git.baikalelectronics.ru Git - kernel.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Wed, 20 Jun 2018 15:29:53 +0000 (11:29 -0400)
committer	Thomas Gleixner <tglx@linutronix.de>
	Wed, 4 Jul 2018 18:49:38 +0000 (20:49 +0200)
commit	7b36affade28e2c8e0424bb1ad3f5e3b34c226e9
tree	e534e6f16c22dc327c0159ecff72d68b1119ac8a	tree \| snapshot
parent	1448f6e79c84c874302f9d744d36cf6992c99098	commit \| diff

x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present

If the L1TF CPU bug is present we allow the KVM module to be loaded as the
major of users that use Linux and KVM have trusted guests and do not want a
broken setup.

Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and as
such they are the ones that should set nosmt to one.

Setting 'nosmt' means that the system administrator also needs to disable
SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line
parameter, or via the /sys/devices/system/cpu/smt/control. See commit
cb496956c009 ("cpu/hotplug: Provide knobs to control SMT").

Other mitigations are to use task affinity, cpu sets, interrupt binding,
etc - anything to make sure that _only_ the same guests vCPUs are running
on sibling threads.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history
kernel/cpu.c		diff \| blob \| history