diff options
author | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2018-06-20 11:29:53 -0400 |
---|---|---|
committer | Thomas Gleixner <tglx@linutronix.de> | 2018-07-04 20:49:38 +0200 |
commit | 26acfb666a473d960f0fd971fe68f3e3ad16c70b (patch) | |
tree | e534e6f16c22dc327c0159ecff72d68b1119ac8a /kernel/cpu.c | |
parent | 0cc3cd21657be04cb0559fe8063f2130493f92cf (diff) |
x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
If the L1TF CPU bug is present we allow the KVM module to be loaded as the
major of users that use Linux and KVM have trusted guests and do not want a
broken setup.
Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and as
such they are the ones that should set nosmt to one.
Setting 'nosmt' means that the system administrator also needs to disable
SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line
parameter, or via the /sys/devices/system/cpu/smt/control. See commit
05736e4ac13c ("cpu/hotplug: Provide knobs to control SMT").
Other mitigations are to use task affinity, cpu sets, interrupt binding,
etc - anything to make sure that _only_ the same guests vCPUs are running
on sibling threads.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'kernel/cpu.c')
-rw-r--r-- | kernel/cpu.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/cpu.c b/kernel/cpu.c index 6f3a3cde8b83..5a00ebdf98c6 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -345,6 +345,7 @@ EXPORT_SYMBOL_GPL(cpu_hotplug_enable); #ifdef CONFIG_HOTPLUG_SMT enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; +EXPORT_SYMBOL_GPL(cpu_smt_control); static int __init smt_cmdline_disable(char *str) { |