summaryrefslogtreecommitdiff
path: root/Documentation/admin-guide/kernel-parameters.txt
diff options
context:
space:
mode:
authorKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>2018-06-20 11:29:53 -0400
committerThomas Gleixner <tglx@linutronix.de>2018-07-04 20:49:38 +0200
commit26acfb666a473d960f0fd971fe68f3e3ad16c70b (patch)
treee534e6f16c22dc327c0159ecff72d68b1119ac8a /Documentation/admin-guide/kernel-parameters.txt
parent0cc3cd21657be04cb0559fe8063f2130493f92cf (diff)
downloadlwn-26acfb666a473d960f0fd971fe68f3e3ad16c70b.tar.gz
lwn-26acfb666a473d960f0fd971fe68f3e3ad16c70b.zip
x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
If the L1TF CPU bug is present we allow the KVM module to be loaded as the major of users that use Linux and KVM have trusted guests and do not want a broken setup. Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and as such they are the ones that should set nosmt to one. Setting 'nosmt' means that the system administrator also needs to disable SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line parameter, or via the /sys/devices/system/cpu/smt/control. See commit 05736e4ac13c ("cpu/hotplug: Provide knobs to control SMT"). Other mitigations are to use task affinity, cpu sets, interrupt binding, etc - anything to make sure that _only_ the same guests vCPUs are running on sibling threads. Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'Documentation/admin-guide/kernel-parameters.txt')
-rw-r--r--Documentation/admin-guide/kernel-parameters.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 5da7b0b30432..298f1b38dc89 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1946,6 +1946,12 @@
[KVM,ARM] Allow use of GICv4 for direct injection of
LPIs.
+ kvm-intel.nosmt=[KVM,Intel] If the L1TF CPU bug is present (CVE-2018-3620)
+ and the system has SMT (aka Hyper-Threading) enabled then
+ don't allow guests to be created.
+
+ Default is 0 (allow guests to be created).
+
kvm-intel.ept= [KVM,Intel] Disable extended page tables
(virtualized MMU) support on capable Intel chips.
Default is 1 (enabled)