KVM/VMX: Move VERW closer to VMentry for MDS mitigation - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>	2024-02-14 05:22:56 +0300
committer	Dave Hansen <dave.hansen@linux.intel.com>	2024-02-20 03:31:59 +0300
commit	43fb862de8f628c5db5e96831c915b9aebf62d33 (patch)
tree	58d54fe10d9b573bd9d977e3455bcb79ae06796a /arch/x86/entry/entry_32.S
parent	706a189dcf74d3b3f955e9384785e726ed6c7c80 (diff)
download	linux-43fb862de8f628c5db5e96831c915b9aebf62d33.tar.xz

KVM/VMX: Move VERW closer to VMentry for MDS mitigation

During VMentry VERW is executed to mitigate MDS. After VERW, any memory access like register push onto stack may put host data in MDS affected CPU buffers. A guest can then use MDS to sample host data. Although likelihood of secrets surviving in registers at current VERW callsite is less, but it can't be ruled out. Harden the MDS mitigation by moving the VERW mitigation late in VMentry path. Note that VERW for MMIO Stale Data mitigation is unchanged because of the complexity of per-guest conditional VERW which is not easy to handle that late in asm with no GPRs available. If the CPU is also affected by MDS, VERW is unconditionally executed late in asm regardless of guest having MMIO access. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Sean Christopherson <seanjc@google.com> Link: https://lore.kernel.org/all/20240213-delay-verw-v8-6-a6216d83edb7%40linux.intel.com

Diffstat (limited to 'arch/x86/entry/entry_32.S')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: