2146 |
++ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) |
2147 |
++ return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); |
2148 |
++ |
2149 |
++ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || |
2150 |
++ (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && |
2151 |
++ cpu_smt_control == CPU_SMT_ENABLED)) |
2152 |
++ return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, |
2153 |
++ l1tf_vmx_states[l1tf_vmx_mitigation]); |
2154 |
++ |
2155 |
++ return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, |
2156 |
++ l1tf_vmx_states[l1tf_vmx_mitigation], |
2157 |
++ cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled"); |
2158 |
++} |
2159 |
++#else |
2160 |
++static ssize_t l1tf_show_state(char *buf) |
2161 |
++{ |
2162 |
++ return sprintf(buf, "%s\n", L1TF_DEFAULT_MSG); |
2163 |
++} |
2164 |
++#endif |
2165 |
++ |
2166 |
+ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, |
2167 |
+ char *buf, unsigned int bug) |
2168 |
+ { |
2169 |
+@@ -681,6 +781,10 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr |
2170 |
+ case X86_BUG_SPEC_STORE_BYPASS: |
2171 |
+ return sprintf(buf, "%s\n", ssb_strings[ssb_mode]); |
2172 |
+ |
2173 |
++ case X86_BUG_L1TF: |
2174 |
++ if (boot_cpu_has(X86_FEATURE_L1TF_PTEINV)) |
2175 |
++ return l1tf_show_state(buf); |
2176 |
++ break; |
2177 |
+ default: |
2178 |
+ break; |
2179 |
+ } |
2180 |
+@@ -707,4 +811,9 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute * |
2181 |
+ { |
2182 |
+ return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS); |
2183 |
+ } |
2184 |
++ |
2185 |
++ssize_t cpu_show_l1tf(struct device *dev, struct device_attribute *attr, char *buf) |
2186 |
++{ |
2187 |
++ return cpu_show_common(dev, attr, buf, X86_BUG_L1TF); |
2188 |
++} |
2189 |
+ #endif |
2190 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
2191 |
+index 48e98964ecad..dd02ee4fa8cd 100644 |
2192 |
+--- a/arch/x86/kernel/cpu/common.c |
2193 |
++++ b/arch/x86/kernel/cpu/common.c |
2194 |
+@@ -66,6 +66,13 @@ cpumask_var_t cpu_callin_mask; |
2195 |
+ /* representing cpus for which sibling maps can be computed */ |
2196 |
+ cpumask_var_t cpu_sibling_setup_mask; |
2197 |
+ |
2198 |
++/* Number of siblings per CPU package */ |
2199 |
++int smp_num_siblings = 1; |
2200 |
++EXPORT_SYMBOL(smp_num_siblings); |
2201 |
++ |
2202 |
++/* Last level cache ID of each logical CPU */ |
2203 |
++DEFINE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id) = BAD_APICID; |
2204 |
++ |
2205 |
+ /* correctly size the local cpu masks */ |
2206 |
+ void __init setup_cpu_local_masks(void) |
2207 |
+ { |
2208 |
+@@ -614,33 +621,36 @@ static void cpu_detect_tlb(struct cpuinfo_x86 *c) |
2209 |
+ tlb_lld_4m[ENTRIES], tlb_lld_1g[ENTRIES]); |
2210 |
+ } |
2211 |
+ |
2212 |
+-void detect_ht(struct cpuinfo_x86 *c) |
2213 |
++int detect_ht_early(struct cpuinfo_x86 *c) |
2214 |
+ { |
2215 |
+ #ifdef CONFIG_SMP |
2216 |
+ u32 eax, ebx, ecx, edx; |
2217 |
+- int index_msb, core_bits; |
2218 |
+- static bool printed; |
2219 |
+ |
2220 |
+ if (!cpu_has(c, X86_FEATURE_HT)) |
2221 |
+- return; |
2222 |
++ return -1; |
2223 |
+ |
2224 |
+ if (cpu_has(c, X86_FEATURE_CMP_LEGACY)) |
2225 |
+- goto out; |
2226 |
++ return -1; |
2227 |
+ |
2228 |
+ if (cpu_has(c, X86_FEATURE_XTOPOLOGY)) |
2229 |
+- return; |
2230 |
++ return -1; |
2231 |
+ |
2232 |
+ cpuid(1, &eax, &ebx, &ecx, &edx); |
2233 |
+ |
2234 |
+ smp_num_siblings = (ebx & 0xff0000) >> 16; |
2235 |
+- |
2236 |
+- if (smp_num_siblings == 1) { |
2237 |
++ if (smp_num_siblings == 1) |
2238 |
+ pr_info_once("CPU0: Hyper-Threading is disabled\n"); |
2239 |
+- goto out; |
2240 |
+- } |
2241 |
++#endif |
2242 |
++ return 0; |
2243 |
++} |
2244 |
+ |
2245 |
+- if (smp_num_siblings <= 1) |
2246 |
+- goto out; |
2247 |
++void detect_ht(struct cpuinfo_x86 *c) |
2248 |
++{ |
2249 |
++#ifdef CONFIG_SMP |
2250 |
++ int index_msb, core_bits; |
2251 |
++ |
2252 |
++ if (detect_ht_early(c) < 0) |
2253 |
++ return; |
2254 |
+ |
2255 |
+ index_msb = get_count_order(smp_num_siblings); |
2256 |
+ c->phys_proc_id = apic->phys_pkg_id(c->initial_apicid, index_msb); |
2257 |
+@@ -653,15 +663,6 @@ void detect_ht(struct cpuinfo_x86 *c) |
2258 |
+ |
2259 |
+ c->cpu_core_id = apic->phys_pkg_id(c->initial_apicid, index_msb) & |
2260 |
+ ((1 << core_bits) - 1); |
2261 |
+- |
2262 |
+-out: |
2263 |
+- if (!printed && (c->x86_max_cores * smp_num_siblings) > 1) { |
2264 |
+- pr_info("CPU: Physical Processor ID: %d\n", |
2265 |
+- c->phys_proc_id); |
2266 |
+- pr_info("CPU: Processor Core ID: %d\n", |
2267 |
+- c->cpu_core_id); |
2268 |
+- printed = 1; |
2269 |
+- } |
2270 |
+ #endif |
2271 |
+ } |
2272 |
+ |
2273 |
+@@ -933,6 +934,21 @@ static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = { |
2274 |
+ {} |
2275 |
+ }; |
2276 |
+ |
2277 |
++static const __initconst struct x86_cpu_id cpu_no_l1tf[] = { |
2278 |
++ /* in addition to cpu_no_speculation */ |
2279 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 }, |
2280 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 }, |
2281 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT }, |
2282 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD }, |
2283 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MOOREFIELD }, |
2284 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GOLDMONT }, |
2285 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_DENVERTON }, |
2286 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_GEMINI_LAKE }, |
2287 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL }, |
2288 |
++ { X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM }, |
2289 |
++ {} |
2290 |
++}; |
2291 |
++ |
2292 |
+ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
2293 |
+ { |
2294 |
+ u64 ia32_cap = 0; |
2295 |
+@@ -958,6 +974,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
2296 |
+ return; |
2297 |
+ |
2298 |
+ setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); |
2299 |
++ |
2300 |
++ if (x86_match_cpu(cpu_no_l1tf)) |
2301 |
++ return; |
2302 |
++ |
2303 |
++ setup_force_cpu_bug(X86_BUG_L1TF); |
2304 |
+ } |
2305 |
+ |
2306 |
+ /* |
2307 |
+diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h |
2308 |
+index 37672d299e35..cca588407dca 100644 |
2309 |
+--- a/arch/x86/kernel/cpu/cpu.h |
2310 |
++++ b/arch/x86/kernel/cpu/cpu.h |
2311 |
+@@ -47,6 +47,8 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[], |
2312 |
+ |
2313 |
+ extern void get_cpu_cap(struct cpuinfo_x86 *c); |
2314 |
+ extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c); |
2315 |
++extern int detect_extended_topology_early(struct cpuinfo_x86 *c); |
2316 |
++extern int detect_ht_early(struct cpuinfo_x86 *c); |
2317 |
+ |
2318 |
+ unsigned int aperfmperf_get_khz(int cpu); |
2319 |
+ |
2320 |
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c |
2321 |
+index 0b2330e19169..278be092b300 100644 |
2322 |
+--- a/arch/x86/kernel/cpu/intel.c |
2323 |
++++ b/arch/x86/kernel/cpu/intel.c |
2324 |
+@@ -301,6 +301,13 @@ static void early_init_intel(struct cpuinfo_x86 *c) |
2325 |
+ } |
2326 |
+ |
2327 |
+ check_mpx_erratum(c); |
2328 |
++ |
2329 |
++ /* |
2330 |
++ * Get the number of SMT siblings early from the extended topology |
2331 |
++ * leaf, if available. Otherwise try the legacy SMT detection. |
2332 |
++ */ |
2333 |
++ if (detect_extended_topology_early(c) < 0) |
2334 |
++ detect_ht_early(c); |
2335 |
+ } |
2336 |
+ |
2337 |
+ #ifdef CONFIG_X86_32 |
2338 |
+diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c |
2339 |
+index 4fc0e08a30b9..387a8f44fba1 100644 |
2340 |
+--- a/arch/x86/kernel/cpu/microcode/core.c |
2341 |
++++ b/arch/x86/kernel/cpu/microcode/core.c |
2342 |
+@@ -509,12 +509,20 @@ static struct platform_device *microcode_pdev; |
2343 |
+ |
2344 |
+ static int check_online_cpus(void) |
2345 |
+ { |
2346 |
+- if (num_online_cpus() == num_present_cpus()) |
2347 |
+- return 0; |
2348 |
++ unsigned int cpu; |
2349 |
+ |
2350 |
+- pr_err("Not all CPUs online, aborting microcode update.\n"); |
2351 |
++ /* |
2352 |
++ * Make sure all CPUs are online. It's fine for SMT to be disabled if |
2353 |
++ * all the primary threads are still online. |
2354 |
++ */ |
2355 |
++ for_each_present_cpu(cpu) { |
2356 |
++ if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { |
2357 |
++ pr_err("Not all CPUs online, aborting microcode update.\n"); |
2358 |
++ return -EINVAL; |
2359 |
++ } |
2360 |
++ } |
2361 |
+ |
2362 |
+- return -EINVAL; |
2363 |
++ return 0; |
2364 |
+ } |
2365 |
+ |
2366 |
+ static atomic_t late_cpus_in; |
2367 |
+diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c |
2368 |
+index b099024d339c..19c6e800e816 100644 |
2369 |
+--- a/arch/x86/kernel/cpu/topology.c |
2370 |
++++ b/arch/x86/kernel/cpu/topology.c |
2371 |
+@@ -27,16 +27,13 @@ |
2372 |
+ * exists, use it for populating initial_apicid and cpu topology |
2373 |
+ * detection. |
2374 |
+ */ |
2375 |
+-void detect_extended_topology(struct cpuinfo_x86 *c) |
2376 |
++int detect_extended_topology_early(struct cpuinfo_x86 *c) |
2377 |
+ { |
2378 |
+ #ifdef CONFIG_SMP |
2379 |
+- unsigned int eax, ebx, ecx, edx, sub_index; |
2380 |
+- unsigned int ht_mask_width, core_plus_mask_width; |
2381 |
+- unsigned int core_select_mask, core_level_siblings; |
2382 |
+- static bool printed; |
2383 |
++ unsigned int eax, ebx, ecx, edx; |
2384 |
+ |
2385 |
+ if (c->cpuid_level < 0xb) |
2386 |
+- return; |
2387 |
++ return -1; |
2388 |
+ |
2389 |
+ cpuid_count(0xb, SMT_LEVEL, &eax, &ebx, &ecx, &edx); |
2390 |
+ |
2391 |
+@@ -44,7 +41,7 @@ void detect_extended_topology(struct cpuinfo_x86 *c) |
2392 |
+ * check if the cpuid leaf 0xb is actually implemented. |
2393 |
+ */ |
2394 |
+ if (ebx == 0 || (LEAFB_SUBTYPE(ecx) != SMT_TYPE)) |
2395 |
+- return; |
2396 |
++ return -1; |
2397 |
+ |
2398 |
+ set_cpu_cap(c, X86_FEATURE_XTOPOLOGY); |
2399 |
+ |
2400 |
+@@ -52,10 +49,30 @@ void detect_extended_topology(struct cpuinfo_x86 *c) |
2401 |
+ * initial apic id, which also represents 32-bit extended x2apic id. |
2402 |
+ */ |
2403 |
+ c->initial_apicid = edx; |
2404 |
++ smp_num_siblings = LEVEL_MAX_SIBLINGS(ebx); |
2405 |
++#endif |
2406 |
++ return 0; |
2407 |
++} |
2408 |
++ |
2409 |
++/* |
2410 |
++ * Check for extended topology enumeration cpuid leaf 0xb and if it |
2411 |
++ * exists, use it for populating initial_apicid and cpu topology |
2412 |
++ * detection. |
2413 |
++ */ |
2414 |
++void detect_extended_topology(struct cpuinfo_x86 *c) |
2415 |
++{ |
2416 |
++#ifdef CONFIG_SMP |
2417 |
++ unsigned int eax, ebx, ecx, edx, sub_index; |
2418 |
++ unsigned int ht_mask_width, core_plus_mask_width; |
2419 |
++ unsigned int core_select_mask, core_level_siblings; |
2420 |
++ |
2421 |
++ if (detect_extended_topology_early(c) < 0) |
2422 |
++ return; |
2423 |
+ |
2424 |
+ /* |
2425 |
+ * Populate HT related information from sub-leaf level 0. |
2426 |
+ */ |
2427 |
++ cpuid_count(0xb, SMT_LEVEL, &eax, &ebx, &ecx, &edx); |
2428 |
+ core_level_siblings = smp_num_siblings = LEVEL_MAX_SIBLINGS(ebx); |
2429 |
+ core_plus_mask_width = ht_mask_width = BITS_SHIFT_NEXT_LEVEL(eax); |
2430 |
+ |
2431 |
+@@ -86,15 +103,5 @@ void detect_extended_topology(struct cpuinfo_x86 *c) |
2432 |
+ c->apicid = apic->phys_pkg_id(c->initial_apicid, 0); |
2433 |
+ |
2434 |
+ c->x86_max_cores = (core_level_siblings / smp_num_siblings); |
2435 |
+- |
2436 |
+- if (!printed) { |
2437 |
+- pr_info("CPU: Physical Processor ID: %d\n", |
2438 |
+- c->phys_proc_id); |
2439 |
+- if (c->x86_max_cores > 1) |
2440 |
+- pr_info("CPU: Processor Core ID: %d\n", |
2441 |
+- c->cpu_core_id); |
2442 |
+- printed = 1; |
2443 |
+- } |
2444 |
+- return; |
2445 |
+ #endif |
2446 |
+ } |
2447 |
+diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c |
2448 |
+index f92a6593de1e..2ea85b32421a 100644 |
2449 |
+--- a/arch/x86/kernel/fpu/core.c |
2450 |
++++ b/arch/x86/kernel/fpu/core.c |
2451 |
+@@ -10,6 +10,7 @@ |
2452 |
+ #include <asm/fpu/signal.h> |
2453 |
+ #include <asm/fpu/types.h> |
2454 |
+ #include <asm/traps.h> |
2455 |
++#include <asm/irq_regs.h> |
2456 |
+ |
2457 |
+ #include <linux/hardirq.h> |
2458 |
+ #include <linux/pkeys.h> |
2459 |
+diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c |
2460 |
+index 01ebcb6f263e..7acb87cb2da8 100644 |
2461 |
+--- a/arch/x86/kernel/ftrace.c |
2462 |
++++ b/arch/x86/kernel/ftrace.c |
2463 |
+@@ -27,6 +27,7 @@ |
2464 |
+ |
2465 |
+ #include <asm/set_memory.h> |
2466 |
+ #include <asm/kprobes.h> |
2467 |
++#include <asm/sections.h> |
2468 |
+ #include <asm/ftrace.h> |
2469 |
+ #include <asm/nops.h> |
2470 |
+ |
2471 |
+diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c |
2472 |
+index 8ce4212e2b8d..afa1a204bc6d 100644 |
2473 |
+--- a/arch/x86/kernel/hpet.c |
2474 |
++++ b/arch/x86/kernel/hpet.c |
2475 |
+@@ -1,6 +1,7 @@ |
2476 |
+ #include <linux/clocksource.h> |
2477 |
+ #include <linux/clockchips.h> |
2478 |
+ #include <linux/interrupt.h> |
2479 |
++#include <linux/irq.h> |
2480 |
+ #include <linux/export.h> |
2481 |
+ #include <linux/delay.h> |
2482 |
+ #include <linux/errno.h> |
2483 |
+diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c |
2484 |
+index 8f5cb2c7060c..02abc134367f 100644 |
2485 |
+--- a/arch/x86/kernel/i8259.c |
2486 |
++++ b/arch/x86/kernel/i8259.c |
2487 |
+@@ -5,6 +5,7 @@ |
2488 |
+ #include <linux/sched.h> |
2489 |
+ #include <linux/ioport.h> |
2490 |
+ #include <linux/interrupt.h> |
2491 |
++#include <linux/irq.h> |
2492 |
+ #include <linux/timex.h> |
2493 |
+ #include <linux/random.h> |
2494 |
+ #include <linux/init.h> |
2495 |
+diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c |
2496 |
+index 0c5256653d6c..38c3d5790970 100644 |
2497 |
+--- a/arch/x86/kernel/idt.c |
2498 |
++++ b/arch/x86/kernel/idt.c |
2499 |
+@@ -8,6 +8,7 @@ |
2500 |
+ #include <asm/traps.h> |
2501 |
+ #include <asm/proto.h> |
2502 |
+ #include <asm/desc.h> |
2503 |
++#include <asm/hw_irq.h> |
2504 |
+ |
2505 |
+ struct idt_data { |
2506 |
+ unsigned int vector; |
2507 |
+diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c |
2508 |
+index aa9d51eea9d0..3c2326b59820 100644 |
2509 |
+--- a/arch/x86/kernel/irq.c |
2510 |
++++ b/arch/x86/kernel/irq.c |
2511 |
+@@ -10,6 +10,7 @@ |
2512 |
+ #include <linux/ftrace.h> |
2513 |
+ #include <linux/delay.h> |
2514 |
+ #include <linux/export.h> |
2515 |
++#include <linux/irq.h> |
2516 |
+ |
2517 |
+ #include <asm/apic.h> |
2518 |
+ #include <asm/io_apic.h> |
2519 |
+diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c |
2520 |
+index c1bdbd3d3232..95600a99ae93 100644 |
2521 |
+--- a/arch/x86/kernel/irq_32.c |
2522 |
++++ b/arch/x86/kernel/irq_32.c |
2523 |
+@@ -11,6 +11,7 @@ |
2524 |
+ |
2525 |
+ #include <linux/seq_file.h> |
2526 |
+ #include <linux/interrupt.h> |
2527 |
++#include <linux/irq.h> |
2528 |
+ #include <linux/kernel_stat.h> |
2529 |
+ #include <linux/notifier.h> |
2530 |
+ #include <linux/cpu.h> |
2531 |
+diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c |
2532 |
+index d86e344f5b3d..0469cd078db1 100644 |
2533 |
+--- a/arch/x86/kernel/irq_64.c |
2534 |
++++ b/arch/x86/kernel/irq_64.c |
2535 |
+@@ -11,6 +11,7 @@ |
2536 |
+ |
2537 |
+ #include <linux/kernel_stat.h> |
2538 |
+ #include <linux/interrupt.h> |
2539 |
++#include <linux/irq.h> |
2540 |
+ #include <linux/seq_file.h> |
2541 |
+ #include <linux/delay.h> |
2542 |
+ #include <linux/ftrace.h> |
2543 |
+diff --git a/arch/x86/kernel/irqinit.c b/arch/x86/kernel/irqinit.c |
2544 |
+index 1e4094eba15e..40f83d0d7b8a 100644 |
2545 |
+--- a/arch/x86/kernel/irqinit.c |
2546 |
++++ b/arch/x86/kernel/irqinit.c |
2547 |
+@@ -5,6 +5,7 @@ |
2548 |
+ #include <linux/sched.h> |
2549 |
+ #include <linux/ioport.h> |
2550 |
+ #include <linux/interrupt.h> |
2551 |
++#include <linux/irq.h> |
2552 |
+ #include <linux/timex.h> |
2553 |
+ #include <linux/random.h> |
2554 |
+ #include <linux/kprobes.h> |
2555 |
+diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c |
2556 |
+index f1030c522e06..65452d555f05 100644 |
2557 |
+--- a/arch/x86/kernel/kprobes/core.c |
2558 |
++++ b/arch/x86/kernel/kprobes/core.c |
2559 |
+@@ -63,6 +63,7 @@ |
2560 |
+ #include <asm/insn.h> |
2561 |
+ #include <asm/debugreg.h> |
2562 |
+ #include <asm/set_memory.h> |
2563 |
++#include <asm/sections.h> |
2564 |
+ |
2565 |
+ #include "common.h" |
2566 |
+ |
2567 |
+@@ -394,8 +395,6 @@ int __copy_instruction(u8 *dest, u8 *src, struct insn *insn) |
2568 |
+ - (u8 *) dest; |
2569 |
+ if ((s64) (s32) newdisp != newdisp) { |
2570 |
+ pr_err("Kprobes error: new displacement does not fit into s32 (%llx)\n", newdisp); |
2571 |
+- pr_err("\tSrc: %p, Dest: %p, old disp: %x\n", |
2572 |
+- src, dest, insn->displacement.value); |
2573 |
+ return 0; |
2574 |
+ } |
2575 |
+ disp = (u8 *) dest + insn_offset_displacement(insn); |
2576 |
+@@ -621,8 +620,7 @@ static int reenter_kprobe(struct kprobe *p, struct pt_regs *regs, |
2577 |
+ * Raise a BUG or we'll continue in an endless reentering loop |
2578 |
+ * and eventually a stack overflow. |
2579 |
+ */ |
2580 |
+- printk(KERN_WARNING "Unrecoverable kprobe detected at %p.\n", |
2581 |
+- p->addr); |
2582 |
++ pr_err("Unrecoverable kprobe detected.\n"); |
2583 |
+ dump_kprobe(p); |
2584 |
+ BUG(); |
2585 |
+ default: |
2586 |
+diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c |
2587 |
+index e1df9ef5d78c..f3559b84cd75 100644 |
2588 |
+--- a/arch/x86/kernel/paravirt.c |
2589 |
++++ b/arch/x86/kernel/paravirt.c |
2590 |
+@@ -88,10 +88,12 @@ unsigned paravirt_patch_call(void *insnbuf, |
2591 |
+ struct branch *b = insnbuf; |
2592 |
+ unsigned long delta = (unsigned long)target - (addr+5); |
2593 |
+ |
2594 |
+- if (tgt_clobbers & ~site_clobbers) |
2595 |
+- return len; /* target would clobber too much for this site */ |
2596 |
+- if (len < 5) |
2597 |
++ if (len < 5) { |
2598 |
++#ifdef CONFIG_RETPOLINE |
2599 |
++ WARN_ONCE("Failing to patch indirect CALL in %ps\n", (void *)addr); |
2600 |
++#endif |
2601 |
+ return len; /* call too long for patch site */ |
2602 |
++ } |
2603 |
+ |
2604 |
+ b->opcode = 0xe8; /* call */ |
2605 |
+ b->delta = delta; |
2606 |
+@@ -106,8 +108,12 @@ unsigned paravirt_patch_jmp(void *insnbuf, const void *target, |
2607 |
+ struct branch *b = insnbuf; |
2608 |
+ unsigned long delta = (unsigned long)target - (addr+5); |
2609 |
+ |
2610 |
+- if (len < 5) |
2611 |
++ if (len < 5) { |
2612 |
++#ifdef CONFIG_RETPOLINE |
2613 |
++ WARN_ONCE("Failing to patch indirect JMP in %ps\n", (void *)addr); |
2614 |
++#endif |
2615 |
+ return len; /* call too long for patch site */ |
2616 |
++ } |
2617 |
+ |
2618 |
+ b->opcode = 0xe9; /* jmp */ |
2619 |
+ b->delta = delta; |
2620 |
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
2621 |
+index efbcf5283520..dcb00acb6583 100644 |
2622 |
+--- a/arch/x86/kernel/setup.c |
2623 |
++++ b/arch/x86/kernel/setup.c |
2624 |
+@@ -852,6 +852,12 @@ void __init setup_arch(char **cmdline_p) |
2625 |
+ memblock_reserve(__pa_symbol(_text), |
2626 |
+ (unsigned long)__bss_stop - (unsigned long)_text); |
2627 |
+ |
2628 |
++ /* |
2629 |
++ * Make sure page 0 is always reserved because on systems with |
2630 |
++ * L1TF its contents can be leaked to user processes. |
2631 |
++ */ |
2632 |
++ memblock_reserve(0, PAGE_SIZE); |
2633 |
++ |
2634 |
+ early_reserve_initrd(); |
2635 |
+ |
2636 |
+ /* |
2637 |
+diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c |
2638 |
+index 5c574dff4c1a..04adc8d60aed 100644 |
2639 |
+--- a/arch/x86/kernel/smp.c |
2640 |
++++ b/arch/x86/kernel/smp.c |
2641 |
+@@ -261,6 +261,7 @@ __visible void __irq_entry smp_reschedule_interrupt(struct pt_regs *regs) |
2642 |
+ { |
2643 |
+ ack_APIC_irq(); |
2644 |
+ inc_irq_stat(irq_resched_count); |
2645 |
++ kvm_set_cpu_l1tf_flush_l1d(); |
2646 |
+ |
2647 |
+ if (trace_resched_ipi_enabled()) { |
2648 |
+ /* |
2649 |
+diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c |
2650 |
+index 344d3c160f8d..5ebb0dbcf4f7 100644 |
2651 |
+--- a/arch/x86/kernel/smpboot.c |
2652 |
++++ b/arch/x86/kernel/smpboot.c |
2653 |
+@@ -78,13 +78,7 @@ |
2654 |
+ #include <asm/realmode.h> |
2655 |
+ #include <asm/misc.h> |
2656 |
+ #include <asm/spec-ctrl.h> |
2657 |
+- |
2658 |
+-/* Number of siblings per CPU package */ |
2659 |
+-int smp_num_siblings = 1; |
2660 |
+-EXPORT_SYMBOL(smp_num_siblings); |
2661 |
+- |
2662 |
+-/* Last level cache ID of each logical CPU */ |
2663 |
+-DEFINE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id) = BAD_APICID; |
2664 |
++#include <asm/hw_irq.h> |
2665 |
+ |
2666 |
+ /* representing HT siblings of each logical CPU */ |
2667 |
+ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_sibling_map); |
2668 |
+@@ -311,6 +305,23 @@ found: |
2669 |
+ return 0; |
2670 |
+ } |
2671 |
+ |
2672 |
++/** |
2673 |
++ * topology_is_primary_thread - Check whether CPU is the primary SMT thread |
2674 |
++ * @cpu: CPU to check |
2675 |
++ */ |
2676 |
++bool topology_is_primary_thread(unsigned int cpu) |
2677 |
++{ |
2678 |
++ return apic_id_is_primary_thread(per_cpu(x86_cpu_to_apicid, cpu)); |
2679 |
++} |
2680 |
++ |
2681 |
++/** |
2682 |
++ * topology_smt_supported - Check whether SMT is supported by the CPUs |
2683 |
++ */ |
2684 |
++bool topology_smt_supported(void) |
2685 |
++{ |
2686 |
++ return smp_num_siblings > 1; |
2687 |
++} |
2688 |
++ |
2689 |
+ /** |
2690 |
+ * topology_phys_to_logical_pkg - Map a physical package id to a logical |
2691 |
+ * |
2692 |
+diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c |
2693 |
+index 879af864d99a..49a5c394f3ed 100644 |
2694 |
+--- a/arch/x86/kernel/time.c |
2695 |
++++ b/arch/x86/kernel/time.c |
2696 |
+@@ -12,6 +12,7 @@ |
2697 |
+ |
2698 |
+ #include <linux/clockchips.h> |
2699 |
+ #include <linux/interrupt.h> |
2700 |
++#include <linux/irq.h> |
2701 |
+ #include <linux/i8253.h> |
2702 |
+ #include <linux/time.h> |
2703 |
+ #include <linux/export.h> |
2704 |
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
2705 |
+index 2ef2f1fe875b..00e2ae033a0f 100644 |
2706 |
+--- a/arch/x86/kvm/mmu.c |
2707 |
++++ b/arch/x86/kvm/mmu.c |
2708 |
+@@ -3825,6 +3825,7 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code, |
2709 |
+ { |
2710 |
+ int r = 1; |
2711 |
+ |
2712 |
++ vcpu->arch.l1tf_flush_l1d = true; |
2713 |
+ switch (vcpu->arch.apf.host_apf_reason) { |
2714 |
+ default: |
2715 |
+ trace_kvm_page_fault(fault_address, error_code); |
2716 |
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
2717 |
+index cfa155078ebb..282bbcbf3b6a 100644 |
2718 |
+--- a/arch/x86/kvm/svm.c |
2719 |
++++ b/arch/x86/kvm/svm.c |
2720 |
+@@ -175,6 +175,8 @@ struct vcpu_svm { |
2721 |
+ uint64_t sysenter_eip; |
2722 |
+ uint64_t tsc_aux; |
2723 |
+ |
2724 |
++ u64 msr_decfg; |
2725 |
++ |
2726 |
+ u64 next_rip; |
2727 |
+ |
2728 |
+ u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS]; |
2729 |
+@@ -1616,6 +1618,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) |
2730 |
+ u32 dummy; |
2731 |
+ u32 eax = 1; |
2732 |
+ |
2733 |
++ vcpu->arch.microcode_version = 0x01000065; |
2734 |
+ svm->spec_ctrl = 0; |
2735 |
+ svm->virt_spec_ctrl = 0; |
2736 |
+ |
2737 |
+@@ -3555,6 +3558,22 @@ static int cr8_write_interception(struct vcpu_svm *svm) |
2738 |
+ return 0; |
2739 |
+ } |
2740 |
+ |
2741 |
++static int svm_get_msr_feature(struct kvm_msr_entry *msr) |
2742 |
++{ |
2743 |
++ msr->data = 0; |
2744 |
++ |
2745 |
++ switch (msr->index) { |
2746 |
++ case MSR_F10H_DECFG: |
2747 |
++ if (boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) |
2748 |
++ msr->data |= MSR_F10H_DECFG_LFENCE_SERIALIZE; |
2749 |
++ break; |
2750 |
++ default: |
2751 |
++ return 1; |
2752 |
++ } |
2753 |
++ |
2754 |
++ return 0; |
2755 |
++} |
2756 |
++ |
2757 |
+ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2758 |
+ { |
2759 |
+ struct vcpu_svm *svm = to_svm(vcpu); |
2760 |
+@@ -3637,9 +3656,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2761 |
+ |
2762 |
+ msr_info->data = svm->virt_spec_ctrl; |
2763 |
+ break; |
2764 |
+- case MSR_IA32_UCODE_REV: |
2765 |
+- msr_info->data = 0x01000065; |
2766 |
+- break; |
2767 |
+ case MSR_F15H_IC_CFG: { |
2768 |
+ |
2769 |
+ int family, model; |
2770 |
+@@ -3657,6 +3673,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
2771 |
+ msr_info->data = 0x1E; |
2772 |
+ } |
2773 |
+ break; |
2774 |
++ case MSR_F10H_DECFG: |
2775 |
++ msr_info->data = svm->msr_decfg; |
2776 |
++ break; |
2777 |
+ default: |
2778 |
+ return kvm_get_msr_common(vcpu, msr_info); |
2779 |
+ } |
2780 |
+@@ -3845,6 +3864,24 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) |
2781 |
+ case MSR_VM_IGNNE: |
2782 |
+ vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data); |
2783 |
+ break; |
2784 |
++ case MSR_F10H_DECFG: { |
2785 |
++ struct kvm_msr_entry msr_entry; |
2786 |
++ |
2787 |
++ msr_entry.index = msr->index; |
2788 |
++ if (svm_get_msr_feature(&msr_entry)) |
2789 |
++ return 1; |
2790 |
++ |
2791 |
++ /* Check the supported bits */ |
2792 |
++ if (data & ~msr_entry.data) |
2793 |
++ return 1; |
2794 |
++ |
2795 |
++ /* Don't allow the guest to change a bit, #GP */ |
2796 |
++ if (!msr->host_initiated && (data ^ msr_entry.data)) |
2797 |
++ return 1; |
2798 |
++ |
2799 |
++ svm->msr_decfg = data; |
2800 |
++ break; |
2801 |
++ } |
2802 |
+ case MSR_IA32_APICBASE: |
2803 |
+ if (kvm_vcpu_apicv_active(vcpu)) |
2804 |
+ avic_update_vapic_bar(to_svm(vcpu), data); |
2805 |
+@@ -5588,6 +5625,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { |
2806 |
+ .vcpu_unblocking = svm_vcpu_unblocking, |
2807 |
+ |
2808 |
+ .update_bp_intercept = update_bp_intercept, |
2809 |
++ .get_msr_feature = svm_get_msr_feature, |
2810 |
+ .get_msr = svm_get_msr, |
2811 |
+ .set_msr = svm_set_msr, |
2812 |
+ .get_segment_base = svm_get_segment_base, |
2813 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
2814 |
+index 8d000fde1414..f015ca3997d9 100644 |
2815 |
+--- a/arch/x86/kvm/vmx.c |
2816 |
++++ b/arch/x86/kvm/vmx.c |
2817 |
+@@ -191,6 +191,150 @@ module_param(ple_window_max, int, S_IRUGO); |
2818 |
+ |
2819 |
+ extern const ulong vmx_return; |
2820 |
+ |
2821 |
++static DEFINE_STATIC_KEY_FALSE(vmx_l1d_should_flush); |
2822 |
++static DEFINE_STATIC_KEY_FALSE(vmx_l1d_flush_cond); |
2823 |
++static DEFINE_MUTEX(vmx_l1d_flush_mutex); |
2824 |
++ |
2825 |
++/* Storage for pre module init parameter parsing */ |
2826 |
++static enum vmx_l1d_flush_state __read_mostly vmentry_l1d_flush_param = VMENTER_L1D_FLUSH_AUTO; |
2827 |
++ |
2828 |
++static const struct { |
2829 |
++ const char *option; |
2830 |
++ enum vmx_l1d_flush_state cmd; |
2831 |
++} vmentry_l1d_param[] = { |
2832 |
++ {"auto", VMENTER_L1D_FLUSH_AUTO}, |
2833 |
++ {"never", VMENTER_L1D_FLUSH_NEVER}, |
2834 |
++ {"cond", VMENTER_L1D_FLUSH_COND}, |
2835 |
++ {"always", VMENTER_L1D_FLUSH_ALWAYS}, |
2836 |
++}; |
2837 |
++ |
2838 |
++#define L1D_CACHE_ORDER 4 |
2839 |
++static void *vmx_l1d_flush_pages; |
2840 |
++ |
2841 |
++static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf) |
2842 |
++{ |
2843 |
++ struct page *page; |
2844 |
++ unsigned int i; |
2845 |
++ |
2846 |
++ if (!enable_ept) { |
2847 |
++ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_EPT_DISABLED; |
2848 |
++ return 0; |
2849 |
++ } |
2850 |
++ |
2851 |
++ if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) { |
2852 |
++ u64 msr; |
2853 |
++ |
2854 |
++ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, msr); |
2855 |
++ if (msr & ARCH_CAP_SKIP_VMENTRY_L1DFLUSH) { |
2856 |
++ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED; |
2857 |
++ return 0; |
2858 |
++ } |
2859 |
++ } |
2860 |
++ |
2861 |
++ /* If set to auto use the default l1tf mitigation method */ |
2862 |
++ if (l1tf == VMENTER_L1D_FLUSH_AUTO) { |
2863 |
++ switch (l1tf_mitigation) { |
2864 |
++ case L1TF_MITIGATION_OFF: |
2865 |
++ l1tf = VMENTER_L1D_FLUSH_NEVER; |
2866 |
++ break; |
2867 |
++ case L1TF_MITIGATION_FLUSH_NOWARN: |
2868 |
++ case L1TF_MITIGATION_FLUSH: |
2869 |
++ case L1TF_MITIGATION_FLUSH_NOSMT: |
2870 |
++ l1tf = VMENTER_L1D_FLUSH_COND; |
2871 |
++ break; |
2872 |
++ case L1TF_MITIGATION_FULL: |
2873 |
++ case L1TF_MITIGATION_FULL_FORCE: |
2874 |
++ l1tf = VMENTER_L1D_FLUSH_ALWAYS; |
2875 |
++ break; |
2876 |
++ } |
2877 |
++ } else if (l1tf_mitigation == L1TF_MITIGATION_FULL_FORCE) { |
2878 |
++ l1tf = VMENTER_L1D_FLUSH_ALWAYS; |
2879 |
++ } |
2880 |
++ |
2881 |
++ if (l1tf != VMENTER_L1D_FLUSH_NEVER && !vmx_l1d_flush_pages && |
2882 |
++ !boot_cpu_has(X86_FEATURE_FLUSH_L1D)) { |
2883 |
++ page = alloc_pages(GFP_KERNEL, L1D_CACHE_ORDER); |
2884 |
++ if (!page) |
2885 |
++ return -ENOMEM; |
2886 |
++ vmx_l1d_flush_pages = page_address(page); |
2887 |
++ |
2888 |
++ /* |
2889 |
++ * Initialize each page with a different pattern in |
2890 |
++ * order to protect against KSM in the nested |
2891 |
++ * virtualization case. |
2892 |
++ */ |
2893 |
++ for (i = 0; i < 1u << L1D_CACHE_ORDER; ++i) { |
2894 |
++ memset(vmx_l1d_flush_pages + i * PAGE_SIZE, i + 1, |
2895 |
++ PAGE_SIZE); |
2896 |
++ } |
2897 |
++ } |
2898 |
++ |
2899 |
++ l1tf_vmx_mitigation = l1tf; |
2900 |
++ |
2901 |
++ if (l1tf != VMENTER_L1D_FLUSH_NEVER) |
2902 |
++ static_branch_enable(&vmx_l1d_should_flush); |
2903 |
++ else |
2904 |
++ static_branch_disable(&vmx_l1d_should_flush); |
2905 |
++ |
2906 |
++ if (l1tf == VMENTER_L1D_FLUSH_COND) |
2907 |
++ static_branch_enable(&vmx_l1d_flush_cond); |
2908 |
++ else |
2909 |
++ static_branch_disable(&vmx_l1d_flush_cond); |
2910 |
++ return 0; |
2911 |
++} |
2912 |
++ |
2913 |
++static int vmentry_l1d_flush_parse(const char *s) |
2914 |
++{ |
2915 |
++ unsigned int i; |
2916 |
++ |
2917 |
++ if (s) { |
2918 |
++ for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { |
2919 |
++ if (sysfs_streq(s, vmentry_l1d_param[i].option)) |
2920 |
++ return vmentry_l1d_param[i].cmd; |
2921 |
++ } |
2922 |
++ } |
2923 |
++ return -EINVAL; |
2924 |
++} |
2925 |
++ |
2926 |
++static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) |
2927 |
++{ |
2928 |
++ int l1tf, ret; |
2929 |
++ |
2930 |
++ if (!boot_cpu_has(X86_BUG_L1TF)) |
2931 |
++ return 0; |
2932 |
++ |
2933 |
++ l1tf = vmentry_l1d_flush_parse(s); |
2934 |
++ if (l1tf < 0) |
2935 |
++ return l1tf; |
2936 |
++ |
2937 |
++ /* |
2938 |
++ * Has vmx_init() run already? If not then this is the pre init |
2939 |
++ * parameter parsing. In that case just store the value and let |
2940 |
++ * vmx_init() do the proper setup after enable_ept has been |
2941 |
++ * established. |
2942 |
++ */ |
2943 |
++ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_AUTO) { |
2944 |
++ vmentry_l1d_flush_param = l1tf; |
2945 |
++ return 0; |
2946 |
++ } |
2947 |
++ |
2948 |
++ mutex_lock(&vmx_l1d_flush_mutex); |
2949 |
++ ret = vmx_setup_l1d_flush(l1tf); |
2950 |
++ mutex_unlock(&vmx_l1d_flush_mutex); |
2951 |
++ return ret; |
2952 |
++} |
2953 |
++ |
2954 |
++static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) |
2955 |
++{ |
2956 |
++ return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); |
2957 |
++} |
2958 |
++ |
2959 |
++static const struct kernel_param_ops vmentry_l1d_flush_ops = { |
2960 |
++ .set = vmentry_l1d_flush_set, |
2961 |
++ .get = vmentry_l1d_flush_get, |
2962 |
++}; |
2963 |
++module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644); |
2964 |
++ |
2965 |
+ #define NR_AUTOLOAD_MSRS 8 |
2966 |
+ |
2967 |
+ struct vmcs { |
2968 |
+@@ -567,6 +711,11 @@ static inline int pi_test_sn(struct pi_desc *pi_desc) |
2969 |
+ (unsigned long *)&pi_desc->control); |
2970 |
+ } |
2971 |
+ |
2972 |
++struct vmx_msrs { |
2973 |
++ unsigned int nr; |
2974 |
++ struct vmx_msr_entry val[NR_AUTOLOAD_MSRS]; |
2975 |
++}; |
2976 |
++ |
2977 |
+ struct vcpu_vmx { |
2978 |
+ struct kvm_vcpu vcpu; |
2979 |
+ unsigned long host_rsp; |
2980 |
+@@ -600,9 +749,8 @@ struct vcpu_vmx { |
2981 |
+ struct loaded_vmcs *loaded_vmcs; |
2982 |
+ bool __launched; /* temporary, used in vmx_vcpu_run */ |
2983 |
+ struct msr_autoload { |
2984 |
+- unsigned nr; |
2985 |
+- struct vmx_msr_entry guest[NR_AUTOLOAD_MSRS]; |
2986 |
+- struct vmx_msr_entry host[NR_AUTOLOAD_MSRS]; |
2987 |
++ struct vmx_msrs guest; |
2988 |
++ struct vmx_msrs host; |
2989 |
+ } msr_autoload; |
2990 |
+ struct { |
2991 |
+ int loaded; |
2992 |
+@@ -1967,9 +2115,20 @@ static void clear_atomic_switch_msr_special(struct vcpu_vmx *vmx, |
2993 |
+ vm_exit_controls_clearbit(vmx, exit); |
2994 |
+ } |
2995 |
+ |
2996 |
++static int find_msr(struct vmx_msrs *m, unsigned int msr) |
2997 |
++{ |
2998 |
++ unsigned int i; |
2999 |
++ |
3000 |
++ for (i = 0; i < m->nr; ++i) { |
3001 |
++ if (m->val[i].index == msr) |
3002 |
++ return i; |
3003 |
++ } |
3004 |
++ return -ENOENT; |
3005 |
++} |
3006 |
++ |
3007 |
+ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) |
3008 |
+ { |
3009 |
+- unsigned i; |
3010 |
++ int i; |
3011 |
+ struct msr_autoload *m = &vmx->msr_autoload; |
3012 |
+ |
3013 |
+ switch (msr) { |
3014 |
+@@ -1990,18 +2149,21 @@ static void clear_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr) |
3015 |
+ } |
3016 |
+ break; |
3017 |
+ } |
3018 |
++ i = find_msr(&m->guest, msr); |
3019 |
++ if (i < 0) |
3020 |
++ goto skip_guest; |
3021 |
++ --m->guest.nr; |
3022 |
++ m->guest.val[i] = m->guest.val[m->guest.nr]; |
3023 |
++ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); |
3024 |
+ |
3025 |
+- for (i = 0; i < m->nr; ++i) |
3026 |
+- if (m->guest[i].index == msr) |
3027 |
+- break; |
3028 |
+- |
3029 |
+- if (i == m->nr) |
3030 |
++skip_guest: |
3031 |
++ i = find_msr(&m->host, msr); |
3032 |
++ if (i < 0) |
3033 |
+ return; |
3034 |
+- --m->nr; |
3035 |
+- m->guest[i] = m->guest[m->nr]; |
3036 |
+- m->host[i] = m->host[m->nr]; |
3037 |
+- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->nr); |
3038 |
+- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->nr); |
3039 |
++ |
3040 |
++ --m->host.nr; |
3041 |
++ m->host.val[i] = m->host.val[m->host.nr]; |
3042 |
++ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); |
3043 |
+ } |
3044 |
+ |
3045 |
+ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, |
3046 |
+@@ -2016,9 +2178,9 @@ static void add_atomic_switch_msr_special(struct vcpu_vmx *vmx, |
3047 |
+ } |
3048 |
+ |
3049 |
+ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, |
3050 |
+- u64 guest_val, u64 host_val) |
3051 |
++ u64 guest_val, u64 host_val, bool entry_only) |
3052 |
+ { |
3053 |
+- unsigned i; |
3054 |
++ int i, j = 0; |
3055 |
+ struct msr_autoload *m = &vmx->msr_autoload; |
3056 |
+ |
3057 |
+ switch (msr) { |
3058 |
+@@ -2053,24 +2215,31 @@ static void add_atomic_switch_msr(struct vcpu_vmx *vmx, unsigned msr, |
3059 |
+ wrmsrl(MSR_IA32_PEBS_ENABLE, 0); |
3060 |
+ } |
3061 |
+ |
3062 |
+- for (i = 0; i < m->nr; ++i) |
3063 |
+- if (m->guest[i].index == msr) |
3064 |
+- break; |
3065 |
++ i = find_msr(&m->guest, msr); |
3066 |
++ if (!entry_only) |
3067 |
++ j = find_msr(&m->host, msr); |
3068 |
+ |
3069 |
+- if (i == NR_AUTOLOAD_MSRS) { |
3070 |
++ if (i == NR_AUTOLOAD_MSRS || j == NR_AUTOLOAD_MSRS) { |
3071 |
+ printk_once(KERN_WARNING "Not enough msr switch entries. " |
3072 |
+ "Can't add msr %x\n", msr); |
3073 |
+ return; |
3074 |
+- } else if (i == m->nr) { |
3075 |
+- ++m->nr; |
3076 |
+- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->nr); |
3077 |
+- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->nr); |
3078 |
+ } |
3079 |
++ if (i < 0) { |
3080 |
++ i = m->guest.nr++; |
3081 |
++ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, m->guest.nr); |
3082 |
++ } |
3083 |
++ m->guest.val[i].index = msr; |
3084 |
++ m->guest.val[i].value = guest_val; |
3085 |
+ |
3086 |
+- m->guest[i].index = msr; |
3087 |
+- m->guest[i].value = guest_val; |
3088 |
+- m->host[i].index = msr; |
3089 |
+- m->host[i].value = host_val; |
3090 |
++ if (entry_only) |
3091 |
++ return; |
3092 |
++ |
3093 |
++ if (j < 0) { |
3094 |
++ j = m->host.nr++; |
3095 |
++ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, m->host.nr); |
3096 |
++ } |
3097 |
++ m->host.val[j].index = msr; |
3098 |
++ m->host.val[j].value = host_val; |
3099 |
+ } |
3100 |
+ |
3101 |
+ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) |
3102 |
+@@ -2114,7 +2283,7 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) |
3103 |
+ guest_efer &= ~EFER_LME; |
3104 |
+ if (guest_efer != host_efer) |
3105 |
+ add_atomic_switch_msr(vmx, MSR_EFER, |
3106 |
+- guest_efer, host_efer); |
3107 |
++ guest_efer, host_efer, false); |
3108 |
+ return false; |
3109 |
+ } else { |
3110 |
+ guest_efer &= ~ignore_bits; |
3111 |
+@@ -3266,6 +3435,11 @@ static inline bool vmx_feature_control_msr_valid(struct kvm_vcpu *vcpu, |
3112 |
+ return !(val & ~valid_bits); |
3113 |
+ } |
3114 |
+ |
3115 |
++static int vmx_get_msr_feature(struct kvm_msr_entry *msr) |
3116 |
++{ |
3117 |
++ return 1; |
3118 |
++} |
3119 |
++ |
3120 |
+ /* |
3121 |
+ * Reads an msr value (of 'msr_index') into 'pdata'. |
3122 |
+ * Returns 0 on success, non-0 otherwise. |
3123 |
+@@ -3523,7 +3697,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
3124 |
+ vcpu->arch.ia32_xss = data; |
3125 |
+ if (vcpu->arch.ia32_xss != host_xss) |
3126 |
+ add_atomic_switch_msr(vmx, MSR_IA32_XSS, |
3127 |
+- vcpu->arch.ia32_xss, host_xss); |
3128 |
++ vcpu->arch.ia32_xss, host_xss, false); |
3129 |
+ else |
3130 |
+ clear_atomic_switch_msr(vmx, MSR_IA32_XSS); |
3131 |
+ break; |
3132 |
+@@ -5714,9 +5888,9 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx) |
3133 |
+ |
3134 |
+ vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); |
3135 |
+ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0); |
3136 |
+- vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host)); |
3137 |
++ vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val)); |
3138 |
+ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0); |
3139 |
+- vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest)); |
3140 |
++ vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val)); |
3141 |
+ |
3142 |
+ if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) |
3143 |
+ vmcs_write64(GUEST_IA32_PAT, vmx->vcpu.arch.pat); |
3144 |
+@@ -5736,8 +5910,7 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx) |
3145 |
+ ++vmx->nmsrs; |
3146 |
+ } |
3147 |
+ |
3148 |
+- if (boot_cpu_has(X86_FEATURE_ARCH_CAPABILITIES)) |
3149 |
+- rdmsrl(MSR_IA32_ARCH_CAPABILITIES, vmx->arch_capabilities); |
3150 |
++ vmx->arch_capabilities = kvm_get_arch_capabilities(); |
3151 |
+ |
3152 |
+ vm_exit_controls_init(vmx, vmcs_config.vmexit_ctrl); |
3153 |
+ |
3154 |
+@@ -5770,6 +5943,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) |
3155 |
+ vmx->rmode.vm86_active = 0; |
3156 |
+ vmx->spec_ctrl = 0; |
3157 |
+ |
3158 |
++ vcpu->arch.microcode_version = 0x100000000ULL; |
3159 |
+ vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val(); |
3160 |
+ kvm_set_cr8(vcpu, 0); |
3161 |
+ |
3162 |
+@@ -8987,6 +9161,79 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu) |
3163 |
+ } |
3164 |
+ } |
3165 |
+ |
3166 |
++/* |
3167 |
++ * Software based L1D cache flush which is used when microcode providing |
3168 |
++ * the cache control MSR is not loaded. |
3169 |
++ * |
3170 |
++ * The L1D cache is 32 KiB on Nehalem and later microarchitectures, but to |
3171 |
++ * flush it is required to read in 64 KiB because the replacement algorithm |
3172 |
++ * is not exactly LRU. This could be sized at runtime via topology |
3173 |
++ * information but as all relevant affected CPUs have 32KiB L1D cache size |
3174 |
++ * there is no point in doing so. |
3175 |
++ */ |
3176 |
++#define L1D_CACHE_ORDER 4 |
3177 |
++static void *vmx_l1d_flush_pages; |
3178 |
++ |
3179 |
++static void vmx_l1d_flush(struct kvm_vcpu *vcpu) |
3180 |
++{ |
3181 |
++ int size = PAGE_SIZE << L1D_CACHE_ORDER; |
3182 |
++ |
3183 |
++ /* |
3184 |
++ * This code is only executed when the the flush mode is 'cond' or |
3185 |
++ * 'always' |
3186 |
++ */ |
3187 |
++ if (static_branch_likely(&vmx_l1d_flush_cond)) { |
3188 |
++ bool flush_l1d; |
3189 |
++ |
3190 |
++ /* |
3191 |
++ * Clear the per-vcpu flush bit, it gets set again |
3192 |
++ * either from vcpu_run() or from one of the unsafe |
3193 |
++ * VMEXIT handlers. |
3194 |
++ */ |
3195 |
++ flush_l1d = vcpu->arch.l1tf_flush_l1d; |
3196 |
++ vcpu->arch.l1tf_flush_l1d = false; |
3197 |
++ |
3198 |
++ /* |
3199 |
++ * Clear the per-cpu flush bit, it gets set again from |
3200 |
++ * the interrupt handlers. |
3201 |
++ */ |
3202 |
++ flush_l1d |= kvm_get_cpu_l1tf_flush_l1d(); |
3203 |
++ kvm_clear_cpu_l1tf_flush_l1d(); |
3204 |
++ |
3205 |
++ if (!flush_l1d) |
3206 |
++ return; |
3207 |
++ } |
3208 |
++ |
3209 |
++ vcpu->stat.l1d_flush++; |
3210 |
++ |
3211 |
++ if (static_cpu_has(X86_FEATURE_FLUSH_L1D)) { |
3212 |
++ wrmsrl(MSR_IA32_FLUSH_CMD, L1D_FLUSH); |
3213 |
++ return; |
3214 |
++ } |
3215 |
++ |
3216 |
++ asm volatile( |
3217 |
++ /* First ensure the pages are in the TLB */ |
3218 |
++ "xorl %%eax, %%eax\n" |
3219 |
++ ".Lpopulate_tlb:\n\t" |
3220 |
++ "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" |
3221 |
++ "addl $4096, %%eax\n\t" |
3222 |
++ "cmpl %%eax, %[size]\n\t" |
3223 |
++ "jne .Lpopulate_tlb\n\t" |
3224 |
++ "xorl %%eax, %%eax\n\t" |
3225 |
++ "cpuid\n\t" |
3226 |
++ /* Now fill the cache */ |
3227 |
++ "xorl %%eax, %%eax\n" |
3228 |
++ ".Lfill_cache:\n" |
3229 |
++ "movzbl (%[flush_pages], %%" _ASM_AX "), %%ecx\n\t" |
3230 |
++ "addl $64, %%eax\n\t" |
3231 |
++ "cmpl %%eax, %[size]\n\t" |
3232 |
++ "jne .Lfill_cache\n\t" |
3233 |
++ "lfence\n" |
3234 |
++ :: [flush_pages] "r" (vmx_l1d_flush_pages), |
3235 |
++ [size] "r" (size) |
3236 |
++ : "eax", "ebx", "ecx", "edx"); |
3237 |
++} |
3238 |
++ |
3239 |
+ static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr) |
3240 |
+ { |
3241 |
+ struct vmcs12 *vmcs12 = get_vmcs12(vcpu); |
3242 |
+@@ -9390,7 +9637,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) |
3243 |
+ clear_atomic_switch_msr(vmx, msrs[i].msr); |
3244 |
+ else |
3245 |
+ add_atomic_switch_msr(vmx, msrs[i].msr, msrs[i].guest, |
3246 |
+- msrs[i].host); |
3247 |
++ msrs[i].host, false); |
3248 |
+ } |
3249 |
+ |
3250 |
+ static void vmx_arm_hv_timer(struct kvm_vcpu *vcpu) |
3251 |
+@@ -9483,6 +9730,9 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
3252 |
+ |
3253 |
+ vmx->__launched = vmx->loaded_vmcs->launched; |
3254 |
+ |
3255 |
++ if (static_branch_unlikely(&vmx_l1d_should_flush)) |
3256 |
++ vmx_l1d_flush(vcpu); |
3257 |
++ |
3258 |
+ asm( |
3259 |
+ /* Store host registers */ |
3260 |
+ "push %%" _ASM_DX "; push %%" _ASM_BP ";" |
3261 |
+@@ -9835,6 +10085,37 @@ free_vcpu: |
3262 |
+ return ERR_PTR(err); |
3263 |
+ } |
3264 |
+ |
3265 |
++#define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.\n" |
3266 |
++#define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.\n" |
3267 |
++ |
3268 |
++static int vmx_vm_init(struct kvm *kvm) |
3269 |
++{ |
3270 |
++ if (boot_cpu_has(X86_BUG_L1TF) && enable_ept) { |
3271 |
++ switch (l1tf_mitigation) { |
3272 |
++ case L1TF_MITIGATION_OFF: |
3273 |
++ case L1TF_MITIGATION_FLUSH_NOWARN: |
3274 |
++ /* 'I explicitly don't care' is set */ |
3275 |
++ break; |
3276 |
++ case L1TF_MITIGATION_FLUSH: |
3277 |
++ case L1TF_MITIGATION_FLUSH_NOSMT: |
3278 |
++ case L1TF_MITIGATION_FULL: |
3279 |
++ /* |
3280 |
++ * Warn upon starting the first VM in a potentially |
3281 |
++ * insecure environment. |
3282 |
++ */ |
3283 |
++ if (cpu_smt_control == CPU_SMT_ENABLED) |
3284 |
++ pr_warn_once(L1TF_MSG_SMT); |
3285 |
++ if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER) |
3286 |
++ pr_warn_once(L1TF_MSG_L1D); |
3287 |
++ break; |
3288 |
++ case L1TF_MITIGATION_FULL_FORCE: |
3289 |
++ /* Flush is enforced */ |
3290 |
++ break; |
3291 |
++ } |
3292 |
++ } |
3293 |
++ return 0; |
3294 |
++} |
3295 |
++ |
3296 |
+ static void __init vmx_check_processor_compat(void *rtn) |
3297 |
+ { |
3298 |
+ struct vmcs_config vmcs_conf; |
3299 |
+@@ -10774,10 +11055,10 @@ static int prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, |
3300 |
+ * Set the MSR load/store lists to match L0's settings. |
3301 |
+ */ |
3302 |
+ vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); |
3303 |
+- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.nr); |
3304 |
+- vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host)); |
3305 |
+- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.nr); |
3306 |
+- vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest)); |
3307 |
++ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr); |
3308 |
++ vmcs_write64(VM_EXIT_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.host.val)); |
3309 |
++ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr); |
3310 |
++ vmcs_write64(VM_ENTRY_MSR_LOAD_ADDR, __pa(vmx->msr_autoload.guest.val)); |
3311 |
+ |
3312 |
+ /* |
3313 |
+ * HOST_RSP is normally set correctly in vmx_vcpu_run() just before |
3314 |
+@@ -11202,6 +11483,9 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch) |
3315 |
+ if (ret) |
3316 |
+ return ret; |
3317 |
+ |
3318 |
++ /* Hide L1D cache contents from the nested guest. */ |
3319 |
++ vmx->vcpu.arch.l1tf_flush_l1d = true; |
3320 |
++ |
3321 |
+ /* |
3322 |
+ * If we're entering a halted L2 vcpu and the L2 vcpu won't be woken |
3323 |
+ * by event injection, halt vcpu. |
3324 |
+@@ -11712,8 +11996,8 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason, |
3325 |
+ vmx_segment_cache_clear(vmx); |
3326 |
+ |
3327 |
+ /* Update any VMCS fields that might have changed while L2 ran */ |
3328 |
+- vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.nr); |
3329 |
+- vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.nr); |
3330 |
++ vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr); |
3331 |
++ vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, vmx->msr_autoload.guest.nr); |
3332 |
+ vmcs_write64(TSC_OFFSET, vcpu->arch.tsc_offset); |
3333 |
+ if (vmx->hv_deadline_tsc == -1) |
3334 |
+ vmcs_clear_bits(PIN_BASED_VM_EXEC_CONTROL, |
3335 |
+@@ -12225,6 +12509,8 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
3336 |
+ .cpu_has_accelerated_tpr = report_flexpriority, |
3337 |
+ .has_emulated_msr = vmx_has_emulated_msr, |
3338 |
+ |
3339 |
++ .vm_init = vmx_vm_init, |
3340 |
++ |
3341 |
+ .vcpu_create = vmx_create_vcpu, |
3342 |
+ .vcpu_free = vmx_free_vcpu, |
3343 |
+ .vcpu_reset = vmx_vcpu_reset, |
3344 |
+@@ -12234,6 +12520,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
3345 |
+ .vcpu_put = vmx_vcpu_put, |
3346 |
+ |
3347 |
+ .update_bp_intercept = update_exception_bitmap, |
3348 |
++ .get_msr_feature = vmx_get_msr_feature, |
3349 |
+ .get_msr = vmx_get_msr, |
3350 |
+ .set_msr = vmx_set_msr, |
3351 |
+ .get_segment_base = vmx_get_segment_base, |
3352 |
+@@ -12341,22 +12628,18 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
3353 |
+ .setup_mce = vmx_setup_mce, |
3354 |
+ }; |
3355 |
+ |
3356 |
+-static int __init vmx_init(void) |
3357 |
++static void vmx_cleanup_l1d_flush(void) |
3358 |
+ { |
3359 |
+- int r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), |
3360 |
+- __alignof__(struct vcpu_vmx), THIS_MODULE); |
3361 |
+- if (r) |
3362 |
+- return r; |
3363 |
+- |
3364 |
+-#ifdef CONFIG_KEXEC_CORE |
3365 |
+- rcu_assign_pointer(crash_vmclear_loaded_vmcss, |
3366 |
+- crash_vmclear_local_loaded_vmcss); |
3367 |
+-#endif |
3368 |
+- |
3369 |
+- return 0; |
3370 |
++ if (vmx_l1d_flush_pages) { |
3371 |
++ free_pages((unsigned long)vmx_l1d_flush_pages, L1D_CACHE_ORDER); |
3372 |
++ vmx_l1d_flush_pages = NULL; |
3373 |
++ } |
3374 |
++ /* Restore state so sysfs ignores VMX */ |
3375 |
++ l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; |
3376 |
+ } |
3377 |
+ |
3378 |
+-static void __exit vmx_exit(void) |
3379 |
++ |
3380 |
++static void vmx_exit(void) |
3381 |
+ { |
3382 |
+ #ifdef CONFIG_KEXEC_CORE |
3383 |
+ RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL); |
3384 |
+@@ -12364,7 +12647,40 @@ static void __exit vmx_exit(void) |
3385 |
+ #endif |
3386 |
+ |
3387 |
+ kvm_exit(); |
3388 |
++ |
3389 |
++ vmx_cleanup_l1d_flush(); |
3390 |
+ } |
3391 |
++module_exit(vmx_exit) |
3392 |
+ |
3393 |
++static int __init vmx_init(void) |
3394 |
++{ |
3395 |
++ int r; |
3396 |
++ |
3397 |
++ r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), |
3398 |
++ __alignof__(struct vcpu_vmx), THIS_MODULE); |
3399 |
++ if (r) |
3400 |
++ return r; |
3401 |
++ |
3402 |
++ /* |
3403 |
++ * Must be called after kvm_init() so enable_ept is properly set |
3404 |
++ * up. Hand the parameter mitigation value in which was stored in |
3405 |
++ * the pre module init parser. If no parameter was given, it will |
3406 |
++ * contain 'auto' which will be turned into the default 'cond' |
3407 |
++ * mitigation mode. |
3408 |
++ */ |
3409 |
++ if (boot_cpu_has(X86_BUG_L1TF)) { |
3410 |
++ r = vmx_setup_l1d_flush(vmentry_l1d_flush_param); |
3411 |
++ if (r) { |
3412 |
++ vmx_exit(); |
3413 |
++ return r; |
3414 |
++ } |
3415 |
++ } |
3416 |
++ |
3417 |
++#ifdef CONFIG_KEXEC_CORE |
3418 |
++ rcu_assign_pointer(crash_vmclear_loaded_vmcss, |
3419 |
++ crash_vmclear_local_loaded_vmcss); |
3420 |
++#endif |
3421 |
++ |
3422 |
++ return 0; |
3423 |
++} |
3424 |
+ module_init(vmx_init) |
3425 |
+-module_exit(vmx_exit) |
3426 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
3427 |
+index 2f3fe25639b3..5c2c09f6c1c3 100644 |
3428 |
+--- a/arch/x86/kvm/x86.c |
3429 |
++++ b/arch/x86/kvm/x86.c |
3430 |
+@@ -181,6 +181,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = { |
3431 |
+ { "irq_injections", VCPU_STAT(irq_injections) }, |
3432 |
+ { "nmi_injections", VCPU_STAT(nmi_injections) }, |
3433 |
+ { "req_event", VCPU_STAT(req_event) }, |
3434 |
++ { "l1d_flush", VCPU_STAT(l1d_flush) }, |
3435 |
+ { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) }, |
3436 |
+ { "mmu_pte_write", VM_STAT(mmu_pte_write) }, |
3437 |
+ { "mmu_pte_updated", VM_STAT(mmu_pte_updated) }, |
3438 |
+@@ -1041,6 +1042,71 @@ static u32 emulated_msrs[] = { |
3439 |
+ |
3440 |
+ static unsigned num_emulated_msrs; |
3441 |
+ |
3442 |
++/* |
3443 |
++ * List of msr numbers which are used to expose MSR-based features that |
3444 |
++ * can be used by a hypervisor to validate requested CPU features. |
3445 |
++ */ |
3446 |
++static u32 msr_based_features[] = { |
3447 |
++ MSR_F10H_DECFG, |
3448 |
++ MSR_IA32_UCODE_REV, |
3449 |
++ MSR_IA32_ARCH_CAPABILITIES, |
3450 |
++}; |
3451 |
++ |
3452 |
++static unsigned int num_msr_based_features; |
3453 |
++ |
3454 |
++u64 kvm_get_arch_capabilities(void) |
3455 |
++{ |
3456 |
++ u64 data; |
3457 |
++ |
3458 |
++ rdmsrl_safe(MSR_IA32_ARCH_CAPABILITIES, &data); |
3459 |
++ |
3460 |
++ /* |
3461 |
++ * If we're doing cache flushes (either "always" or "cond") |
3462 |
++ * we will do one whenever the guest does a vmlaunch/vmresume. |
3463 |
++ * If an outer hypervisor is doing the cache flush for us |
3464 |
++ * (VMENTER_L1D_FLUSH_NESTED_VM), we can safely pass that |
3465 |
++ * capability to the guest too, and if EPT is disabled we're not |
3466 |
++ * vulnerable. Overall, only VMENTER_L1D_FLUSH_NEVER will |
3467 |
++ * require a nested hypervisor to do a flush of its own. |
3468 |
++ */ |
3469 |
++ if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER) |
3470 |
++ data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH; |
3471 |
++ |
3472 |
++ return data; |
3473 |
++} |
3474 |
++EXPORT_SYMBOL_GPL(kvm_get_arch_capabilities); |
3475 |
++ |
3476 |
++static int kvm_get_msr_feature(struct kvm_msr_entry *msr) |
3477 |
++{ |
3478 |
++ switch (msr->index) { |
3479 |
++ case MSR_IA32_ARCH_CAPABILITIES: |
3480 |
++ msr->data = kvm_get_arch_capabilities(); |
3481 |
++ break; |
3482 |
++ case MSR_IA32_UCODE_REV: |
3483 |
++ rdmsrl_safe(msr->index, &msr->data); |
3484 |
++ break; |
3485 |
++ default: |
3486 |
++ if (kvm_x86_ops->get_msr_feature(msr)) |
3487 |
++ return 1; |
3488 |
++ } |
3489 |
++ return 0; |
3490 |
++} |
3491 |
++ |
3492 |
++static int do_get_msr_feature(struct kvm_vcpu *vcpu, unsigned index, u64 *data) |
3493 |
++{ |
3494 |
++ struct kvm_msr_entry msr; |
3495 |
++ int r; |
3496 |
++ |
3497 |
++ msr.index = index; |
3498 |
++ r = kvm_get_msr_feature(&msr); |
3499 |
++ if (r) |
3500 |
++ return r; |
3501 |
++ |
3502 |
++ *data = msr.data; |
3503 |
++ |
3504 |
++ return 0; |
3505 |
++} |
3506 |
++ |
3507 |
+ bool kvm_valid_efer(struct kvm_vcpu *vcpu, u64 efer) |
3508 |
+ { |
3509 |
+ if (efer & efer_reserved_bits) |
3510 |
+@@ -2156,7 +2222,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
3511 |
+ |
3512 |
+ switch (msr) { |
3513 |
+ case MSR_AMD64_NB_CFG: |
3514 |
+- case MSR_IA32_UCODE_REV: |
3515 |
+ case MSR_IA32_UCODE_WRITE: |
3516 |
+ case MSR_VM_HSAVE_PA: |
3517 |
+ case MSR_AMD64_PATCH_LOADER: |
3518 |
+@@ -2164,6 +2229,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
3519 |
+ case MSR_AMD64_DC_CFG: |
3520 |
+ break; |
3521 |
+ |
3522 |
++ case MSR_IA32_UCODE_REV: |
3523 |
++ if (msr_info->host_initiated) |
3524 |
++ vcpu->arch.microcode_version = data; |
3525 |
++ break; |
3526 |
+ case MSR_EFER: |
3527 |
+ return set_efer(vcpu, data); |
3528 |
+ case MSR_K7_HWCR: |
3529 |
+@@ -2450,7 +2519,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
3530 |
+ msr_info->data = 0; |
3531 |
+ break; |
3532 |
+ case MSR_IA32_UCODE_REV: |
3533 |
+- msr_info->data = 0x100000000ULL; |
3534 |
++ msr_info->data = vcpu->arch.microcode_version; |
3535 |
+ break; |
3536 |
+ case MSR_MTRRcap: |
3537 |
+ case 0x200 ... 0x2ff: |
3538 |
+@@ -2600,13 +2669,11 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, |
3539 |
+ int (*do_msr)(struct kvm_vcpu *vcpu, |
3540 |
+ unsigned index, u64 *data)) |
3541 |
+ { |
3542 |
+- int i, idx; |
3543 |
++ int i; |
3544 |
+ |
3545 |
+- idx = srcu_read_lock(&vcpu->kvm->srcu); |
3546 |
+ for (i = 0; i < msrs->nmsrs; ++i) |
3547 |
+ if (do_msr(vcpu, entries[i].index, &entries[i].data)) |
3548 |
+ break; |
3549 |
+- srcu_read_unlock(&vcpu->kvm->srcu, idx); |
3550 |
+ |
3551 |
+ return i; |
3552 |
+ } |
3553 |
+@@ -2705,6 +2772,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) |
3554 |
+ case KVM_CAP_SET_BOOT_CPU_ID: |
3555 |
+ case KVM_CAP_SPLIT_IRQCHIP: |
3556 |
+ case KVM_CAP_IMMEDIATE_EXIT: |
3557 |
++ case KVM_CAP_GET_MSR_FEATURES: |
3558 |
+ r = 1; |
3559 |
+ break; |
3560 |
+ case KVM_CAP_ADJUST_CLOCK: |
3561 |
+@@ -2819,6 +2887,31 @@ long kvm_arch_dev_ioctl(struct file *filp, |
3562 |
+ goto out; |
3563 |
+ r = 0; |
3564 |
+ break; |
3565 |
++ case KVM_GET_MSR_FEATURE_INDEX_LIST: { |
3566 |
++ struct kvm_msr_list __user *user_msr_list = argp; |
3567 |
++ struct kvm_msr_list msr_list; |
3568 |
++ unsigned int n; |
3569 |
++ |
3570 |
++ r = -EFAULT; |
3571 |
++ if (copy_from_user(&msr_list, user_msr_list, sizeof(msr_list))) |
3572 |
++ goto out; |
3573 |
++ n = msr_list.nmsrs; |
3574 |
++ msr_list.nmsrs = num_msr_based_features; |
3575 |
++ if (copy_to_user(user_msr_list, &msr_list, sizeof(msr_list))) |
3576 |
++ goto out; |
3577 |
++ r = -E2BIG; |
3578 |
++ if (n < msr_list.nmsrs) |
3579 |
++ goto out; |
3580 |
++ r = -EFAULT; |
3581 |
++ if (copy_to_user(user_msr_list->indices, &msr_based_features, |
3582 |
++ num_msr_based_features * sizeof(u32))) |
3583 |
++ goto out; |
3584 |
++ r = 0; |
3585 |
++ break; |
3586 |
++ } |
3587 |
++ case KVM_GET_MSRS: |
3588 |
++ r = msr_io(NULL, argp, do_get_msr_feature, 1); |
3589 |
++ break; |
3590 |
+ } |
3591 |
+ default: |
3592 |
+ r = -EINVAL; |
3593 |
+@@ -3553,12 +3646,18 @@ long kvm_arch_vcpu_ioctl(struct file *filp, |
3594 |
+ r = 0; |
3595 |
+ break; |
3596 |
+ } |
3597 |
+- case KVM_GET_MSRS: |
3598 |
++ case KVM_GET_MSRS: { |
3599 |
++ int idx = srcu_read_lock(&vcpu->kvm->srcu); |
3600 |
+ r = msr_io(vcpu, argp, do_get_msr, 1); |
3601 |
++ srcu_read_unlock(&vcpu->kvm->srcu, idx); |
3602 |
+ break; |
3603 |
+- case KVM_SET_MSRS: |
3604 |
++ } |
3605 |
++ case KVM_SET_MSRS: { |
3606 |
++ int idx = srcu_read_lock(&vcpu->kvm->srcu); |
3607 |
+ r = msr_io(vcpu, argp, do_set_msr, 0); |
3608 |
++ srcu_read_unlock(&vcpu->kvm->srcu, idx); |
3609 |
+ break; |
3610 |
++ } |
3611 |
+ case KVM_TPR_ACCESS_REPORTING: { |
3612 |
+ struct kvm_tpr_access_ctl tac; |
3613 |
+ |
3614 |
+@@ -4333,6 +4432,19 @@ static void kvm_init_msr_list(void) |
3615 |
+ j++; |
3616 |
+ } |
3617 |
+ num_emulated_msrs = j; |
3618 |
++ |
3619 |
++ for (i = j = 0; i < ARRAY_SIZE(msr_based_features); i++) { |
3620 |
++ struct kvm_msr_entry msr; |
3621 |
++ |
3622 |
++ msr.index = msr_based_features[i]; |
3623 |
++ if (kvm_get_msr_feature(&msr)) |
3624 |
++ continue; |
3625 |
++ |
3626 |
++ if (j < i) |
3627 |
++ msr_based_features[j] = msr_based_features[i]; |
3628 |
++ j++; |
3629 |
++ } |
3630 |
++ num_msr_based_features = j; |
3631 |
+ } |
3632 |
+ |
3633 |
+ static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len, |
3634 |
+@@ -4573,6 +4685,9 @@ static int emulator_write_std(struct x86_emulate_ctxt *ctxt, gva_t addr, void *v |
3635 |
+ int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val, |
3636 |
+ unsigned int bytes, struct x86_exception *exception) |
3637 |
+ { |
3638 |
++ /* kvm_write_guest_virt_system can pull in tons of pages. */ |
3639 |
++ vcpu->arch.l1tf_flush_l1d = true; |
3640 |
++ |
3641 |
+ return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, |
3642 |
+ PFERR_WRITE_MASK, exception); |
3643 |
+ } |
3644 |
+@@ -5701,6 +5816,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, |
3645 |
+ bool writeback = true; |
3646 |
+ bool write_fault_to_spt = vcpu->arch.write_fault_to_shadow_pgtable; |
3647 |
+ |
3648 |
++ vcpu->arch.l1tf_flush_l1d = true; |
3649 |
++ |
3650 |
+ /* |
3651 |
+ * Clear write_fault_to_shadow_pgtable here to ensure it is |
3652 |
+ * never reused. |
3653 |
+@@ -7146,6 +7263,7 @@ static int vcpu_run(struct kvm_vcpu *vcpu) |
3654 |
+ struct kvm *kvm = vcpu->kvm; |
3655 |
+ |
3656 |
+ vcpu->srcu_idx = srcu_read_lock(&kvm->srcu); |
3657 |
++ vcpu->arch.l1tf_flush_l1d = true; |
3658 |
+ |
3659 |
+ for (;;) { |
3660 |
+ if (kvm_vcpu_running(vcpu)) { |
3661 |
+@@ -8153,6 +8271,7 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu) |
3662 |
+ |
3663 |
+ void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) |
3664 |
+ { |
3665 |
++ vcpu->arch.l1tf_flush_l1d = true; |
3666 |
+ kvm_x86_ops->sched_in(vcpu, cpu); |
3667 |
+ } |
3668 |
+ |
3669 |
+diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
3670 |
+index 0133d26f16be..c2faff548f59 100644 |
3671 |
+--- a/arch/x86/mm/fault.c |
3672 |
++++ b/arch/x86/mm/fault.c |
3673 |
+@@ -24,6 +24,7 @@ |
3674 |
+ #include <asm/vsyscall.h> /* emulate_vsyscall */ |
3675 |
+ #include <asm/vm86.h> /* struct vm86 */ |
3676 |
+ #include <asm/mmu_context.h> /* vma_pkey() */ |
3677 |
++#include <asm/sections.h> |
3678 |
+ |
3679 |
+ #define CREATE_TRACE_POINTS |
3680 |
+ #include <asm/trace/exceptions.h> |
3681 |
+diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
3682 |
+index 071cbbbb60d9..37f60dfd7e4e 100644 |
3683 |
+--- a/arch/x86/mm/init.c |
3684 |
++++ b/arch/x86/mm/init.c |
3685 |
+@@ -4,6 +4,8 @@ |
3686 |
+ #include <linux/swap.h> |
3687 |
+ #include <linux/memblock.h> |
3688 |
+ #include <linux/bootmem.h> /* for max_low_pfn */ |
3689 |
++#include <linux/swapfile.h> |
3690 |
++#include <linux/swapops.h> |
3691 |
+ |
3692 |
+ #include <asm/set_memory.h> |
3693 |
+ #include <asm/e820/api.h> |
3694 |
+@@ -880,3 +882,26 @@ void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache) |
3695 |
+ __cachemode2pte_tbl[cache] = __cm_idx2pte(entry); |
3696 |
+ __pte2cachemode_tbl[entry] = cache; |
3697 |
+ } |
3698 |
++ |
3699 |
++#ifdef CONFIG_SWAP |
3700 |
++unsigned long max_swapfile_size(void) |
3701 |
++{ |
3702 |
++ unsigned long pages; |
3703 |
++ |
3704 |
++ pages = generic_max_swapfile_size(); |
3705 |
++ |
3706 |
++ if (boot_cpu_has_bug(X86_BUG_L1TF)) { |
3707 |
++ /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ |
3708 |
++ unsigned long l1tf_limit = l1tf_pfn_limit() + 1; |
3709 |
++ /* |
3710 |
++ * We encode swap offsets also with 3 bits below those for pfn |
3711 |
++ * which makes the usable limit higher. |
3712 |
++ */ |
3713 |
++#if CONFIG_PGTABLE_LEVELS > 2 |
3714 |
++ l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT; |
3715 |
++#endif |
3716 |
++ pages = min_t(unsigned long, l1tf_limit, pages); |
3717 |
++ } |
3718 |
++ return pages; |
3719 |
++} |
3720 |
++#endif |
3721 |
+diff --git a/arch/x86/mm/kmmio.c b/arch/x86/mm/kmmio.c |
3722 |
+index 7c8686709636..79eb55ce69a9 100644 |
3723 |
+--- a/arch/x86/mm/kmmio.c |
3724 |
++++ b/arch/x86/mm/kmmio.c |
3725 |
+@@ -126,24 +126,29 @@ static struct kmmio_fault_page *get_kmmio_fault_page(unsigned long addr) |
3726 |
+ |
3727 |
+ static void clear_pmd_presence(pmd_t *pmd, bool clear, pmdval_t *old) |
3728 |
+ { |
3729 |
++ pmd_t new_pmd; |
3730 |
+ pmdval_t v = pmd_val(*pmd); |
3731 |
+ if (clear) { |
3732 |
+- *old = v & _PAGE_PRESENT; |
3733 |
+- v &= ~_PAGE_PRESENT; |
3734 |
+- } else /* presume this has been called with clear==true previously */ |
3735 |
+- v |= *old; |
3736 |
+- set_pmd(pmd, __pmd(v)); |
3737 |
++ *old = v; |
3738 |
++ new_pmd = pmd_mknotpresent(*pmd); |
3739 |
++ } else { |
3740 |
++ /* Presume this has been called with clear==true previously */ |
3741 |
++ new_pmd = __pmd(*old); |
3742 |
++ } |
3743 |
++ set_pmd(pmd, new_pmd); |
3744 |
+ } |
3745 |
+ |
3746 |
+ static void clear_pte_presence(pte_t *pte, bool clear, pteval_t *old) |
3747 |
+ { |
3748 |
+ pteval_t v = pte_val(*pte); |
3749 |
+ if (clear) { |
3750 |
+- *old = v & _PAGE_PRESENT; |
3751 |
+- v &= ~_PAGE_PRESENT; |
3752 |
+- } else /* presume this has been called with clear==true previously */ |
3753 |
+- v |= *old; |
3754 |
+- set_pte_atomic(pte, __pte(v)); |
3755 |
++ *old = v; |
3756 |
++ /* Nothing should care about address */ |
3757 |
++ pte_clear(&init_mm, 0, pte); |
3758 |
++ } else { |
3759 |
++ /* Presume this has been called with clear==true previously */ |
3760 |
++ set_pte_atomic(pte, __pte(*old)); |
3761 |
++ } |
3762 |
+ } |
3763 |
+ |
3764 |
+ static int clear_page_presence(struct kmmio_fault_page *f, bool clear) |
3765 |
+diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
3766 |
+index a99679826846..5f4805d69aab 100644 |
3767 |
+--- a/arch/x86/mm/mmap.c |
3768 |
++++ b/arch/x86/mm/mmap.c |
3769 |
+@@ -174,3 +174,24 @@ const char *arch_vma_name(struct vm_area_struct *vma) |
3770 |
+ return "[mpx]"; |
3771 |
+ return NULL; |
3772 |
+ } |
3773 |
++ |
3774 |
++/* |
3775 |
++ * Only allow root to set high MMIO mappings to PROT_NONE. |
3776 |
++ * This prevents an unpriv. user to set them to PROT_NONE and invert |
3777 |
++ * them, then pointing to valid memory for L1TF speculation. |
3778 |
++ * |
3779 |
++ * Note: for locked down kernels may want to disable the root override. |
3780 |
++ */ |
3781 |
++bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) |
3782 |
++{ |
3783 |
++ if (!boot_cpu_has_bug(X86_BUG_L1TF)) |
3784 |
++ return true; |
3785 |
++ if (!__pte_needs_invert(pgprot_val(prot))) |
3786 |
++ return true; |
3787 |
++ /* If it's real memory always allow */ |
3788 |
++ if (pfn_valid(pfn)) |
3789 |
++ return true; |
3790 |
++ if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) |
3791 |
++ return false; |
3792 |
++ return true; |
3793 |
++} |
3794 |
+diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c |
3795 |
+index 4085897fef64..464f53da3a6f 100644 |
3796 |
+--- a/arch/x86/mm/pageattr.c |
3797 |
++++ b/arch/x86/mm/pageattr.c |
3798 |
+@@ -1006,8 +1006,8 @@ static long populate_pmd(struct cpa_data *cpa, |
3799 |
+ |
3800 |
+ pmd = pmd_offset(pud, start); |
3801 |
+ |
3802 |
+- set_pmd(pmd, __pmd(cpa->pfn << PAGE_SHIFT | _PAGE_PSE | |
3803 |
+- massage_pgprot(pmd_pgprot))); |
3804 |
++ set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, |
3805 |
++ canon_pgprot(pmd_pgprot)))); |
3806 |
+ |
3807 |
+ start += PMD_SIZE; |
3808 |
+ cpa->pfn += PMD_SIZE >> PAGE_SHIFT; |
3809 |
+@@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, p4d_t *p4d, |
3810 |
+ * Map everything starting from the Gb boundary, possibly with 1G pages |
3811 |
+ */ |
3812 |
+ while (boot_cpu_has(X86_FEATURE_GBPAGES) && end - start >= PUD_SIZE) { |
3813 |
+- set_pud(pud, __pud(cpa->pfn << PAGE_SHIFT | _PAGE_PSE | |
3814 |
+- massage_pgprot(pud_pgprot))); |
3815 |
++ set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, |
3816 |
++ canon_pgprot(pud_pgprot)))); |
3817 |
+ |
3818 |
+ start += PUD_SIZE; |
3819 |
+ cpa->pfn += PUD_SIZE >> PAGE_SHIFT; |
3820 |
+diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c |
3821 |
+index ce38f165489b..d6f11accd37a 100644 |
3822 |
+--- a/arch/x86/mm/pti.c |
3823 |
++++ b/arch/x86/mm/pti.c |
3824 |
+@@ -45,6 +45,7 @@ |
3825 |
+ #include <asm/pgalloc.h> |
3826 |
+ #include <asm/tlbflush.h> |
3827 |
+ #include <asm/desc.h> |
3828 |
++#include <asm/sections.h> |
3829 |
+ |
3830 |
+ #undef pr_fmt |
3831 |
+ #define pr_fmt(fmt) "Kernel/User page tables isolation: " fmt |
3832 |
+diff --git a/arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c b/arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c |
3833 |
+index 4f5fa65a1011..2acd6be13375 100644 |
3834 |
+--- a/arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c |
3835 |
++++ b/arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c |
3836 |
+@@ -18,6 +18,7 @@ |
3837 |
+ #include <asm/intel-mid.h> |
3838 |
+ #include <asm/intel_scu_ipc.h> |
3839 |
+ #include <asm/io_apic.h> |
3840 |
++#include <asm/hw_irq.h> |
3841 |
+ |
3842 |
+ #define TANGIER_EXT_TIMER0_MSI 12 |
3843 |
+ |
3844 |
+diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c |
3845 |
+index 0b530c53de1f..34f9a9ce6236 100644 |
3846 |
+--- a/arch/x86/platform/uv/tlb_uv.c |
3847 |
++++ b/arch/x86/platform/uv/tlb_uv.c |
3848 |
+@@ -1285,6 +1285,7 @@ void uv_bau_message_interrupt(struct pt_regs *regs) |
3849 |
+ struct msg_desc msgdesc; |
3850 |
+ |
3851 |
+ ack_APIC_irq(); |
3852 |
++ kvm_set_cpu_l1tf_flush_l1d(); |
3853 |
+ time_start = get_cycles(); |
3854 |
+ |
3855 |
+ bcp = &per_cpu(bau_control, smp_processor_id()); |
3856 |
+diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c |
3857 |
+index c9081c6671f0..df208af3cd74 100644 |
3858 |
+--- a/arch/x86/xen/enlighten.c |
3859 |
++++ b/arch/x86/xen/enlighten.c |
3860 |
+@@ -3,6 +3,7 @@ |
3861 |
+ #endif |
3862 |
+ #include <linux/cpu.h> |
3863 |
+ #include <linux/kexec.h> |
3864 |
++#include <linux/slab.h> |
3865 |
+ |
3866 |
+ #include <xen/features.h> |
3867 |
+ #include <xen/page.h> |
3868 |
+diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c |
3869 |
+index 433f14bcab15..93758b528d8f 100644 |
3870 |
+--- a/drivers/base/cpu.c |
3871 |
++++ b/drivers/base/cpu.c |
3872 |
+@@ -527,16 +527,24 @@ ssize_t __weak cpu_show_spec_store_bypass(struct device *dev, |
3873 |
+ return sprintf(buf, "Not affected\n"); |
3874 |
+ } |
3875 |
+ |
3876 |
++ssize_t __weak cpu_show_l1tf(struct device *dev, |
3877 |
++ struct device_attribute *attr, char *buf) |
3878 |
++{ |
3879 |
++ return sprintf(buf, "Not affected\n"); |
3880 |
++} |
3881 |
++ |
3882 |
+ static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); |
3883 |
+ static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); |
3884 |
+ static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); |
3885 |
+ static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL); |
3886 |
++static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL); |
3887 |
+ |
3888 |
+ static struct attribute *cpu_root_vulnerabilities_attrs[] = { |
3889 |
+ &dev_attr_meltdown.attr, |
3890 |
+ &dev_attr_spectre_v1.attr, |
3891 |
+ &dev_attr_spectre_v2.attr, |
3892 |
+ &dev_attr_spec_store_bypass.attr, |
3893 |
++ &dev_attr_l1tf.attr, |
3894 |
+ NULL |
3895 |
+ }; |
3896 |
+ |
3897 |
+diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c |
3898 |
+index 6aef3bde10d7..c823914b3a80 100644 |
3899 |
+--- a/drivers/bluetooth/hci_ldisc.c |
3900 |
++++ b/drivers/bluetooth/hci_ldisc.c |
3901 |
+@@ -115,12 +115,12 @@ static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu) |
3902 |
+ struct sk_buff *skb = hu->tx_skb; |
3903 |
+ |
3904 |
+ if (!skb) { |
3905 |
+- read_lock(&hu->proto_lock); |
3906 |
++ percpu_down_read(&hu->proto_lock); |
3907 |
+ |
3908 |
+ if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) |
3909 |
+ skb = hu->proto->dequeue(hu); |
3910 |
+ |
3911 |
+- read_unlock(&hu->proto_lock); |
3912 |
++ percpu_up_read(&hu->proto_lock); |
3913 |
+ } else { |
3914 |
+ hu->tx_skb = NULL; |
3915 |
+ } |
3916 |
+@@ -130,7 +130,14 @@ static inline struct sk_buff *hci_uart_dequeue(struct hci_uart *hu) |
3917 |
+ |
3918 |
+ int hci_uart_tx_wakeup(struct hci_uart *hu) |
3919 |
+ { |
3920 |
+- read_lock(&hu->proto_lock); |
3921 |
++ /* This may be called in an IRQ context, so we can't sleep. Therefore |
3922 |
++ * we try to acquire the lock only, and if that fails we assume the |
3923 |
++ * tty is being closed because that is the only time the write lock is |
3924 |
++ * acquired. If, however, at some point in the future the write lock |
3925 |
++ * is also acquired in other situations, then this must be revisited. |
3926 |
++ */ |
3927 |
++ if (!percpu_down_read_trylock(&hu->proto_lock)) |
3928 |
++ return 0; |
3929 |
+ |
3930 |
+ if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) |
3931 |
+ goto no_schedule; |
3932 |
+@@ -145,7 +152,7 @@ int hci_uart_tx_wakeup(struct hci_uart *hu) |
3933 |
+ schedule_work(&hu->write_work); |
3934 |
+ |
3935 |
+ no_schedule: |
3936 |
+- read_unlock(&hu->proto_lock); |
3937 |
++ percpu_up_read(&hu->proto_lock); |
3938 |
+ |
3939 |
+ return 0; |
3940 |
+ } |
3941 |
+@@ -247,12 +254,12 @@ static int hci_uart_flush(struct hci_dev *hdev) |
3942 |
+ tty_ldisc_flush(tty); |
3943 |
+ tty_driver_flush_buffer(tty); |
3944 |
+ |
3945 |
+- read_lock(&hu->proto_lock); |
3946 |
++ percpu_down_read(&hu->proto_lock); |
3947 |
+ |
3948 |
+ if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) |
3949 |
+ hu->proto->flush(hu); |
3950 |
+ |
3951 |
+- read_unlock(&hu->proto_lock); |
3952 |
++ percpu_up_read(&hu->proto_lock); |
3953 |
+ |
3954 |
+ return 0; |
3955 |
+ } |
3956 |
+@@ -275,15 +282,15 @@ static int hci_uart_send_frame(struct hci_dev *hdev, struct sk_buff *skb) |
3957 |
+ BT_DBG("%s: type %d len %d", hdev->name, hci_skb_pkt_type(skb), |
3958 |
+ skb->len); |
3959 |
+ |
3960 |
+- read_lock(&hu->proto_lock); |
3961 |
++ percpu_down_read(&hu->proto_lock); |
3962 |
+ |
3963 |
+ if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) { |
3964 |
+- read_unlock(&hu->proto_lock); |
3965 |
++ percpu_up_read(&hu->proto_lock); |
3966 |
+ return -EUNATCH; |
3967 |
+ } |
3968 |
+ |
3969 |
+ hu->proto->enqueue(hu, skb); |
3970 |
+- read_unlock(&hu->proto_lock); |
3971 |
++ percpu_up_read(&hu->proto_lock); |
3972 |
+ |
3973 |
+ hci_uart_tx_wakeup(hu); |
3974 |
+ |
3975 |
+@@ -486,7 +493,7 @@ static int hci_uart_tty_open(struct tty_struct *tty) |
3976 |
+ INIT_WORK(&hu->init_ready, hci_uart_init_work); |
3977 |
+ INIT_WORK(&hu->write_work, hci_uart_write_work); |
3978 |
+ |
3979 |
+- rwlock_init(&hu->proto_lock); |
3980 |
++ percpu_init_rwsem(&hu->proto_lock); |
3981 |
+ |
3982 |
+ /* Flush any pending characters in the driver */ |
3983 |
+ tty_driver_flush_buffer(tty); |
3984 |
+@@ -503,7 +510,6 @@ static void hci_uart_tty_close(struct tty_struct *tty) |
3985 |
+ { |
3986 |
+ struct hci_uart *hu = tty->disc_data; |
3987 |
+ struct hci_dev *hdev; |
3988 |
+- unsigned long flags; |
3989 |
+ |
3990 |
+ BT_DBG("tty %p", tty); |
3991 |
+ |
3992 |
+@@ -518,9 +524,9 @@ static void hci_uart_tty_close(struct tty_struct *tty) |
3993 |
+ hci_uart_close(hdev); |
3994 |
+ |
3995 |
+ if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) { |
3996 |
+- write_lock_irqsave(&hu->proto_lock, flags); |
3997 |
++ percpu_down_write(&hu->proto_lock); |
3998 |
+ clear_bit(HCI_UART_PROTO_READY, &hu->flags); |
3999 |
+- write_unlock_irqrestore(&hu->proto_lock, flags); |
4000 |
++ percpu_up_write(&hu->proto_lock); |
4001 |
+ |
4002 |
+ cancel_work_sync(&hu->write_work); |
4003 |
+ |
4004 |
+@@ -582,10 +588,10 @@ static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, |
4005 |
+ if (!hu || tty != hu->tty) |
4006 |
+ return; |
4007 |
+ |
4008 |
+- read_lock(&hu->proto_lock); |
4009 |
++ percpu_down_read(&hu->proto_lock); |
4010 |
+ |
4011 |
+ if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) { |
4012 |
+- read_unlock(&hu->proto_lock); |
4013 |
++ percpu_up_read(&hu->proto_lock); |
4014 |
+ return; |
4015 |
+ } |
4016 |
+ |
4017 |
+@@ -593,7 +599,7 @@ static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, |
4018 |
+ * tty caller |
4019 |
+ */ |
4020 |
+ hu->proto->recv(hu, data, count); |
4021 |
+- read_unlock(&hu->proto_lock); |
4022 |
++ percpu_up_read(&hu->proto_lock); |
4023 |
+ |
4024 |
+ if (hu->hdev) |
4025 |
+ hu->hdev->stat.byte_rx += count; |
4026 |
+diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c |
4027 |
+index b725ac4f7ff6..52e6d4d1608e 100644 |
4028 |
+--- a/drivers/bluetooth/hci_serdev.c |
4029 |
++++ b/drivers/bluetooth/hci_serdev.c |
4030 |
+@@ -304,6 +304,7 @@ int hci_uart_register_device(struct hci_uart *hu, |
4031 |
+ hci_set_drvdata(hdev, hu); |
4032 |
+ |
4033 |
+ INIT_WORK(&hu->write_work, hci_uart_write_work); |
4034 |
++ percpu_init_rwsem(&hu->proto_lock); |
4035 |
+ |
4036 |
+ /* Only when vendor specific setup callback is provided, consider |
4037 |
+ * the manufacturer information valid. This avoids filling in the |
4038 |
+diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h |
4039 |
+index d9cd95d81149..66e8c68e4607 100644 |
4040 |
+--- a/drivers/bluetooth/hci_uart.h |
4041 |
++++ b/drivers/bluetooth/hci_uart.h |
4042 |
+@@ -87,7 +87,7 @@ struct hci_uart { |
4043 |
+ struct work_struct write_work; |
4044 |
+ |
4045 |
+ const struct hci_uart_proto *proto; |
4046 |
+- rwlock_t proto_lock; /* Stop work for proto close */ |
4047 |
++ struct percpu_rw_semaphore proto_lock; /* Stop work for proto close */ |
4048 |
+ void *priv; |
4049 |
+ |
4050 |
+ struct sk_buff *tx_skb; |
4051 |
+diff --git a/drivers/gpu/drm/i915/intel_lpe_audio.c b/drivers/gpu/drm/i915/intel_lpe_audio.c |
4052 |
+index 3bf65288ffff..2fdf302ebdad 100644 |
4053 |
+--- a/drivers/gpu/drm/i915/intel_lpe_audio.c |
4054 |
++++ b/drivers/gpu/drm/i915/intel_lpe_audio.c |
4055 |
+@@ -62,6 +62,7 @@ |
4056 |
+ |
4057 |
+ #include <linux/acpi.h> |
4058 |
+ #include <linux/device.h> |
4059 |
++#include <linux/irq.h> |
4060 |
+ #include <linux/pci.h> |
4061 |
+ #include <linux/pm_runtime.h> |
4062 |
+ |
4063 |
+diff --git a/drivers/mtd/nand/qcom_nandc.c b/drivers/mtd/nand/qcom_nandc.c |
4064 |
+index 3baddfc997d1..b49ca02b399d 100644 |
4065 |
+--- a/drivers/mtd/nand/qcom_nandc.c |
4066 |
++++ b/drivers/mtd/nand/qcom_nandc.c |
4067 |
+@@ -2544,6 +2544,9 @@ static int qcom_nand_host_init(struct qcom_nand_controller *nandc, |
4068 |
+ |
4069 |
+ nand_set_flash_node(chip, dn); |
4070 |
+ mtd->name = devm_kasprintf(dev, GFP_KERNEL, "qcom_nand.%d", host->cs); |
4071 |
++ if (!mtd->name) |
4072 |
++ return -ENOMEM; |
4073 |
++ |
4074 |
+ mtd->owner = THIS_MODULE; |
4075 |
+ mtd->dev.parent = dev; |
4076 |
+ |
4077 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
4078 |
+index dfc076f9ee4b..d5e790dd589a 100644 |
4079 |
+--- a/drivers/net/xen-netfront.c |
4080 |
++++ b/drivers/net/xen-netfront.c |
4081 |
+@@ -894,7 +894,6 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
4082 |
+ struct sk_buff *skb, |
4083 |
+ struct sk_buff_head *list) |
4084 |
+ { |
4085 |
+- struct skb_shared_info *shinfo = skb_shinfo(skb); |
4086 |
+ RING_IDX cons = queue->rx.rsp_cons; |
4087 |
+ struct sk_buff *nskb; |
4088 |
+ |
4089 |
+@@ -903,15 +902,16 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
4090 |
+ RING_GET_RESPONSE(&queue->rx, ++cons); |
4091 |
+ skb_frag_t *nfrag = &skb_shinfo(nskb)->frags[0]; |
4092 |
+ |
4093 |
+- if (shinfo->nr_frags == MAX_SKB_FRAGS) { |
4094 |
++ if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) { |
4095 |
+ unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to; |
4096 |
+ |
4097 |
+ BUG_ON(pull_to <= skb_headlen(skb)); |
4098 |
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); |
4099 |
+ } |
4100 |
+- BUG_ON(shinfo->nr_frags >= MAX_SKB_FRAGS); |
4101 |
++ BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); |
4102 |
+ |
4103 |
+- skb_add_rx_frag(skb, shinfo->nr_frags, skb_frag_page(nfrag), |
4104 |
++ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, |
4105 |
++ skb_frag_page(nfrag), |
4106 |
+ rx->offset, rx->status, PAGE_SIZE); |
4107 |
+ |
4108 |
+ skb_shinfo(nskb)->nr_frags = 0; |
4109 |
+diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c |
4110 |
+index 4523d7e1bcb9..ffc87a956d97 100644 |
4111 |
+--- a/drivers/pci/host/pci-hyperv.c |
4112 |
++++ b/drivers/pci/host/pci-hyperv.c |
4113 |
+@@ -53,6 +53,8 @@ |
4114 |
+ #include <linux/delay.h> |
4115 |
+ #include <linux/semaphore.h> |
4116 |
+ #include <linux/irqdomain.h> |
4117 |
++#include <linux/irq.h> |
4118 |
++ |
4119 |
+ #include <asm/irqdomain.h> |
4120 |
+ #include <asm/apic.h> |
4121 |
+ #include <linux/msi.h> |
4122 |
+diff --git a/drivers/phy/mediatek/phy-mtk-tphy.c b/drivers/phy/mediatek/phy-mtk-tphy.c |
4123 |
+index 721a2a1c97ef..a63bba12aee4 100644 |
4124 |
+--- a/drivers/phy/mediatek/phy-mtk-tphy.c |
4125 |
++++ b/drivers/phy/mediatek/phy-mtk-tphy.c |
4126 |
+@@ -438,9 +438,9 @@ static void u2_phy_instance_init(struct mtk_tphy *tphy, |
4127 |
+ u32 index = instance->index; |
4128 |
+ u32 tmp; |
4129 |
+ |
4130 |
+- /* switch to USB function. (system register, force ip into usb mode) */ |
4131 |
++ /* switch to USB function, and enable usb pll */ |
4132 |
+ tmp = readl(com + U3P_U2PHYDTM0); |
4133 |
+- tmp &= ~P2C_FORCE_UART_EN; |
4134 |
++ tmp &= ~(P2C_FORCE_UART_EN | P2C_FORCE_SUSPENDM); |
4135 |
+ tmp |= P2C_RG_XCVRSEL_VAL(1) | P2C_RG_DATAIN_VAL(0); |
4136 |
+ writel(tmp, com + U3P_U2PHYDTM0); |
4137 |
+ |
4138 |
+@@ -500,10 +500,8 @@ static void u2_phy_instance_power_on(struct mtk_tphy *tphy, |
4139 |
+ u32 index = instance->index; |
4140 |
+ u32 tmp; |
4141 |
+ |
4142 |
+- /* (force_suspendm=0) (let suspendm=1, enable usb 480MHz pll) */ |
4143 |
+ tmp = readl(com + U3P_U2PHYDTM0); |
4144 |
+- tmp &= ~(P2C_FORCE_SUSPENDM | P2C_RG_XCVRSEL); |
4145 |
+- tmp &= ~(P2C_RG_DATAIN | P2C_DTM0_PART_MASK); |
4146 |
++ tmp &= ~(P2C_RG_XCVRSEL | P2C_RG_DATAIN | P2C_DTM0_PART_MASK); |
4147 |
+ writel(tmp, com + U3P_U2PHYDTM0); |
4148 |
+ |
4149 |
+ /* OTG Enable */ |
4150 |
+@@ -538,7 +536,6 @@ static void u2_phy_instance_power_off(struct mtk_tphy *tphy, |
4151 |
+ |
4152 |
+ tmp = readl(com + U3P_U2PHYDTM0); |
4153 |
+ tmp &= ~(P2C_RG_XCVRSEL | P2C_RG_DATAIN); |
4154 |
+- tmp |= P2C_FORCE_SUSPENDM; |
4155 |
+ writel(tmp, com + U3P_U2PHYDTM0); |
4156 |
+ |
4157 |
+ /* OTG Disable */ |
4158 |
+@@ -546,18 +543,16 @@ static void u2_phy_instance_power_off(struct mtk_tphy *tphy, |
4159 |
+ tmp &= ~PA6_RG_U2_OTG_VBUSCMP_EN; |
4160 |
+ writel(tmp, com + U3P_USBPHYACR6); |
4161 |
+ |
4162 |
+- /* let suspendm=0, set utmi into analog power down */ |
4163 |
+- tmp = readl(com + U3P_U2PHYDTM0); |
4164 |
+- tmp &= ~P2C_RG_SUSPENDM; |
4165 |
+- writel(tmp, com + U3P_U2PHYDTM0); |
4166 |
+- udelay(1); |
4167 |
+- |
4168 |
+ tmp = readl(com + U3P_U2PHYDTM1); |
4169 |
+ tmp &= ~(P2C_RG_VBUSVALID | P2C_RG_AVALID); |
4170 |
+ tmp |= P2C_RG_SESSEND; |
4171 |
+ writel(tmp, com + U3P_U2PHYDTM1); |
4172 |
+ |
4173 |
+ if (tphy->pdata->avoid_rx_sen_degradation && index) { |
4174 |
++ tmp = readl(com + U3P_U2PHYDTM0); |
4175 |
++ tmp &= ~(P2C_RG_SUSPENDM | P2C_FORCE_SUSPENDM); |
4176 |
++ writel(tmp, com + U3P_U2PHYDTM0); |
4177 |
++ |
4178 |
+ tmp = readl(com + U3D_U2PHYDCR0); |
4179 |
+ tmp &= ~P2C_RG_SIF_U2PLL_FORCE_ON; |
4180 |
+ writel(tmp, com + U3D_U2PHYDCR0); |
4181 |
+diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c |
4182 |
+index dd9464920456..ef22b275d050 100644 |
4183 |
+--- a/drivers/scsi/hosts.c |
4184 |
++++ b/drivers/scsi/hosts.c |
4185 |
+@@ -474,6 +474,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) |
4186 |
+ shost->dma_boundary = 0xffffffff; |
4187 |
+ |
4188 |
+ shost->use_blk_mq = scsi_use_blk_mq; |
4189 |
++ shost->use_blk_mq = scsi_use_blk_mq || shost->hostt->force_blk_mq; |
4190 |
+ |
4191 |
+ device_initialize(&shost->shost_gendev); |
4192 |
+ dev_set_name(&shost->shost_gendev, "host%d", shost->host_no); |
4193 |
+diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c |
4194 |
+index 604a39dba5d0..5b4b7f9be2d7 100644 |
4195 |
+--- a/drivers/scsi/hpsa.c |
4196 |
++++ b/drivers/scsi/hpsa.c |
4197 |
+@@ -1040,11 +1040,7 @@ static void set_performant_mode(struct ctlr_info *h, struct CommandList *c, |
4198 |
+ c->busaddr |= 1 | (h->blockFetchTable[c->Header.SGList] << 1); |
4199 |
+ if (unlikely(!h->msix_vectors)) |
4200 |
+ return; |
4201 |
+- if (likely(reply_queue == DEFAULT_REPLY_QUEUE)) |
4202 |
+- c->Header.ReplyQueue = |
4203 |
+- raw_smp_processor_id() % h->nreply_queues; |
4204 |
+- else |
4205 |
+- c->Header.ReplyQueue = reply_queue % h->nreply_queues; |
4206 |
++ c->Header.ReplyQueue = reply_queue; |
4207 |
+ } |
4208 |
+ } |
4209 |
+ |
4210 |
+@@ -1058,10 +1054,7 @@ static void set_ioaccel1_performant_mode(struct ctlr_info *h, |
4211 |
+ * Tell the controller to post the reply to the queue for this |
4212 |
+ * processor. This seems to give the best I/O throughput. |
4213 |
+ */ |
4214 |
+- if (likely(reply_queue == DEFAULT_REPLY_QUEUE)) |
4215 |
+- cp->ReplyQueue = smp_processor_id() % h->nreply_queues; |
4216 |
+- else |
4217 |
+- cp->ReplyQueue = reply_queue % h->nreply_queues; |
4218 |
++ cp->ReplyQueue = reply_queue; |
4219 |
+ /* |
4220 |
+ * Set the bits in the address sent down to include: |
4221 |
+ * - performant mode bit (bit 0) |
4222 |
+@@ -1082,10 +1075,7 @@ static void set_ioaccel2_tmf_performant_mode(struct ctlr_info *h, |
4223 |
+ /* Tell the controller to post the reply to the queue for this |
4224 |
+ * processor. This seems to give the best I/O throughput. |
4225 |
+ */ |
4226 |
+- if (likely(reply_queue == DEFAULT_REPLY_QUEUE)) |
4227 |
+- cp->reply_queue = smp_processor_id() % h->nreply_queues; |
4228 |
+- else |
4229 |
+- cp->reply_queue = reply_queue % h->nreply_queues; |
4230 |
++ cp->reply_queue = reply_queue; |
4231 |
+ /* Set the bits in the address sent down to include: |
4232 |
+ * - performant mode bit not used in ioaccel mode 2 |
4233 |
+ * - pull count (bits 0-3) |
4234 |
+@@ -1104,10 +1094,7 @@ static void set_ioaccel2_performant_mode(struct ctlr_info *h, |
4235 |
+ * Tell the controller to post the reply to the queue for this |
4236 |
+ * processor. This seems to give the best I/O throughput. |
4237 |
+ */ |
4238 |
+- if (likely(reply_queue == DEFAULT_REPLY_QUEUE)) |
4239 |
+- cp->reply_queue = smp_processor_id() % h->nreply_queues; |
4240 |
+- else |
4241 |
+- cp->reply_queue = reply_queue % h->nreply_queues; |
4242 |
++ cp->reply_queue = reply_queue; |
4243 |
+ /* |
4244 |
+ * Set the bits in the address sent down to include: |
4245 |
+ * - performant mode bit not used in ioaccel mode 2 |
4246 |
+@@ -1152,6 +1139,8 @@ static void __enqueue_cmd_and_start_io(struct ctlr_info *h, |
4247 |
+ { |
4248 |
+ dial_down_lockup_detection_during_fw_flash(h, c); |
4249 |
+ atomic_inc(&h->commands_outstanding); |
4250 |
++ |
4251 |
++ reply_queue = h->reply_map[raw_smp_processor_id()]; |
4252 |
+ switch (c->cmd_type) { |
4253 |
+ case CMD_IOACCEL1: |
4254 |
+ set_ioaccel1_performant_mode(h, c, reply_queue); |
4255 |
+@@ -7244,6 +7233,26 @@ static void hpsa_disable_interrupt_mode(struct ctlr_info *h) |
4256 |
+ h->msix_vectors = 0; |
4257 |
+ } |
4258 |
+ |
4259 |
++static void hpsa_setup_reply_map(struct ctlr_info *h) |
4260 |
++{ |
4261 |
++ const struct cpumask *mask; |
4262 |
++ unsigned int queue, cpu; |
4263 |
++ |
4264 |
++ for (queue = 0; queue < h->msix_vectors; queue++) { |
4265 |
++ mask = pci_irq_get_affinity(h->pdev, queue); |
4266 |
++ if (!mask) |
4267 |
++ goto fallback; |
4268 |
++ |
4269 |
++ for_each_cpu(cpu, mask) |
4270 |
++ h->reply_map[cpu] = queue; |
4271 |
++ } |
4272 |
++ return; |
4273 |
++ |
4274 |
++fallback: |
4275 |
++ for_each_possible_cpu(cpu) |
4276 |
++ h->reply_map[cpu] = 0; |
4277 |
++} |
4278 |
++ |
4279 |
+ /* If MSI/MSI-X is supported by the kernel we will try to enable it on |
4280 |
+ * controllers that are capable. If not, we use legacy INTx mode. |
4281 |
+ */ |
4282 |
+@@ -7639,6 +7648,10 @@ static int hpsa_pci_init(struct ctlr_info *h) |
4283 |
+ err = hpsa_interrupt_mode(h); |
4284 |
+ if (err) |
4285 |
+ goto clean1; |
4286 |
++ |
4287 |
++ /* setup mapping between CPU and reply queue */ |
4288 |
++ hpsa_setup_reply_map(h); |
4289 |
++ |
4290 |
+ err = hpsa_pci_find_memory_BAR(h->pdev, &h->paddr); |
4291 |
+ if (err) |
4292 |
+ goto clean2; /* intmode+region, pci */ |
4293 |
+@@ -8284,6 +8297,28 @@ static struct workqueue_struct *hpsa_create_controller_wq(struct ctlr_info *h, |
4294 |
+ return wq; |
4295 |
+ } |
4296 |
+ |
4297 |
++static void hpda_free_ctlr_info(struct ctlr_info *h) |
4298 |
++{ |
4299 |
++ kfree(h->reply_map); |
4300 |
++ kfree(h); |
4301 |
++} |
4302 |
++ |
4303 |
++static struct ctlr_info *hpda_alloc_ctlr_info(void) |
4304 |
++{ |
4305 |
++ struct ctlr_info *h; |
4306 |
++ |
4307 |
++ h = kzalloc(sizeof(*h), GFP_KERNEL); |
4308 |
++ if (!h) |
4309 |
++ return NULL; |
4310 |
++ |
4311 |
++ h->reply_map = kzalloc(sizeof(*h->reply_map) * nr_cpu_ids, GFP_KERNEL); |
4312 |
++ if (!h->reply_map) { |
4313 |
++ kfree(h); |
4314 |
++ return NULL; |
4315 |
++ } |
4316 |
++ return h; |
4317 |
++} |
4318 |
++ |
4319 |
+ static int hpsa_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) |
4320 |
+ { |
4321 |
+ int dac, rc; |
4322 |
+@@ -8321,7 +8356,7 @@ reinit_after_soft_reset: |
4323 |
+ * the driver. See comments in hpsa.h for more info. |
4324 |
+ */ |
4325 |
+ BUILD_BUG_ON(sizeof(struct CommandList) % COMMANDLIST_ALIGNMENT); |
4326 |
+- h = kzalloc(sizeof(*h), GFP_KERNEL); |
4327 |
++ h = hpda_alloc_ctlr_info(); |
4328 |
+ if (!h) { |
4329 |
+ dev_err(&pdev->dev, "Failed to allocate controller head\n"); |
4330 |
+ return -ENOMEM; |
4331 |
+@@ -8726,7 +8761,7 @@ static void hpsa_remove_one(struct pci_dev *pdev) |
4332 |
+ h->lockup_detected = NULL; /* init_one 2 */ |
4333 |
+ /* (void) pci_disable_pcie_error_reporting(pdev); */ /* init_one 1 */ |
4334 |
+ |
4335 |
+- kfree(h); /* init_one 1 */ |
4336 |
++ hpda_free_ctlr_info(h); /* init_one 1 */ |
4337 |
+ } |
4338 |
+ |
4339 |
+ static int hpsa_suspend(__attribute__((unused)) struct pci_dev *pdev, |
4340 |
+diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h |
4341 |
+index 018f980a701c..fb9f5e7f8209 100644 |
4342 |
+--- a/drivers/scsi/hpsa.h |
4343 |
++++ b/drivers/scsi/hpsa.h |
4344 |
+@@ -158,6 +158,7 @@ struct bmic_controller_parameters { |
4345 |
+ #pragma pack() |
4346 |
+ |
4347 |
+ struct ctlr_info { |
4348 |
++ unsigned int *reply_map; |
4349 |
+ int ctlr; |
4350 |
+ char devname[8]; |
4351 |
+ char *product_name; |
4352 |
+diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c |
4353 |
+index 63bea6a65d51..8d579bf0fc81 100644 |
4354 |
+--- a/drivers/scsi/qla2xxx/qla_iocb.c |
4355 |
++++ b/drivers/scsi/qla2xxx/qla_iocb.c |
4356 |
+@@ -2128,34 +2128,11 @@ __qla2x00_alloc_iocbs(struct qla_qpair *qpair, srb_t *sp) |
4357 |
+ req_cnt = 1; |
4358 |
+ handle = 0; |
4359 |
+ |
4360 |
+- if (!sp) |
4361 |
+- goto skip_cmd_array; |
4362 |
+- |
4363 |
+- /* Check for room in outstanding command list. */ |
4364 |
+- handle = req->current_outstanding_cmd; |
4365 |
+- for (index = 1; index < req->num_outstanding_cmds; index++) { |
4366 |
+- handle++; |
4367 |
+- if (handle == req->num_outstanding_cmds) |
4368 |
+- handle = 1; |
4369 |
+- if (!req->outstanding_cmds[handle]) |
4370 |
+- break; |
4371 |
+- } |
4372 |
+- if (index == req->num_outstanding_cmds) { |
4373 |
+- ql_log(ql_log_warn, vha, 0x700b, |
4374 |
+- "No room on outstanding cmd array.\n"); |
4375 |
+- goto queuing_error; |
4376 |
+- } |
4377 |
+- |
4378 |
+- /* Prep command array. */ |
4379 |
+- req->current_outstanding_cmd = handle; |
4380 |
+- req->outstanding_cmds[handle] = sp; |
4381 |
+- sp->handle = handle; |
4382 |
+- |
4383 |
+- /* Adjust entry-counts as needed. */ |
4384 |
+- if (sp->type != SRB_SCSI_CMD) |
4385 |
++ if (sp && (sp->type != SRB_SCSI_CMD)) { |
4386 |
++ /* Adjust entry-counts as needed. */ |
4387 |
+ req_cnt = sp->iocbs; |
4388 |
++ } |
4389 |
+ |
4390 |
+-skip_cmd_array: |
4391 |
+ /* Check for room on request queue. */ |
4392 |
+ if (req->cnt < req_cnt + 2) { |
4393 |
+ if (ha->mqenable || IS_QLA83XX(ha) || IS_QLA27XX(ha)) |
4394 |
+@@ -2179,6 +2156,28 @@ skip_cmd_array: |
4395 |
+ if (req->cnt < req_cnt + 2) |
4396 |
+ goto queuing_error; |
4397 |
+ |
4398 |
++ if (sp) { |
4399 |
++ /* Check for room in outstanding command list. */ |
4400 |
++ handle = req->current_outstanding_cmd; |
4401 |
++ for (index = 1; index < req->num_outstanding_cmds; index++) { |
4402 |
++ handle++; |
4403 |
++ if (handle == req->num_outstanding_cmds) |
4404 |
++ handle = 1; |
4405 |
++ if (!req->outstanding_cmds[handle]) |
4406 |
++ break; |
4407 |
++ } |
4408 |
++ if (index == req->num_outstanding_cmds) { |
4409 |
++ ql_log(ql_log_warn, vha, 0x700b, |
4410 |
++ "No room on outstanding cmd array.\n"); |
4411 |
++ goto queuing_error; |
4412 |
++ } |
4413 |
++ |
4414 |
++ /* Prep command array. */ |
4415 |
++ req->current_outstanding_cmd = handle; |
4416 |
++ req->outstanding_cmds[handle] = sp; |
4417 |
++ sp->handle = handle; |
4418 |
++ } |
4419 |
++ |
4420 |
+ /* Prep packet */ |
4421 |
+ req->cnt -= req_cnt; |
4422 |
+ pkt = req->ring_ptr; |
4423 |
+@@ -2191,6 +2190,8 @@ skip_cmd_array: |
4424 |
+ pkt->handle = handle; |
4425 |
+ } |
4426 |
+ |
4427 |
++ return pkt; |
4428 |
++ |
4429 |
+ queuing_error: |
4430 |
+ qpair->tgt_counters.num_alloc_iocb_failed++; |
4431 |
+ return pkt; |
4432 |
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c |
4433 |
+index 3f3cb72e0c0c..d0389b20574d 100644 |
4434 |
+--- a/drivers/scsi/sr.c |
4435 |
++++ b/drivers/scsi/sr.c |
4436 |
+@@ -523,18 +523,26 @@ static int sr_init_command(struct scsi_cmnd *SCpnt) |
4437 |
+ static int sr_block_open(struct block_device *bdev, fmode_t mode) |
4438 |
+ { |
4439 |
+ struct scsi_cd *cd; |
4440 |
++ struct scsi_device *sdev; |
4441 |
+ int ret = -ENXIO; |
4442 |
+ |
4443 |
++ cd = scsi_cd_get(bdev->bd_disk); |
4444 |
++ if (!cd) |
4445 |
++ goto out; |
4446 |
++ |
4447 |
++ sdev = cd->device; |
4448 |
++ scsi_autopm_get_device(sdev); |
4449 |
+ check_disk_change(bdev); |
4450 |
+ |
4451 |
+ mutex_lock(&sr_mutex); |
4452 |
+- cd = scsi_cd_get(bdev->bd_disk); |
4453 |
+- if (cd) { |
4454 |
+- ret = cdrom_open(&cd->cdi, bdev, mode); |
4455 |
+- if (ret) |
4456 |
+- scsi_cd_put(cd); |
4457 |
+- } |
4458 |
++ ret = cdrom_open(&cd->cdi, bdev, mode); |
4459 |
+ mutex_unlock(&sr_mutex); |
4460 |
++ |
4461 |
++ scsi_autopm_put_device(sdev); |
4462 |
++ if (ret) |
4463 |
++ scsi_cd_put(cd); |
4464 |
++ |
4465 |
++out: |
4466 |
+ return ret; |
4467 |
+ } |
4468 |
+ |
4469 |
+@@ -562,6 +570,8 @@ static int sr_block_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd, |
4470 |
+ if (ret) |
4471 |
+ goto out; |
4472 |
+ |
4473 |
++ scsi_autopm_get_device(sdev); |
4474 |
++ |
4475 |
+ /* |
4476 |
+ * Send SCSI addressing ioctls directly to mid level, send other |
4477 |
+ * ioctls to cdrom/block level. |
4478 |
+@@ -570,15 +580,18 @@ static int sr_block_ioctl(struct block_device *bdev, fmode_t mode, unsigned cmd, |
4479 |
+ case SCSI_IOCTL_GET_IDLUN: |
4480 |
+ case SCSI_IOCTL_GET_BUS_NUMBER: |
4481 |
+ ret = scsi_ioctl(sdev, cmd, argp); |
4482 |
+- goto out; |
4483 |
++ goto put; |
4484 |
+ } |
4485 |
+ |
4486 |
+ ret = cdrom_ioctl(&cd->cdi, bdev, mode, cmd, arg); |
4487 |
+ if (ret != -ENOSYS) |
4488 |
+- goto out; |
4489 |
++ goto put; |
4490 |
+ |
4491 |
+ ret = scsi_ioctl(sdev, cmd, argp); |
4492 |
+ |
4493 |
++put: |
4494 |
++ scsi_autopm_put_device(sdev); |
4495 |
++ |
4496 |
+ out: |
4497 |
+ mutex_unlock(&sr_mutex); |
4498 |
+ return ret; |
4499 |
+diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c |
4500 |
+index 7c28e8d4955a..54e3a0f6844c 100644 |
4501 |
+--- a/drivers/scsi/virtio_scsi.c |
4502 |
++++ b/drivers/scsi/virtio_scsi.c |
4503 |
+@@ -91,9 +91,6 @@ struct virtio_scsi_vq { |
4504 |
+ struct virtio_scsi_target_state { |
4505 |
+ seqcount_t tgt_seq; |
4506 |
+ |
4507 |
+- /* Count of outstanding requests. */ |
4508 |
+- atomic_t reqs; |
4509 |
+- |
4510 |
+ /* Currently active virtqueue for requests sent to this target. */ |
4511 |
+ struct virtio_scsi_vq *req_vq; |
4512 |
+ }; |
4513 |
+@@ -152,8 +149,6 @@ static void virtscsi_complete_cmd(struct virtio_scsi *vscsi, void *buf) |
4514 |
+ struct virtio_scsi_cmd *cmd = buf; |
4515 |
+ struct scsi_cmnd *sc = cmd->sc; |
4516 |
+ struct virtio_scsi_cmd_resp *resp = &cmd->resp.cmd; |
4517 |
+- struct virtio_scsi_target_state *tgt = |
4518 |
+- scsi_target(sc->device)->hostdata; |
4519 |
+ |
4520 |
+ dev_dbg(&sc->device->sdev_gendev, |
4521 |
+ "cmd %p response %u status %#02x sense_len %u\n", |
4522 |
+@@ -210,8 +205,6 @@ static void virtscsi_complete_cmd(struct virtio_scsi *vscsi, void *buf) |
4523 |
+ } |
4524 |
+ |
4525 |
+ sc->scsi_done(sc); |
4526 |
+- |
4527 |
+- atomic_dec(&tgt->reqs); |
4528 |
+ } |
4529 |
+ |
4530 |
+ static void virtscsi_vq_done(struct virtio_scsi *vscsi, |
4531 |
+@@ -580,10 +573,7 @@ static int virtscsi_queuecommand_single(struct Scsi_Host *sh, |
4532 |
+ struct scsi_cmnd *sc) |
4533 |
+ { |
4534 |
+ struct virtio_scsi *vscsi = shost_priv(sh); |
4535 |
+- struct virtio_scsi_target_state *tgt = |
4536 |
+- scsi_target(sc->device)->hostdata; |
4537 |
+ |
4538 |
+- atomic_inc(&tgt->reqs); |
4539 |
+ return virtscsi_queuecommand(vscsi, &vscsi->req_vqs[0], sc); |
4540 |
+ } |
4541 |
+ |
4542 |
+@@ -596,55 +586,11 @@ static struct virtio_scsi_vq *virtscsi_pick_vq_mq(struct virtio_scsi *vscsi, |
4543 |
+ return &vscsi->req_vqs[hwq]; |
4544 |
+ } |
4545 |
+ |
4546 |
+-static struct virtio_scsi_vq *virtscsi_pick_vq(struct virtio_scsi *vscsi, |
4547 |
+- struct virtio_scsi_target_state *tgt) |
4548 |
+-{ |
4549 |
+- struct virtio_scsi_vq *vq; |
4550 |
+- unsigned long flags; |
4551 |
+- u32 queue_num; |
4552 |
+- |
4553 |
+- local_irq_save(flags); |
4554 |
+- if (atomic_inc_return(&tgt->reqs) > 1) { |
4555 |
+- unsigned long seq; |
4556 |
+- |
4557 |
+- do { |
4558 |
+- seq = read_seqcount_begin(&tgt->tgt_seq); |
4559 |
+- vq = tgt->req_vq; |
4560 |
+- } while (read_seqcount_retry(&tgt->tgt_seq, seq)); |
4561 |
+- } else { |
4562 |
+- /* no writes can be concurrent because of atomic_t */ |
4563 |
+- write_seqcount_begin(&tgt->tgt_seq); |
4564 |
+- |
4565 |
+- /* keep previous req_vq if a reader just arrived */ |
4566 |
+- if (unlikely(atomic_read(&tgt->reqs) > 1)) { |
4567 |
+- vq = tgt->req_vq; |
4568 |
+- goto unlock; |
4569 |
+- } |
4570 |
+- |
4571 |
+- queue_num = smp_processor_id(); |
4572 |
+- while (unlikely(queue_num >= vscsi->num_queues)) |
4573 |
+- queue_num -= vscsi->num_queues; |
4574 |
+- tgt->req_vq = vq = &vscsi->req_vqs[queue_num]; |
4575 |
+- unlock: |
4576 |
+- write_seqcount_end(&tgt->tgt_seq); |
4577 |
+- } |
4578 |
+- local_irq_restore(flags); |
4579 |
+- |
4580 |
+- return vq; |
4581 |
+-} |
4582 |
+- |
4583 |
+ static int virtscsi_queuecommand_multi(struct Scsi_Host *sh, |
4584 |
+ struct scsi_cmnd *sc) |
4585 |
+ { |
4586 |
+ struct virtio_scsi *vscsi = shost_priv(sh); |
4587 |
+- struct virtio_scsi_target_state *tgt = |
4588 |
+- scsi_target(sc->device)->hostdata; |
4589 |
+- struct virtio_scsi_vq *req_vq; |
4590 |
+- |
4591 |
+- if (shost_use_blk_mq(sh)) |
4592 |
+- req_vq = virtscsi_pick_vq_mq(vscsi, sc); |
4593 |
+- else |
4594 |
+- req_vq = virtscsi_pick_vq(vscsi, tgt); |
4595 |
++ struct virtio_scsi_vq *req_vq = virtscsi_pick_vq_mq(vscsi, sc); |
4596 |
+ |
4597 |
+ return virtscsi_queuecommand(vscsi, req_vq, sc); |
4598 |
+ } |
4599 |
+@@ -775,7 +721,6 @@ static int virtscsi_target_alloc(struct scsi_target *starget) |
4600 |
+ return -ENOMEM; |
4601 |
+ |
4602 |
+ seqcount_init(&tgt->tgt_seq); |
4603 |
+- atomic_set(&tgt->reqs, 0); |
4604 |
+ tgt->req_vq = &vscsi->req_vqs[0]; |
4605 |
+ |
4606 |
+ starget->hostdata = tgt; |
4607 |
+@@ -823,6 +768,7 @@ static struct scsi_host_template virtscsi_host_template_single = { |
4608 |
+ .target_alloc = virtscsi_target_alloc, |
4609 |
+ .target_destroy = virtscsi_target_destroy, |
4610 |
+ .track_queue_depth = 1, |
4611 |
++ .force_blk_mq = 1, |
4612 |
+ }; |
4613 |
+ |
4614 |
+ static struct scsi_host_template virtscsi_host_template_multi = { |
4615 |
+@@ -844,6 +790,7 @@ static struct scsi_host_template virtscsi_host_template_multi = { |
4616 |
+ .target_destroy = virtscsi_target_destroy, |
4617 |
+ .map_queues = virtscsi_map_queues, |
4618 |
+ .track_queue_depth = 1, |
4619 |
++ .force_blk_mq = 1, |
4620 |
+ }; |
4621 |
+ |
4622 |
+ #define virtscsi_config_get(vdev, fld) \ |
4623 |
+diff --git a/fs/dcache.c b/fs/dcache.c |
4624 |
+index 5f31a93150d1..8d4935978fec 100644 |
4625 |
+--- a/fs/dcache.c |
4626 |
++++ b/fs/dcache.c |
4627 |
+@@ -357,14 +357,11 @@ static void dentry_unlink_inode(struct dentry * dentry) |
4628 |
+ __releases(dentry->d_inode->i_lock) |
4629 |
+ { |
4630 |
+ struct inode *inode = dentry->d_inode; |
4631 |
+- bool hashed = !d_unhashed(dentry); |
4632 |
+ |
4633 |
+- if (hashed) |
4634 |
+- raw_write_seqcount_begin(&dentry->d_seq); |
4635 |
++ raw_write_seqcount_begin(&dentry->d_seq); |
4636 |
+ __d_clear_type_and_inode(dentry); |
4637 |
+ hlist_del_init(&dentry->d_u.d_alias); |
4638 |
+- if (hashed) |
4639 |
+- raw_write_seqcount_end(&dentry->d_seq); |
4640 |
++ raw_write_seqcount_end(&dentry->d_seq); |
4641 |
+ spin_unlock(&dentry->d_lock); |
4642 |
+ spin_unlock(&inode->i_lock); |
4643 |
+ if (!inode->i_nlink) |
4644 |
+@@ -1922,10 +1919,12 @@ struct dentry *d_make_root(struct inode *root_inode) |
4645 |
+ |
4646 |
+ if (root_inode) { |
4647 |
+ res = __d_alloc(root_inode->i_sb, NULL); |
4648 |
+- if (res) |
4649 |
++ if (res) { |
4650 |
++ res->d_flags |= DCACHE_RCUACCESS; |
4651 |
+ d_instantiate(res, root_inode); |
4652 |
+- else |
4653 |
++ } else { |
4654 |
+ iput(root_inode); |
4655 |
++ } |
4656 |
+ } |
4657 |
+ return res; |
4658 |
+ } |
4659 |
+diff --git a/fs/namespace.c b/fs/namespace.c |
4660 |
+index 1eb3bfd8be5a..9dc146e7b5e0 100644 |
4661 |
+--- a/fs/namespace.c |
4662 |
++++ b/fs/namespace.c |
4663 |
+@@ -659,12 +659,21 @@ int __legitimize_mnt(struct vfsmount *bastard, unsigned seq) |
4664 |
+ return 0; |
4665 |
+ mnt = real_mount(bastard); |
4666 |
+ mnt_add_count(mnt, 1); |
4667 |
++ smp_mb(); // see mntput_no_expire() |
4668 |
+ if (likely(!read_seqretry(&mount_lock, seq))) |
4669 |
+ return 0; |
4670 |
+ if (bastard->mnt_flags & MNT_SYNC_UMOUNT) { |
4671 |
+ mnt_add_count(mnt, -1); |
4672 |
+ return 1; |
4673 |
+ } |
4674 |
++ lock_mount_hash(); |
4675 |
++ if (unlikely(bastard->mnt_flags & MNT_DOOMED)) { |
4676 |
++ mnt_add_count(mnt, -1); |
4677 |
++ unlock_mount_hash(); |
4678 |
++ return 1; |
4679 |
++ } |
4680 |
++ unlock_mount_hash(); |
4681 |
++ /* caller will mntput() */ |
4682 |
+ return -1; |
4683 |
+ } |
4684 |
+ |
4685 |
+@@ -1195,12 +1204,27 @@ static DECLARE_DELAYED_WORK(delayed_mntput_work, delayed_mntput); |
4686 |
+ static void mntput_no_expire(struct mount *mnt) |
4687 |
+ { |
4688 |
+ rcu_read_lock(); |
4689 |
+- mnt_add_count(mnt, -1); |
4690 |
+- if (likely(mnt->mnt_ns)) { /* shouldn't be the last one */ |
4691 |
++ if (likely(READ_ONCE(mnt->mnt_ns))) { |
4692 |
++ /* |
4693 |
++ * Since we don't do lock_mount_hash() here, |
4694 |
++ * ->mnt_ns can change under us. However, if it's |
4695 |
++ * non-NULL, then there's a reference that won't |
4696 |
++ * be dropped until after an RCU delay done after |
4697 |
++ * turning ->mnt_ns NULL. So if we observe it |
4698 |
++ * non-NULL under rcu_read_lock(), the reference |
4699 |
++ * we are dropping is not the final one. |
4700 |
++ */ |
4701 |
++ mnt_add_count(mnt, -1); |
4702 |
+ rcu_read_unlock(); |
4703 |
+ return; |
4704 |
+ } |
4705 |
+ lock_mount_hash(); |
4706 |
++ /* |
4707 |
++ * make sure that if __legitimize_mnt() has not seen us grab |
4708 |
++ * mount_lock, we'll see their refcount increment here. |
4709 |
++ */ |
4710 |
++ smp_mb(); |
4711 |
++ mnt_add_count(mnt, -1); |
4712 |
+ if (mnt_get_count(mnt)) { |
4713 |
+ rcu_read_unlock(); |
4714 |
+ unlock_mount_hash(); |
4715 |
+diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h |
4716 |
+index 2142bceaeb75..46a2f5d9aa25 100644 |
4717 |
+--- a/include/asm-generic/pgtable.h |
4718 |
++++ b/include/asm-generic/pgtable.h |
4719 |
+@@ -1055,6 +1055,18 @@ int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, |
4720 |
+ static inline void init_espfix_bsp(void) { } |
4721 |
+ #endif |
4722 |
+ |
4723 |
++#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED |
4724 |
++static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) |
4725 |
++{ |
4726 |
++ return true; |
4727 |
++} |
4728 |
++ |
4729 |
++static inline bool arch_has_pfn_modify_check(void) |
4730 |
++{ |
4731 |
++ return false; |
4732 |
++} |
4733 |
++#endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ |
4734 |
++ |
4735 |
+ #endif /* !__ASSEMBLY__ */ |
4736 |
+ |
4737 |
+ #ifndef io_remap_pfn_range |
4738 |
+diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h |
4739 |
+index 070f85d92c15..28b76f0894d4 100644 |
4740 |
+--- a/include/linux/compiler-clang.h |
4741 |
++++ b/include/linux/compiler-clang.h |
4742 |
+@@ -17,6 +17,9 @@ |
4743 |
+ */ |
4744 |
+ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) |
4745 |
+ |
4746 |
++#undef __no_sanitize_address |
4747 |
++#define __no_sanitize_address __attribute__((no_sanitize("address"))) |
4748 |
++ |
4749 |
+ /* Clang doesn't have a way to turn it off per-function, yet. */ |
4750 |
+ #ifdef __noretpoline |
4751 |
+ #undef __noretpoline |
4752 |
+diff --git a/include/linux/cpu.h b/include/linux/cpu.h |
4753 |
+index 9546bf2fe310..2a378d261914 100644 |
4754 |
+--- a/include/linux/cpu.h |
4755 |
++++ b/include/linux/cpu.h |
4756 |
+@@ -30,7 +30,7 @@ struct cpu { |
4757 |
+ }; |
4758 |
+ |
4759 |
+ extern void boot_cpu_init(void); |
4760 |
+-extern void boot_cpu_state_init(void); |
4761 |
++extern void boot_cpu_hotplug_init(void); |
4762 |
+ extern void cpu_init(void); |
4763 |
+ extern void trap_init(void); |
4764 |
+ |
4765 |
+@@ -55,6 +55,8 @@ extern ssize_t cpu_show_spectre_v2(struct device *dev, |
4766 |
+ struct device_attribute *attr, char *buf); |
4767 |
+ extern ssize_t cpu_show_spec_store_bypass(struct device *dev, |
4768 |
+ struct device_attribute *attr, char *buf); |
4769 |
++extern ssize_t cpu_show_l1tf(struct device *dev, |
4770 |
++ struct device_attribute *attr, char *buf); |
4771 |
+ |
4772 |
+ extern __printf(4, 5) |
4773 |
+ struct device *cpu_device_create(struct device *parent, void *drvdata, |
4774 |
+@@ -176,4 +178,23 @@ void cpuhp_report_idle_dead(void); |
4775 |
+ static inline void cpuhp_report_idle_dead(void) { } |
4776 |
+ #endif /* #ifdef CONFIG_HOTPLUG_CPU */ |
4777 |
+ |
4778 |
++enum cpuhp_smt_control { |
4779 |
++ CPU_SMT_ENABLED, |
4780 |
++ CPU_SMT_DISABLED, |
4781 |
++ CPU_SMT_FORCE_DISABLED, |
4782 |
++ CPU_SMT_NOT_SUPPORTED, |
4783 |
++}; |
4784 |
++ |
4785 |
++#if defined(CONFIG_SMP) && defined(CONFIG_HOTPLUG_SMT) |
4786 |
++extern enum cpuhp_smt_control cpu_smt_control; |
4787 |
++extern void cpu_smt_disable(bool force); |
4788 |
++extern void cpu_smt_check_topology_early(void); |
4789 |
++extern void cpu_smt_check_topology(void); |
4790 |
++#else |
4791 |
++# define cpu_smt_control (CPU_SMT_ENABLED) |
4792 |
++static inline void cpu_smt_disable(bool force) { } |
4793 |
++static inline void cpu_smt_check_topology_early(void) { } |
4794 |
++static inline void cpu_smt_check_topology(void) { } |
4795 |
++#endif |
4796 |
++ |
4797 |
+ #endif /* _LINUX_CPU_H_ */ |
4798 |
+diff --git a/include/linux/swapfile.h b/include/linux/swapfile.h |
4799 |
+index 06bd7b096167..e06febf62978 100644 |
4800 |
+--- a/include/linux/swapfile.h |
4801 |
++++ b/include/linux/swapfile.h |
4802 |
+@@ -10,5 +10,7 @@ extern spinlock_t swap_lock; |
4803 |
+ extern struct plist_head swap_active_head; |
4804 |
+ extern struct swap_info_struct *swap_info[]; |
4805 |
+ extern int try_to_unuse(unsigned int, bool, unsigned long); |
4806 |
++extern unsigned long generic_max_swapfile_size(void); |
4807 |
++extern unsigned long max_swapfile_size(void); |
4808 |
+ |
4809 |
+ #endif /* _LINUX_SWAPFILE_H */ |
4810 |
+diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h |
4811 |
+index a8b7bf879ced..9c1e4bad6581 100644 |
4812 |
+--- a/include/scsi/scsi_host.h |
4813 |
++++ b/include/scsi/scsi_host.h |
4814 |
+@@ -452,6 +452,9 @@ struct scsi_host_template { |
4815 |
+ /* True if the controller does not support WRITE SAME */ |
4816 |
+ unsigned no_write_same:1; |
4817 |
+ |
4818 |
++ /* True if the low-level driver supports blk-mq only */ |
4819 |
++ unsigned force_blk_mq:1; |
4820 |
++ |
4821 |
+ /* |
4822 |
+ * Countdown for host blocking with no commands outstanding. |
4823 |
+ */ |
4824 |
+diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h |
4825 |
+index 857bad91c454..27c62abb6c9e 100644 |
4826 |
+--- a/include/uapi/linux/kvm.h |
4827 |
++++ b/include/uapi/linux/kvm.h |
4828 |
+@@ -761,6 +761,7 @@ struct kvm_ppc_resize_hpt { |
4829 |
+ #define KVM_TRACE_PAUSE __KVM_DEPRECATED_MAIN_0x07 |
4830 |
+ #define KVM_TRACE_DISABLE __KVM_DEPRECATED_MAIN_0x08 |
4831 |
+ #define KVM_GET_EMULATED_CPUID _IOWR(KVMIO, 0x09, struct kvm_cpuid2) |
4832 |
++#define KVM_GET_MSR_FEATURE_INDEX_LIST _IOWR(KVMIO, 0x0a, struct kvm_msr_list) |
4833 |
+ |
4834 |
+ /* |
4835 |
+ * Extension capability list. |
4836 |
+@@ -932,6 +933,7 @@ struct kvm_ppc_resize_hpt { |
4837 |
+ #define KVM_CAP_HYPERV_SYNIC2 148 |
4838 |
+ #define KVM_CAP_HYPERV_VP_INDEX 149 |
4839 |
+ #define KVM_CAP_S390_BPB 152 |
4840 |
++#define KVM_CAP_GET_MSR_FEATURES 153 |
4841 |
+ |
4842 |
+ #ifdef KVM_CAP_IRQ_ROUTING |
4843 |
+ |
4844 |
+diff --git a/init/main.c b/init/main.c |
4845 |
+index 0d88f37febcb..c4a45145e102 100644 |
4846 |
+--- a/init/main.c |
4847 |
++++ b/init/main.c |
4848 |
+@@ -543,8 +543,8 @@ asmlinkage __visible void __init start_kernel(void) |
4849 |
+ setup_command_line(command_line); |
4850 |
+ setup_nr_cpu_ids(); |
4851 |
+ setup_per_cpu_areas(); |
4852 |
+- boot_cpu_state_init(); |
4853 |
+ smp_prepare_boot_cpu(); /* arch-specific boot-cpu hooks */ |
4854 |
++ boot_cpu_hotplug_init(); |
4855 |
+ |
4856 |
+ build_all_zonelists(NULL); |
4857 |
+ page_alloc_init(); |
4858 |
+diff --git a/kernel/cpu.c b/kernel/cpu.c |
4859 |
+index f21bfa3172d8..8f02f9b6e046 100644 |
4860 |
+--- a/kernel/cpu.c |
4861 |
++++ b/kernel/cpu.c |
4862 |
+@@ -60,6 +60,7 @@ struct cpuhp_cpu_state { |
4863 |
+ bool rollback; |
4864 |
+ bool single; |
4865 |
+ bool bringup; |
4866 |
++ bool booted_once; |
4867 |
+ struct hlist_node *node; |
4868 |
+ struct hlist_node *last; |
4869 |
+ enum cpuhp_state cb_state; |
4870 |
+@@ -346,6 +347,85 @@ void cpu_hotplug_enable(void) |
4871 |
+ EXPORT_SYMBOL_GPL(cpu_hotplug_enable); |
4872 |
+ #endif /* CONFIG_HOTPLUG_CPU */ |
4873 |
+ |
4874 |
++#ifdef CONFIG_HOTPLUG_SMT |
4875 |
++enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; |
4876 |
++EXPORT_SYMBOL_GPL(cpu_smt_control); |
4877 |
++ |
4878 |
++static bool cpu_smt_available __read_mostly; |
4879 |
++ |
4880 |
++void __init cpu_smt_disable(bool force) |
4881 |
++{ |
4882 |
++ if (cpu_smt_control == CPU_SMT_FORCE_DISABLED || |
4883 |
++ cpu_smt_control == CPU_SMT_NOT_SUPPORTED) |
4884 |
++ return; |
4885 |
++ |
4886 |
++ if (force) { |
4887 |
++ pr_info("SMT: Force disabled\n"); |
4888 |
++ cpu_smt_control = CPU_SMT_FORCE_DISABLED; |
4889 |
++ } else { |
4890 |
++ cpu_smt_control = CPU_SMT_DISABLED; |
4891 |
++ } |
4892 |
++} |
4893 |
++ |
4894 |
++/* |
4895 |
++ * The decision whether SMT is supported can only be done after the full |
4896 |
++ * CPU identification. Called from architecture code before non boot CPUs |
4897 |
++ * are brought up. |
4898 |
++ */ |
4899 |
++void __init cpu_smt_check_topology_early(void) |
4900 |
++{ |
4901 |
++ if (!topology_smt_supported()) |
4902 |
++ cpu_smt_control = CPU_SMT_NOT_SUPPORTED; |
4903 |
++} |
4904 |
++ |
4905 |
++/* |
4906 |
++ * If SMT was disabled by BIOS, detect it here, after the CPUs have been |
4907 |
++ * brought online. This ensures the smt/l1tf sysfs entries are consistent |
4908 |
++ * with reality. cpu_smt_available is set to true during the bringup of non |
4909 |
++ * boot CPUs when a SMT sibling is detected. Note, this may overwrite |
4910 |
++ * cpu_smt_control's previous setting. |
4911 |
++ */ |
4912 |
++void __init cpu_smt_check_topology(void) |
4913 |
++{ |
4914 |
++ if (!cpu_smt_available) |
4915 |
++ cpu_smt_control = CPU_SMT_NOT_SUPPORTED; |
4916 |
++} |
4917 |
++ |
4918 |
++static int __init smt_cmdline_disable(char *str) |
4919 |
++{ |
4920 |
++ cpu_smt_disable(str && !strcmp(str, "force")); |
4921 |
++ return 0; |
4922 |
++} |
4923 |
++early_param("nosmt", smt_cmdline_disable); |
4924 |
++ |
4925 |
++static inline bool cpu_smt_allowed(unsigned int cpu) |
4926 |
++{ |
4927 |
++ if (topology_is_primary_thread(cpu)) |
4928 |
++ return true; |
4929 |
++ |
4930 |
++ /* |
4931 |
++ * If the CPU is not a 'primary' thread and the booted_once bit is |
4932 |
++ * set then the processor has SMT support. Store this information |
4933 |
++ * for the late check of SMT support in cpu_smt_check_topology(). |
4934 |
++ */ |
4935 |
++ if (per_cpu(cpuhp_state, cpu).booted_once) |
4936 |
++ cpu_smt_available = true; |
4937 |
++ |
4938 |
++ if (cpu_smt_control == CPU_SMT_ENABLED) |
4939 |
++ return true; |
4940 |
++ |
4941 |
++ /* |
4942 |
++ * On x86 it's required to boot all logical CPUs at least once so |
4943 |
++ * that the init code can get a chance to set CR4.MCE on each |
4944 |
++ * CPU. Otherwise, a broadacasted MCE observing CR4.MCE=0b on any |
4945 |
++ * core will shutdown the machine. |
4946 |
++ */ |
4947 |
++ return !per_cpu(cpuhp_state, cpu).booted_once; |
4948 |
++} |
4949 |
++#else |
4950 |
++static inline bool cpu_smt_allowed(unsigned int cpu) { return true; } |
4951 |
++#endif |
4952 |
++ |
4953 |
+ static inline enum cpuhp_state |
4954 |
+ cpuhp_set_state(struct cpuhp_cpu_state *st, enum cpuhp_state target) |
4955 |
+ { |
4956 |
+@@ -426,6 +506,16 @@ static int bringup_wait_for_ap(unsigned int cpu) |
4957 |
+ stop_machine_unpark(cpu); |
4958 |
+ kthread_unpark(st->thread); |
4959 |
+ |
4960 |
++ /* |
4961 |
++ * SMT soft disabling on X86 requires to bring the CPU out of the |
4962 |
++ * BIOS 'wait for SIPI' state in order to set the CR4.MCE bit. The |
4963 |
++ * CPU marked itself as booted_once in cpu_notify_starting() so the |
4964 |
++ * cpu_smt_allowed() check will now return false if this is not the |
4965 |
++ * primary sibling. |
4966 |
++ */ |
4967 |
++ if (!cpu_smt_allowed(cpu)) |
4968 |
++ return -ECANCELED; |
4969 |
++ |
4970 |
+ if (st->target <= CPUHP_AP_ONLINE_IDLE) |
4971 |
+ return 0; |
4972 |
+ |
4973 |
+@@ -758,7 +848,6 @@ static int takedown_cpu(unsigned int cpu) |
4974 |
+ |
4975 |
+ /* Park the smpboot threads */ |
4976 |
+ kthread_park(per_cpu_ptr(&cpuhp_state, cpu)->thread); |
4977 |
+- smpboot_park_threads(cpu); |
4978 |
+ |
4979 |
+ /* |
4980 |
+ * Prevent irq alloc/free while the dying cpu reorganizes the |
4981 |
+@@ -911,20 +1000,19 @@ out: |
4982 |
+ return ret; |
4983 |
+ } |
4984 |
+ |
4985 |
++static int cpu_down_maps_locked(unsigned int cpu, enum cpuhp_state target) |
4986 |
++{ |
4987 |
++ if (cpu_hotplug_disabled) |
4988 |
++ return -EBUSY; |
4989 |
++ return _cpu_down(cpu, 0, target); |
4990 |
++} |
4991 |
++ |
4992 |
+ static int do_cpu_down(unsigned int cpu, enum cpuhp_state target) |
4993 |
+ { |
4994 |
+ int err; |
4995 |
+ |
4996 |
+ cpu_maps_update_begin(); |
4997 |
+- |
4998 |
+- if (cpu_hotplug_disabled) { |
4999 |
+- err = -EBUSY; |
5000 |
+- goto out; |
5001 |
+- } |
5002 |
+- |
5003 |
+- err = _cpu_down(cpu, 0, target); |
5004 |
+- |
5005 |
+-out: |
5006 |
++ err = cpu_down_maps_locked(cpu, target); |
5007 |
+ cpu_maps_update_done(); |
5008 |
+ return err; |
5009 |
+ } |
5010 |
+@@ -953,6 +1041,7 @@ void notify_cpu_starting(unsigned int cpu) |
5011 |
+ int ret; |
5012 |
+ |
5013 |
+ rcu_cpu_starting(cpu); /* Enables RCU usage on this CPU. */ |
5014 |
++ st->booted_once = true; |
5015 |
+ while (st->state < target) { |
5016 |
+ st->state++; |
5017 |
+ ret = cpuhp_invoke_callback(cpu, st->state, true, NULL, NULL); |
5018 |
+@@ -1062,6 +1151,10 @@ static int do_cpu_up(unsigned int cpu, enum cpuhp_state target) |
5019 |
+ err = -EBUSY; |
5020 |
+ goto out; |
5021 |
+ } |
5022 |
++ if (!cpu_smt_allowed(cpu)) { |
5023 |
++ err = -EPERM; |
5024 |
++ goto out; |
5025 |
++ } |
5026 |
+ |
5027 |
+ err = _cpu_up(cpu, 0, target); |
5028 |
+ out: |
5029 |
+@@ -1344,7 +1437,7 @@ static struct cpuhp_step cpuhp_ap_states[] = { |
5030 |
+ [CPUHP_AP_SMPBOOT_THREADS] = { |
5031 |
+ .name = "smpboot/threads:online", |
5032 |
+ .startup.single = smpboot_unpark_threads, |
5033 |
+- .teardown.single = NULL, |
5034 |
++ .teardown.single = smpboot_park_threads, |
5035 |
+ }, |
5036 |
+ [CPUHP_AP_IRQ_AFFINITY_ONLINE] = { |
5037 |
+ .name = "irq/affinity:online", |
5038 |
+@@ -1918,10 +2011,172 @@ static const struct attribute_group cpuhp_cpu_root_attr_group = { |
5039 |
+ NULL |
5040 |
+ }; |
5041 |
+ |
5042 |
++#ifdef CONFIG_HOTPLUG_SMT |
5043 |
++ |
5044 |
++static const char *smt_states[] = { |
5045 |
++ [CPU_SMT_ENABLED] = "on", |
5046 |
++ [CPU_SMT_DISABLED] = "off", |
5047 |
++ [CPU_SMT_FORCE_DISABLED] = "forceoff", |
5048 |
++ [CPU_SMT_NOT_SUPPORTED] = "notsupported", |
5049 |
++}; |
5050 |
++ |
5051 |
++static ssize_t |
5052 |
++show_smt_control(struct device *dev, struct device_attribute *attr, char *buf) |
5053 |
++{ |
5054 |
++ return snprintf(buf, PAGE_SIZE - 2, "%s\n", smt_states[cpu_smt_control]); |
5055 |
++} |
5056 |
++ |
5057 |
++static void cpuhp_offline_cpu_device(unsigned int cpu) |
5058 |
++{ |
5059 |
++ struct device *dev = get_cpu_device(cpu); |
5060 |
++ |
5061 |
++ dev->offline = true; |
5062 |
++ /* Tell user space about the state change */ |
5063 |
++ kobject_uevent(&dev->kobj, KOBJ_OFFLINE); |
5064 |
++} |
5065 |
++ |
5066 |
++static void cpuhp_online_cpu_device(unsigned int cpu) |
5067 |
++{ |
5068 |
++ struct device *dev = get_cpu_device(cpu); |
5069 |
++ |
5070 |
++ dev->offline = false; |
5071 |
++ /* Tell user space about the state change */ |
5072 |
++ kobject_uevent(&dev->kobj, KOBJ_ONLINE); |
5073 |
++} |
5074 |
++ |
5075 |
++static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval) |
5076 |
++{ |
5077 |
++ int cpu, ret = 0; |
5078 |
++ |
5079 |
++ cpu_maps_update_begin(); |
5080 |
++ for_each_online_cpu(cpu) { |
5081 |
++ if (topology_is_primary_thread(cpu)) |
5082 |
++ continue; |
5083 |
++ ret = cpu_down_maps_locked(cpu, CPUHP_OFFLINE); |
5084 |
++ if (ret) |
5085 |
++ break; |
5086 |
++ /* |
5087 |
++ * As this needs to hold the cpu maps lock it's impossible |
5088 |
++ * to call device_offline() because that ends up calling |
5089 |
++ * cpu_down() which takes cpu maps lock. cpu maps lock |
5090 |
++ * needs to be held as this might race against in kernel |
5091 |
++ * abusers of the hotplug machinery (thermal management). |
5092 |
++ * |
5093 |
++ * So nothing would update device:offline state. That would |
5094 |
++ * leave the sysfs entry stale and prevent onlining after |
5095 |
++ * smt control has been changed to 'off' again. This is |
5096 |
++ * called under the sysfs hotplug lock, so it is properly |
5097 |
++ * serialized against the regular offline usage. |
5098 |
++ */ |
5099 |
++ cpuhp_offline_cpu_device(cpu); |
5100 |
++ } |
5101 |
++ if (!ret) |
5102 |
++ cpu_smt_control = ctrlval; |
5103 |
++ cpu_maps_update_done(); |
5104 |
++ return ret; |
5105 |
++} |
5106 |
++ |
5107 |
++static int cpuhp_smt_enable(void) |
5108 |
++{ |
5109 |
++ int cpu, ret = 0; |
5110 |
++ |
5111 |
++ cpu_maps_update_begin(); |
5112 |
++ cpu_smt_control = CPU_SMT_ENABLED; |
5113 |
++ for_each_present_cpu(cpu) { |
5114 |
++ /* Skip online CPUs and CPUs on offline nodes */ |
5115 |
++ if (cpu_online(cpu) || !node_online(cpu_to_node(cpu))) |
5116 |
++ continue; |
5117 |
++ ret = _cpu_up(cpu, 0, CPUHP_ONLINE); |
5118 |
++ if (ret) |
5119 |
++ break; |
5120 |
++ /* See comment in cpuhp_smt_disable() */ |
5121 |
++ cpuhp_online_cpu_device(cpu); |
5122 |
++ } |
5123 |
++ cpu_maps_update_done(); |
5124 |
++ return ret; |
5125 |
++} |
5126 |
++ |
5127 |
++static ssize_t |
5128 |
++store_smt_control(struct device *dev, struct device_attribute *attr, |
5129 |
++ const char *buf, size_t count) |
5130 |
++{ |
5131 |
++ int ctrlval, ret; |
5132 |
++ |
5133 |
++ if (sysfs_streq(buf, "on")) |
5134 |
++ ctrlval = CPU_SMT_ENABLED; |
5135 |
++ else if (sysfs_streq(buf, "off")) |
5136 |
++ ctrlval = CPU_SMT_DISABLED; |
5137 |
++ else if (sysfs_streq(buf, "forceoff")) |
5138 |
++ ctrlval = CPU_SMT_FORCE_DISABLED; |
5139 |
++ else |
5140 |
++ return -EINVAL; |
5141 |
++ |
5142 |
++ if (cpu_smt_control == CPU_SMT_FORCE_DISABLED) |
5143 |
++ return -EPERM; |
5144 |
++ |
5145 |
++ if (cpu_smt_control == CPU_SMT_NOT_SUPPORTED) |
5146 |
++ return -ENODEV; |
5147 |
++ |
5148 |
++ ret = lock_device_hotplug_sysfs(); |
5149 |
++ if (ret) |
5150 |
++ return ret; |
5151 |
++ |
5152 |
++ if (ctrlval != cpu_smt_control) { |
5153 |
++ switch (ctrlval) { |
5154 |
++ case CPU_SMT_ENABLED: |
5155 |
++ ret = cpuhp_smt_enable(); |
5156 |
++ break; |
5157 |
++ case CPU_SMT_DISABLED: |
5158 |
++ case CPU_SMT_FORCE_DISABLED: |
5159 |
++ ret = cpuhp_smt_disable(ctrlval); |
5160 |
++ break; |
5161 |
++ } |
5162 |
++ } |
5163 |
++ |
5164 |
++ unlock_device_hotplug(); |
5165 |
++ return ret ? ret : count; |
5166 |
++} |
5167 |
++static DEVICE_ATTR(control, 0644, show_smt_control, store_smt_control); |
5168 |
++ |
5169 |
++static ssize_t |
5170 |
++show_smt_active(struct device *dev, struct device_attribute *attr, char *buf) |
5171 |
++{ |
5172 |
++ bool active = topology_max_smt_threads() > 1; |
5173 |
++ |
5174 |
++ return snprintf(buf, PAGE_SIZE - 2, "%d\n", active); |
5175 |
++} |
5176 |
++static DEVICE_ATTR(active, 0444, show_smt_active, NULL); |
5177 |
++ |
5178 |
++static struct attribute *cpuhp_smt_attrs[] = { |
5179 |
++ &dev_attr_control.attr, |
5180 |
++ &dev_attr_active.attr, |
5181 |
++ NULL |
5182 |
++}; |
5183 |
++ |
5184 |
++static const struct attribute_group cpuhp_smt_attr_group = { |
5185 |
++ .attrs = cpuhp_smt_attrs, |
5186 |
++ .name = "smt", |
5187 |
++ NULL |
5188 |
++}; |
5189 |
++ |
5190 |
++static int __init cpu_smt_state_init(void) |
5191 |
++{ |
5192 |
++ return sysfs_create_group(&cpu_subsys.dev_root->kobj, |
5193 |
++ &cpuhp_smt_attr_group); |
5194 |
++} |
5195 |
++ |
5196 |
++#else |
5197 |
++static inline int cpu_smt_state_init(void) { return 0; } |
5198 |
++#endif |
5199 |
++ |
5200 |
+ static int __init cpuhp_sysfs_init(void) |
5201 |
+ { |
5202 |
+ int cpu, ret; |
5203 |
+ |
5204 |
++ ret = cpu_smt_state_init(); |
5205 |
++ if (ret) |
5206 |
++ return ret; |
5207 |
++ |
5208 |
+ ret = sysfs_create_group(&cpu_subsys.dev_root->kobj, |
5209 |
+ &cpuhp_cpu_root_attr_group); |
5210 |
+ if (ret) |
5211 |
+@@ -2022,7 +2277,10 @@ void __init boot_cpu_init(void) |
5212 |
+ /* |
5213 |
+ * Must be called _AFTER_ setting up the per_cpu areas |
5214 |
+ */ |
5215 |
+-void __init boot_cpu_state_init(void) |
5216 |
++void __init boot_cpu_hotplug_init(void) |
5217 |
+ { |
5218 |
+- per_cpu_ptr(&cpuhp_state, smp_processor_id())->state = CPUHP_ONLINE; |
5219 |
++#ifdef CONFIG_SMP |
5220 |
++ this_cpu_write(cpuhp_state.booted_once, true); |
5221 |
++#endif |
5222 |
++ this_cpu_write(cpuhp_state.state, CPUHP_ONLINE); |
5223 |
+ } |
5224 |
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
5225 |
+index 31615d1ae44c..4e89ed8a0fb2 100644 |
5226 |
+--- a/kernel/sched/core.c |
5227 |
++++ b/kernel/sched/core.c |
5228 |
+@@ -5615,6 +5615,18 @@ int sched_cpu_activate(unsigned int cpu) |
5229 |
+ struct rq *rq = cpu_rq(cpu); |
5230 |
+ struct rq_flags rf; |
5231 |
+ |
5232 |
++#ifdef CONFIG_SCHED_SMT |
5233 |
++ /* |
5234 |
++ * The sched_smt_present static key needs to be evaluated on every |
5235 |
++ * hotplug event because at boot time SMT might be disabled when |
5236 |
++ * the number of booted CPUs is limited. |
5237 |
++ * |
5238 |
++ * If then later a sibling gets hotplugged, then the key would stay |
5239 |
++ * off and SMT scheduling would never be functional. |
5240 |
++ */ |
5241 |
++ if (cpumask_weight(cpu_smt_mask(cpu)) > 1) |
5242 |
++ static_branch_enable_cpuslocked(&sched_smt_present); |
5243 |
++#endif |
5244 |
+ set_cpu_active(cpu, true); |
5245 |
+ |
5246 |
+ if (sched_smp_initialized) { |
5247 |
+@@ -5710,22 +5722,6 @@ int sched_cpu_dying(unsigned int cpu) |
5248 |
+ } |
5249 |
+ #endif |
5250 |
+ |
5251 |
+-#ifdef CONFIG_SCHED_SMT |
5252 |
+-DEFINE_STATIC_KEY_FALSE(sched_smt_present); |
5253 |
+- |
5254 |
+-static void sched_init_smt(void) |
5255 |
+-{ |
5256 |
+- /* |
5257 |
+- * We've enumerated all CPUs and will assume that if any CPU |
5258 |
+- * has SMT siblings, CPU0 will too. |
5259 |
+- */ |
5260 |
+- if (cpumask_weight(cpu_smt_mask(0)) > 1) |
5261 |
+- static_branch_enable(&sched_smt_present); |
5262 |
+-} |
5263 |
+-#else |
5264 |
+-static inline void sched_init_smt(void) { } |
5265 |
+-#endif |
5266 |
+- |
5267 |
+ void __init sched_init_smp(void) |
5268 |
+ { |
5269 |
+ cpumask_var_t non_isolated_cpus; |
5270 |
+@@ -5755,8 +5751,6 @@ void __init sched_init_smp(void) |
5271 |
+ init_sched_rt_class(); |
5272 |
+ init_sched_dl_class(); |
5273 |
+ |
5274 |
+- sched_init_smt(); |
5275 |
+- |
5276 |
+ sched_smp_initialized = true; |
5277 |
+ } |
5278 |
+ |
5279 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
5280 |
+index 5c09ddf8c832..0cc7098c6dfd 100644 |
5281 |
+--- a/kernel/sched/fair.c |
5282 |
++++ b/kernel/sched/fair.c |
5283 |
+@@ -5631,6 +5631,7 @@ find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu) |
5284 |
+ } |
5285 |
+ |
5286 |
+ #ifdef CONFIG_SCHED_SMT |
5287 |
++DEFINE_STATIC_KEY_FALSE(sched_smt_present); |
5288 |
+ |
5289 |
+ static inline void set_idle_cores(int cpu, int val) |
5290 |
+ { |
5291 |
+diff --git a/kernel/smp.c b/kernel/smp.c |
5292 |
+index c94dd85c8d41..2d1da290f144 100644 |
5293 |
+--- a/kernel/smp.c |
5294 |
++++ b/kernel/smp.c |
5295 |
+@@ -584,6 +584,8 @@ void __init smp_init(void) |
5296 |
+ num_nodes, (num_nodes > 1 ? "s" : ""), |
5297 |
+ num_cpus, (num_cpus > 1 ? "s" : "")); |
5298 |
+ |
5299 |
++ /* Final decision about SMT support */ |
5300 |
++ cpu_smt_check_topology(); |
5301 |
+ /* Any cleanup work */ |
5302 |
+ smp_cpus_done(setup_max_cpus); |
5303 |
+ } |
5304 |
+diff --git a/kernel/softirq.c b/kernel/softirq.c |
5305 |
+index f40ac7191257..a4c87cf27f9d 100644 |
5306 |
+--- a/kernel/softirq.c |
5307 |
++++ b/kernel/softirq.c |
5308 |
+@@ -79,12 +79,16 @@ static void wakeup_softirqd(void) |
5309 |
+ |
5310 |
+ /* |
5311 |
+ * If ksoftirqd is scheduled, we do not want to process pending softirqs |
5312 |
+- * right now. Let ksoftirqd handle this at its own rate, to get fairness. |
5313 |
++ * right now. Let ksoftirqd handle this at its own rate, to get fairness, |
5314 |
++ * unless we're doing some of the synchronous softirqs. |
5315 |
+ */ |
5316 |
+-static bool ksoftirqd_running(void) |
5317 |
++#define SOFTIRQ_NOW_MASK ((1 << HI_SOFTIRQ) | (1 << TASKLET_SOFTIRQ)) |
5318 |
++static bool ksoftirqd_running(unsigned long pending) |
5319 |
+ { |
5320 |
+ struct task_struct *tsk = __this_cpu_read(ksoftirqd); |
5321 |
+ |
5322 |
++ if (pending & SOFTIRQ_NOW_MASK) |
5323 |
++ return false; |
5324 |
+ return tsk && (tsk->state == TASK_RUNNING); |
5325 |
+ } |
5326 |
+ |
5327 |
+@@ -324,7 +328,7 @@ asmlinkage __visible void do_softirq(void) |
5328 |
+ |
5329 |
+ pending = local_softirq_pending(); |
5330 |
+ |
5331 |
+- if (pending && !ksoftirqd_running()) |
5332 |
++ if (pending && !ksoftirqd_running(pending)) |
5333 |
+ do_softirq_own_stack(); |
5334 |
+ |
5335 |
+ local_irq_restore(flags); |
5336 |
+@@ -351,7 +355,7 @@ void irq_enter(void) |
5337 |
+ |
5338 |
+ static inline void invoke_softirq(void) |
5339 |
+ { |
5340 |
+- if (ksoftirqd_running()) |
5341 |
++ if (ksoftirqd_running(local_softirq_pending())) |
5342 |
+ return; |
5343 |
+ |
5344 |
+ if (!force_irqthreads) { |
5345 |
+diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c |
5346 |
+index 1ff523dae6e2..e190d1ef3a23 100644 |
5347 |
+--- a/kernel/stop_machine.c |
5348 |
++++ b/kernel/stop_machine.c |
5349 |
+@@ -260,6 +260,15 @@ retry: |
5350 |
+ err = 0; |
5351 |
+ __cpu_stop_queue_work(stopper1, work1, &wakeq); |
5352 |
+ __cpu_stop_queue_work(stopper2, work2, &wakeq); |
5353 |
++ /* |
5354 |
++ * The waking up of stopper threads has to happen |
5355 |
++ * in the same scheduling context as the queueing. |
5356 |
++ * Otherwise, there is a possibility of one of the |
5357 |
++ * above stoppers being woken up by another CPU, |
5358 |
++ * and preempting us. This will cause us to n ot |
5359 |
++ * wake up the other stopper forever. |
5360 |
++ */ |
5361 |
++ preempt_disable(); |
5362 |
+ unlock: |
5363 |
+ raw_spin_unlock(&stopper2->lock); |
5364 |
+ raw_spin_unlock_irq(&stopper1->lock); |
5365 |
+@@ -271,7 +280,6 @@ unlock: |
5366 |
+ } |
5367 |
+ |
5368 |
+ if (!err) { |
5369 |
+- preempt_disable(); |
5370 |
+ wake_up_q(&wakeq); |
5371 |
+ preempt_enable(); |
5372 |
+ } |
5373 |
+diff --git a/mm/memory.c b/mm/memory.c |
5374 |
+index fc7779165dcf..5539b1975091 100644 |
5375 |
+--- a/mm/memory.c |
5376 |
++++ b/mm/memory.c |
5377 |
+@@ -1887,6 +1887,9 @@ int vm_insert_pfn_prot(struct vm_area_struct *vma, unsigned long addr, |
5378 |
+ if (addr < vma->vm_start || addr >= vma->vm_end) |
5379 |
+ return -EFAULT; |
5380 |
+ |
5381 |
++ if (!pfn_modify_allowed(pfn, pgprot)) |
5382 |
++ return -EACCES; |
5383 |
++ |
5384 |
+ track_pfn_insert(vma, &pgprot, __pfn_to_pfn_t(pfn, PFN_DEV)); |
5385 |
+ |
5386 |
+ ret = insert_pfn(vma, addr, __pfn_to_pfn_t(pfn, PFN_DEV), pgprot, |
5387 |
+@@ -1908,6 +1911,9 @@ static int __vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, |
5388 |
+ |
5389 |
+ track_pfn_insert(vma, &pgprot, pfn); |
5390 |
+ |
5391 |
++ if (!pfn_modify_allowed(pfn_t_to_pfn(pfn), pgprot)) |
5392 |
++ return -EACCES; |
5393 |
++ |
5394 |
+ /* |
5395 |
+ * If we don't have pte special, then we have to use the pfn_valid() |
5396 |
+ * based VM_MIXEDMAP scheme (see vm_normal_page), and thus we *must* |
5397 |
+@@ -1955,6 +1961,7 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, |
5398 |
+ { |
5399 |
+ pte_t *pte; |
5400 |
+ spinlock_t *ptl; |
5401 |
++ int err = 0; |
5402 |
+ |
5403 |
+ pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); |
5404 |
+ if (!pte) |
5405 |
+@@ -1962,12 +1969,16 @@ static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, |
5406 |
+ arch_enter_lazy_mmu_mode(); |
5407 |
+ do { |
5408 |
+ BUG_ON(!pte_none(*pte)); |
5409 |
++ if (!pfn_modify_allowed(pfn, prot)) { |
5410 |
++ err = -EACCES; |
5411 |
++ break; |
5412 |
++ } |
5413 |
+ set_pte_at(mm, addr, pte, pte_mkspecial(pfn_pte(pfn, prot))); |
5414 |
+ pfn++; |
5415 |
+ } while (pte++, addr += PAGE_SIZE, addr != end); |
5416 |
+ arch_leave_lazy_mmu_mode(); |
5417 |
+ pte_unmap_unlock(pte - 1, ptl); |
5418 |
+- return 0; |
5419 |
++ return err; |
5420 |
+ } |
5421 |
+ |
5422 |
+ static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud, |
5423 |
+@@ -1976,6 +1987,7 @@ static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud, |
5424 |
+ { |
5425 |
+ pmd_t *pmd; |
5426 |
+ unsigned long next; |
5427 |
++ int err; |
5428 |
+ |
5429 |
+ pfn -= addr >> PAGE_SHIFT; |
5430 |
+ pmd = pmd_alloc(mm, pud, addr); |
5431 |
+@@ -1984,9 +1996,10 @@ static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud, |
5432 |
+ VM_BUG_ON(pmd_trans_huge(*pmd)); |
5433 |
+ do { |
5434 |
+ next = pmd_addr_end(addr, end); |
5435 |
+- if (remap_pte_range(mm, pmd, addr, next, |
5436 |
+- pfn + (addr >> PAGE_SHIFT), prot)) |
5437 |
+- return -ENOMEM; |
5438 |
++ err = remap_pte_range(mm, pmd, addr, next, |
5439 |
++ pfn + (addr >> PAGE_SHIFT), prot); |
5440 |
++ if (err) |
5441 |
++ return err; |
5442 |
+ } while (pmd++, addr = next, addr != end); |
5443 |
+ return 0; |
5444 |
+ } |
5445 |
+@@ -1997,6 +2010,7 @@ static inline int remap_pud_range(struct mm_struct *mm, p4d_t *p4d, |
5446 |
+ { |
5447 |
+ pud_t *pud; |
5448 |
+ unsigned long next; |
5449 |
++ int err; |
5450 |
+ |
5451 |
+ pfn -= addr >> PAGE_SHIFT; |
5452 |
+ pud = pud_alloc(mm, p4d, addr); |
5453 |
+@@ -2004,9 +2018,10 @@ static inline int remap_pud_range(struct mm_struct *mm, p4d_t *p4d, |
5454 |
+ return -ENOMEM; |
5455 |
+ do { |
5456 |
+ next = pud_addr_end(addr, end); |
5457 |
+- if (remap_pmd_range(mm, pud, addr, next, |
5458 |
+- pfn + (addr >> PAGE_SHIFT), prot)) |
5459 |
+- return -ENOMEM; |
5460 |
++ err = remap_pmd_range(mm, pud, addr, next, |
5461 |
++ pfn + (addr >> PAGE_SHIFT), prot); |
5462 |
++ if (err) |
5463 |
++ return err; |
5464 |
+ } while (pud++, addr = next, addr != end); |
5465 |
+ return 0; |
5466 |
+ } |
5467 |
+@@ -2017,6 +2032,7 @@ static inline int remap_p4d_range(struct mm_struct *mm, pgd_t *pgd, |
5468 |
+ { |
5469 |
+ p4d_t *p4d; |
5470 |
+ unsigned long next; |
5471 |
++ int err; |
5472 |
+ |
5473 |
+ pfn -= addr >> PAGE_SHIFT; |
5474 |
+ p4d = p4d_alloc(mm, pgd, addr); |
5475 |
+@@ -2024,9 +2040,10 @@ static inline int remap_p4d_range(struct mm_struct *mm, pgd_t *pgd, |
5476 |
+ return -ENOMEM; |
5477 |
+ do { |
5478 |
+ next = p4d_addr_end(addr, end); |
5479 |
+- if (remap_pud_range(mm, p4d, addr, next, |
5480 |
+- pfn + (addr >> PAGE_SHIFT), prot)) |
5481 |
+- return -ENOMEM; |
5482 |
++ err = remap_pud_range(mm, p4d, addr, next, |
5483 |
++ pfn + (addr >> PAGE_SHIFT), prot); |
5484 |
++ if (err) |
5485 |
++ return err; |
5486 |
+ } while (p4d++, addr = next, addr != end); |
5487 |
+ return 0; |
5488 |
+ } |
5489 |
+diff --git a/mm/mprotect.c b/mm/mprotect.c |
5490 |
+index 58b629bb70de..60864e19421e 100644 |
5491 |
+--- a/mm/mprotect.c |
5492 |
++++ b/mm/mprotect.c |
5493 |
+@@ -292,6 +292,42 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, |
5494 |
+ return pages; |
5495 |
+ } |
5496 |
+ |
5497 |
++static int prot_none_pte_entry(pte_t *pte, unsigned long addr, |
5498 |
++ unsigned long next, struct mm_walk *walk) |
5499 |
++{ |
5500 |
++ return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ? |
5501 |
++ 0 : -EACCES; |
5502 |
++} |
5503 |
++ |
5504 |
++static int prot_none_hugetlb_entry(pte_t *pte, unsigned long hmask, |
5505 |
++ unsigned long addr, unsigned long next, |
5506 |
++ struct mm_walk *walk) |
5507 |
++{ |
5508 |
++ return pfn_modify_allowed(pte_pfn(*pte), *(pgprot_t *)(walk->private)) ? |
5509 |
++ 0 : -EACCES; |
5510 |
++} |
5511 |
++ |
5512 |
++static int prot_none_test(unsigned long addr, unsigned long next, |
5513 |
++ struct mm_walk *walk) |
5514 |
++{ |
5515 |
++ return 0; |
5516 |
++} |
5517 |
++ |
5518 |
++static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, |
5519 |
++ unsigned long end, unsigned long newflags) |
5520 |
++{ |
5521 |
++ pgprot_t new_pgprot = vm_get_page_prot(newflags); |
5522 |
++ struct mm_walk prot_none_walk = { |
5523 |
++ .pte_entry = prot_none_pte_entry, |
5524 |
++ .hugetlb_entry = prot_none_hugetlb_entry, |
5525 |
++ .test_walk = prot_none_test, |
5526 |
++ .mm = current->mm, |
5527 |
++ .private = &new_pgprot, |
5528 |
++ }; |
5529 |
++ |
5530 |
++ return walk_page_range(start, end, &prot_none_walk); |
5531 |
++} |
5532 |
++ |
5533 |
+ int |
5534 |
+ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, |
5535 |
+ unsigned long start, unsigned long end, unsigned long newflags) |
5536 |
+@@ -309,6 +345,19 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, |
5537 |
+ return 0; |
5538 |
+ } |
5539 |
+ |
5540 |
++ /* |
5541 |
++ * Do PROT_NONE PFN permission checks here when we can still |
5542 |
++ * bail out without undoing a lot of state. This is a rather |
5543 |
++ * uncommon case, so doesn't need to be very optimized. |
5544 |
++ */ |
5545 |
++ if (arch_has_pfn_modify_check() && |
5546 |
++ (vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) && |
5547 |
++ (newflags & (VM_READ|VM_WRITE|VM_EXEC)) == 0) { |
5548 |
++ error = prot_none_walk(vma, start, end, newflags); |
5549 |
++ if (error) |
5550 |
++ return error; |
5551 |
++ } |
5552 |
++ |
5553 |
+ /* |
5554 |
+ * If we make a private mapping writable we increase our commit; |
5555 |
+ * but (without finer accounting) cannot reduce our commit if we |
5556 |
+diff --git a/mm/swapfile.c b/mm/swapfile.c |
5557 |
+index 03d2ce288d83..8cbc7d6fd52e 100644 |
5558 |
+--- a/mm/swapfile.c |
5559 |
++++ b/mm/swapfile.c |
5560 |
+@@ -2902,6 +2902,35 @@ static int claim_swapfile(struct swap_info_struct *p, struct inode *inode) |
5561 |
+ return 0; |
5562 |
+ } |
5563 |
+ |
5564 |
++ |
5565 |
++/* |
5566 |
++ * Find out how many pages are allowed for a single swap device. There |
5567 |
++ * are two limiting factors: |
5568 |
++ * 1) the number of bits for the swap offset in the swp_entry_t type, and |
5569 |
++ * 2) the number of bits in the swap pte, as defined by the different |
5570 |
++ * architectures. |
5571 |
++ * |
5572 |
++ * In order to find the largest possible bit mask, a swap entry with |
5573 |
++ * swap type 0 and swap offset ~0UL is created, encoded to a swap pte, |
5574 |
++ * decoded to a swp_entry_t again, and finally the swap offset is |
5575 |
++ * extracted. |
5576 |
++ * |
5577 |
++ * This will mask all the bits from the initial ~0UL mask that can't |
5578 |
++ * be encoded in either the swp_entry_t or the architecture definition |
5579 |
++ * of a swap pte. |
5580 |
++ */ |
5581 |
++unsigned long generic_max_swapfile_size(void) |
5582 |
++{ |
5583 |
++ return swp_offset(pte_to_swp_entry( |
5584 |
++ swp_entry_to_pte(swp_entry(0, ~0UL)))) + 1; |
5585 |
++} |
5586 |
++ |
5587 |
++/* Can be overridden by an architecture for additional checks. */ |
5588 |
++__weak unsigned long max_swapfile_size(void) |
5589 |
++{ |
5590 |
++ return generic_max_swapfile_size(); |
5591 |
++} |
5592 |
++ |
5593 |
+ static unsigned long read_swap_header(struct swap_info_struct *p, |
5594 |
+ union swap_header *swap_header, |
5595 |
+ struct inode *inode) |
5596 |
+@@ -2937,22 +2966,7 @@ static unsigned long read_swap_header(struct swap_info_struct *p, |
5597 |
+ p->cluster_next = 1; |
5598 |
+ p->cluster_nr = 0; |
5599 |
+ |
5600 |
+- /* |
5601 |
+- * Find out how many pages are allowed for a single swap |
5602 |
+- * device. There are two limiting factors: 1) the number |
5603 |
+- * of bits for the swap offset in the swp_entry_t type, and |
5604 |
+- * 2) the number of bits in the swap pte as defined by the |
5605 |
+- * different architectures. In order to find the |
5606 |
+- * largest possible bit mask, a swap entry with swap type 0 |
5607 |
+- * and swap offset ~0UL is created, encoded to a swap pte, |
5608 |
+- * decoded to a swp_entry_t again, and finally the swap |
5609 |
+- * offset is extracted. This will mask all the bits from |
5610 |
+- * the initial ~0UL mask that can't be encoded in either |
5611 |
+- * the swp_entry_t or the architecture definition of a |
5612 |
+- * swap pte. |
5613 |
+- */ |
5614 |
+- maxpages = swp_offset(pte_to_swp_entry( |
5615 |
+- swp_entry_to_pte(swp_entry(0, ~0UL)))) + 1; |
5616 |
++ maxpages = max_swapfile_size(); |
5617 |
+ last_page = swap_header->info.last_page; |
5618 |
+ if (!last_page) { |
5619 |
+ pr_warn("Empty swap-file\n"); |
5620 |
+diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h |
5621 |
+index 403e97d5e243..8418462298e7 100644 |
5622 |
+--- a/tools/arch/x86/include/asm/cpufeatures.h |
5623 |
++++ b/tools/arch/x86/include/asm/cpufeatures.h |
5624 |
+@@ -219,6 +219,7 @@ |
5625 |
+ #define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */ |
5626 |
+ #define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */ |
5627 |
+ #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ |
5628 |
++#define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ |
5629 |
+ |
5630 |
+ /* Virtualization flags: Linux defined, word 8 */ |
5631 |
+ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ |
5632 |
+@@ -338,6 +339,7 @@ |
5633 |
+ #define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ |
5634 |
+ #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ |
5635 |
+ #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ |
5636 |
++#define X86_FEATURE_FLUSH_L1D (18*32+28) /* Flush L1D cache */ |
5637 |
+ #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ |
5638 |
+ #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */ |
5639 |
+ |
5640 |
+@@ -370,5 +372,6 @@ |
5641 |
+ #define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */ |
5642 |
+ #define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */ |
5643 |
+ #define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */ |
5644 |
++#define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */ |
5645 |
+ |
5646 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |