git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Borislav Petkov <bp@alien8.de>
	Tue, 18 Feb 2025 11:13:33 +0000 (12:13 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 25 Sep 2025 09:13:49 +0000 (11:13 +0200)
commit	e5a3331a2e98401b838f288d5dce51aa907b8fb2
tree	0a38cf4821b6007b35ed4f3425328773504b6ca6	tree \| snapshot
parent	f9c6aec2a6dd0d5651d421592463c74aeaa54a8c	commit \| diff

x86/bugs: KVM: Add support for SRSO_MSR_FIX

commit 8442df2b49ed9bcd67833ad4f091d15ac91efd00 upstream.

Add support for

  CPUID Fn8000_0021_EAX[31] (SRSO_MSR_FIX). If this bit is 1, it
  indicates that software may use MSR BP_CFG[BpSpecReduce] to mitigate
  SRSO.

Enable BpSpecReduce to mitigate SRSO across guest/host boundaries.

Switch back to enabling the bit when virtualization is enabled and to
clear the bit when virtualization is disabled because using a MSR slot
would clear the bit when the guest is exited and any training the guest
has done, would potentially influence the host kernel when execution
enters the kernel and hasn't VMRUN the guest yet.

More detail on the public thread in Link below.

Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20241202120416.6054-1-bp@kernel.org
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Documentation/admin-guide/hw-vuln/srso.rst		diff \| blob \| blame \| history
arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/include/asm/msr-index.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.c		diff \| blob \| blame \| history
arch/x86/lib/msr.c		diff \| blob \| blame \| history