system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-03 18:00:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/arch/x86
History
Rick Edgecombe f2fde6a5bc KVM: VMX: Move RSB stuffing to before the first RET after VM-Exit 
The not-so-recent change to move VMX's VM-Exit handing to a dedicated
"function" unintentionally exposed KVM to a speculative attack from the
guest by executing a RET prior to stuffing the RSB.  Make RSB stuffing
happen immediately after VM-Exit, before any unpaired returns.

Alternatively, the VM-Exit path could postpone full RSB stuffing until
its current location by stuffing the RSB only as needed, or by avoiding
returns in the VM-Exit path entirely, but both alternatives are beyond
ugly since vmx_vmexit() has multiple indirect callers (by way of
vmx_vmenter()).  And putting the RSB stuffing immediately after VM-Exit
makes it much less likely to be re-broken in the future.

Note, the cost of PUSH/POP could be avoided in the normal flow by
pairing the PUSH RAX with the POP RAX in __vmx_vcpu_run() and adding an
a POP to nested_vmx_check_vmentry_hw(), but such a weird/subtle
dependency is likely to cause problems in the long run, and PUSH/POP
will take all of a few cycles, which is peanuts compared to the number
of cycles required to fill the RSB.

Fixes: 453eafbe65 ("KVM: VMX: Move VM-Enter + VM-Exit handling to non-inline sub-routines")
Reported-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-04-27 09:48:52 +02:00
..
boot x86/boot: Fix incorrect ifdeffery scope 2019-03-27 14:00:51 +01:00
configs Merge branch 'akpm' (patches from Andrew) 2019-03-07 19:25:37 -08:00
crypto crypto: x86/poly1305 - Clear key material from stack in SSE2 variant 2019-02-28 14:17:59 +08:00
entry pidfd patches for v5.1-rc1 2019-03-16 13:47:14 -07:00
events perf/x86/intel: Make dev_attr_allow_tsx_force_abort static 2019-03-17 08:40:18 +01:00
hyperv x86/hyperv: Prevent potential NULL pointer dereference 2019-03-21 12:24:39 +01:00
ia32 a.out: remove core dumping support 2019-03-05 10:00:35 -08:00
include KVM: x86: Open code kvm_set_hflags 2019-04-16 15:37:36 +02:00
kernel x86/resctrl: Remove unused variable 2019-03-24 22:09:27 +01:00
kvm KVM: VMX: Move RSB stuffing to before the first RET after VM-Exit 2019-04-27 09:48:52 +02:00
lib x86/lib: Fix indentation issue, remove extra tab 2019-03-21 12:24:38 +01:00
math-emu Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
mm x86/mm: Don't exceed the valid physical address space 2019-03-28 14:13:51 +01:00
net x32: bpf: implement jitting of JMP32 2019-01-26 13:33:02 -08:00
oprofile
pci x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub 2019-02-07 08:43:58 -06:00
platform x86/realmode: Make set_real_mode_mem() static inline 2019-03-29 10:16:27 +01:00
power mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
purgatory
ras
realmode x86/realmode: Make set_real_mode_mem() static inline 2019-03-29 10:16:27 +01:00
tools
um Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
video
xen Merge branch 'akpm' (patches from Andrew) 2019-03-12 10:39:53 -07:00
.gitignore
Kbuild KVM: x86: Allow Qemu/KVM to use PVH entry point 2018-12-13 13:41:49 -05:00
Kconfig x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y 2019-03-28 13:34:58 +01:00
Kconfig.cpu
Kconfig.debug efi/x86: Convert x86 EFI earlyprintk into generic earlycon implementation 2019-02-04 08:27:30 +01:00
Makefile x86/retpolines: Disable switch jump tables when retpolines are enabled 2019-03-28 13:39:48 +01:00
Makefile.um x86, powerpc: Remove -funit-at-a-time compiler option entirely 2018-12-09 11:55:32 +01:00
Makefile_32.cpu