diff options
Diffstat (limited to '0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch')
-rw-r--r-- | 0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch b/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch deleted file mode 100644 index f1400b8..0000000 --- a/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 8ae0b4d1331c14fb9e30a42987c0152c9b00f530 Mon Sep 17 00:00:00 2001 -From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Mon, 15 Aug 2022 15:40:05 +0200 -Subject: [PATCH 033/126] x86/spec-ctrl: Use IST RSB protection for !SVM - systems - -There is a corner case where a VT-x guest which manages to reliably trigger -non-fatal #MC's could evade the rogue RSB speculation protections that were -supposed to be in place. - -This is a lack of defence in depth; Xen does not architecturally execute more -RET than CALL instructions, so an attacker would have to locate a different -gadget (e.g. SpectreRSB) first to execute a transient path of excess RET -instructions. - -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -master commit: e570e8d520ab542d8d35666b95cb3a0125b7b110 -master date: 2022-08-05 12:16:24 +0100 ---- - xen/arch/x86/spec_ctrl.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c -index f7b0251c42bc..ac73806eacd8 100644 ---- a/xen/arch/x86/spec_ctrl.c -+++ b/xen/arch/x86/spec_ctrl.c -@@ -1279,8 +1279,24 @@ void __init init_speculation_mitigations(void) - * mappings. - */ - if ( opt_rsb_hvm ) -+ { - setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM); - -+ /* -+ * For SVM, Xen's RSB safety actions are performed before STGI, so -+ * behave atomically with respect to IST sources. -+ * -+ * For VT-x, NMIs are atomic with VMExit (the NMI gets queued but not -+ * delivered) whereas other IST sources are not atomic. Specifically, -+ * #MC can hit ahead the RSB safety action in the vmexit path. -+ * -+ * Therefore, it is necessary for the IST logic to protect Xen against -+ * possible rogue RSB speculation. -+ */ -+ if ( !cpu_has_svm ) -+ default_spec_ctrl_flags |= SCF_ist_rsb; -+ } -+ - ibpb_calculations(); - - /* Check whether Eager FPU should be enabled by default. */ --- -2.37.4 - |