]>
Commit | Line | Data |
---|---|---|
035dbe67 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Tim Chen <tim.c.chen@linux.intel.com> | |
3 | Date: Fri, 13 Oct 2017 14:31:46 -0700 | |
4 | Subject: [PATCH] x86/kvm: Set IBPB when switching VM | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5753 | |
10 | CVE-2017-5715 | |
11 | ||
12 | Set IBPB (Indirect branch prediction barrier) when switching VM. | |
13 | ||
14 | Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> | |
15 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
16 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
17 | (cherry picked from commit 665076ad780e8620505c742cfcb4b0f3fb99324a) | |
18 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
19 | --- | |
20 | arch/x86/kvm/vmx.c | 3 +++ | |
21 | 1 file changed, 3 insertions(+) | |
22 | ||
23 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c | |
24 | index daff9962c90a..8df195bbb41d 100644 | |
25 | --- a/arch/x86/kvm/vmx.c | |
26 | +++ b/arch/x86/kvm/vmx.c | |
27 | @@ -1488,6 +1488,7 @@ static void vmcs_load(struct vmcs *vmcs) | |
28 | if (error) | |
29 | printk(KERN_ERR "kvm: vmptrld %p/%llx failed\n", | |
30 | vmcs, phys_addr); | |
31 | + | |
32 | } | |
33 | ||
34 | #ifdef CONFIG_KEXEC_CORE | |
35 | @@ -2268,6 +2269,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) | |
36 | if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { | |
37 | per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; | |
38 | vmcs_load(vmx->loaded_vmcs->vmcs); | |
39 | + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) | |
40 | + native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB); | |
41 | } | |
42 | ||
43 | if (!already_loaded) { | |
44 | -- | |
45 | 2.14.2 | |
46 |