1 files changed, 13 insertions, 5 deletions

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index b1f6451022e5..f7c2dee452a1 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -488,16 +488,24 @@ static void kvm_mmu_reset_all_pte_masks(void)
          * If the CPU has 46 or less physical address bits, then set an
          * appropriate mask to guard against L1TF attacks. Otherwise, it is
          * assumed that the CPU is not vulnerable to L1TF.
+         *
+         * Some Intel CPUs address the L1 cache using more PA bits than are
+         * reported by CPUID. Use the PA width of the L1 cache when possible
+         * to achieve more effective mitigation, e.g. if system RAM overlaps
+         * the most significant bits of legal physical address space.
          */
-        low_phys_bits = boot_cpu_data.x86_phys_bits;
-        if (boot_cpu_data.x86_phys_bits <
+        shadow_nonpresent_or_rsvd_mask = 0;
+        low_phys_bits = boot_cpu_data.x86_cache_bits;
+        if (boot_cpu_data.x86_cache_bits <
             52 - shadow_nonpresent_or_rsvd_mask_len) {
                 shadow_nonpresent_or_rsvd_mask =
-                        rsvd_bits(boot_cpu_data.x86_phys_bits -
+                        rsvd_bits(boot_cpu_data.x86_cache_bits -
                                   shadow_nonpresent_or_rsvd_mask_len,
-                                  boot_cpu_data.x86_phys_bits - 1);
+                                  boot_cpu_data.x86_cache_bits - 1);
                 low_phys_bits -= shadow_nonpresent_or_rsvd_mask_len;
-        }
+        } else
+                WARN_ON_ONCE(boot_cpu_has_bug(X86_BUG_L1TF));
+
         shadow_nonpresent_or_rsvd_lower_gfn_mask =
                 GENMASK_ULL(low_phys_bits - 1, PAGE_SHIFT);
 }