x86/kvm: Allow runtime control of L1D flush

All mitigation modes can be switched at run time with a static key now: - Use sysfs_streq() instead of strcmp() to handle the trailing new line from sysfs writes correctly. - Make the static key management handle multiple invocations properly. - Set the module parameter file to RW Signed-off-by: N Thomas Gleixner <tglx@linutronix.de> Tested-by: N Jiri Kosina <jkosina@suse.cz> Reviewed-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: N Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lkml.kernel.org/r/20180713142322.954525119@linutronix.de

x86/kvm: Allow runtime control of L1D flush
All mitigation modes can be switched at run time with a static key now: - Use sysfs_streq() instead of strcmp() to handle the trailing new line from sysfs writes correctly. - Make the static key management handle multiple invocations properly. - Set the module parameter file to RW Signed-off-by: N Thomas Gleixner <tglx@linutronix.de> Tested-by: N Jiri Kosina <jkosina@suse.cz> Reviewed-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: N Josh Poimboeuf <jpoimboe@redhat.com> Link: https://lkml.kernel.org/r/20180713142322.954525119@linutronix.de
895ae47f · Thomas Gleixner · dd4bfa73 · 895ae47f · 895ae47f
隐藏空白更改
内联并排

Showing with 9 addition and 6 deletion

arch/x86/kernel/cpu/bugs.c arch/x86/kernel/cpu/bugs.c +1 -1

arch/x86/kvm/vmx.c arch/x86/kvm/vmx.c +8 -5

未找到文件。
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -660,7 +660,7 @@ void x86_spec_ctrl_setup_ap(void)
 #define pr_fmt(fmt)	"L1TF: " fmt
 #if IS_ENABLED(CONFIG_KVM_INTEL)
-enum vmx_l1d_flush_state l1tf_vmx_mitigation __ro_after_init = VMENTER_L1D_FLUSH_AUTO;
+enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO;
 EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation);
 #endif

--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -234,12 +234,15 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state l1tf)
 	l1tf_vmx_mitigation = l1tf;
-	if (l1tf == VMENTER_L1D_FLUSH_NEVER)
+	if (l1tf != VMENTER_L1D_FLUSH_NEVER)
-		return 0;
+		static_branch_enable(&vmx_l1d_should_flush);
+	else
+		static_branch_disable(&vmx_l1d_should_flush);
-	static_branch_enable(&vmx_l1d_should_flush);
 	if (l1tf == VMENTER_L1D_FLUSH_ALWAYS)
 		static_branch_enable(&vmx_l1d_flush_always);
+	else
+		static_branch_disable(&vmx_l1d_flush_always);
 	return 0;
 }
@@ -249,7 +252,7 @@ static int vmentry_l1d_flush_parse(const char *s)
 	if (s) {
 		for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) {
-			if (!strcmp(s, vmentry_l1d_param[i].option))
+			if (sysfs_streq(s, vmentry_l1d_param[i].option))
 				return vmentry_l1d_param[i].cmd;
 		}
 	}
@@ -293,7 +296,7 @@ static const struct kernel_param_ops vmentry_l1d_flush_ops = {
 	.set = vmentry_l1d_flush_set,
 	.get = vmentry_l1d_flush_get,
 };
-module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, S_IRUGO);
+module_param_cb(vmentry_l1d_flush, &vmentry_l1d_flush_ops, NULL, 0644);
 struct kvm_vmx {
 	struct kvm kvm;