Commit 141aaec4 authored by Borislav Petkov (AMD)'s avatar Borislav Petkov (AMD) Committed by Jialin Zhang
Browse files

x86/srso: Add IBPB on VMEXIT 

stable inclusion
from stable-v5.10.189
commit 384d41bea948a18288aff668b7bdf3b522b7bf73
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7RQ67
CVE: CVE-2023-20569

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=384d41bea948a18288aff668b7bdf3b522b7bf73



--------------------------------

Upstream commit: d893832d

Add the option to flush IBPB only on VMEXIT in order to protect from
malicious guests but one otherwise trusts the software that runs on the
hypervisor.

Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parent a960084b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment