[RFC PATCH 39/47] mm: asi: Skip conventional L1TF/MDS mitigations

[Junaid Shahid]

From: Ofir Weisse <oweisse@xxxxxxxxxx>

If ASI is enabled for an mm, then the L1D flushes and MDS mitigations
will be taken care of ASI. We check if asi is enabled by checking
current->mm->asi_enabled. To use ASI, a cgroup flag must be set before
the VM process is forked - causing a flag mm->asi_enabled to be set.

Signed-off-by: Ofir Weisse <oweisse@xxxxxxxxxx>


---
 arch/x86/kvm/vmx/vmx.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e0178b57be75..6549fef39f2b 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6609,7 +6609,11 @@ static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
 
 	kvm_guest_enter_irqoff();
 
-	vmx_flush_sensitive_cpu_state(vcpu);
+        /* If Address Space Isolation is enabled, it will take care of L1D
+         * flushes, and will also mitigate MDS. In other words, if no ASI -
+         * flush sensitive cpu state. */
+        if (!static_asi_enabled() || !mm_asi_enabled(current->mm))
+                vmx_flush_sensitive_cpu_state(vcpu);
 
 	asi_enter(vcpu->kvm->asi);
 
-- 
2.35.1.473.g83b2b277ed-goog