]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commitdiff
projects / mirror_ubuntu-artful-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6781ae)
x86/svm: Set IBPB when running a different VCPU
authorTom Lendacky <thomas.lendacky@amd.com>
Wed, 20 Dec 2017 10:55:47 +0000 (10:55 +0000)
committerKhalid Elmously <khalid.elmously@canonical.com>
Fri, 16 Feb 2018 17:42:59 +0000 (12:42 -0500)
CVE-2017-5715 (Spectre v2 Intel)

Set IBPB (Indirect Branch Prediction Barrier) when the current CPU is
going to run a VCPU different from what was previously run.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
arch/x86/kvm/svm.c patch | blob | blame | history

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index e57aa854f2c1e2eec8c0b010f6cd206f4f2d1c1e..a8c911fcd73fcb3948642e43ba044b52f736293c 100644 (file)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -519,6 +519,8 @@ struct svm_cpu_data {
        struct kvm_ldttss_desc *tss_desc;
 
        struct page *save_area;
+
+       struct vmcb *current_vmcb;
 };
 
 static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
@@ -1686,11 +1688,19 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu)
        __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, svm);
+
+       /*
+        * The VMCB could be recycled, causing a false negative in svm_vcpu_load;
+        * block speculative execution.
+        */
+       if (ibpb_inuse)
+               wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
 }
 
 static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 {
        struct vcpu_svm *svm = to_svm(vcpu);
+       struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
        int i;
 
        if (unlikely(cpu != vcpu->cpu)) {
@@ -1719,6 +1729,12 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
        if (static_cpu_has(X86_FEATURE_RDTSCP))
                wrmsrl(MSR_TSC_AUX, svm->tsc_aux);
 
+       if (sd->current_vmcb != svm->vmcb) {
+               sd->current_vmcb = svm->vmcb;
+               if (ibpb_inuse)
+                       wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
+       }
+
        avic_vcpu_load(vcpu, cpu);
 }
 
Ubuntu Artful kernel mirror