AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
d721986e96
kernel_optimize_test/tools
History
Pawan Gupta bde15fdcce KVM: x86/speculation: Disable Fill buffer clear within guests 
commit 027bbb884be006b05d9c577d6401686053aa789e upstream

The enumeration of MD_CLEAR in CPUID(EAX=7,ECX=0).EDX{bit 10} is not an
accurate indicator on all CPUs of whether the VERW instruction will
overwrite fill buffers. FB_CLEAR enumeration in
IA32_ARCH_CAPABILITIES{bit 17} covers the case of CPUs that are not
vulnerable to MDS/TAA, indicating that microcode does overwrite fill
buffers.

Guests running in VMM environments may not be aware of all the
capabilities/vulnerabilities of the host CPU. Specifically, a guest may
apply MDS/TAA mitigations when a virtual CPU is enumerated as vulnerable
to MDS/TAA even when the physical CPU is not. On CPUs that enumerate
FB_CLEAR_CTRL the VMM may set FB_CLEAR_DIS to skip overwriting of fill
buffers by the VERW instruction. This is done by setting FB_CLEAR_DIS
during VMENTER and resetting on VMEXIT. For guests that enumerate
FB_CLEAR (explicitly asking for fill buffer clear capability) the VMM
will not use FB_CLEAR_DIS.

Irrespective of guest state, host overwrites CPU buffers before VMENTER
to protect itself from an MMIO capable guest, as part of mitigation for
MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-16 13:27:59 +02:00
..
accounting
arch KVM: x86/speculation: Disable Fill buffer clear within guests 2022-06-16 13:27:59 +02:00
bootconfig tools/bootconfig: Fix tracing_on option checking in ftrace2bconf.sh 2021-09-26 14:08:59 +02:00
bpf tools/resolve_btfids: Do not print any commands when building silently 2022-02-08 18:30:39 +01:00
build tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts 2022-04-13 21:01:10 +02:00
cgroup tools/cgroup/slabinfo.py: updated to work on current kernel 2021-05-07 11:04:31 +02:00
debugging
edid
firewire
firmware
gpio tools: gpio: fix %llu warning in gpio-watch.c 2021-01-27 11:55:20 +01:00
hv tools: hv: change http to https in hv_kvp_daemon.c 2020-07-06 10:46:23 +00:00
iio iio: add IIO_MOD_O2 modifier 2020-08-22 10:53:12 +01:00
include bpf: Fix comment for helper bpf_current_task_under_cgroup() 2022-04-08 14:40:43 +02:00
io_uring tools/io_uring: fix compile breakage 2020-09-21 07:50:58 -06:00
kvm/kvm_stat tools/kvm_stat: Add restart delay 2021-04-16 11:43:20 +02:00
laptop
leds
lib libbpf: Fix logic for finding matching program for CO-RE relocation 2022-06-09 10:21:03 +02:00
memory-model tools/memory-model: Expand the cheatsheet.txt notion of relaxed 2020-09-04 11:58:15 -07:00
objtool objtool: Fix static_call list generation 2021-11-18 14:04:02 +01:00
pci
pcmcia
perf perf c2c: Fix sorting in percent_rmt_hitm_cmp() 2022-06-14 18:32:37 +02:00
power tools/power turbostat: fix ICX DRAM power numbers 2022-06-09 10:20:51 +02:00
scripts tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include 2021-07-31 08:16:10 +02:00
spi
testing netfilter: nat: really support inet nat without l3 address 2022-06-14 18:32:39 +02:00
thermal/tmon tools/thermal/tmon: Add cross compiling support 2021-09-18 13:40:07 +02:00
time
usb usb: testusb: Fix for showing the connection speed 2021-10-09 14:40:56 +02:00
virtio tools/virtio: compile with -pthread 2022-05-25 09:17:53 +02:00
vm tools/vm/page-types: remove dependency on opt_file for idle page tracking 2021-10-09 14:40:57 +02:00
wmi
Makefile bpf: Compile resolve_btfids tool at kernel compilation start 2020-07-13 10:42:02 -07:00