x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry

[mirror_ubuntu-bionic-kernel.git] / arch / x86 / kvm / x86.c

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1cec2c62a0b08405d2bd7c8908d6b7f33de3b63c..97dae55bb245bd15ef04c95ffa0b48838643e0fb 100644 (file)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -184,6 +184,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
        { "irq_injections", VCPU_STAT(irq_injections) },
        { "nmi_injections", VCPU_STAT(nmi_injections) },
        { "req_event", VCPU_STAT(req_event) },
+       { "l1d_flush", VCPU_STAT(l1d_flush) },
        { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
        { "mmu_pte_write", VM_STAT(mmu_pte_write) },
        { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
@@ -794,6 +795,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
        if (!guest_cpuid_has(vcpu, X86_FEATURE_LA57) && (cr4 & X86_CR4_LA57))
                return 1;
 
+       if (!guest_cpuid_has(vcpu, X86_FEATURE_UMIP) && (cr4 & X86_CR4_UMIP))
+               return 1;
+
        if (is_long_mode(vcpu)) {
                if (!(cr4 & X86_CR4_PAE))
                        return 1;
@@ -1009,6 +1013,7 @@ static u32 msrs_to_save[] = {
 #endif
        MSR_IA32_TSC, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA,
        MSR_IA32_FEATURE_CONTROL, MSR_IA32_BNDCFGS, MSR_TSC_AUX,
+       MSR_IA32_SPEC_CTRL, MSR_IA32_ARCH_CAPABILITIES
 };
 
 static unsigned num_msrs_to_save;
@@ -1038,6 +1043,7 @@ static u32 emulated_msrs[] = {
        MSR_IA32_SMBASE,
        MSR_PLATFORM_INFO,
        MSR_MISC_FEATURES_ENABLES,
+       MSR_AMD64_VIRT_SPEC_CTRL,
 };
 
 static unsigned num_emulated_msrs;
@@ -2734,7 +2740,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
                 * fringe case that is not enabled except via specific settings
                 * of the module parameters.
                 */
-               r = kvm_x86_ops->cpu_has_high_real_mode_segbase();
+               r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE);
                break;
        case KVM_CAP_VAPIC:
                r = !kvm_x86_ops->cpu_has_accelerated_tpr();
@@ -2938,6 +2944,12 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
        pagefault_enable();
        kvm_x86_ops->vcpu_put(vcpu);
        vcpu->arch.last_host_tsc = rdtsc();
+       /*
+        * If userspace has set any breakpoints or watchpoints, dr6 is restored
+        * on every vmexit, but if not, we might have a stale dr6 from the
+        * guest. do_debug expects dr6 to be cleared after it runs, do the same.
+        */
+       set_debugreg(0, 6);
 }
 
 static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu,
@@ -4237,13 +4249,14 @@ set_identity_unlock:
                mutex_unlock(&kvm->lock);
                break;
        case KVM_XEN_HVM_CONFIG: {
+               struct kvm_xen_hvm_config xhc;
                r = -EFAULT;
-               if (copy_from_user(&kvm->arch.xen_hvm_config, argp,
-                                  sizeof(struct kvm_xen_hvm_config)))
+               if (copy_from_user(&xhc, argp, sizeof(xhc)))
                        goto out;
                r = -EINVAL;
-               if (kvm->arch.xen_hvm_config.flags)
+               if (xhc.flags)
                        goto out;
+               memcpy(&kvm->arch.xen_hvm_config, &xhc, sizeof(xhc));
                r = 0;
                break;
        }
@@ -4335,14 +4348,8 @@ static void kvm_init_msr_list(void)
        num_msrs_to_save = j;
 
        for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) {
-               switch (emulated_msrs[i]) {
-               case MSR_IA32_SMBASE:
-                       if (!kvm_x86_ops->cpu_has_high_real_mode_segbase())
-                               continue;
-                       break;
-               default:
-                       break;
-               }
+               if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i]))
+                       continue;
 
                if (j < i)
                        emulated_msrs[j] = emulated_msrs[i];
@@ -4546,6 +4553,9 @@ int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
        void *data = val;
        int r = X86EMUL_CONTINUE;
 
+       /* kvm_write_guest_virt_system can pull in tons of pages. */
+       vcpu->arch.l1tf_flush_l1d = true;
+
        while (bytes) {
                gpa_t gpa =  vcpu->arch.walk_mmu->gva_to_gpa(vcpu, addr,
                                                             PFERR_WRITE_MASK,
@@ -5687,6 +5697,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
        bool writeback = true;
        bool write_fault_to_spt = vcpu->arch.write_fault_to_shadow_pgtable;
 
+       vcpu->arch.l1tf_flush_l1d = true;
+
        /*
         * Clear write_fault_to_shadow_pgtable here to ensure it is
         * never reused.
@@ -5703,7 +5715,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
                 * handle watchpoints yet, those would be handled in
                 * the emulate_ops.
                 */
-               if (kvm_vcpu_check_breakpoint(vcpu, &r))
+               if (!(emulation_type & EMULTYPE_SKIP) &&
+                   kvm_vcpu_check_breakpoint(vcpu, &r))
                        return r;
 
                ctxt->interruptibility = 0;
@@ -6141,7 +6154,7 @@ int kvm_arch_init(void *opaque)
                goto out;
        }
        if (ops->disabled_by_bios()) {
-               printk(KERN_ERR "kvm: disabled by bios\n");
+               printk(KERN_WARNING "kvm: disabled by bios\n");
                r = -EOPNOTSUPP;
                goto out;
        }
@@ -7137,6 +7150,7 @@ static int vcpu_run(struct kvm_vcpu *vcpu)
        struct kvm *kvm = vcpu->kvm;
 
        vcpu->srcu_idx = srcu_read_lock(&kvm->srcu);
+       vcpu->arch.l1tf_flush_l1d = true;
 
        for (;;) {
                if (kvm_vcpu_running(vcpu)) {
@@ -7496,13 +7510,13 @@ EXPORT_SYMBOL_GPL(kvm_task_switch);
 
 int kvm_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
 {
-       if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG_BIT)) {
+       if ((sregs->efer & EFER_LME) && (sregs->cr0 & X86_CR0_PG)) {
                /*
                 * When EFER.LME and CR0.PG are set, the processor is in
                 * 64-bit mode (though maybe in a 32-bit code segment).
                 * CR4.PAE and EFER.LMA must be set.
                 */
-               if (!(sregs->cr4 & X86_CR4_PAE_BIT)
+               if (!(sregs->cr4 & X86_CR4_PAE)
                    || !(sregs->efer & EFER_LMA))
                        return -EINVAL;
        } else {
@@ -7828,6 +7842,8 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
 
 void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 {
+       kvm_lapic_reset(vcpu, init_event);
+
        vcpu->arch.hflags = 0;
 
        vcpu->arch.smi_pending = 0;
@@ -8148,6 +8164,7 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
 
 void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
 {
+       vcpu->arch.l1tf_flush_l1d = true;
        kvm_x86_ops->sched_in(vcpu, cpu);
 }
 
@@ -8272,10 +8289,8 @@ int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
                        return r;
        }
 
-       if (!size) {
-               r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
-               WARN_ON(r < 0);
-       }
+       if (!size)
+               vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
 
        return 0;
 }