git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	Daniel Sneddon <daniel.sneddon@linux.intel.com>
	Thu, 13 Jul 2023 02:43:14 +0000 (19:43 -0700)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 9 Aug 2023 10:02:13 +0000 (12:02 +0200)
commit	cd25885269804c59063c52ef587bde0d8fe17131
tree	23b3d94003bab2d4e4931749b307072e71f321c4	tree
parent	92bd969bbe475c5bca376d007ed6558085b237ba	commit \| diff

KVM: Add GDS_NO support to KVM

Gather Data Sampling (GDS) is a transient execution attack using
gather instructions from the AVX2 and AVX512 extensions. This attack
allows malicious code to infer data that was previously stored in
vector registers. Systems that are not vulnerable to GDS will set the
GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
guests that may think they are on vulnerable systems that are, in
fact, not affected. Guests that are running on affected hosts where
the mitigation is enabled are protected as if they were running
on an unaffected system.

On all hosts that are not affected or that are mitigated, set the
GDS_NO bit.

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)
CVE-2022-40982
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kvm/x86.c		diff \| blob \| blame \| history