Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit

From: David Woodhouse
Date: Wed Jan 10 2018 - 18:48:02 EST

Next message: Al Viro: "[git pull] regression fix"
Previous message: Tim Chen: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
In reply to: Woodhouse, David: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: Tom Lendacky: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2018-01-10 at 22:51 +0000, David Woodhouse wrote:
> In accordance with the Intel and AMD documentation, we need to overwrite
> all entries in the RSB on exiting a guest, to prevent malicious branch
> target predictions from affecting the host kernel. This is needed both
> for retpoline and for IBRS.
>
> Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
> ---
> Untested in this form although it's a variant on what we've had already.
> I have an army of machines willing to do my bidding but nested virt
> is non-trivial and I figure I might as well post it as someone else
> can probably test it in less than the time it takes me to work out how.

Now smoke tested with Intel VT-x, but not yet on AMD. Tom, would you be
able to do that?

> This implements the most pressing of the RSB stuffing documented
> by dhansen (based our discussions) in https://goo.gl/pXbvBE

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Al Viro: "[git pull] regression fix"
Previous message: Tim Chen: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
In reply to: Woodhouse, David: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
Next in thread: Tom Lendacky: "Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]