If the L1TF CPU bug is present we allow the KVM module to be loaded as
the major of users that use Linux and KVM have trusted guests and do not
want a broken setup.

Cloud vendors are the ones that are uncomfortable with CVE 2018-3620 and
as such they are the ones that should set nosmt to one.

Setting 'nosmt' means that the system administrator also needs to
disable SMT (Hyper-threading) in the BIOS, or via the 'nosmt' command line
parameter, or via the /sys/devices/system/cpu/smt/control. See commit
05736e4a ("cpu/hotplug: Provide knobs to control SMT").

Other mitigations are to use task affinity, cpu sets, interrupt binding,
etc - anything to make sure that _only_ the same guests vCPUs are running
on sibling threads.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646

[smb: Added vm_init function to vmx.c, squashed v4, re-
      arranged for v6]
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>