x86/KVM/VMX: Add module argument for L1TF mitigation - BMC/Intel-BMC/linux.git - Intel OpenBMC Linux kernel source tree (mirror)

diff options

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>	2018-07-02 13:29:30 +0300
committer	Thomas Gleixner <tglx@linutronix.de>	2018-07-04 21:49:38 +0300
commit	a399477e52c17e148746d3ce9a483f681c2aa9a0 (patch)
tree	f1074f72a1cff9797b246f740ff790130e834cdb /net/dns_resolver
parent	26acfb666a473d960f0fd971fe68f3e3ad16c70b (diff)
download	linux-a399477e52c17e148746d3ce9a483f681c2aa9a0.tar.xz

x86/KVM/VMX: Add module argument for L1TF mitigation

Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka L1 terminal fault. The valid arguments are: - "always" L1D cache flush on every VMENTER. - "cond" Conditional L1D cache flush, explained below - "never" Disable the L1D cache flush mitigation "cond" is trying to avoid L1D cache flushes on VMENTER if the code executed between VMEXIT and VMENTER is considered safe, i.e. is not bringing any interesting information into L1D which might exploited. [ tglx: Split out from a larger patch ] Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Diffstat (limited to 'net/dns_resolver')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: