git.ipfire.org Git - thirdparty/linux.git/commit

author	Sean Christopherson <seanjc@google.com>
	Tue, 30 Dec 2025 21:13:46 +0000 (13:13 -0800)
committer	Sean Christopherson <seanjc@google.com>
	Wed, 14 Jan 2026 01:37:03 +0000 (17:37 -0800)
commit	1e3dddafeceeb8d2cd182b78456cb9ca9d042a01
tree	d787da67014e18ecb3284568e919d2a1293e7631	tree
parent	a08ca6691fd3ab40e40eb6600193672d50c7a7ba	commit \| diff

KVM: SVM: Harden exit_code against being used in Spectre-like attacks

Explicitly clamp the exit code used to index KVM's exit handlers to guard
against Spectre-like attacks, mainly to provide consistency between VMX
and SVM (VMX was given the same treatment by commit c926f2f7230b ("KVM:
x86: Protect exit_reason from being used in Spectre-v1/L1TF attacks").

For normal VMs, it's _extremely_ unlikely the exit code could be used to
exploit a speculation vulnerability, as the exit code is set by hardware
and unexpected/unknown exit codes should be quite well bounded (as is/was
the case with VMX). But with SEV-ES+, the exit code is guest-controlled
as it comes from the GHCB, not from hardware, i.e. an attack from the
guest is at least somewhat plausible.

Irrespective of SEV-ES+, hardening KVM is easy and inexpensive, and such
an attack is theoretically possible.

Link: https://patch.msgid.link/20251230211347.4099600-8-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>