diff mbox series

[SRU,Xenial,2/2] UBUNTU: SAUCE: Fix spec_ctrl support in KVM

Message ID 1516199491-7103-5-git-send-email-stefan.bader@canonical.com
State New
Headers show
Series None | expand

Commit Message

Stefan Bader Jan. 17, 2018, 2:31 p.m. UTC 
CVE-2017-5753
CVE-2017-5715

Initial change was missing code to correctly mask EDX bits of cpuid
level 7.0.

Fixes: 8339cae ("KVM: x86: Add speculative control CPUID support for guests")
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 arch/x86/kvm/cpuid.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 44a990c..d192f15 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -361,6 +361,10 @@  static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 		F(ADX) | F(SMAP) | F(AVX512F) | F(AVX512PF) | F(AVX512ER) |
 		F(AVX512CD) | F(CLFLUSHOPT) | F(CLWB) | F(PCOMMIT);
 
+	/* cpuid 7.0.edx */
+	const u32 kvm_supported_7_0_edx_x86_features =
+		KF(SPEC_CTRL);
+
 	/* cpuid 0xD.1.eax */
 	const u32 kvm_supported_word10_x86_features =
 		F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | f_xsaves;
@@ -446,11 +450,14 @@  static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 			cpuid_mask(&entry->ebx, 9);
 			// TSC_ADJUST is emulated
 			entry->ebx |= F(TSC_ADJUST);
-		} else
+			entry->edx &= kvm_supported_7_0_edx_x86_features;
+			entry->edx &= get_scattered_cpuid_leaf(7, 0, 2);
+		} else {
 			entry->ebx = 0;
+			entry->edx = 0;
+		}
 		entry->eax = 0;
 		entry->ecx = 0;
-		entry->edx = 0;
 		break;
 	}
 	case 9: