]> git.proxmox.com Git - pve-kernel.git/blob - patches/kernel/0294-x86-svm-Set-IBRS-value-on-VM-entry-and-exit.patch
projects / pve-kernel.git / blob
? search:


880d9b4e54e2d7fbaaa43aa299d1d80e9e78e7b4
[pve-kernel.git] / patches / kernel / 0294-x86-svm-Set-IBRS-value-on-VM-entry-and-exit.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Tom Lendacky <thomas.lendacky@amd.com>
3 Date: Wed, 20 Dec 2017 10:55:47 +0000
4 Subject: [PATCH] x86/svm: Set IBRS value on VM entry and exit
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 CVE-2017-5753
10 CVE-2017-5715
11
12 Set/restore the guests IBRS value on VM entry. On VM exit back to the
13 kernel save the guest IBRS value and then set IBRS to 1.
14
15 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
16 Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
17 Signed-off-by: Andy Whitcroft <apw@canonical.com>
18 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
19 (cherry picked from commit 72f71e6826fac9a656c3994fb6f979cd65a14c64)
20 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
21 ---
22 arch/x86/kvm/svm.c | 17 +++++++++++++++++
23 1 file changed, 17 insertions(+)
24
25 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
26 index 94adf6becc2e..a1b19e810c49 100644
27 --- a/arch/x86/kvm/svm.c
28 +++ b/arch/x86/kvm/svm.c
29 @@ -175,6 +175,8 @@ struct vcpu_svm {
30
31 u64 next_rip;
32
33 + u64 spec_ctrl;
34 +
35 u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
36 struct {
37 u16 fs;
38 @@ -3547,6 +3549,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
39 case MSR_VM_CR:
40 msr_info->data = svm->nested.vm_cr_msr;
41 break;
42 + case MSR_IA32_SPEC_CTRL:
43 + msr_info->data = svm->spec_ctrl;
44 + break;
45 case MSR_IA32_UCODE_REV:
46 msr_info->data = 0x01000065;
47 break;
48 @@ -3702,6 +3707,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
49 case MSR_VM_IGNNE:
50 vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
51 break;
52 + case MSR_IA32_SPEC_CTRL:
53 + svm->spec_ctrl = data;
54 + break;
55 case MSR_IA32_APICBASE:
56 if (kvm_vcpu_apicv_active(vcpu))
57 avic_update_vapic_bar(to_svm(vcpu), data);
58 @@ -4883,6 +4891,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
59
60 local_irq_enable();
61
62 + if (ibrs_inuse && (svm->spec_ctrl != FEATURE_ENABLE_IBRS))
63 + wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
64 +
65 asm volatile (
66 "push %%" _ASM_BP "; \n\t"
67 "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
68 @@ -4975,6 +4986,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
69 #endif
70 );
71
72 + if (ibrs_inuse) {
73 + rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
74 + if (svm->spec_ctrl != FEATURE_ENABLE_IBRS)
75 + wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
76 + }
77 +
78 #ifdef CONFIG_X86_64
79 wrmsrl(MSR_GS_BASE, svm->host.gs_base);
80 #else
81 --
82 2.14.2
83
Linux Kernel for Proxmox projects