From: Borislav Petkov <bp@suse.de>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v4 1/8] [PATCH v4 1/8] Linux Patch #1
Date: Wed, 27 Jun 2018 16:43:42 +0200 [thread overview]
Message-ID: <20180627144342.GE24227@zn.tnic> (raw)
In-Reply-To: <20180623135445.509403070@localhost.localdomain>
On Sat, Jun 23, 2018 at 09:54:15AM -0400, speck for konrad.wilk_at_oracle.com wrote:
> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
That commit name needs massaging.
> If the L1TF CPU bug is present we allow the KVM module to be loaded
> as the major of users that use Linux and KVM have trusted guests
> and do not want a broken setup.
>
> Cloud vendors are the ones that are uncomfortable with CVE 2018-3615
> and as such they are the ones that should set disallow_smt to one.
>
> Setting disallow_smt to means that the system administrator also needs
> to disable SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command
> line parameter, or via the /sys/devices/system/cpu/smt/control
> (see commit 05736e4ac13c cpu/hotplug: Provide knobs to control SMT).
>
> Other mitigations are to use task affinity, cpu sets, interrupt binding,
> etc - anything to make sure that _only_ the same guests vCPUs are running
> on sibling threads.
>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
> v3:-Move it to vmx_vcpu_init (could also do it in kvm_vcpu_init but it seemed
> more prudent to do it in VMX handler.
> -Made it WARN if disallow_smt=0
> -Made it ERR if disallow_smt=1
> -Fixed the CVE number
> ---
> Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
> arch/x86/kvm/vmx.c | 13 +++++++++++++
> kernel/cpu.c | 1 +
> 3 files changed, 20 insertions(+)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 8e29c4b6756f..d59b34d4e62a 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1946,6 +1946,12 @@
> [KVM,ARM] Allow use of GICv4 for direct injection of
> LPIs.
>
> + kvm-intel.disallow_smt=[KVM] If the L1TF CPU bug is present and the
Why isn't this matching the "nosmt" baremetal parameter so that there's
no confusion for the user?
> + system has SMT (aka Hyper-Threading) enabled then
> + don't allow guests to be created.
> +
> + Default is 0 (allow guests to be created).
> +
> kvm-intel.ept= [KVM,Intel] Disable extended page tables
> (virtualized MMU) support on capable Intel chips.
> Default is 1 (enabled)
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 559a12b6184d..f08e33fc28ac 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -71,6 +71,9 @@ static const struct x86_cpu_id vmx_cpu_id[] = {
> };
> MODULE_DEVICE_TABLE(x86cpu, vmx_cpu_id);
>
> +static bool __read_mostly disallow_smt = false;
> +module_param(disallow_smt, bool, S_IRUGO);
ERROR: do not initialise statics to false
#69: FILE: arch/x86/kvm/vmx.c:74:
+static bool __read_mostly disallow_smt = false;
> static bool __read_mostly enable_vpid = 1;
> module_param_named(vpid, enable_vpid, bool, 0444);
>
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
prev parent reply other threads:[~2018-06-27 14:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-23 13:54 [MODERATED] [PATCH v4 1/8] [PATCH v4 1/8] Linux Patch #1 konrad.wilk
2018-06-27 14:43 ` Borislav Petkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180627144342.GE24227@zn.tnic \
--to=bp@suse.de \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).