1. 07 3月, 2018 1 次提交
  2. 02 3月, 2018 2 次提交
  3. 24 2月, 2018 2 次提交
  4. 23 2月, 2018 2 次提交
  5. 13 2月, 2018 2 次提交
  6. 04 2月, 2018 3 次提交
    • K
      KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL · d28b387f
      KarimAllah Ahmed 提交于
      [ Based on a patch from Ashok Raj <ashok.raj@intel.com> ]
      
      Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for
      guests that will only mitigate Spectre V2 through IBRS+IBPB and will not
      be using a retpoline+IBPB based approach.
      
      To avoid the overhead of saving and restoring the MSR_IA32_SPEC_CTRL for
      guests that do not actually use the MSR, only start saving and restoring
      when a non-zero is written to it.
      
      No attempt is made to handle STIBP here, intentionally. Filtering STIBP
      may be added in a future patch, which may require trapping all writes
      if we don't want to pass it through directly to the guest.
      
      [dwmw2: Clean up CPUID bits, save/restore manually, handle reset]
      Signed-off-by: NKarimAllah Ahmed <karahmed@amazon.de>
      Signed-off-by: NDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: NDarren Kenny <darren.kenny@oracle.com>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Reviewed-by: NJim Mattson <jmattson@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jun Nakajima <jun.nakajima@intel.com>
      Cc: kvm@vger.kernel.org
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Asit Mallick <asit.k.mallick@intel.com>
      Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Ashok Raj <ashok.raj@intel.com>
      Link: https://lkml.kernel.org/r/1517522386-18410-5-git-send-email-karahmed@amazon.de
      d28b387f
    • K
      KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES · 28c1c9fa
      KarimAllah Ahmed 提交于
      Intel processors use MSR_IA32_ARCH_CAPABILITIES MSR to indicate RDCL_NO
      (bit 0) and IBRS_ALL (bit 1). This is a read-only MSR. By default the
      contents will come directly from the hardware, but user-space can still
      override it.
      
      [dwmw2: The bit in kvm_cpuid_7_0_edx_x86_features can be unconditional]
      Signed-off-by: NKarimAllah Ahmed <karahmed@amazon.de>
      Signed-off-by: NDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
      Reviewed-by: NDarren Kenny <darren.kenny@oracle.com>
      Reviewed-by: NJim Mattson <jmattson@google.com>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jun Nakajima <jun.nakajima@intel.com>
      Cc: kvm@vger.kernel.org
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Asit Mallick <asit.k.mallick@intel.com>
      Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Cc: Ashok Raj <ashok.raj@intel.com>
      Link: https://lkml.kernel.org/r/1517522386-18410-4-git-send-email-karahmed@amazon.de
      28c1c9fa
    • A
      KVM/x86: Add IBPB support · 15d45071
      Ashok Raj 提交于
      The Indirect Branch Predictor Barrier (IBPB) is an indirect branch
      control mechanism. It keeps earlier branches from influencing
      later ones.
      
      Unlike IBRS and STIBP, IBPB does not define a new mode of operation.
      It's a command that ensures predicted branch targets aren't used after
      the barrier. Although IBRS and IBPB are enumerated by the same CPUID
      enumeration, IBPB is very different.
      
      IBPB helps mitigate against three potential attacks:
      
      * Mitigate guests from being attacked by other guests.
        - This is addressed by issing IBPB when we do a guest switch.
      
      * Mitigate attacks from guest/ring3->host/ring3.
        These would require a IBPB during context switch in host, or after
        VMEXIT. The host process has two ways to mitigate
        - Either it can be compiled with retpoline
        - If its going through context switch, and has set !dumpable then
          there is a IBPB in that path.
          (Tim's patch: https://patchwork.kernel.org/patch/10192871)
        - The case where after a VMEXIT you return back to Qemu might make
          Qemu attackable from guest when Qemu isn't compiled with retpoline.
        There are issues reported when doing IBPB on every VMEXIT that resulted
        in some tsc calibration woes in guest.
      
      * Mitigate guest/ring0->host/ring0 attacks.
        When host kernel is using retpoline it is safe against these attacks.
        If host kernel isn't using retpoline we might need to do a IBPB flush on
        every VMEXIT.
      
      Even when using retpoline for indirect calls, in certain conditions 'ret'
      can use the BTB on Skylake-era CPUs. There are other mitigations
      available like RSB stuffing/clearing.
      
      * IBPB is issued only for SVM during svm_free_vcpu().
        VMX has a vmclear and SVM doesn't.  Follow discussion here:
        https://lkml.org/lkml/2018/1/15/146
      
      Please refer to the following spec for more details on the enumeration
      and control.
      
      Refer here to get documentation about mitigations.
      
      https://software.intel.com/en-us/side-channel-security-support
      
      [peterz: rebase and changelog rewrite]
      [karahmed: - rebase
                 - vmx: expose PRED_CMD if guest has it in CPUID
                 - svm: only pass through IBPB if guest has it in CPUID
                 - vmx: support !cpu_has_vmx_msr_bitmap()]
                 - vmx: support nested]
      [dwmw2: Expose CPUID bit too (AMD IBPB only for now as we lack IBRS)
              PRED_CMD is a write-only MSR]
      Signed-off-by: NAshok Raj <ashok.raj@intel.com>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: NDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: NKarimAllah Ahmed <karahmed@amazon.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: kvm@vger.kernel.org
      Cc: Asit Mallick <asit.k.mallick@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Arjan Van De Ven <arjan.van.de.ven@intel.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: Jun Nakajima <jun.nakajima@intel.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok.raj@intel.com
      Link: https://lkml.kernel.org/r/1517522386-18410-3-git-send-email-karahmed@amazon.de
      15d45071
  7. 01 2月, 2018 3 次提交
  8. 27 1月, 2018 2 次提交
  9. 25 1月, 2018 1 次提交
  10. 16 1月, 2018 20 次提交
  11. 12 1月, 2018 2 次提交