x86/svm: Set IBRS value on VM entry and exit

CVE-2017-5753 CVE-2017-5715 Set/restore the guests IBRS value on VM entry. On VM exit back to the kernel save the guest IBRS value and then set IBRS to 1. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f) Signed-off-by: Andy Whitcroft <apw@canonical.com>

x86/svm: Set IBRS value on VM entry and exit
CVE-2017-5753 CVE-2017-5715 Set/restore the guests IBRS value on VM entry. On VM exit back to the kernel save the guest IBRS value and then set IBRS to 1. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f) Signed-off-by: Andy Whitcroft <apw@canonical.com>
d3d0f0a2 · Tom Lendacky · Marcelo Henrique Cerri · 750beb6c · d3d0f0a2
Commit d3d0f0a2 authored Dec 20, 2017 by Tom Lendacky Committed by Marcelo Henrique Cerri Jan 12, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

arch/x86/kvm/svm.c arch/x86/kvm/svm.c +17 -0

No files found.
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -138,6 +138,8 @@ struct vcpu_svm {

 	u64 next_rip;

+	u64 spec_ctrl;
+
 	u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
 	struct {
 		u16 fs;
@@ -3052,6 +3054,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_VM_CR:
 		msr_info->data = svm->nested.vm_cr_msr;
 		break;
+	case MSR_IA32_SPEC_CTRL:
+		msr_info->data = svm->spec_ctrl;
+		break;
 	case MSR_IA32_UCODE_REV:
 		msr_info->data = 0x01000065;
 		break;
@@ -3188,6 +3193,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 	case MSR_VM_IGNNE:
 		vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
 		break;
+	case MSR_IA32_SPEC_CTRL:
+		svm->spec_ctrl = data;
+		break;
 	default:
 		return kvm_set_msr_common(vcpu, msr);
 	}
@@ -3826,6 +3834,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)

 	local_irq_enable();

+	if (ibrs_inuse && (svm->spec_ctrl != FEATURE_ENABLE_IBRS))
+		wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
+
 	asm volatile (
 		"push %%" _ASM_BP "; \n\t"
 		"mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
@@ -3899,6 +3910,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 #endif
 		);

+	if (ibrs_inuse) {
+		rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
+		if (svm->spec_ctrl != FEATURE_ENABLE_IBRS)
+			wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
+	}
+
 #ifdef CONFIG_X86_64
 	wrmsrl(MSR_GS_BASE, svm->host.gs_base);
 #else