www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Thu, 28 Mar 2019 17:57:24 +0000 (13:57 -0400)
committer	Mihai Carabas <mihai.carabas@oracle.com>
	Mon, 22 Apr 2019 18:16:18 +0000 (21:16 +0300)
commit	50b95fddfbd2e4deafc0475bdfb1c1af1f6a91d7
tree	fdd1015976e8e6008093ba7ac4bfca0a1cacbbd1	tree
parent	9948f836572f9273013e5e62e2dfabdbd26145b7	commit \| diff

x86/speculation/mds: Add mitigation mode VMWERV

commit 22dd8365088b6403630b82423cf906491859b65e upstream

In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
to guests.

Introduce an internal mitigation mode VWWERV which enables the invocation
of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
system has no updated microcode this results in a pointless execution of
the VERW instruction wasting a few CPU cycles. If the microcode is updated,
but not exposed to a guest then the CPU buffers will be cleared.

That said: Virtual Machines Will Eventually Receive Vaccine

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
(cherry picked from commit a2227b3f734fad5ace7c99103d6a7bc020c193fd)

Orabug: 29526900
CVE: CVE-2018-12126
CVE: CVE-2018-12130
CVE: CVE-2018-12127

Signed-off-by: Kanth Ghatraju <kanth.ghatraju@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts:
The changes to arch/x86/kernel/cpu/bugs.c instead need to be made to
arch/x86/kernel/cpu/bugs_64.c.

Documentation/x86/mds.rst		diff \| blob \| history
arch/x86/include/asm/processor.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history