• Thomas Gleixner's avatar
    x86/bugs: Rework spec_ctrl base and mask logic · 14f01ab5
    Thomas Gleixner authored
    x86_spec_ctrL_mask is intended to mask out bits from a MSR_SPEC_CTRL value
    which are not to be modified. However the implementation is not really used
    and the bitmask was inverted to make a check easier, which was removed in
    "x86/bugs: Remove x86_spec_ctrl_set()"
    
    Aside of that it is missing the STIBP bit if it is supported by the
    platform, so if the mask would be used in x86_virt_spec_ctrl() then it
    would prevent a guest from setting STIBP.
    
    Add the STIBP bit if supported and use the mask in x86_virt_spec_ctrl() to
    sanitize the value which is supplied by the guest.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    
    CVE-2018-3639 (x86)
    
    (cherry-picked from commit be6fcb54)
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    14f01ab5
bugs.c 19.4 KB