KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (fc02735b) · Commits · CodeLinaro / lc / chromiumos / third_party / kernel · GitLab

Snippets Groups Projects

Commit fc02735b authored 2 years ago by Josh Poimboeuf Committed by Borislav Petkov 2 years ago

KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS


On eIBRS systems, the returns in the vmexit return path from
__vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks.

Fix that by moving the post-vmexit spec_ctrl handling to immediately
after the vmexit.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>

parent bb066506

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 73 additions and 31 deletions

CodeLinaro @codelinaro
mentioned in commit 0cbd5905
· 2 years ago

mentioned in commit 0cbd5905

mentioned in commit 0cbd5905c8f3b5da498c21c4deee347622b3420b

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit d0caa861
· 2 years ago

mentioned in commit d0caa861

mentioned in commit d0caa861a836fe4d85749e8a8d16623bb91b39d3

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 5269be91
· 2 years ago

mentioned in commit 5269be91

mentioned in commit 5269be9111e2b66572e78647f2e8948f7fc96466

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit abf88ff1
· 2 years ago

mentioned in commit abf88ff1

mentioned in commit abf88ff13414f3991b35c295c4b564c31e3cb2b0

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 799cc46e
· 2 years ago

mentioned in commit 799cc46e

mentioned in commit 799cc46e9072494a9b9246b130fce3034aff16f5

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit ccf55e52
· 2 years ago

mentioned in commit ccf55e52

mentioned in commit ccf55e5250f32890a749ab8a03fae76dcd9b9ed7

Toggle commit list

Please register or to comment