x86/kvm: Toggle IBRS on VM entry and exit

CVE-2017-5715 (Spectre v2 Intel) Restore guest IBRS on VM entry and set it to 1 on VM exit back to kernel. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 08aeb17b6385ac5b82d73753ac43cc8c7cff5d5c) Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

x86/kvm: Toggle IBRS on VM entry and exit
CVE-2017-5715 (Spectre v2 Intel) Restore guest IBRS on VM entry and set it to 1 on VM exit back to kernel. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 08aeb17b6385ac5b82d73753ac43cc8c7cff5d5c) Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
9bfbaa3e · Tim Chen · Khalid Elmously · e08b6ec9 · 9bfbaa3e
Commit 9bfbaa3e authored Oct 20, 2017 by Tim Chen Committed by Khalid Elmously Feb 09, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

arch/x86/kvm/vmx.c arch/x86/kvm/vmx.c +5 -0

No files found.
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8600,6 +8600,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
 		vmx_set_interrupt_shadow(vcpu, 0);

 	atomic_switch_perf_msrs(vmx);
+
+	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+		add_atomic_switch_msr(vmx, MSR_IA32_SPEC_CTRL,
+			vcpu->arch.spec_ctrl, FEATURE_ENABLE_IBRS);
+
 	debugctlmsr = get_debugctlmsr();

 	vmx->__launched = vmx->loaded_vmcs->launched;