]> git.proxmox.com Git - pve-kernel.git/blob - patches/kernel/0285-x86-kvm-Pad-RSB-on-VM-transition.patch
projects / pve-kernel.git / blob
? search:


f337f155e5be410f4ee99e5af7f1d49e65911a0c
[pve-kernel.git] / patches / kernel / 0285-x86-kvm-Pad-RSB-on-VM-transition.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Tim Chen <tim.c.chen@linux.intel.com>
3 Date: Fri, 20 Oct 2017 17:05:54 -0700
4 Subject: [PATCH] x86/kvm: Pad RSB on VM transition
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 CVE-2017-5753
10 CVE-2017-5715
11
12 Add code to pad the local CPU's RSB entries to protect
13 from previous less privilege mode.
14
15 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
16 Signed-off-by: Andy Whitcroft <apw@canonical.com>
17 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
18 (cherry picked from commit 5369368d3520addb2ffb2413cfa7e8f3efe2e31d)
19 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
20 ---
21 arch/x86/include/asm/kvm_host.h | 103 ++++++++++++++++++++++++++++++++++++++++
22 arch/x86/kvm/vmx.c | 2 +
23 2 files changed, 105 insertions(+)
24
25 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
26 index 1953c0a5b972..4117a97228a2 100644
27 --- a/arch/x86/include/asm/kvm_host.h
28 +++ b/arch/x86/include/asm/kvm_host.h
29 @@ -125,6 +125,109 @@ static inline gfn_t gfn_to_index(gfn_t gfn, gfn_t base_gfn, int level)
30
31 #define ASYNC_PF_PER_VCPU 64
32
33 +static inline void stuff_RSB(void)
34 +{
35 + __asm__ __volatile__(" \n\
36 + call .label1 \n\
37 + pause \n\
38 +.label1: \n\
39 + call .label2 \n\
40 + pause \n\
41 +.label2: \n\
42 + call .label3 \n\
43 + pause \n\
44 +.label3: \n\
45 + call .label4 \n\
46 + pause \n\
47 +.label4: \n\
48 + call .label5 \n\
49 + pause \n\
50 +.label5: \n\
51 + call .label6 \n\
52 + pause \n\
53 +.label6: \n\
54 + call .label7 \n\
55 + pause \n\
56 +.label7: \n\
57 + call .label8 \n\
58 + pause \n\
59 +.label8: \n\
60 + call .label9 \n\
61 + pause \n\
62 +.label9: \n\
63 + call .label10 \n\
64 + pause \n\
65 +.label10: \n\
66 + call .label11 \n\
67 + pause \n\
68 +.label11: \n\
69 + call .label12 \n\
70 + pause \n\
71 +.label12: \n\
72 + call .label13 \n\
73 + pause \n\
74 +.label13: \n\
75 + call .label14 \n\
76 + pause \n\
77 +.label14: \n\
78 + call .label15 \n\
79 + pause \n\
80 +.label15: \n\
81 + call .label16 \n\
82 + pause \n\
83 +.label16: \n\
84 + call .label17 \n\
85 + pause \n\
86 +.label17: \n\
87 + call .label18 \n\
88 + pause \n\
89 +.label18: \n\
90 + call .label19 \n\
91 + pause \n\
92 +.label19: \n\
93 + call .label20 \n\
94 + pause \n\
95 +.label20: \n\
96 + call .label21 \n\
97 + pause \n\
98 +.label21: \n\
99 + call .label22 \n\
100 + pause \n\
101 +.label22: \n\
102 + call .label23 \n\
103 + pause \n\
104 +.label23: \n\
105 + call .label24 \n\
106 + pause \n\
107 +.label24: \n\
108 + call .label25 \n\
109 + pause \n\
110 +.label25: \n\
111 + call .label26 \n\
112 + pause \n\
113 +.label26: \n\
114 + call .label27 \n\
115 + pause \n\
116 +.label27: \n\
117 + call .label28 \n\
118 + pause \n\
119 +.label28: \n\
120 + call .label29 \n\
121 + pause \n\
122 +.label29: \n\
123 + call .label30 \n\
124 + pause \n\
125 +.label30: \n\
126 + call .label31 \n\
127 + pause \n\
128 +.label31: \n\
129 + call .label32 \n\
130 + pause \n\
131 +.label32: \n\
132 + add $(32*8), %%rsp \n\
133 +": : :"memory");
134 +}
135 +
136 enum kvm_reg {
137 VCPU_REGS_RAX = 0,
138 VCPU_REGS_RCX = 1,
139 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
140 index 57d538fc7c75..496884b6467f 100644
141 --- a/arch/x86/kvm/vmx.c
142 +++ b/arch/x86/kvm/vmx.c
143 @@ -9228,6 +9228,8 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
144 #endif
145 );
146
147 + stuff_RSB();
148 +
149 /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */
150 if (debugctlmsr)
151 update_debugctlmsr(debugctlmsr);
152 --
153 2.14.2
154
Linux Kernel for Proxmox projects