Commit e08b6ec9 authored by Tim Chen's avatar Tim Chen Committed by Khalid Elmously

x86/kvm: Set IBPB when switching VM

CVE-2017-5715 (Spectre v2 Intel)

Set IBPB (Indirect branch prediction barrier) when switching VM.
Signed-off-by: default avatarTim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
(backported from commit 472524f41206beb0a29c08f10689648a3dcd7707)
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent f676aa34
...@@ -1337,6 +1337,7 @@ static void vmcs_load(struct vmcs *vmcs) ...@@ -1337,6 +1337,7 @@ static void vmcs_load(struct vmcs *vmcs)
if (error) if (error)
printk(KERN_ERR "kvm: vmptrld %p/%llx failed\n", printk(KERN_ERR "kvm: vmptrld %p/%llx failed\n",
vmcs, phys_addr); vmcs, phys_addr);
} }
#ifdef CONFIG_KEXEC_CORE #ifdef CONFIG_KEXEC_CORE
...@@ -2050,6 +2051,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) ...@@ -2050,6 +2051,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) {
per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs;
vmcs_load(vmx->loaded_vmcs->vmcs); vmcs_load(vmx->loaded_vmcs->vmcs);
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
} }
if (vmx->loaded_vmcs->cpu != cpu) { if (vmx->loaded_vmcs->cpu != cpu) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment