Commit c261aef7 authored Sep 20, 2022 by Josh Poimboeuf Committed by Zheng Zengkai Sep 20, 2022

KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS

stable inclusion
from stable-v5.10.133
commit 5269be9111e2b66572e78647f2e8948f7fc96466
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5PTAS
CVE: CVE-2022-29900,CVE-2022-23816,CVE-2022-29901

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5269be9111e2b66572e78647f2e8948f7fc96466



--------------------------------

commit fc02735b upstream.

On eIBRS systems, the returns in the vmexit return path from
__vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks.

Fix that by moving the post-vmexit spec_ctrl handling to immediately
after the vmexit.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

conflict:
	arch/x86/kvm/vmx/vmx.h

Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Reviewed-by: Zhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent decddf55

Show whitespace changes

Inline Side-by-side

Please to comment