From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Tom Lendacky Date: Wed, 20 Dec 2017 10:55:47 +0000 Subject: [PATCH] KVM: x86: Add speculative control CPUID support for guests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2017-5753 CVE-2017-5715 Provide the guest with the speculative control CPUID related values. Signed-off-by: Paolo Bonzini Signed-off-by: Tom Lendacky Signed-off-by: Andy Whitcroft Signed-off-by: Kleber Sacilotto de Souza (cherry picked from commit db7641e5f41cd517c4181ce90c4f9ecc93af4b2b) Signed-off-by: Fabian Grünbichler --- arch/x86/kvm/cpuid.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 19adbb418443..f64502d21a89 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -70,6 +70,7 @@ u64 kvm_supported_xcr0(void) /* These are scattered features in cpufeatures.h. */ #define KVM_CPUID_BIT_AVX512_4VNNIW 2 #define KVM_CPUID_BIT_AVX512_4FMAPS 3 +#define KVM_CPUID_BIT_SPEC_CTRL 26 #define KF(x) bit(KVM_CPUID_BIT_##x) int kvm_update_cpuid(struct kvm_vcpu *vcpu) @@ -387,7 +388,12 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, /* cpuid 7.0.edx*/ const u32 kvm_cpuid_7_0_edx_x86_features = - KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS); + KF(AVX512_4VNNIW) | KF(AVX512_4FMAPS) | + KF(SPEC_CTRL); + + /* cpuid 0x80000008.0.ebx */ + const u32 kvm_cpuid_80000008_0_ebx_x86_features = + F(IBPB); /* all calls to cpuid_count() should be made on the same cpu */ get_cpu(); @@ -622,7 +628,9 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, if (!g_phys_as) g_phys_as = phys_as; entry->eax = g_phys_as | (virt_as << 8); - entry->ebx = entry->edx = 0; + entry->ebx &= kvm_cpuid_80000008_0_ebx_x86_features; + cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX); + entry->edx = 0; break; } case 0x80000019: -- 2.14.2