Google Git
Sign in
zircon-guest / third_party / linux / a1a4f40bee8616a6d875d2bd7bf62dc206d8a4fc
commita1a4f40bee8616a6d875d2bd7bf62dc206d8a4fc[log] [tgz]
authorKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>Mon Jul 02 12:29:30 2018 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Aug 15 17:37:28 2018 +0200
tree83b5a45ceb5656dcd1e56eeb017e23877f224e62
parent3d2db4f84f09564ad22e742fe145d790c409db7a [diff]
x86/KVM/VMX: Add module argument for L1TF mitigation

commit a399477e52c17e148746d3ce9a483f681c2aa9a0 upstream.

Add a mitigation mode parameter "vmentry_l1d_flush" for CVE-2018-3620, aka
L1 terminal fault. The valid arguments are:

 - "always" 	L1D cache flush on every VMENTER.
 - "cond"	Conditional L1D cache flush, explained below
 - "never"	Disable the L1D cache flush mitigation

"cond" is trying to avoid L1D cache flushes on VMENTER if the code executed
between VMEXIT and VMENTER is considered safe, i.e. is not bringing any
interesting information into L1D which might exploited.

[ tglx: Split out from a larger patch ]

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2 files changed
tree: 83b5a45ceb5656dcd1e56eeb017e23877f224e62
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README