Commit d3d0f0a2 authored by Tom Lendacky's avatar Tom Lendacky Committed by Marcelo Henrique Cerri

x86/svm: Set IBRS value on VM entry and exit

CVE-2017-5753
CVE-2017-5715

Set/restore the guests IBRS value on VM entry. On VM exit back to the
kernel save the guest IBRS value and then set IBRS to 1.
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
(backported from commit ae47b6df435ae255747a9aa1a5520bd9ef01005f)
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
parent 750beb6c
...@@ -138,6 +138,8 @@ struct vcpu_svm { ...@@ -138,6 +138,8 @@ struct vcpu_svm {
u64 next_rip; u64 next_rip;
u64 spec_ctrl;
u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS]; u64 host_user_msrs[NR_HOST_SAVE_USER_MSRS];
struct { struct {
u16 fs; u16 fs;
...@@ -3052,6 +3054,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) ...@@ -3052,6 +3054,9 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
case MSR_VM_CR: case MSR_VM_CR:
msr_info->data = svm->nested.vm_cr_msr; msr_info->data = svm->nested.vm_cr_msr;
break; break;
case MSR_IA32_SPEC_CTRL:
msr_info->data = svm->spec_ctrl;
break;
case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_REV:
msr_info->data = 0x01000065; msr_info->data = 0x01000065;
break; break;
...@@ -3188,6 +3193,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) ...@@ -3188,6 +3193,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
case MSR_VM_IGNNE: case MSR_VM_IGNNE:
vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data); vcpu_unimpl(vcpu, "unimplemented wrmsr: 0x%x data 0x%llx\n", ecx, data);
break; break;
case MSR_IA32_SPEC_CTRL:
svm->spec_ctrl = data;
break;
default: default:
return kvm_set_msr_common(vcpu, msr); return kvm_set_msr_common(vcpu, msr);
} }
...@@ -3826,6 +3834,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -3826,6 +3834,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
local_irq_enable(); local_irq_enable();
if (ibrs_inuse && (svm->spec_ctrl != FEATURE_ENABLE_IBRS))
wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
asm volatile ( asm volatile (
"push %%" _ASM_BP "; \n\t" "push %%" _ASM_BP "; \n\t"
"mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t" "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t"
...@@ -3899,6 +3910,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -3899,6 +3910,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif #endif
); );
if (ibrs_inuse) {
rdmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
if (svm->spec_ctrl != FEATURE_ENABLE_IBRS)
wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
}
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
wrmsrl(MSR_GS_BASE, svm->host.gs_base); wrmsrl(MSR_GS_BASE, svm->host.gs_base);
#else #else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment