From: Tim Chen <tim.c.chen@linux.intel.com>
Date: Fri, 13 Oct 2017 21:31:46 +0000 (-0700)
Subject: x86/kvm: Set IBPB when switching VM
X-Git-Tag: v4.1.12-124.31.3~1405
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=fff8089f7239e5dab36b88ac2d7eb65bbd0ec961;p=users%2Fjedix%2Flinux-maple.git

x86/kvm: Set IBPB when switching VM

Set IBPB (Indirect branch prediction barrier) when switching VM.


Orabug: 27344012
CVE: CVE-2017-5715

Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
---

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a8073e3e3fcd..bd69a9181825 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1922,6 +1922,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 	if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) {
 		per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
 		vmcs_load(vmx->loaded_vmcs->vmcs);
+		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+			native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
 	}
 
 	if (vmx->loaded_vmcs->cpu != cpu) {