mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 10:31:08 +00:00
Code Issues Releases Wiki Activity
linux-stable/tools/arch
History
Pawan Gupta 59d665a709 KVM: x86/speculation: Disable Fill buffer clear within guests 
commit 027bbb884b upstream

The enumeration of MD_CLEAR in CPUID(EAX=7,ECX=0).EDX{bit 10} is not an
accurate indicator on all CPUs of whether the VERW instruction will
overwrite fill buffers. FB_CLEAR enumeration in
IA32_ARCH_CAPABILITIES{bit 17} covers the case of CPUs that are not
vulnerable to MDS/TAA, indicating that microcode does overwrite fill
buffers.

Guests running in VMM environments may not be aware of all the
capabilities/vulnerabilities of the host CPU. Specifically, a guest may
apply MDS/TAA mitigations when a virtual CPU is enumerated as vulnerable
to MDS/TAA even when the physical CPU is not. On CPUs that enumerate
FB_CLEAR_CTRL the VMM may set FB_CLEAR_DIS to skip overwriting of fill
buffers by the VERW instruction. This is done by setting FB_CLEAR_DIS
during VMENTER and resetting on VMEXIT. For guests that enumerate
FB_CLEAR (explicitly asking for fill buffer clear capability) the VMM
will not use FB_CLEAR_DIS.

Irrespective of guest state, host overwrites CPU buffers before VMENTER
to protect itself from an MMIO capable guest, as part of mitigation for
MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-16 13:30:34 +02:00
..
alpha/include tools headers uapi: Sync asm-generic/mman-common.h and linux/mman.h 2019-03-28 14:31:56 -03:00
arc/include/uapi/asm tools arch uapi: Copy missing unistd.h headers for arc, hexagon and riscv 2019-05-02 16:00:20 -04:00
arm/include tools headers kvm: Sync kvm headers with the kernel sources 2019-12-02 12:54:13 -03:00
arm64/include tools headers UAPI: Sync files changed by the memfd_secret new syscall 2021-07-14 10:05:35 -03:00
csky/include/uapi/asm csky: Add support for libdw 2019-05-15 16:36:46 -03:00
h8300/include
hexagon/include/uapi/asm tools arch uapi: Copy missing unistd.h headers for arc, hexagon and riscv 2019-05-02 16:00:20 -04:00
ia64/include ia64: tools: remove duplicate definition of ia64_mf() on ia64 2021-04-16 16:10:37 -07:00
microblaze/include/uapi/asm
mips/include perf tools: Copy uapi/asm/perf_regs.h from the kernel for MIPS 2021-06-01 10:07:46 -03:00
parisc/include/uapi/asm parisc: Add MAP_UNINITIALIZED define 2020-10-15 08:10:39 +02:00
powerpc/include tools include UAPI powerpc: Sync errno.h with the kernel headers 2021-05-10 09:01:00 -03:00
riscv/include/uapi/asm Replace HTTP links with HTTPS ones: RISC-V 2020-07-30 11:37:40 -07:00
s390/include tools headers UAPI s390: Sync ptrace.h kernel headers 2021-03-06 16:54:23 -03:00
sh/include sh: remove sh5 support 2020-06-01 14:48:52 -04:00
sparc/include tools headers UAPI: Update tools's copy of mman.h headers 2019-07-29 09:02:58 -03:00
x86 KVM: x86/speculation: Disable Fill buffer clear within guests 2022-06-16 13:30:34 +02:00
xtensa/include tools headers uapi: Sync asm-generic/mman-common.h and linux/mman.h 2019-03-28 14:31:56 -03:00