This is a backport of recently upstreamed mitigation of a CPU
vulnerability Register File Data Sampling (RFDS) (CVE-2023-28746). It
has a dependency on "Delay VERW" series which is already present in
v6.8.
v6.8 just got released so the backport was very smooth.
Cc: Sasha Levin <sashal@xxxxxxxxxx>
To: stable@xxxxxxxxxxxxxxx
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
---
Pawan Gupta (4):
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
Documentation/ABI/testing/sysfs-devices-system-cpu | 1 +
Documentation/admin-guide/hw-vuln/index.rst | 1 +
.../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 +++++++++++++++++++++
Documentation/admin-guide/kernel-parameters.txt | 21 +++++
arch/x86/Kconfig | 11 +++
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 8 ++
arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++++++-
arch/x86/kernel/cpu/common.c | 38 +++++++-
arch/x86/kvm/x86.c | 5 +-
drivers/base/cpu.c | 3 +
include/linux/cpu.h | 2 +
12 files changed, 278 insertions(+), 9 deletions(-)
---
base-commit: e8f897f4afef0031fe618a8e94127a0934896aba
change-id: 20240312-rfds-backport-6-8-y-d67dcdfe4e51
Best regards,
--
Thanks,
Pawan
