projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb06650) | patch
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
authorJosh Poimboeuf <jpoimboe@kernel.org>
Tue, 14 Jun 2022 21:16:13 +0000 (23:16 +0200)
committerBorislav Petkov <bp@suse.de>
Mon, 27 Jun 2022 08:34:00 +0000 (10:34 +0200)
commitfc02735b14fff8c6678b521d324ade27b1a3d4cf
tree9be32b1a805858cab02c043a740b2bab8f45a15ctree | snapshot
parentbb06650634d3552c0f8557e9d16aa1a408040e28commit | diff
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS

On eIBRS systems, the returns in the vmexit return path from
__vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks.

Fix that by moving the post-vmexit spec_ctrl handling to immediately
after the vmexit.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
arch/x86/include/asm/nospec-branch.h diff | blob | history
arch/x86/kernel/cpu/bugs.c diff | blob | history
arch/x86/kvm/vmx/run_flags.h diff | blob | history
arch/x86/kvm/vmx/vmenter.S diff | blob | history
arch/x86/kvm/vmx/vmx.c diff | blob | history
arch/x86/kvm/vmx/vmx.h diff | blob | history
Domain: System / Kernel;