KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS

commit fc02735b14fff8c6678b521d324ade27b1a3d4cf upstream. On eIBRS systems, the returns in the vmexit return path from __vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks. Fix that by moving the post-vmexit spec_ctrl handling to immediately after the vmexit. Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Josh Poimboeuf <jpoimboe@kernel.org> 2022-06-15 00:16:13 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-25 12:26:48 +0300
commit: 5269be9111e2b66572e78647f2e8948f7fc96466 (patch)
tree: 933dfae3d09ac18545c49d024c4f7f1133bedd43 /arch/x86/include
parent: 84061fff2ad98a7809f00e88a54f584f84830388 (diff)
download: linux-5269be9111e2b66572e78647f2e8948f7fc96466.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 3382f59a1e03..f50a18d62ad7 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -275,6 +275,7 @@ static inline void indirect_branch_prediction_barrier(void)
 
 /* The Intel SPEC CTRL MSR base value cache */
 extern u64 x86_spec_ctrl_base;
+extern u64 x86_spec_ctrl_current;
 extern void write_spec_ctrl_current(u64 val, bool force);
 extern u64 spec_ctrl_current(void);
author	Josh Poimboeuf <jpoimboe@kernel.org>	2022-06-15 00:16:13 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-25 12:26:48 +0300
commit	5269be9111e2b66572e78647f2e8948f7fc96466 (patch)
tree	933dfae3d09ac18545c49d024c4f7f1133bedd43 /arch/x86/include
parent	84061fff2ad98a7809f00e88a54f584f84830388 (diff)
download	linux-5269be9111e2b66572e78647f2e8948f7fc96466.tar.xz