git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Sean Christopherson <seanjc@google.com>
	Thu, 13 Nov 2025 23:37:45 +0000 (15:37 -0800)
committer	Sean Christopherson <seanjc@google.com>
	Wed, 19 Nov 2025 00:22:44 +0000 (16:22 -0800)
commit	05bd63959a9d682e5e765f950bb6b356d3d6d27a
tree	86ca96466f76e73aeddc4510a5c0e1f79a13bbd1	tree \| snapshot
parent	0abd9610d6c6996317262f1712c959d74ed08de6	commit \| diff

KVM: VMX: Disable L1TF L1 data cache flush if CONFIG_CPU_MITIGATIONS=n

Disable support for flushing the L1 data cache to mitigate L1TF if CPU
mitigations are disabled for the entire kernel. KVM's mitigation of L1TF
is in no way special enough to justify ignoring CONFIG_CPU_MITIGATIONS=n.

Deliberately use CPU_MITIGATIONS instead of the more precise
MITIGATION_L1TF, as MITIGATION_L1TF only controls the default behavior,
i.e. CONFIG_MITIGATION_L1TF=n doesn't completely disable L1TF mitigations
in the kernel.

Keep the vmentry_l1d_flush module param to avoid breaking existing setups,
and leverage the .set path to alert the user to the fact that
vmentry_l1d_flush will be ignored. Don't bother validating the incoming
value; if an admin misconfigures vmentry_l1d_flush, the fact that the bad
configuration won't be detected when running with CONFIG_CPU_MITIGATIONS=n
is likely the least of their worries.

Reviewed-by: Brendan Jackman <jackmanb@google.com>
Link: https://patch.msgid.link/20251113233746.1703361-9-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

arch/x86/include/asm/hardirq.h		diff \| blob \| blame \| history
arch/x86/kvm/vmx/vmx.c		diff \| blob \| blame \| history