On 11/12/18 04:25, speck for Andi Kleen wrote:
> Okay.
> 
> We'll have to disable interrupts in that window, but that
> should be ok.
> 
> I guess it could be also set in some skb_* functions to catch
> the network cases.
> 
> Or maybe setting when calling into unaudited code in interrupts/timers?
> 
> And the flag would allow a "paranoid" mode which sets
> it unconditionally. 

That sounds a lot like kvm_get_cpu_l1tf_flush_l1d and
kvm_clear_cpu_l1tf_flush_l1d.  Maybe we can just add another bit in
irq_cpustat_t's kvm_cpu_l1tf_flush_l1d, which would be cleared on return
to userspace before doing the verw stuff.

Paolo