[PATCH 1/1] kvm/speculation: Allow KVM guests to use SSBD even if host does not

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The bits set in x86_spec_ctrl_mask are used to calculate the
guest's value of SPEC_CTRL that is written to the MSR before
VMENTRY, and control which mitigations the guest can enable.
In the case of SSBD, unless the host has enabled SSBD always
on mode (by passing "spec_store_bypass_disable=on" in the
kernel parameters), the SSBD bit is not set in the mask and
the guest can not properly enable the SSBD always on
mitigation mode.

This is confirmed by running the SSBD PoC on a guest using
the SSBD always on mitigation mode (booted with kernel
parameter "spec_store_bypass_disable=on"), and verifying
that the guest is vulnerable unless the host is also using
SSBD always on mode. In addition, the guest OS incorrectly
reports the SSB vulnerability as mitigated.

Always set the SSBD bit in x86_spec_ctrl_mask when the host
CPU supports it, allowing the guest to use SSBD whether or
not the host has chosen to enable the mitigation in any of
its modes.

Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@xxxxxxxxxx>
Reviewed-by: Liam Merwick <liam.merwick@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
 arch/x86/kernel/cpu/bugs.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 03b4cc0..66ca906 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -836,6 +836,16 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
 	}
 
 	/*
+	 * If SSBD is controlled by the SPEC_CTRL MSR, then set the proper
+	 * bit in the mask to allow guests to use the mitigation even in the
+	 * case where the host does not enable it.
+	 */
+	if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
+	    static_cpu_has(X86_FEATURE_AMD_SSBD)) {
+		x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
+	}
+
+	/*
 	 * We have three CPU feature flags that are in play here:
 	 *  - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
 	 *  - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass
@@ -852,7 +862,6 @@ static enum ssb_mitigation __init __ssb_select_mitigation(void)
 			x86_amd_ssb_disable();
 		} else {
 			x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
-			x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
 			wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
 		}
 	}
-- 
1.8.3.1




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux