-
Thomas Gleixner authored
In virtualized environments it can happen that the host has the microcode update which utilizes the VERW instruction to clear CPU buffers, but the hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit to guests. Introduce an internal mitigation mode VWWERV which enables the invocation of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the system has no updated microcode this results in a pointless execution of the VERW instruction wasting a few CPU cycles. If the microcode is updated, but not exposed to a guest then the CPU buffers will be cleared. That said: Virtual Machines Will Eventually Receive Vaccine Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 (backported from commit 8a2979fc4e819a1bb77c782def72e45d9f5a3f0d) [juergh: Adjusted context.] Signed-off-by:
Juerg Haefliger <juergh@canonical.com> Acked-by:
Tyler Hicks <tyhicks@canonical.com> Acked-by:
Stefan Bader <stefan.bader@canonical.com> Signed-off-by:
d5585937
