Re: [PATCH 4.14 038/190] KVM: x86: only do L1TF workaround on affected processors

[Sasha Levin]

On Wed, Jun 24, 2020 at 12:00:59PM +0000, Rantala, Tommi T. (Nokia - FI/Espoo) wrote:
> On Fri, 2020-06-19 at 16:31 +0200, Greg Kroah-Hartman wrote:
> > From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> >
> > [ Upstream commit d43e2675e96fc6ae1a633b6a69d296394448cc32 ]
> >
> > KVM stores the gfn in MMIO SPTEs as a caching optimization.  These are
> > split
> > in two parts, as in "[high 11111 low]", to thwart any attempt to use these
> > bits
> > in an L1TF attack.  This works as long as there are 5 free bits between
> > MAXPHYADDR and bit 50 (inclusive), leaving bit 51 free so that the MMIO
> > access triggers a reserved-bit-set page fault.
>
> Hi, I'm now seeing this warning in VM bootup with 4.14.y

Thanks for the report!

> Not seen with 4.19.129 and 5.4.47 that also included this commit.
>
> Any ideas what's missing in 4.14 ?

I think that this was because we're missing 6129ed877d40 ("KVM: x86/mmu:
Set mmio_value to '0' if reserved #PF can't be generated"). I've queued
it up (along with a few other related commits) and a new -rc cycle
should be underway for those.

--
Thanks,
Sasha