www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Mon, 2 Jul 2018 10:29:30 +0000 (12:29 +0200)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Sat, 11 Aug 2018 00:44:38 +0000 (20:44 -0400)
commit	5c19e617cd353b4f80866983a5af02019cd6c9e3
tree	ef18ca0cdc83911b720feb63294056cb63b88b23	tree
parent	4e0f8c652a286e890ff4cf6c2c5e1776f51ad0f9	commit \| diff

x86/KVM/VMX: Add module argument for L1TF mitigation

Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3646, aka
L1 terminal fault. The valid arguments are:

- "always" L1D cache flush on every VMENTER.
- "cond" Conditional L1D cache flush, explained below
- "never" Disable the L1D cache flush mitigation

"cond" is trying to avoid L1D cache flushes on VMENTER if the code executed
between VMEXIT and VMENTER is considered safe, i.e. is not bringing any
interesting information into L1D which might exploited.

[ tglx: Split out from a larger patch ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Orabug: 28220674
CVE: CVE-2018-3646

(cherry picked from commit a399477e52c17e148746d3ce9a483f681c2aa9a0)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
arch/x86/kvm/vmx.c
Documentation/admin-guide/kernel-parameters.txt
Contextual: different content.
Replaced DEFINE_STATIC_KEY_FALSE and static_branch_enable with their
existent equivalent and cherry-picked e33886b38.

Documentation/kernel-parameters.txt		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history