www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Thu, 1 Feb 2018 20:47:19 +0000 (15:47 -0500)
committer	Jack Vogel <jack.vogel@oracle.com>
	Thu, 8 Feb 2018 18:15:22 +0000 (10:15 -0800)
commit	775acc5d4a1b82f587c55f0ab442b05e07dd0ac8
tree	4c3aff6b9e47f1e791940096801b1bbae8e1df7c	tree
parent	a152f9821dc56887544d287649c1d727e56567d7	commit \| diff

KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

This is an adopation of what is being posted upstream.

The issue here is that guest kernels such as Windows
needs IBRS to solve their spectre_v2 mitigation.

And since our kernel can do either IBRS or retpoline
we need to be aware of both.

(We are ignoring for right now the situation in which
the microcode is not loaded and we want to emulate IBRS)

In short:
1) If the CPU has microcode, and host uses IBRS we need
    to save the MSR during VMEXIT and write our IBRS value.
    Also before VMENTER we need to write the guest MSR value.

2) If the host kernel uses retpoline we need to WRMSR the
    guest MSR value on VMENTER, but we are optimizing by only
    doing it if it a non-zero value.

    On VMEXIT we read the guest MSR value.

Orabug: 27477743
CVE: CVE-2017-5715

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin@oracle.com>

arch/x86/kvm/cpuid.c		diff \| blob \| history
arch/x86/kvm/svm.c		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history