Received: by 2002:a4a:311b:0:0:0:0:0 with SMTP id k27-v6csp4783311ooa; Tue, 14 Aug 2018 10:29:26 -0700 (PDT) X-Google-Smtp-Source: AA+uWPz8UL8jDgu12yWUGBxtYfwnK7krTXddvvh2moFq+fS0aUyq456CXla0wETm519OnTwuEgo3 X-Received: by 2002:a62:41d6:: with SMTP id g83-v6mr24153021pfd.219.1534267766154; Tue, 14 Aug 2018 10:29:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534267766; cv=none; d=google.com; s=arc-20160816; b=TMyJO5nJMY24HSlgwMOm9OVPhD4Lr0+MMKY9k1ZmofaxsMDcm/6Yxgbkm9CKHESm9X KUJ4QS3rXPfCcUs2PsMd/quuBI4vSeh3BI3nt0ySDrdKsMoW0hHd/3wfWMI2Lw7eFR9i ZWo8xOJtqb+61IAPH3ydnd0Da+fqi76fJwUlpGQRiy+lcIWIksq1dCwYwUP7JpGGRCr4 sAx27iEb+b7aOehwGVlfNpA1lfeEutcxxKWP3BE+ca7FIDMZos5CEQ9IpWRwKv402RKh IW5gyjenRJ7TSFgpmq7y5YegyCx5ejffNOfAV46/A8/QxZexJorQXOfQmwIv9Q12mGIW fQkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Prd/ZKy2k3bw9DsbX0t6RqP5NN4kElOvsMXf0+OtBrA=; b=Qj8to1xUAD6GPwxOGFMX3TbCD7hWE0CmvZh6UT5HoPgYoe3Gk491x3puMOGmbTFjNO SHe//l91orkQaW1ph4TgmGHr+Rr0TaT4RP6lbfjaVujq2eMSCBsuZUGvcwi3/FVRe68W 9ZnXtlvT9N0UtFi3fo/mJj6ef6SZ+yqn4cDl3ucXzuEvh6MQ3MfEFwi74JHxSXFsVzrY cmIKcPaQvmnkCtO/Uz7M26vM/WmnfXufTWRflAlWsLveWHlSMTIEPQ2tMvrNvhKwoErn ZtBn6+EJKqWZdth0dlGxP9YrjsM5ck3icXQKtN59A4NJvkZtaGNuIfwz6fDgorj9AcjG Dtrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m193-v6si22354595pfc.312.2018.08.14.10.29.11; Tue, 14 Aug 2018 10:29:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388752AbeHNUPi (ORCPT + 99 others); Tue, 14 Aug 2018 16:15:38 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:52482 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387825AbeHNUPi (ORCPT ); Tue, 14 Aug 2018 16:15:38 -0400 Received: from localhost (unknown [194.244.16.108]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 0E1A6BDB; Tue, 14 Aug 2018 17:27:30 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Konrad Rzeszutek Wilk , Thomas Gleixner Subject: [PATCH 4.18 35/79] x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Date: Tue, 14 Aug 2018 19:16:54 +0200 Message-Id: <20180814171338.148780578@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180814171336.799314117@linuxfoundation.org> References: <20180814171336.799314117@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Konrad Rzeszutek Wilk If the L1TF CPU bug is present we allow the KVM module to be loaded as the major of users that use Linux and KVM have trusted guests and do not want a broken setup. Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and as such they are the ones that should set nosmt to one. Setting 'nosmt' means that the system administrator also needs to disable SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line parameter, or via the /sys/devices/system/cpu/smt/control. See commit 05736e4ac13c ("cpu/hotplug: Provide knobs to control SMT"). Other mitigations are to use task affinity, cpu sets, interrupt binding, etc - anything to make sure that _only_ the same guests vCPUs are running on sibling threads. Signed-off-by: Konrad Rzeszutek Wilk Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ arch/x86/kvm/vmx.c | 13 +++++++++++++ kernel/cpu.c | 1 + 3 files changed, 20 insertions(+) --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -1946,6 +1946,12 @@ [KVM,ARM] Allow use of GICv4 for direct injection of LPIs. + kvm-intel.nosmt=[KVM,Intel] If the L1TF CPU bug is present (CVE-2018-3620) + and the system has SMT (aka Hyper-Threading) enabled then + don't allow guests to be created. + + Default is 0 (allow guests to be created). + kvm-intel.ept= [KVM,Intel] Disable extended page tables (virtualized MMU) support on capable Intel chips. Default is 1 (enabled) --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -71,6 +71,9 @@ static const struct x86_cpu_id vmx_cpu_i }; MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id); +static bool __read_mostly nosmt; +module_param(nosmt, bool, S_IRUGO); + static bool __read_mostly enable_vpid = 1; module_param_named(vpid, enable_vpid, bool, 0444); @@ -10403,10 +10406,20 @@ free_vcpu: return ERR_PTR(err); } +#define L1TF_MSG "SMT enabled with L1TF CPU bug present. Refer to CVE-2018-3620 for details.\n" + static int vmx_vm_init(struct kvm *kvm) { if (!ple_gap) kvm->arch.pause_in_guest = true; + + if (boot_cpu_has(X86_BUG_L1TF) && cpu_smt_control == CPU_SMT_ENABLED) { + if (nosmt) { + pr_err(L1TF_MSG); + return -EOPNOTSUPP; + } + pr_warn(L1TF_MSG); + } return 0; } --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -345,6 +345,7 @@ EXPORT_SYMBOL_GPL(cpu_hotplug_enable); #ifdef CONFIG_HOTPLUG_SMT enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; +EXPORT_SYMBOL_GPL(cpu_smt_control); static int __init smt_cmdline_disable(char *str) {