www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Thu, 26 Apr 2018 02:04:19 +0000 (22:04 -0400)
committer	Brian Maly <brian.maly@oracle.com>
	Mon, 21 May 2018 22:02:42 +0000 (18:02 -0400)
commit	817ca6d307dba517280f5debe57b20793c63f158
tree	33334c89ad22ebe16f2322b39faedeaf93634baa	tree
parent	35e2983d16be6183f03841d8167fde9bd81413cf	commit \| diff

x86/bugs, KVM: Support the combination of guest and host IBRS

A guest may modify the SPEC_CTRL MSR from the value used by the
kernel. Since the kernel doesn't use IBRS, this means a value of zero is
what is needed in the host.

But the 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to
the other bits as reserved so the kernel should respect the boot time
SPEC_CTRL value and use that.

This allows to deal with future extensions to the SPEC_CTRL interface if
any at all.

Note: This uses wrmsrl() instead of native_wrmsl(). I does not make any
difference as paravirt will over-write the callq *0xfff.. with the wrmsrl
assembler code.

OraBug: 28041771
CVE: CVE-2018-3639

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 5cf687548705412da47c9cec342fd952d71ed3d5)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Conflicts:
arch/x86/kvm/svm.c
arch/x86/kvm/vmx.c
[We need to preserve the check for ibrs_inuse - which we can do now in the
functions]

Signed-off-by: Brian Maly <brian.maly@oracle.com>

arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history
arch/x86/kvm/svm.c		diff \| blob \| history
arch/x86/kvm/vmx.c		diff \| blob \| history