As the title suggest, if the host cpu supports flush_l1d flag and QEMU/userspace wants to boot a VM with the same flag (or emulate same host features), KVM should be able to do so. Patch 3 is the main fix, because if flush_l1d is not advertised by KVM, a linux VM will erroneously mark /sys/devices/system/cpu/vulnerabilities/mmio_stale_data as vulnerable, even though it isn't since the host has the feature and takes care of this. Not sure what would happen in the nested case though. Patch 1 and 2 are just taken and refactored from Jim Mattison's serie that it seems was lost a while ago: https://patchwork.kernel.org/project/kvm/patch/20180814173049.21756-1-jmattson@xxxxxxxxxx/ I thought it was worth re-posting them. Thank you, Emanuele Emanuele Giuseppe Esposito (3): kvm: vmx: Add IA32_FLUSH_CMD guest support kvm: svm: Add IA32_FLUSH_CMD guest support kvm: x86: Advertise FLUSH_L1D to user space arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm/svm.c | 44 ++++++++++++++++-------- arch/x86/kvm/vmx/nested.c | 3 ++ arch/x86/kvm/vmx/vmx.c | 70 +++++++++++++++++++++++++-------------- 4 files changed, 80 insertions(+), 39 deletions(-) -- 2.39.1