linux/tools/arch
Pawan Gupta 027bbb884b KVM: x86/speculation: Disable Fill buffer clear within guests
The enumeration of MD_CLEAR in CPUID(EAX=7,ECX=0).EDX{bit 10} is not an
accurate indicator on all CPUs of whether the VERW instruction will
overwrite fill buffers. FB_CLEAR enumeration in
IA32_ARCH_CAPABILITIES{bit 17} covers the case of CPUs that are not
vulnerable to MDS/TAA, indicating that microcode does overwrite fill
buffers.

Guests running in VMM environments may not be aware of all the
capabilities/vulnerabilities of the host CPU. Specifically, a guest may
apply MDS/TAA mitigations when a virtual CPU is enumerated as vulnerable
to MDS/TAA even when the physical CPU is not. On CPUs that enumerate
FB_CLEAR_CTRL the VMM may set FB_CLEAR_DIS to skip overwriting of fill
buffers by the VERW instruction. This is done by setting FB_CLEAR_DIS
during VMENTER and resetting on VMEXIT. For guests that enumerate
FB_CLEAR (explicitly asking for fill buffer clear capability) the VMM
will not use FB_CLEAR_DIS.

Irrespective of guest state, host overwrites CPU buffers before VMENTER
to protect itself from an MMIO capable guest, as part of mitigation for
MMIO Stale Data vulnerabilities.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
2022-05-21 12:41:35 +02:00
..
alpha/include tools headers uapi: Sync asm-generic/mman-common.h and linux/mman.h 2019-03-28 14:31:56 -03:00
arc/include/uapi/asm tools arch uapi: Copy missing unistd.h headers for arc, hexagon and riscv 2019-05-02 16:00:20 -04:00
arm/include tools headers kvm: Sync kvm headers with the kernel sources 2019-12-02 12:54:13 -03:00
arm64/include tools headers arm64: Sync arm64's cputype.h with the kernel sources 2022-04-09 12:34:29 -03:00
csky/include/uapi/asm csky: Add support for libdw 2019-05-15 16:36:46 -03:00
h8300/include License cleanup: add SPDX license identifier to uapi header files with no license 2017-11-02 11:19:54 +01:00
hexagon/include/uapi/asm tools arch uapi: Copy missing unistd.h headers for arc, hexagon and riscv 2019-05-02 16:00:20 -04:00
ia64/include ia64: tools: remove duplicate definition of ia64_mf() on ia64 2021-04-16 16:10:37 -07:00
microblaze/include/uapi/asm License cleanup: add SPDX license identifier to uapi header files with no license 2017-11-02 11:19:54 +01:00
mips/include perf tools: Copy uapi/asm/perf_regs.h from the kernel for MIPS 2021-06-01 10:07:46 -03:00
parisc/include/uapi/asm parisc: Add MAP_UNINITIALIZED define 2020-10-15 08:10:39 +02:00
powerpc/include perf powerpc: Add support to expose instruction and data address registers as part of extended regs 2021-10-25 13:47:42 -03:00
riscv/include/uapi/asm Replace HTTP links with HTTPS ones: RISC-V 2020-07-30 11:37:40 -07:00
s390/include tools headers UAPI s390: Sync ptrace.h kernel headers 2021-03-06 16:54:23 -03:00
sh/include sh: remove sh5 support 2020-06-01 14:48:52 -04:00
sparc/include tools headers UAPI: Update tools's copy of mman.h headers 2019-07-29 09:02:58 -03:00
x86 KVM: x86/speculation: Disable Fill buffer clear within guests 2022-05-21 12:41:35 +02:00
xtensa/include tools headers uapi: Sync asm-generic/mman-common.h and linux/mman.h 2019-03-28 14:31:56 -03:00