KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (fc02735b) · Commits · Mirrors / github.com / sifive_riscv-linux

Commit fc02735b authored Jun 14, 2022 by

Josh Poimboeuf Committed by Borislav Petkov Jun 27, 2022

KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS



On eIBRS systems, the returns in the vmexit return path from
__vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks.

Fix that by moving the post-vmexit spec_ctrl handling to immediately
after the vmexit.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>

parent bb066506

Hide whitespace changes

Inline Side-by-side

Please register or to comment