[12/13] KVM: x86: Add BHI_NO

Message ID	20240416145325.535615-13-stefan.bader@canonical.com
State	New
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Stefan Bader <stefan.bader@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [PATCH 12/13] KVM: x86: Add BHI_NO Date: Tue, 16 Apr 2024 16:53:24 +0200 Message-Id: <20240416145325.535615-13-stefan.bader@canonical.com> In-Reply-To: <20240416145325.535615-1-stefan.bader@canonical.com> References: <20240416145325.535615-1-stefan.bader@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2024-2201 \| expand [SRU,Jammy,v2,00/13] CVE-2024-2201 [01/13] x86/bugs: Use sysfs_emit() [02/13] KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs [03/13] KVM: x86: Advertise CPUID.(EAX=7, ECX=2):EDX[5:0] to userspace [04/13] KVM: x86: Use a switch statement and macros in __feature_translate() [05/13] x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file [06/13] x86/syscall: Don't force use of indirect calls for system calls [07/13] x86/bhi: Add support for clearing branch history at syscall entry [08/13] x86/bhi: Define SPEC_CTRL_BHI_DIS_S [09/13] x86/bhi: Enumerate Branch History Injection (BHI) bug [10/13] x86/bhi: Add BHI mitigation knob [11/13] x86/bhi: Mitigate KVM by default [12/13] KVM: x86: Add BHI_NO [13/13] UBUNTU: [Config] Set CONFIG_BHI to enabled (auto)

Message ID

20240416145325.535615-13-stefan.bader@canonical.com

State

New

Headers

From: Stefan Bader <stefan.bader@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 12/13] KVM: x86: Add BHI_NO
Date: Tue, 16 Apr 2024 16:53:24 +0200
Message-Id: <20240416145325.535615-13-stefan.bader@canonical.com>
In-Reply-To: <20240416145325.535615-1-stefan.bader@canonical.com>
References: <20240416145325.535615-1-stefan.bader@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2024-2201 | expand

Commit Message

Stefan Bader April 16, 2024, 2:53 p.m. UTC

From: Daniel Sneddon <daniel.sneddon@linux.intel.com>

commit ed2e8d49b54d677f3123668a21a57822d679651f upstream.

Intel processors that aren't vulnerable to BHI will set
MSR_IA32_ARCH_CAPABILITIES[BHI_NO] = 1;. Guests may use this BHI_NO bit to
determine if they need to implement BHI mitigations or not.  Allow this bit
to be passed to the guests.

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

CVE-2024-2201
(backported from commit a976b129dc868561f6cbb5e2dafe2345f32450e8 linux-5.5.15)
[smb: context adjustments to work around missing defines]
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 arch/x86/kvm/x86.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 07c71892d5ae..460ceae33ce0 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1498,7 +1498,8 @@  static unsigned int num_msr_based_features;
 	 ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
 	 ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
 	 ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
-	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
+	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \
+	 ARCH_CAP_BHI_NO)
 
 static u64 kvm_get_arch_capabilities(void)
 {

[12/13] KVM: x86: Add BHI_NO

Commit Message

Patch