1. 23 Jun, 2020 1 commit
    • Sean Christopherson's avatar
      KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL · bf09fb6c
      Sean Christopherson authored
      Remove support for context switching between the guest's and host's
      desired UMWAIT_CONTROL.  Propagating the guest's value to hardware isn't
      required for correct functionality, e.g. KVM intercepts reads and writes
      to the MSR, and the latency effects of the settings controlled by the
      MSR are not architecturally visible.
      
      As a general rule, KVM should not allow the guest to control power
      management settings unless explicitly enabled by userspace, e.g. see
      KVM_CAP_X86_DISABLE_EXITS.  E.g. Intel's SDM explicitly states that C0.2
      can improve the performance of SMT siblings.  A devious guest could
      disable C0.2 so as to improve the performance of their workloads at the
      detriment to workloads running in the host or on other VMs.
      
      Wholesale removal of UMWAIT_CONTROL context switching also fixes a race
      condition where updates from the host may cause KVM to enter the guest
      with the incorrect value.  Because updates are are propagated to all
      CPUs via IPI (SMP function callback), the value in hardware may be
      stale with respect to the cached value and KVM could enter the guest
      with the wrong value in hardware.  As above, the guest can't observe the
      bad value, but it's a weird and confusing wart in the implementation.
      
      Removal also fixes the unnecessary usage of VMX's atomic load/store MSR
      lists.  Using the lists is only necessary for MSRs that are required for
      correct functionality immediately upon VM-Enter/VM-Exit, e.g. EFER on
      old hardware, or for MSRs that need to-the-uop precision, e.g. perf
      related MSRs.  For UMWAIT_CONTROL, the effects are only visible in the
      kernel via TPAUSE/delay(), and KVM doesn't do any form of delay in
      vcpu_vmx_run().  Using the atomic lists is undesirable as they are more
      expensive than direct RDMSR/WRMSR.
      
      Furthermore, even if giving the guest control of the MSR is legitimate,
      e.g. in pass-through scenarios, it's not clear that the benefits would
      outweigh the overhead.  E.g. saving and restoring an MSR across a VMX
      roundtrip costs ~250 cycles, and if the guest diverged from the host
      that cost would be paid on every run of the guest.  In other words, if
      there is a legitimate use case then it should be enabled by a new
      per-VM capability.
      
      Note, KVM still needs to emulate MSR_IA32_UMWAIT_CONTROL so that it can
      correctly expose other WAITPKG features to the guest, e.g. TPAUSE,
      UMWAIT and UMONITOR.
      
      Fixes: 6e3ba4ab
      
       ("KVM: vmx: Emulate MSR IA32_UMWAIT_CONTROL")
      Cc: stable@vger.kernel.org
      Cc: Jingqi Liu <jingqi.liu@intel.com>
      Cc: Tao Xu <tao3.xu@intel.com>
      Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
      Message-Id: <20200623005135.10414-1-sean.j.christopherson@intel.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      bf09fb6c
  2. 11 Jun, 2020 15 commits
  3. 09 Jun, 2020 5 commits
    • Michel Lespinasse's avatar
      mmap locking API: convert mmap_sem comments · c1e8d7c6
      Michel Lespinasse authored
      
      
      Convert comments that reference mmap_sem to reference mmap_lock instead.
      
      [akpm@linux-foundation.org: fix up linux-next leftovers]
      [akpm@linux-foundation.org: s/lockaphore/lock/, per Vlastimil]
      [akpm@linux-foundation.org: more linux-next fixups, per Michel]
      Signed-off-by: default avatarMichel Lespinasse <walken@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Reviewed-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reviewed-by: default avatarDaniel Jordan <daniel.m.jordan@oracle.com>
      Cc: Davidlohr Bueso <dbueso@suse.de>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Jason Gunthorpe <jgg@ziepe.ca>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: John Hubbard <jhubbard@nvidia.com>
      Cc: Laurent Dufour <ldufour@linux.ibm.com>
      Cc: Liam Howlett <Liam.Howlett@oracle.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ying Han <yinghan@google.com>
      Link: http://lkml.kernel.org/r/20200520052908.204642-13-walken@google.com
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c1e8d7c6
    • Mike Rapoport's avatar
      mm: reorder includes after introduction of linux/pgtable.h · 65fddcfc
      Mike Rapoport authored
      
      
      The replacement of <asm/pgrable.h> with <linux/pgtable.h> made the include
      of the latter in the middle of asm includes.  Fix this up with the aid of
      the below script and manual adjustments here and there.
      
      	import sys
      	import re
      
      	if len(sys.argv) is not 3:
      	    print "USAGE: %s <file> <header>" % (sys.argv[0])
      	    sys.exit(1)
      
      	hdr_to_move="#include <linux/%s>" % sys.argv[2]
      	moved = False
      	in_hdrs = False
      
      	with open(sys.argv[1], "r") as f:
      	    lines = f.readlines()
      	    for _line in lines:
      		line = _line.rstrip('
      ')
      		if line == hdr_to_move:
      		    continue
      		if line.startswith("#include <linux/"):
      		    in_hdrs = True
      		elif not moved and in_hdrs:
      		    moved = True
      		    print hdr_to_move
      		print line
      Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Cain <bcain@codeaurora.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Chris Zankel <chris@zankel.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Greentime Hu <green.hu@gmail.com>
      Cc: Greg Ungerer <gerg@linux-m68k.org>
      Cc: Guan Xuetao <gxt@pku.edu.cn>
      Cc: Guo Ren <guoren@kernel.org>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Helge Deller <deller@gmx.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Ley Foon Tan <ley.foon.tan@intel.com>
      Cc: Mark Salter <msalter@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Matt Turner <mattst88@gmail.com>
      Cc: Max Filippov <jcmvbkbc@gmail.com>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Nick Hu <nickhu@andestech.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Richard Weinberger <richard@nod.at>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Russell King <linux@armlinux.org.uk>
      Cc: Stafford Horne <shorne@gmail.com>
      Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vincent Chen <deanbo422@gmail.com>
      Cc: Vineet Gupta <vgupta@synopsys.com>
      Cc: Will Deacon <will@kernel.org>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Link: http://lkml.kernel.org/r/20200514170327.31389-4-rppt@kernel.org
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      65fddcfc
    • Mike Rapoport's avatar
      mm: introduce include/linux/pgtable.h · ca5999fd
      Mike Rapoport authored
      
      
      The include/linux/pgtable.h is going to be the home of generic page table
      manipulation functions.
      
      Start with moving asm-generic/pgtable.h to include/linux/pgtable.h and
      make the latter include asm/pgtable.h.
      Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Cain <bcain@codeaurora.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Chris Zankel <chris@zankel.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Greentime Hu <green.hu@gmail.com>
      Cc: Greg Ungerer <gerg@linux-m68k.org>
      Cc: Guan Xuetao <gxt@pku.edu.cn>
      Cc: Guo Ren <guoren@kernel.org>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Helge Deller <deller@gmx.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Ley Foon Tan <ley.foon.tan@intel.com>
      Cc: Mark Salter <msalter@redhat.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Matt Turner <mattst88@gmail.com>
      Cc: Max Filippov <jcmvbkbc@gmail.com>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Nick Hu <nickhu@andestech.com>
      Cc: Paul Walmsley <paul.walmsley@sifive.com>
      Cc: Richard Weinberger <richard@nod.at>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Russell King <linux@armlinux.org.uk>
      Cc: Stafford Horne <shorne@gmail.com>
      Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Vincent Chen <deanbo422@gmail.com>
      Cc: Vineet Gupta <vgupta@synopsys.com>
      Cc: Will Deacon <will@kernel.org>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Link: http://lkml.kernel.org/r/20200514170327.31389-3-rppt@kernel.org
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ca5999fd
    • Anthony Steinhauser's avatar
      x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. · 4d8df8cb
      Anthony Steinhauser authored
      Currently, it is possible to enable indirect branch speculation even after
      it was force-disabled using the PR_SPEC_FORCE_DISABLE option. Moreover, the
      PR_GET_SPECULATION_CTRL command gives afterwards an incorrect result
      (force-disabled when it is in fact enabled). This also is inconsistent
      vs. STIBP and the documention which cleary states that
      PR_SPEC_FORCE_DISABLE cannot be undone.
      
      Fix this by actually enforcing force-disabled indirect branch
      speculation. PR_SPEC_ENABLE called after PR_SPEC_FORCE_DISABLE now fails
      with -EPERM as described in the documentation.
      
      Fixes: 9137bb27
      
       ("x86/speculation: Add prctl() control for indirect branch speculation")
      Signed-off-by: default avatarAnthony Steinhauser <asteinhauser@google.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      4d8df8cb
    • Anthony Steinhauser's avatar
      x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. · 21998a35
      Anthony Steinhauser authored
      When STIBP is unavailable or enhanced IBRS is available, Linux
      force-disables the IBPB mitigation of Spectre-BTB even when simultaneous
      multithreading is disabled. While attempts to enable IBPB using
      prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, ...) fail with
      EPERM, the seccomp syscall (or its prctl(PR_SET_SECCOMP, ...) equivalent)
      which are used e.g. by Chromium or OpenSSH succeed with no errors but the
      application remains silently vulnerable to cross-process Spectre v2 attacks
      (classical BTB poisoning). At the same time the SYSFS reporting
      (/sys/devices/system/cpu/vulnerabilities/spectre_v2) displays that IBPB is
      conditionally enabled when in fact it is unconditionally disabled.
      
      STIBP is useful only when SMT is enabled. When SMT is disabled and STIBP is
      unavailable, it makes no sense to force-disable also IBPB, because IBPB
      protects against cross-process Spectre-BTB attacks regardless of the SMT
      state. At the same time since missing STIBP was only observed on AMD CPUs,
      AMD does not recommend using STIBP, but recommends using IBPB, so disabling
      IBPB because of missing STIBP goes directly against AMD's advice:
      https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf
      
      Similarly, enhanced IBRS is designed to protect cross-core BTB poisoning
      and BTB-poisoning attacks from user space against kernel (and
      BTB-poisoning attacks from guest against hypervisor), it is not designed
      to prevent cross-process (or cross-VM) BTB poisoning between processes (or
      VMs) running on the same core. Therefore, even with enhanced IBRS it is
      necessary to flush the BTB during context-switches, so there is no reason
      to force disable IBPB when enhanced IBRS is available.
      
      Enable the prctl control of IBPB even when STIBP is unavailable or enhanced
      IBRS is available.
      
      Fixes: 7cc765a6
      
       ("x86/speculation: Enable prctl mode for spectre_v2_user")
      Signed-off-by: default avatarAnthony Steinhauser <asteinhauser@google.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      21998a35
  4. 28 May, 2020 1 commit
  5. 19 May, 2020 3 commits
  6. 07 May, 2020 1 commit
  7. 06 May, 2020 7 commits
  8. 04 May, 2020 1 commit
  9. 30 Apr, 2020 1 commit
    • CodyYao-oc's avatar
      x86/perf: Add hardware performance events support for Zhaoxin CPU. · 3a4ac121
      CodyYao-oc authored
      
      
      Zhaoxin CPU has provided facilities for monitoring performance
      via PMU (Performance Monitor Unit), but the functionality is unused so far.
      Therefore, add support for zhaoxin pmu to make performance related
      hardware events available.
      
      The PMU is mostly an Intel Architectural PerfMon-v2 with a novel
      errata for the ZXC line. It supports the following events:
      
        -----------------------------------------------------------------------------------------------------------------------------------
        Event                      | Event  | Umask |          Description
      			     | Select |       |
        -----------------------------------------------------------------------------------------------------------------------------------
        cpu-cycles                 |  82h   |  00h  | unhalt core clock
        instructions               |  00h   |  00h  | number of instructions at retirement.
        cache-references           |  15h   |  05h  | number of fillq pushs at the current cycle.
        cache-misses               |  1ah   |  05h  | number of l2 miss pushed by fillq.
        branch-instructions        |  28h   |  00h  | counts the number of branch instructions retired.
        branch-misses              |  29h   |  00h  | mispredicted branch instructions at retirement.
        bus-cycles                 |  83h   |  00h  | unhalt bus clock
        stalled-cycles-frontend    |  01h   |  01h  | Increments each cycle the # of Uops issued by the RAT to RS.
        stalled-cycles-backend     |  0fh   |  04h  | RS0/1/2/3/45 empty
        L1-dcache-loads            |  68h   |  05h  | number of retire/commit load.
        L1-dcache-load-misses      |  4bh   |  05h  | retired load uops whose data source followed an L1 miss.
        L1-dcache-stores           |  69h   |  06h  | number of retire/commit Store,no LEA
        L1-dcache-store-misses     |  62h   |  05h  | cache lines in M state evicted out of L1D due to Snoop HitM or dirty line replacement.
        L1-icache-loads            |  00h   |  03h  | number of l1i cache access for valid normal fetch,including un-cacheable access.
        L1-icache-load-misses      |  01h   |  03h  | number of l1i cache miss for valid normal fetch,including un-cacheable miss.
        L1-icache-prefetches       |  0ah   |  03h  | number of prefetch.
        L1-icache-prefetch-misses  |  0bh   |  03h  | number of prefetch miss.
        dTLB-loads                 |  68h   |  05h  | number of retire/commit load
        dTLB-load-misses           |  2ch   |  05h  | number of load operations miss all level tlbs and cause a tablewalk.
        dTLB-stores                |  69h   |  06h  | number of retire/commit Store,no LEA
        dTLB-store-misses          |  30h   |  05h  | number of store operations miss all level tlbs and cause a tablewalk.
        dTLB-prefetches            |  64h   |  05h  | number of hardware pte prefetch requests dispatched out of the prefetch FIFO.
        dTLB-prefetch-misses       |  65h   |  05h  | number of hardware pte prefetch requests miss the l1d data cache.
        iTLB-load                  |  00h   |  00h  | actually counter instructions.
        iTLB-load-misses           |  34h   |  05h  | number of code operations miss all level tlbs and cause a tablewalk.
        -----------------------------------------------------------------------------------------------------------------------------------
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarCodyYao-oc <CodyYao-oc@zhaoxin.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Link: https://lkml.kernel.org/r/1586747669-4827-1-git-send-email-CodyYao-oc@zhaoxin.com
      3a4ac121
  10. 26 Apr, 2020 2 commits
  11. 24 Apr, 2020 1 commit
  12. 22 Apr, 2020 1 commit
  13. 20 Apr, 2020 1 commit
    • Mark Gross's avatar
      x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation · 7e5b3c26
      Mark Gross authored
      
      
      SRBDS is an MDS-like speculative side channel that can leak bits from the
      random number generator (RNG) across cores and threads. New microcode
      serializes the processor access during the execution of RDRAND and
      RDSEED. This ensures that the shared buffer is overwritten before it is
      released for reuse.
      
      While it is present on all affected CPU models, the microcode mitigation
      is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the
      cases where TSX is not supported or has been disabled with TSX_CTRL.
      
      The mitigation is activated by default on affected processors and it
      increases latency for RDRAND and RDSEED instructions. Among other
      effects this will reduce throughput from /dev/urandom.
      
      * Enable administrator to configure the mitigation off when desired using
        either mitigations=off or srbds=off.
      
      * Export vulnerability status via sysfs
      
      * Rename file-scoped macros to apply for non-whitelist table initializations.
      
       [ bp: Massage,
         - s/VULNBL_INTEL_STEPPING/VULNBL_INTEL_STEPPINGS/g,
         - do not read arch cap MSR a second time in tsx_fused_off() - just pass it in,
         - flip check in cpu_set_bug_bits() to save an indentation level,
         - reflow comments.
         jpoimboe: s/Mitigated/Mitigation/ in user-visible strings
         tglx: Dropped the fused off magic for now
       ]
      Signed-off-by: default avatarMark Gross <mgross@linux.intel.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarTony Luck <tony.luck@intel.com>
      Reviewed-by: default avatarPawan Gupta <pawan.kumar.gupta@linux.intel.com>
      Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Tested-by: default avatarNeelima Krishnan <neelima.krishnan@intel.com>
      7e5b3c26