Linux KVM Virtualization Had Mistakenly Been Applying L1TF Workaround To Unaffected CPUs
Written by Michael Larabel in Virtualization on 19 May 2020 at 08:09 AM EDT. 17 Comments
The all-important Linux Kernel-based Virtual Machine (KVM) code for open-source virtualization had mistakenly been applying its L1TF workaround for unaffected CPUs -- namely AMD EPYC CPUs -- for the past several months until the issue was uncovered this week.

Only Intel CPUs are vulnerable to L1 Terminal Fault (L1TF) / Foreshadow, but the KVM code ended up applying L1TF workarounds to guests on unaffected processors. The change that borked KVM's L1TF handling was mainlined back in January and subsequently back-ported to the various maintained kernel branches as a "fix" thus found on the various LTS kernels currently and just not the recent 5.x kernels released this calendar year.

It was a fix around AMD EPYC memory encryption for KVM's SVM code but in turn that messed up the L1TF handling in KVM. It was a simple mistake made by an AMD engineer and not any nefarious attempt by Intel or the like for trying to more broadly apply L1TF mitigations, etc.

Red Hat's Paolo Bonzini who oversees the KVM code for the upstream Linux kernel sent out the patch today fixing the issue: KVM: x86: only do L1TF workaround on affected processors. That fix will hopefully be mainlined soon and also back-ported to the various stable branches currently carrying the patch that broke the L1TF handling.
Related News
About The Author
Author picture

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter or contacted via

Popular News This Week