x86/KVM/VMX: Add module argument for L1TF mitigation

[linux-2.6-microblaze.git] / Documentation / admin-guide / kernel-parameters.txt

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 298f1b3..4f79056 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1973,6 +1973,18 @@
                        (virtualized real and unpaged mode) on capable
                        Intel chips. Default is 1 (enabled)
 
+       kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault
+                       CVE-2018-3620.
+
+                       Valid arguments: never, cond, always
+
+                       always: L1D cache flush on every VMENTER.
+                       cond:   Flush L1D on VMENTER only when the code between
+                               VMEXIT and VMENTER can leak host memory.
+                       never:  Disables the mitigation
+
+                       Default is cond (do L1 cache flush in specific instances)
+
        kvm-intel.vpid= [KVM,Intel] Disable Virtual Processor Identification
                        feature (tagged TLBs) on capable Intel chips.
                        Default is 1 (enabled)