]>
Commit | Line | Data |
---|---|---|
6fa88700 GKH |
1 | From a8f8998be737e1e6967c29dc685ad170ebc62886 Mon Sep 17 00:00:00 2001 |
2 | From: Michal Hocko <mhocko@suse.com> | |
3 | Date: Tue, 13 Nov 2018 19:49:10 +0100 | |
4 | Subject: [PATCH 21/76] x86/speculation/l1tf: Drop the swap storage limit | |
5 | restriction when l1tf=off | |
6 | ||
7 | commit 5b5e4d623ec8a34689df98e42d038a3b594d2ff9 upstream. | |
8 | ||
9 | Swap storage is restricted to max_swapfile_size (~16TB on x86_64) whenever | |
10 | the system is deemed affected by L1TF vulnerability. Even though the limit | |
11 | is quite high for most deployments it seems to be too restrictive for | |
12 | deployments which are willing to live with the mitigation disabled. | |
13 | ||
14 | We have a customer to deploy 8x 6,4TB PCIe/NVMe SSD swap devices which is | |
15 | clearly out of the limit. | |
16 | ||
17 | Drop the swap restriction when l1tf=off is specified. It also doesn't make | |
18 | much sense to warn about too much memory for the l1tf mitigation when it is | |
19 | forcefully disabled by the administrator. | |
20 | ||
21 | [ tglx: Folded the documentation delta change ] | |
22 | ||
23 | Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") | |
24 | Signed-off-by: Michal Hocko <mhocko@suse.com> | |
25 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
26 | Reviewed-by: Pavel Tatashin <pasha.tatashin@soleen.com> | |
27 | Reviewed-by: Andi Kleen <ak@linux.intel.com> | |
28 | Acked-by: Jiri Kosina <jkosina@suse.cz> | |
29 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
30 | Cc: Dave Hansen <dave.hansen@intel.com> | |
31 | Cc: Andi Kleen <ak@linux.intel.com> | |
32 | Cc: Borislav Petkov <bp@suse.de> | |
33 | Cc: <linux-mm@kvack.org> | |
34 | Link: https://lkml.kernel.org/r/20181113184910.26697-1-mhocko@kernel.org | |
35 | [bwh: Backported to 4.9: adjust filenames, context] | |
36 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | |
37 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
38 | --- | |
39 | Documentation/kernel-parameters.txt | 3 +++ | |
40 | Documentation/l1tf.rst | 6 +++++- | |
41 | arch/x86/kernel/cpu/bugs.c | 3 ++- | |
42 | arch/x86/mm/init.c | 2 +- | |
43 | 4 files changed, 11 insertions(+), 3 deletions(-) | |
44 | ||
45 | diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt | |
46 | index a1472b48ee22..18cfc4998481 100644 | |
47 | --- a/Documentation/kernel-parameters.txt | |
48 | +++ b/Documentation/kernel-parameters.txt | |
49 | @@ -2076,6 +2076,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. | |
50 | off | |
51 | Disables hypervisor mitigations and doesn't | |
52 | emit any warnings. | |
53 | + It also drops the swap size and available | |
54 | + RAM limit restriction on both hypervisor and | |
55 | + bare metal. | |
56 | ||
57 | Default is 'flush'. | |
58 | ||
59 | diff --git a/Documentation/l1tf.rst b/Documentation/l1tf.rst | |
60 | index b85dd80510b0..9af977384168 100644 | |
61 | --- a/Documentation/l1tf.rst | |
62 | +++ b/Documentation/l1tf.rst | |
63 | @@ -405,6 +405,9 @@ time with the option "l1tf=". The valid arguments for this option are: | |
64 | ||
65 | off Disables hypervisor mitigations and doesn't emit any | |
66 | warnings. | |
67 | + It also drops the swap size and available RAM limit restrictions | |
68 | + on both hypervisor and bare metal. | |
69 | + | |
70 | ============ ============================================================= | |
71 | ||
72 | The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`. | |
73 | @@ -576,7 +579,8 @@ Default mitigations | |
74 | The kernel default mitigations for vulnerable processors are: | |
75 | ||
76 | - PTE inversion to protect against malicious user space. This is done | |
77 | - unconditionally and cannot be controlled. | |
78 | + unconditionally and cannot be controlled. The swap storage is limited | |
79 | + to ~16TB. | |
80 | ||
81 | - L1D conditional flushing on VMENTER when EPT is enabled for | |
82 | a guest. | |
83 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c | |
84 | index 03ebc0adcd82..803234b1845f 100644 | |
85 | --- a/arch/x86/kernel/cpu/bugs.c | |
86 | +++ b/arch/x86/kernel/cpu/bugs.c | |
87 | @@ -775,7 +775,8 @@ static void __init l1tf_select_mitigation(void) | |
88 | #endif | |
89 | ||
90 | half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; | |
91 | - if (e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) { | |
92 | + if (l1tf_mitigation != L1TF_MITIGATION_OFF && | |
93 | + e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) { | |
94 | pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); | |
95 | pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n", | |
96 | half_pa); | |
97 | diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c | |
98 | index 90801a8f19c9..ce092a62fc5d 100644 | |
99 | --- a/arch/x86/mm/init.c | |
100 | +++ b/arch/x86/mm/init.c | |
101 | @@ -790,7 +790,7 @@ unsigned long max_swapfile_size(void) | |
102 | ||
103 | pages = generic_max_swapfile_size(); | |
104 | ||
105 | - if (boot_cpu_has_bug(X86_BUG_L1TF)) { | |
106 | + if (boot_cpu_has_bug(X86_BUG_L1TF) && l1tf_mitigation != L1TF_MITIGATION_OFF) { | |
107 | /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ | |
108 | unsigned long long l1tf_limit = l1tf_pfn_limit(); | |
109 | /* | |
110 | -- | |
111 | 2.21.0 | |
112 |