git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Wed, 20 Feb 2019 08:40:40 +0000 (09:40 +0100)
committer	Stefan Bader <stefan.bader@canonical.com>
	Mon, 6 May 2019 16:58:13 +0000 (18:58 +0200)
commit	ebf1e8cbd81b07328946103280e43f45b26509d7
tree	a8990d8a8dad2bdbd89799d0cfd79511611538aa	tree
parent	1122cc78eda1ee25b05940f710c56b297d1ff301	commit \| diff

x86/speculation/mds: Add mitigation mode VMWERV

In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
to guests.

Introduce an internal mitigation mode VWWERV which enables the invocation
of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
system has no updated microcode this results in a pointless execution of
the VERW instruction wasting a few CPU cycles. If the microcode is updated,
but not exposed to a guest then the CPU buffers will be cleared.

That said: Virtual Machines Will Eventually Receive Vaccine

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130

(cherry picked from commit 8a2979fc4e819a1bb77c782def72e45d9f5a3f0d)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Documentation/x86/mds.rst		diff \| blob \| blame \| history
arch/x86/include/asm/processor.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history