Linux KVM Virtualization Had Mistakenly Been Applying L1TF Workaround To Unaffected CPUs

Written by Michael Larabel in Virtualization on 19 May 2020 at 08:09 AM EDT. 17 Comments
VIRTUALIZATION
The all-important Linux Kernel-based Virtual Machine (KVM) code for open-source virtualization had mistakenly been applying its L1TF workaround for unaffected CPUs -- namely AMD EPYC CPUs -- for the past several months until the issue was uncovered this week.

Only Intel CPUs are vulnerable to L1 Terminal Fault (L1TF) / Foreshadow, but the KVM code ended up applying L1TF workarounds to guests on unaffected processors. The change that borked KVM's L1TF handling was mainlined back in January and subsequently back-ported to the various maintained kernel branches as a "fix" thus found on the various LTS kernels currently and just not the recent 5.x kernels released this calendar year.

It was a fix around AMD EPYC memory encryption for KVM's SVM code but in turn that messed up the L1TF handling in KVM. It was a simple mistake made by an AMD engineer and not any nefarious attempt by Intel or the like for trying to more broadly apply L1TF mitigations, etc.

Red Hat's Paolo Bonzini who oversees the KVM code for the upstream Linux kernel sent out the patch today fixing the issue: KVM: x86: only do L1TF workaround on affected processors. That fix will hopefully be mainlined soon and also back-ported to the various stable branches currently carrying the patch that broke the L1TF handling.
17 Comments
Related News
QEMU 9.2 Released With VirtIO GPU Vulkan Support, AVX10 & Experimental Rust Support
Rust Hypervisor Firmware v0.5 Supports For More CPUs & Improves EFI Support
Linux 6.13 KVM Eliminates An "Awful Idea", Many x86_64 Improvements
Virtual CPUFreq Driver Coming With Linux 6.13 For Better Power/Performance Within VMs
IBM Power11 CPUs Launching In 2025 - Linux 6.13 Preps KVM Nested Guests For Power11
DXVK 2.5 Brings Memory Management Rewrite & Other Improvements
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features
Linux 6.12 Officially Promoted To Being An LTS Kernel