Commit e233ec08 authored by Tim Chen's avatar Tim Chen Committed by Marcelo Henrique Cerri

x86/kvm: Toggle IBRS on VM entry and exit

CVE-2017-5753
CVE-2017-5715

Restore guest IBRS on VM entry and set it to 1 on VM exit
back to kernel.
Signed-off-by: default avatarTim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
(cherry picked from commit 08aeb17b6385ac5b82d73753ac43cc8c7cff5d5c)
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
parent 30907f82
...@@ -8599,6 +8599,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) ...@@ -8599,6 +8599,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
vmx_set_interrupt_shadow(vcpu, 0); vmx_set_interrupt_shadow(vcpu, 0);
atomic_switch_perf_msrs(vmx); atomic_switch_perf_msrs(vmx);
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
add_atomic_switch_msr(vmx, MSR_IA32_SPEC_CTRL,
vcpu->arch.spec_ctrl, FEATURE_ENABLE_IBRS);
debugctlmsr = get_debugctlmsr(); debugctlmsr = get_debugctlmsr();
vmx->__launched = vmx->loaded_vmcs->launched; vmx->__launched = vmx->loaded_vmcs->launched;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment