Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch
diff options
context:
space:
mode:
Diffstat (limited to '0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch')
-rw-r--r--0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch55
1 files changed, 0 insertions, 55 deletions
diff --git a/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch b/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch
deleted file mode 100644
index f1400b8..0000000
--- a/0033-x86-spec-ctrl-Use-IST-RSB-protection-for-SVM-systems.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 8ae0b4d1331c14fb9e30a42987c0152c9b00f530 Mon Sep 17 00:00:00 2001
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Date: Mon, 15 Aug 2022 15:40:05 +0200
-Subject: [PATCH 033/126] x86/spec-ctrl: Use IST RSB protection for !SVM
- systems
-
-There is a corner case where a VT-x guest which manages to reliably trigger
-non-fatal #MC's could evade the rogue RSB speculation protections that were
-supposed to be in place.
-
-This is a lack of defence in depth; Xen does not architecturally execute more
-RET than CALL instructions, so an attacker would have to locate a different
-gadget (e.g. SpectreRSB) first to execute a transient path of excess RET
-instructions.
-
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-master commit: e570e8d520ab542d8d35666b95cb3a0125b7b110
-master date: 2022-08-05 12:16:24 +0100
----
- xen/arch/x86/spec_ctrl.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
-index f7b0251c42bc..ac73806eacd8 100644
---- a/xen/arch/x86/spec_ctrl.c
-+++ b/xen/arch/x86/spec_ctrl.c
-@@ -1279,8 +1279,24 @@ void __init init_speculation_mitigations(void)
- * mappings.
- */
- if ( opt_rsb_hvm )
-+ {
- setup_force_cpu_cap(X86_FEATURE_SC_RSB_HVM);
-
-+ /*
-+ * For SVM, Xen's RSB safety actions are performed before STGI, so
-+ * behave atomically with respect to IST sources.
-+ *
-+ * For VT-x, NMIs are atomic with VMExit (the NMI gets queued but not
-+ * delivered) whereas other IST sources are not atomic. Specifically,
-+ * #MC can hit ahead the RSB safety action in the vmexit path.
-+ *
-+ * Therefore, it is necessary for the IST logic to protect Xen against
-+ * possible rogue RSB speculation.
-+ */
-+ if ( !cpu_has_svm )
-+ default_spec_ctrl_flags |= SCF_ist_rsb;
-+ }
-+
- ibpb_calculations();
-
- /* Check whether Eager FPU should be enabled by default. */
---
-2.37.4
-