Commit 38a6e4c9 authored by Tom Lendacky's avatar Tom Lendacky Committed by Khalid Elmously

x86/svm: Set IBRS value on VM entry and exit

CVE-2017-5715 (Spectre v2 Intel)

Set/restore the guests IBRS value on VM entry. On VM exit back to the
kernel save the guest IBRS value and then set IBRS to 1.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
(backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f)
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent bcc050c7
...@@ -139,6 +139,8 @@ struct vcpu_svm { ...@@ -139,6 +139,8 @@ struct vcpu_svm {
u64 next_rip; u64 next_rip;
u64 spec_ctrl;
u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS]; u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
struct { struct {
u16 fs; u16 fs;
...@@ -3053,6 +3055,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) ...@@ -3053,6 +3055,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
case MSR_VM_CR: case MSR_VM_CR:
msr_info->data = svm->nested.vm_cr_msr; msr_info->data = svm->nested.vm_cr_msr;
break; break;
case MSR_IA32_SPEC_CTRL:
msr_info->data = svm->spec_ctrl;
break;
case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_REV:
msr_info->data = 0x01000065; msr_info->data = 0x01000065;
break; break;
...@@ -3189,6 +3194,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) ...@@ -3189,6 +3194,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
case MSR_VM_IGNNE: case MSR_VM_IGNNE:
vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data); vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
break; break;
case MSR_IA32_SPEC_CTRL:
svm->spec_ctrl = data;
break;
default: default:
return kvm_set_msr_common(vcpu, msr); return kvm_set_msr_common(vcpu, msr);
} }
...@@ -3827,6 +3835,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -3827,6 +3835,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
local_irq_enable(); local_irq_enable();
if (ibrs_inuse && (svm->spec_ctrl != FEATURE_ENABLE_IBRS))
wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
asm volatile ( asm volatile (
"push %%" _ASM_BP "; \n\t" "push %%" _ASM_BP "; \n\t"
"mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t" "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
...@@ -3903,6 +3914,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -3903,6 +3914,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
/* Eliminate branch target predictions from guest mode */ /* Eliminate branch target predictions from guest mode */
vmexit_fill_RSB(); vmexit_fill_RSB();
if (ibrs_inuse) {
rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
if (svm->spec_ctrl != FEATURE_ENABLE_IBRS)
wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
}
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
wrmsrl(MSR_GS_BASE, svm->host.gs_base); wrmsrl(MSR_GS_BASE, svm->host.gs_base);
#else #else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment