x86/KVM/VMX: Add module argument for L1TF mitigation
authorKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Mon, 2 Jul 2018 10:29:30 +0000 (12:29 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 15 Aug 2018 16:12:54 +0000 (18:12 +0200)
commit77c8220e0d01d8c1c85343fa9472fd957c4878a0
treeabee9ea42f82225996b7c173531f5539ee6ff2fd
parentc2fdbbb47ca834b9b19fbbf0a9b740146a508b84
x86/KVM/VMX: Add module argument for L1TF mitigation

commit a399477e52c17e148746d3ce9a483f681c2aa9a0 upstream

Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka
L1 terminal fault. The valid arguments are:

 - "always"  L1D cache flush on every VMENTER.
 - "cond" Conditional L1D cache flush, explained below
 - "never" Disable the L1D cache flush mitigation

"cond" is trying to avoid L1D cache flushes on VMENTER if the code executed
between VMEXIT and VMENTER is considered safe, i.e. is not bringing any
interesting information into L1D which might exploited.

[ tglx: Split out from a larger patch ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation/admin-guide/kernel-parameters.txt
arch/x86/kvm/vmx.c