On 11.04.24 г. 10:24 ч., Alexandre Chartre wrote:
When a system is not affected by the BHI bug then KVM should
configure guests with BHI_NO to ensure they won't enable any
BHI mitigation.
Signed-off-by: Alexandre Chartre <alexandre.chartre@xxxxxxxxxx>
---
arch/x86/kvm/x86.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 984ea2089efc..f43d3c15a6b7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1678,6 +1678,9 @@ static u64 kvm_get_arch_capabilities(void)
if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated())
data |= ARCH_CAP_GDS_NO;
+ if (!boot_cpu_has_bug(X86_BUG_BHI))
+ data |= ARCH_CAP_BHI_NO;
+
But this is already handled since ARCH_CAP_BHI_NO is added to
KVM_SUPPORTED_ARCH_CAP so when the host caps are read that bit is going
to be set there, if it's set for the physical cpu of course.
return data;
}