git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Wed, 23 Oct 2019 10:23:33 +0000 (12:23 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Fri, 15 Nov 2019 00:56:50 +0000 (00:56 +0000)
commit	67323ec3ec3be6f5fcf2d6373701716b50c2a59d
tree	aa58e18db4dc455531c1fc47bc2797d3a808d48e	tree \| snapshot
parent	f21f3516be7ce2340f1afd5c3513c6319ca23d2f	commit \| diff

kvm/x86: Export MDS_NO=0 to guests when TSX is enabled

commit e1d38b63acd843cfdd4222bf19a26700fd5c699e upstream.

Export the IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX
Async Abort(TAA) affected hosts that have TSX enabled and updated
microcode. This is required so that the guests don't complain,

"Vulnerable: Clear CPU buffers attempted, no microcode"

when the host has the updated microcode to clear CPU buffers.

Microcode update also adds support for MSR_IA32_TSX_CTRL which is
enumerated by the ARCH_CAP_TSX_CTRL bit in IA32_ARCH_CAPABILITIES MSR.
Guests can't do this check themselves when the ARCH_CAP_TSX_CTRL bit is
not exported to the guests.

In this case export MDS_NO=0 to the guests. When guests have
CPUID.MD_CLEAR=1, they deploy MDS mitigation which also mitigates TAA.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>