Commit 0fb559a5 authored by Daniel Sneddon's avatar Daniel Sneddon Committed by Zeng Heng
Browse files

KVM: Add GDS_NO support to KVM 

stable inclusion
from stable-v4.19.292
commit 648114eea913739f911768b63dfe51cb621a663a
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7XLNT
CVE: CVE-2022-40982

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=648114eea913739f911768b63dfe51cb621a663a



---------------------------

commit 648114eea913739f911768b63dfe51cb621a663a upstream

Gather Data Sampling (GDS) is a transient execution attack using
gather instructions from the AVX2 and AVX512 extensions. This attack
allows malicious code to infer data that was previously stored in
vector registers. Systems that are not vulnerable to GDS will set the
GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
guests that may think they are on vulnerable systems that are, in
fact, not affected. Guests that are running on affected hosts where
the mitigation is enabled are protected as if they were running
on an unaffected system.

On all hosts that are not affected or that are mitigated, set the
GDS_NO bit.

Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZeng Heng <zengheng4@huawei.com>
parent 545fbdbf

arch/x86/kernel/cpu/bugs.c

+7 −0
Original line number Diff line number Diff line
@@ -667,6 +667,13 @@ static const char * const gds_strings[] = { 
	[GDS_MITIGATION_HYPERVISOR]	= "Unknown: Dependent on hypervisor status",

};



bool gds_ucode_mitigated(void)

{

	return (gds_mitigation == GDS_MITIGATION_FULL ||

		gds_mitigation == GDS_MITIGATION_FULL_LOCKED);

}

EXPORT_SYMBOL_GPL(gds_ucode_mitigated);



void update_gds_msr(void)

{

	u64 mcu_ctrl_after;

arch/x86/kvm/x86.c

+5 −0
Original line number Diff line number Diff line
@@ -266,6 +266,8 @@ struct dfx_kvm_stats_debugfs_item dfx_debugfs_entries[] = { 


u64 __read_mostly host_xcr0;



extern bool gds_ucode_mitigated(void);



static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);



static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
@@ -1240,6 +1242,9 @@ u64 kvm_get_arch_capabilities(void) 
	/* Guests don't need to know "Fill buffer clear control" exists */

	data &= ~ARCH_CAP_FB_CLEAR_CTRL;



	if (!boot_cpu_has_bug(X86_BUG_GDS) || gds_ucode_mitigated())

		data |= ARCH_CAP_GDS_NO;



	return data;

}