Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2902330ybb; Sun, 5 Apr 2020 20:22:01 -0700 (PDT) X-Google-Smtp-Source: APiQypI2YitCV3gl8aewtfGF+iwQarntT7+0o1hrVJnwnSEqM4tSCClQ6/BRi+Rx44CYXHlZSh4X X-Received: by 2002:a9d:6944:: with SMTP id p4mr12149584oto.220.1586143321465; Sun, 05 Apr 2020 20:22:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586143321; cv=none; d=google.com; s=arc-20160816; b=N5f21kVM007zWrNrgQkOkqCpCK6ZrZyejOrePbdGhE8YfDWye6E4EyEmPTgv7Od6Hi HqglWbLpqdXYsK0ko9CA+CyTcnBO/In5t9/7imJ3btwGMYlURPnu1GWWRD1ihmS6Gc0/ iY7pTG3zBzZHgXBEV0zo3gQQ6RDe0yNiKiLqBIDFKNVYRZvxYfiCuRIVJaOTm0EDBLTx VkdLHKGqzT1PiDy/Ls/8M5038WjU+bAHRZK89qrfBmSVaFI7S4DvCUib8JKuYWiOpJ6e /MMallUiZVbru3/YHDjW13rMuE+scRH7qGVF9Jqm4tUFDwfZy+hHUEN74Cq9cqX9O8Gz ljpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:ironport-sdr:dkim-signature; bh=FfIfYWIhceD/21M4mLWk/IqLp1GW2LZcXuOV3mWhUjU=; b=zplnOZezzqKY92iOg4UbExQt2jv2QnpALw/7aH80slof2FZ1QrzEapCCwQOfBXnbhd 23g+kHTQt+WlWyf2rCTrPsMxiPkprK9Byd97R27Q2jq+GLfBsZNe6WOVAVh94M+EyNph kHoVMdvq40FhClLDhu3rr6vvfp1Uyzm/F5btgRYVPAm+XmOZxCBukRSEEYZYVUO7N9aG 3oT3tDSg4+v1aSStZcmgnIoIjVtLVt3JuIauluuHMUPWvZlXq/g6x/IZ3aaC5VnrxPmZ i6FzR8G1Vxbk36+veQwgm+eCCyr1FD0Al1IiG52KYl43eziUSeEB8xZ2E4wsFNJXkcst 6Uiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=v1cnT5gu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j18si7005312otk.166.2020.04.05.20.21.49; Sun, 05 Apr 2020 20:22:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=v1cnT5gu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726509AbgDFDUL (ORCPT + 99 others); Sun, 5 Apr 2020 23:20:11 -0400 Received: from smtp-fw-6001.amazon.com ([52.95.48.154]:25919 "EHLO smtp-fw-6001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726436AbgDFDUL (ORCPT ); Sun, 5 Apr 2020 23:20:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1586143211; x=1617679211; h=from:to:cc:subject:date:message-id:mime-version; bh=FfIfYWIhceD/21M4mLWk/IqLp1GW2LZcXuOV3mWhUjU=; b=v1cnT5gu7hJ8r4WDWvWEwbPvLO0wVZl3t7qc/KO0hs+OOJoVU0nb3aAf QYkRXQqebEEUYbQk19XO1Kl8kLUjGsKmWxjEGwMunj5yFcDYdMboDxDhw nmTHzfPdUZAv56yx7j7SbpQ9V94iXAu1XoP6Fr+PuZJBPArXYe/gVD154 U=; IronPort-SDR: EDlsPlc6l6z3vKSLilWAWcBbCZsA2nujYCGM85ePjC7qhRmcWz9U0pF1UN4rBlTralKDLsX6P1 ljbbPrkWI2kQ== X-IronPort-AV: E=Sophos;i="5.72,349,1580774400"; d="scan'208";a="25641356" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-2a-22cc717f.us-west-2.amazon.com) ([10.43.8.6]) by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP; 06 Apr 2020 03:19:58 +0000 Received: from EX13MTAUWB001.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2a-22cc717f.us-west-2.amazon.com (Postfix) with ESMTPS id 35BFAA17C0; Mon, 6 Apr 2020 03:19:57 +0000 (UTC) Received: from EX13D01UWB002.ant.amazon.com (10.43.161.136) by EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 03:19:56 +0000 Received: from EX13MTAUEE002.ant.amazon.com (10.43.62.24) by EX13d01UWB002.ant.amazon.com (10.43.161.136) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 6 Apr 2020 03:19:56 +0000 Received: from localhost (10.85.6.171) by mail-relay.amazon.com (10.43.62.224) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Apr 2020 03:19:54 +0000 From: Balbir Singh To: , CC: , , , , , , "Balbir Singh" Subject: [PATCH v2 0/4] arch/x86: Optionally flush L1D on context switch Date: Mon, 6 Apr 2020 13:19:42 +1000 Message-ID: <20200406031946.11815-1-sblbir@amazon.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Provide a mechanisn to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop assisted data sampling vulnerabilites, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out. The core of the patches is patch 3, the first two refactor the code so that common bits can be reused. Changelog v2: - Fix a miss of mutex_unlock (caught by Borislav Petkov ) - Add documentation about the changes (Josh Poimboeuf ) Changelog: - Refactor the code and reuse cond_ibpb() - code bits provided by tglx - Merge mm state tracking for ibpb and l1d flush - Rename TIF_L1D_FLUSH to TIF_SPEC_FLUSH_L1D Changelog RFC: - Reuse existing code for allocation and flush - Simplify the goto logic in the actual l1d_flush function - Optimize the code path with jump labels/static functions The previous version of this patch posted at: https://lore.kernel.org/lkml/20200402062401.29856-1-sblbir@amazon.com/ Balbir Singh (4): arch/x86/kvm: Refactor l1d flush lifecycle management arch/x86: Refactor tlbflush and l1d flush arch/x86: Optionally flush L1D on context switch arch/x86: Add L1D flushing Documentation Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/l1d_flush.rst | 40 ++++++++ arch/x86/include/asm/cacheflush.h | 6 ++ arch/x86/include/asm/thread_info.h | 6 +- arch/x86/include/asm/tlbflush.h | 2 +- arch/x86/include/uapi/asm/prctl.h | 3 + arch/x86/kernel/Makefile | 1 + arch/x86/kernel/l1d_flush.c | 85 +++++++++++++++++ arch/x86/kernel/process_64.c | 10 +- arch/x86/kvm/vmx/vmx.c | 56 ++--------- arch/x86/mm/tlb.c | 94 ++++++++++++++----- 11 files changed, 232 insertions(+), 72 deletions(-) create mode 100644 Documentation/admin-guide/hw-vuln/l1d_flush.rst create mode 100644 arch/x86/kernel/l1d_flush.c -- 2.17.1