Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3504309imu; Mon, 7 Jan 2019 04:43:16 -0800 (PST) X-Google-Smtp-Source: ALg8bN55eMdE2J9diCZND67QHzXahc0Smy74odL1QkHkPtqo0dozJcpnDG0h2hgkLpqsPnLSQJMd X-Received: by 2002:a17:902:7d82:: with SMTP id a2mr61516365plm.163.1546864996068; Mon, 07 Jan 2019 04:43:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546864996; cv=none; d=google.com; s=arc-20160816; b=nya5/PuUinbi+23Ps7aIi0oq3JSwY/G2sDmsZoZdltVdia9+rD6EqPiqjGS9M/XMy0 iEE4nLcYQsmnnbcmXeHPzr1x8l1Wu+tRUoiriYpBV85GaqyPgQ+iS1y5wFl9SI3wkTi9 hi5sQ7VEg09MoVB7ajSB1luEIiwcXtBQ8EoDskuz0IeNik5MAZ56H+UZ0wf8vLTgdkb4 VGSLn5ravlApJ7j6JBuTyQRnTBfdda6Nq1ce6GYjBPUGj8F4iCAKoVFcCf0mlSe2lE44 /+5WCxw9v2kBOZpAOEbMnAmWeJfUrQnGxHmr1PQenZIYxlfoEHxtlvweQsMUDzTcTuG6 zBpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=q46MJYcHK+nm40TYtiBAbfuoJSdKZq3aZ3gx1XU1DpM=; b=Ig7cRq+BYkk8sSIlmkgA2VdUdFQUSAnS1fkCINCUoXDeqJXV8+agDfoH10Zrch2UyQ 9S+BqqrVwnkFk59urQ2E67z63G2LA/glA0X3TyqRPRuPG4o+LV+3dOtNAMy1L2W3cd/5 E1S3j1pnDL4GZ9Z8oSw1YQXesVK9Q7zHidIx9ClYSmF303LxW9It59l+z0v/GKpuXPXg O5mfY1y1wIufAvC4h2XRQs9dmQmNFh7eNL6ymNtQSL6Qk+nutxq8LogzaPA8TOxnsasl fvz7mLHTTxNtUweJzPXJ20x6IcH/r77/tvMVnj4ntYhBFVS1d3tCLqZYYErBFTiZ53ta 9RKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JEig2FLD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w22si1537029plp.301.2019.01.07.04.43.01; Mon, 07 Jan 2019 04:43:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JEig2FLD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727904AbfAGMk0 (ORCPT + 99 others); Mon, 7 Jan 2019 07:40:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:55312 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727477AbfAGMkX (ORCPT ); Mon, 7 Jan 2019 07:40:23 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7E2272183F; Mon, 7 Jan 2019 12:40:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546864822; bh=EM1jkzlTA1oDJTNeec9F7eAAMyBmQMMnAK8z6ihFfA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JEig2FLDhD3zFzRhm3f2XYBAoevrUJuKYstBnZ1qj79BbnGQkR1ydskG6faCcFuSa 8sVpqdEHR6bZa9w7WVQDmhNQouuaTR+YNAQBNd5CqNm2IIobWWTxkj9ZvGp3pcj42Y Q7i4oYgpA34mRq+IC5vxYztH9qGomMZZCeCOUAws= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Michal Hocko , Thomas Gleixner , Pavel Tatashin , Andi Kleen , Jiri Kosina , Linus Torvalds , Dave Hansen , Borislav Petkov , linux-mm@kvack.org Subject: [PATCH 4.20 054/145] x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off Date: Mon, 7 Jan 2019 13:31:31 +0100 Message-Id: <20190107104444.427143561@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190107104437.308206189@linuxfoundation.org> References: <20190107104437.308206189@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Michal Hocko commit 5b5e4d623ec8a34689df98e42d038a3b594d2ff9 upstream. Swap storage is restricted to max_swapfile_size (~16TB on x86_64) whenever the system is deemed affected by L1TF vulnerability. Even though the limit is quite high for most deployments it seems to be too restrictive for deployments which are willing to live with the mitigation disabled. We have a customer to deploy 8x 6,4TB PCIe/NVMe SSD swap devices which is clearly out of the limit. Drop the swap restriction when l1tf=off is specified. It also doesn't make much sense to warn about too much memory for the l1tf mitigation when it is forcefully disabled by the administrator. [ tglx: Folded the documentation delta change ] Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Signed-off-by: Michal Hocko Signed-off-by: Thomas Gleixner Reviewed-by: Pavel Tatashin Reviewed-by: Andi Kleen Acked-by: Jiri Kosina Cc: Linus Torvalds Cc: Dave Hansen Cc: Andi Kleen Cc: Borislav Petkov Cc: Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181113184910.26697-1-mhocko@kernel.org Signed-off-by: Greg Kroah-Hartman --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ Documentation/admin-guide/l1tf.rst | 6 +++++- arch/x86/kernel/cpu/bugs.c | 3 ++- arch/x86/mm/init.c | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2096,6 +2096,9 @@ off Disables hypervisor mitigations and doesn't emit any warnings. + It also drops the swap size and available + RAM limit restriction on both hypervisor and + bare metal. Default is 'flush'. --- a/Documentation/admin-guide/l1tf.rst +++ b/Documentation/admin-guide/l1tf.rst @@ -405,6 +405,9 @@ time with the option "l1tf=". The valid off Disables hypervisor mitigations and doesn't emit any warnings. + It also drops the swap size and available RAM limit restrictions + on both hypervisor and bare metal. + ============ ============================================================= The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`. @@ -576,7 +579,8 @@ Default mitigations The kernel default mitigations for vulnerable processors are: - PTE inversion to protect against malicious user space. This is done - unconditionally and cannot be controlled. + unconditionally and cannot be controlled. The swap storage is limited + to ~16TB. - L1D conditional flushing on VMENTER when EPT is enabled for a guest. --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1002,7 +1002,8 @@ static void __init l1tf_select_mitigatio #endif half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; - if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { + if (l1tf_mitigation != L1TF_MITIGATION_OFF && + e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n", half_pa); --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void) pages = generic_max_swapfile_size(); - if (boot_cpu_has_bug(X86_BUG_L1TF)) { + if (boot_cpu_has_bug(X86_BUG_L1TF) && l1tf_mitigation != L1TF_MITIGATION_OFF) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ unsigned long long l1tf_limit = l1tf_pfn_limit(); /*