Commit ae47c781 authored by Tom Lendacky's avatar Tom Lendacky Committed by Khalid Elmously

x86/svm: Set IBPB when running a different VCPU

CVE-2017-5715 (Spectre v2 Intel)

Set IBPB (Indirect Branch Prediction Barrier) when the current CPU is
going to run a VCPU different from what was previously run.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
(backported from commit bb6edde44a0529ec52618c97a281719d968aaeab)
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent 38a6e4c9
No related merge requests found
...@@ -415,6 +415,8 @@ struct svm_cpu_data { ...@@ -415,6 +415,8 @@ struct svm_cpu_data {
struct kvm_ldttss_desc *tss_desc; struct kvm_ldttss_desc *tss_desc;
struct page *save_area; struct page *save_area;
struct vmcb *current_vmcb;
}; };
static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data); static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
...@@ -1214,11 +1216,19 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu) ...@@ -1214,11 +1216,19 @@ static void svm_free_vcpu(struct kvm_vcpu *vcpu)
__free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER);
kvm_vcpu_uninit(vcpu); kvm_vcpu_uninit(vcpu);
kmem_cache_free(kvm_vcpu_cache, svm); kmem_cache_free(kvm_vcpu_cache, svm);
/*
* The VMCB could be recycled, causing a false negative in svm_vcpu_load;
* block speculative execution.
*/
if (ibpb_inuse)
wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
} }
static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
{ {
struct vcpu_svm *svm = to_svm(vcpu); struct vcpu_svm *svm = to_svm(vcpu);
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
int i; int i;
if (unlikely(cpu != vcpu->cpu)) { if (unlikely(cpu != vcpu->cpu)) {
...@@ -1243,6 +1253,12 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) ...@@ -1243,6 +1253,12 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio); wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio);
} }
} }
if (sd->current_vmcb != svm->vmcb) {
sd->current_vmcb = svm->vmcb;
if (ibpb_inuse)
wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
}
} }
static void svm_vcpu_put(struct kvm_vcpu *vcpu) static void svm_vcpu_put(struct kvm_vcpu *vcpu)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment