KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS

On eIBRS systems, the returns in the vmexit return path from __vmx_vcpu_run() to vmx_vcpu_run() are exposed to RSB poisoning attacks. Fix that by moving the post-vmexit spec_ctrl handling to immediately after the vmexit. Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de>
author: Josh Poimboeuf <jpoimboe@kernel.org> 2022-06-14 23:16:13 +0200
committer: Borislav Petkov <bp@suse.de> 2022-06-27 10:34:00 +0200
commit: fc02735b14fff8c6678b521d324ade27b1a3d4cf (patch)
tree: 9be32b1a805858cab02c043a740b2bab8f45a15c /arch/x86/kvm/vmx/run_flags.h
parent: bb06650634d3552c0f8557e9d16aa1a408040e28 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/kvm/vmx/run_flags.h b/arch/x86/kvm/vmx/run_flags.h
index 57f4c664ea9c..edc3f16cc189 100644
--- a/arch/x86/kvm/vmx/run_flags.h
+++ b/arch/x86/kvm/vmx/run_flags.h
@@ -3,5 +3,6 @@
 #define __KVM_X86_VMX_RUN_FLAGS_H
 
 #define VMX_RUN_VMRESUME	(1 << 0)
+#define VMX_RUN_SAVE_SPEC_CTRL	(1 << 1)
 
 #endif /* __KVM_X86_VMX_RUN_FLAGS_H */
author	Josh Poimboeuf <jpoimboe@kernel.org>	2022-06-14 23:16:13 +0200
committer	Borislav Petkov <bp@suse.de>	2022-06-27 10:34:00 +0200
commit	fc02735b14fff8c6678b521d324ade27b1a3d4cf (patch)
tree	9be32b1a805858cab02c043a740b2bab8f45a15c /arch/x86/kvm/vmx/run_flags.h
parent	bb06650634d3552c0f8557e9d16aa1a408040e28 (diff)