Commit f52a3871 authored Sep 20, 2022 by Josh Poimboeuf Committed by Zheng Zengkai Sep 20, 2022

KVM: VMX: Fix IBRS handling after vmexit

stable inclusion
from stable-v5.10.133
commit 47ae76fb27398e867980d63789058ff7c4f12a35
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5PTAS
CVE: CVE-2022-29900,CVE-2022-23816,CVE-2022-29901

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47ae76fb27398e867980d63789058ff7c4f12a35



--------------------------------

commit bea7e31a upstream.

For legacy IBRS to work, the IBRS bit needs to be always re-written
after vmexit, even if it's already on.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Reviewed-by: Zhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent c261aef7

arch/x86/kvm/vmx/vmx.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -6834,8 +6834,13 @@ void noinstr vmx_spec_ctrl_restore_host(struct vcpu_vmx *vmx,

		/*
		* If the guest/host SPEC_CTRL values differ, restore the host value.
		*
		* For legacy IBRS, the IBRS bit always needs to be written after
		* transitioning from a less privileged predictor mode, regardless of
		* whether the guest/host values differ.
		*/
		if (vmx->spec_ctrl != hostval)
		if (cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS) \|\|
		vmx->spec_ctrl != hostval)
		native_wrmsrl(MSR_IA32_SPEC_CTRL, hostval);

		barrier_nospec();