x86/svm: Add code to clobber the RSB on VM exit

CVE-2017-5753 CVE-2017-5715 Add code to overwrite the local CPU RSB entries from the previous less privileged mode. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 3dc0cf238b89fb023fd5ee6cdf2dbff5ffd4046c) Signed-off-by: Andy Whitcroft <apw@canonical.com>

x86/svm: Add code to clobber the RSB on VM exit
CVE-2017-5753 CVE-2017-5715 Add code to overwrite the local CPU RSB entries from the previous less privileged mode. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 3dc0cf238b89fb023fd5ee6cdf2dbff5ffd4046c) Signed-off-by: Andy Whitcroft <apw@canonical.com>
b554560f · Tom Lendacky · Marcelo Henrique Cerri · 8339cae2 · b554560f
Commit b554560f authored Dec 20, 2017 by Tom Lendacky Committed by Marcelo Henrique Cerri Jan 12, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

arch/x86/kvm/svm.c arch/x86/kvm/svm.c +2 -0

No files found.
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3932,6 +3932,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 			wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
 	}

+	stuff_RSB();
+
 #ifdef CONFIG_X86_64
 	wrmsrl(MSR_GS_BASE, svm->host.gs_base);
 #else