Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
							From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <[email protected]>
Date: Wed, 20 Dec 2017 10:55:47 +0000
Subject: [PATCH] KVM: x86: Add speculative control CPUID support for guests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5753
CVE-2017-5715

Provide the guest with the speculative control CPUID related values.

Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Tom Lendacky <[email protected]>
Signed-off-by: Andy Whitcroft <[email protected]>
Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
(cherry picked from commit db7641e5f41cd517c4181ce90c4f9ecc93af4b2b)
Signed-off-by: Fabian Grünbichler <[email protected]>
---
 arch/x86/kvm/cpuid.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 19adbb418443..f64502d21a89 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -70,6 +70,7 @@ u64 kvm_supported_xcr0(void)
 /* These are scattered features in cpufeatures.h. */
 #define KVM_CPUID_BIT_AVX512_4VNNIW     2
 #define KVM_CPUID_BIT_AVX512_4FMAPS     3
+#define KVM_CPUID_BIT_SPEC_CTRL		26
 #define KF(x) bit(KVM_CPUID_BIT_##x)
 
 int kvm_update_cpuid(struct kvm_vcpu *vcpu)
@@ -387,7 +388,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 
 	/* cpuid 7.0.edx*/
 	const u32 kvm_cpuid_7_0_edx_x86_features =
-		KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS);
+		KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS) |
+		KF(SPEC_CTRL);
+
+	/* cpuid 0x80000008.0.ebx */
+	const u32 kvm_cpuid_80000008_0_ebx_x86_features =
+		F(IBPB);
 
 	/* all calls to cpuid_count() should be made on the same cpu */
 	get_cpu();
@@ -622,7 +628,9 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		if (!g_phys_as)
 			g_phys_as = phys_as;
 		entry->eax = g_phys_as | (virt_as << 8);
-		entry->ebx = entry->edx = 0;
+		entry->ebx &= kvm_cpuid_80000008_0_ebx_x86_features;
+		cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
+		entry->edx = 0;
 		break;
 	}
 	case 0x80000019:
-- 
2.14.2