git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Mon, 2 Jul 2018 10:29:30 +0000 (12:29 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 8 Aug 2018 12:08:07 +0000 (14:08 +0200)
commit	1749555e632646d0161184449fe9446cfd14efc7
tree	91460379da775df0ac9ac5e4009b3f133e336747	tree
parent	275b72a93b61f8b3d5393185f284c23362fd6e1a	commit \| diff

x86/KVM/VMX: Add module argument for L1TF mitigation

Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka
L1 terminal fault. The valid arguments are:

- "always" L1D cache flush on every VMENTER.
- "cond" Conditional L1D cache flush, explained below
- "never" Disable the L1D cache flush mitigation

"cond" is trying to avoid L1D cache flushes on VMENTER if the code executed
between VMEXIT and VMENTER is considered safe, i.e. is not bringing any
interesting information into L1D which might exploited.

[ tglx: Split out from a larger patch ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3620
CVE-2018-3646

[tyhicks: Backported around context changes]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| blame \| history
arch/x86/kvm/vmx.c		diff \| blob \| blame \| history