Commit 86d33097 authored by Stefan Bader's avatar Stefan Bader Committed by Kleber Sacilotto de Souza

UBUNTU: SAUCE: Fix spec_ctrl support in KVM

CVE-2017-5753
CVE-2017-5715

Initial change was missing code to correctly mask EDX bits of cpuid
level 7.0.

Fixes: 8339cae2 ("KVM: x86: Add speculative control CPUID support for guests")
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 36c867e8
...@@ -361,6 +361,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, ...@@ -361,6 +361,10 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
F(ADX) | F(SMAP) | F(AVX512F) | F(AVX512PF) | F(AVX512ER) | F(ADX) | F(SMAP) | F(AVX512F) | F(AVX512PF) | F(AVX512ER) |
F(AVX512CD) | F(CLFLUSHOPT) | F(CLWB) | F(PCOMMIT); F(AVX512CD) | F(CLFLUSHOPT) | F(CLWB) | F(PCOMMIT);
/* cpuid 7.0.edx */
const u32 kvm_supported_7_0_edx_x86_features =
KF(SPEC_CTRL);
/* cpuid 0xD.1.eax */ /* cpuid 0xD.1.eax */
const u32 kvm_supported_word10_x86_features = const u32 kvm_supported_word10_x86_features =
F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves; F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves;
...@@ -446,11 +450,14 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, ...@@ -446,11 +450,14 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
cpuid_mask(&entry->ebx, 9); cpuid_mask(&entry->ebx, 9);
// TSC_ADJUST is emulated // TSC_ADJUST is emulated
entry->ebx |= F(TSC_ADJUST); entry->ebx |= F(TSC_ADJUST);
} else entry->edx &= kvm_supported_7_0_edx_x86_features;
entry->edx &= get_scattered_cpuid_leaf(7, 0, 2);
} else {
entry->ebx = 0; entry->ebx = 0;
entry->edx = 0;
}
entry->eax = 0; entry->eax = 0;
entry->ecx = 0; entry->ecx = 0;
entry->edx = 0;
break; break;
} }
case 9: case 9:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment