On 8/26/19 3:30 PM, Waiman Long wrote:
> The l1tf_vmx_mitigation is only set to VMENTER_L1D_FLUSH_NOT_REQUIRED
> when the ARCH_CAPABILITIES MSR indicates that L1D flush is not required.
> However, if the CPU is not affected by L1TF, l1tf_vmx_mitigation will
> still be set to VMENTER_L1D_FLUSH_AUTO. This is certainly not the best
> option for a !X86_BUG_L1TF CPU.
>
> So force l1tf_vmx_mitigation to VMENTER_L1D_FLUSH_NOT_REQUIRED to make it
> more explicit in case users are checking the vmentry_l1d_flush parameter.
>
> Signed-off-by: Waiman Long <long...@redhat.com>
> ---
> arch/x86/kvm/vmx/vmx.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 42ed3faa6af8..a00ce3d6bbfd 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7896,6 +7896,8 @@ static int __init vmx_init(void)
> vmx_exit();
> return r;
> }
> + } else {
> + l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NOT_REQUIRED;
> }
>
> #ifdef CONFIG_KEXEC_CORE
Ping. Any comment on that one?
Cheers,
Longman
