forge/pve-kernel-thunderx
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update Spectre KVM PoC fix for AMD

Browse source
This commit is contained in:
Fabian Grünbichler 2018-01-08 10:58:15 +01:00
parent 04f3b8beca
commit 76ec7e5931
10 changed files with 44 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
patches/kernel/0232-kvm-vmx-Scrub-hardware-GPRs-at-VM-exit.patch
View file

@ -1,4 +1,4 @@
From c59a61438e9a8f24a50171ac9d3b98e8f3719d07 Mon Sep 17 00:00:00 2001
From 711a55c9d58955a2bfca89cd25935ca607e49bc0 Mon Sep 17 00:00:00 2001
From: Jim Mattson <jmattson@google.com>
Date: Wed, 3 Jan 2018 14:31:38 -0800
Subject: [PATCH 232/241] kvm: vmx: Scrub hardware GPRs at VM-exit
@ -18,11 +18,44 @@ Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Eric Northup <digitaleric@google.com>
Reviewed-by: Benjamin Serebrin <serebrin@google.com>
Reviewed-by: Andrew Honig <ahonig@google.com>
[Paolo: Add AMD bits, Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
arch/x86/kvm/svm.c | 19 +++++++++++++++++++
arch/x86/kvm/vmx.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
2 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index af09baa3d736..92cd94d51e1f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -4924,6 +4924,25 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
"mov %%r13, %c[r13](%[svm]) \n\t"
"mov %%r14, %c[r14](%[svm]) \n\t"
"mov %%r15, %c[r15](%[svm]) \n\t"
+#endif
+ /*
+ * Clear host registers marked as clobbered to prevent
+ * speculative use.
+ */
+ "xor %%" _ASM_BX ", %%" _ASM_BX " \n\t"
+ "xor %%" _ASM_CX ", %%" _ASM_CX " \n\t"
+ "xor %%" _ASM_DX ", %%" _ASM_DX " \n\t"
+ "xor %%" _ASM_SI ", %%" _ASM_SI " \n\t"
+ "xor %%" _ASM_DI ", %%" _ASM_DI " \n\t"
+#ifdef CONFIG_X86_64
+ "xor %%r8, %%r8 \n\t"
+ "xor %%r9, %%r9 \n\t"
+ "xor %%r10, %%r10 \n\t"
+ "xor %%r11, %%r11 \n\t"
+ "xor %%r12, %%r12 \n\t"
+ "xor %%r13, %%r13 \n\t"
+ "xor %%r14, %%r14 \n\t"
+ "xor %%r15, %%r15 \n\t"
#endif
"pop %%" _ASM_BP
:
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index d61986a36575..9b4256fd589a 100644
--- a/arch/x86/kvm/vmx.c

2
patches/kernel/0233-objtool-use-sh-to-invoke-sync-check.sh-in-the-Makefi.patch
View file

@ -1,4 +1,4 @@
From a87e8a4126593de7ea94dcc2695f6cd879656c26 Mon Sep 17 00:00:00 2001
From 4047df49cf44e46d8a213373a8bd5949fd4ef4a6 Mon Sep 17 00:00:00 2001
From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Date: Sat, 6 Jan 2018 17:50:34 -0200
Subject: [PATCH 233/241] objtool: use sh to invoke sync-check.sh in the

2
patches/kernel/0234-x86-tlb-Drop-the-_GPL-from-the-cpu_tlbstate-export.patch
View file

@ -1,4 +1,4 @@
From 6d702112480b7badb937ca28544c0d792f175aee Mon Sep 17 00:00:00 2001
From 2b75ea581156c7f6d53cf736167e2d32c7087af5 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 4 Jan 2018 22:19:04 +0100
Subject: [PATCH 234/241] x86/tlb: Drop the _GPL from the cpu_tlbstate export

2
patches/kernel/0235-x86-events-intel-ds-Use-the-proper-cache-flush-metho.patch
View file

@ -1,4 +1,4 @@
From c6f5260d936ad762ce457623aac1b261ed6c4714 Mon Sep 17 00:00:00 2001
From 35f252cc11a7fc0009caf1a088cbb5d47a60ab50 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <peterz@infradead.org>
Date: Thu, 4 Jan 2018 18:07:12 +0100
Subject: [PATCH 235/241] x86/events/intel/ds: Use the proper cache flush

2
patches/kernel/0236-x86-mm-Set-MODULES_END-to-0xffffffffff000000.patch
View file

@ -1,4 +1,4 @@
From 08716ab53e917eec6d51d4e53dfffbb25e0edd8e Mon Sep 17 00:00:00 2001
From 650929f1bdce50bab031b0886ae91d459edcd18e Mon Sep 17 00:00:00 2001
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
Date: Thu, 28 Dec 2017 19:06:20 +0300
Subject: [PATCH 236/241] x86/mm: Set MODULES_END to 0xffffffffff000000

2
patches/kernel/0237-x86-mm-Map-cpu_entry_area-at-the-same-place-on-4-5-l.patch
View file

@ -1,4 +1,4 @@
From 596ad95567b9dedff8b9f43b5ae18b1e3463da6b Mon Sep 17 00:00:00 2001
From 9ec7ffb2871c23d5c0961f0241bd118ca2395edb Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 4 Jan 2018 13:01:40 +0100
Subject: [PATCH 237/241] x86/mm: Map cpu_entry_area at the same place on 4/5

2
patches/kernel/0238-x86-kaslr-Fix-the-vaddr_end-mess.patch
View file

@ -1,4 +1,4 @@
From 6d7f23c421d2fc74c052c03fb9735effd98ef035 Mon Sep 17 00:00:00 2001
From 58d3cea9911d75f766b67dfc639405360b6ee6e5 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 4 Jan 2018 12:32:03 +0100
Subject: [PATCH 238/241] x86/kaslr: Fix the vaddr_end mess

2
patches/kernel/0239-x86-alternatives-Add-missing-n-at-end-of-ALTERNATIVE.patch
View file

@ -1,4 +1,4 @@
From 732d51fab3401054c84be53feec624c6c992fb3f Mon Sep 17 00:00:00 2001
From fe5fdc3484283039f5f7477874eeef1a26f2b6be Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw@amazon.co.uk>
Date: Thu, 4 Jan 2018 14:37:05 +0000
Subject: [PATCH 239/241] x86/alternatives: Add missing '\n' at end of

2
patches/kernel/0240-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
View file

@ -1,4 +1,4 @@
From 5462db3d070845ecc34929b6f25a87efda023aae Mon Sep 17 00:00:00 2001
From 309461b2f634fc18271468b4396551ddf6a1dba8 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 26 Dec 2017 23:43:54 -0600
Subject: [PATCH 240/241] x86/cpu, x86/pti: Do not enable PTI on AMD processors

2
patches/kernel/0241-x86-microcode-AMD-Add-support-for-fam17h-microcode-l.patch
View file

@ -1,4 +1,4 @@
From 8329d47141a78a64e8ae6f4a735aceaafe93e098 Mon Sep 17 00:00:00 2001
From 674b72ef0eb73751e4f838dc789e4c393d225834 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Thu, 30 Nov 2017 16:46:40 -0600
Subject: [PATCH 241/241] x86/microcode/AMD: Add support for fam17h microcode