Hi-- On 7/2/20 2:38 PM, Abhishek Bhardwaj wrote: > This change adds a new kernel configuration that sets the l1d cache > flush setting at compile time rather than at run time. > > Signed-off-by: Abhishek Bhardwaj <abhishekbh@xxxxxxxxxx> > > --- > > Changes in v2: > - Fix typo in the help of the new KConfig. > > arch/x86/kernel/cpu/bugs.c | 8 ++++++++ > arch/x86/kvm/Kconfig | 17 +++++++++++++++++ > 2 files changed, 25 insertions(+) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 0b71970d2d3d2..1dcc875cf5547 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -1406,7 +1406,15 @@ enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; > #if IS_ENABLED(CONFIG_KVM_INTEL) > EXPORT_SYMBOL_GPL(l1tf_mitigation); > #endif > +#if (CONFIG_KVM_VMENTRY_L1D_FLUSH == 1) > +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_NEVER; > +#elif (CONFIG_KVM_VMENTRY_L1D_FLUSH == 2) > +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_COND; > +#elif (CONFIG_KVM_VMENTRY_L1D_FLUSH == 3) > +enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_ALWAYS; > +#else > enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; > +#endif > EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); > > /* > diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig > index b277a2db62676..d375dcedd447d 100644 > --- a/arch/x86/kvm/Kconfig > +++ b/arch/x86/kvm/Kconfig > @@ -107,4 +107,21 @@ config KVM_MMU_AUDIT > This option adds a R/W kVM module parameter 'mmu_audit', which allows > auditing of KVM MMU events at runtime. > > +config KVM_VMENTRY_L1D_FLUSH > + int "L1D cache flush settings (1-3)" > + range 1 3 > + default "2" > + depends on KVM && X86 && X86_64 Why does this apply only to KVM? and the "X86 && X86_64" is more than is needed. Just "X86_64" alone should be enough. > + help > + This setting determines the L1D cache flush behavior before a VMENTER. > + This is similar to setting the option / parameter to > + kvm-intel.vmentry_l1d_flush. > + 1 - Never flush. > + 2 - Conditionally flush. > + 3 - Always flush. > + > +# OK, it's a little counter-intuitive to do this, but it puts it neatly under > +# the virtualization menu. > +source "drivers/vhost/Kconfig" I don't quite understand why this 'source' line is here. Can you explain more about that, please? It puts "VHOST drivers" in the menu 2 times, in 2 totally unrelated places. Seems like it could be confusing. > + > endif # VIRTUALIZATION -- ~Randy
