rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
66d026c14d
qemu-kvm/kvm-target-i386-Expose-IBPB-BRTYPE-and-SBPB-CPUID-bits-t.patch
Jon Maloy 66d026c14d * Mon Sep 15 2025 Jon Maloy <jmaloy@redhat.com> - 9.1.0-28 
- kvm-target-i386-Expose-IBPB-BRTYPE-and-SBPB-CPUID-bits-t.patch [RHEL-17614]
- Resolves: RHEL-17614
  (VM reports Vulnerable to spec_rstack_overflow when reading status in '/sys/devices/system/cpu/vulnerabilities/')
2025-09-15 15:18:46 -04:00

71 lines
2.6 KiB
Diff
Raw Blame History

From dd03cf49fbf6a961a726506cb5264768d814d2c4 Mon Sep 17 00:00:00 2001
From: Igor Mammedov <imammedo@redhat.com>
Date: Mon, 5 Aug 2024 17:20:41 -0300
Subject: [PATCH] target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the
guest
RH-Author: Igor Mammedov <imammedo@redhat.com>
RH-MergeRequest: 401: target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest
RH-Jira: RHEL-17614
RH-Acked-by: Ani Sinha <anisinha@redhat.com>
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
RH-Commit: [1/1] aa904a1ea0552fc37b61f79fda8a471928ea5d81 (imammedo/qemu-kvm-cs)
According to AMD's Speculative Return Stack Overflow whitepaper (link
below), the hypervisor should synthesize the value of IBPB_BRTYPE and
SBPB CPUID bits to the guest.
Support for this is already present in the kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").
Add support in QEMU to expose the bits to the guest OS.
host:
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
before (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode
after (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
Reported-by: Fabian Vogt <fvogt@suse.de>
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240805202041.5936-1-farosas@suse.de
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0701abbf9880b5ab1cf44e0caa6ad173aec840e7)
JIRA: https://issues.redhat.com/browse/RHEL-17614
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
target/i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ee753351fc..f75cc04cd3 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1241,7 +1241,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
"prefetchi", NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, "sbpb",
"ibpb-brtype", "srso-no", "srso-user-kernel-no", NULL,
},
.cpuid = { .eax = 0x80000021, .reg = R_EAX, },
--
2.50.1
Reference in New Issue View Git Blame Copy Permalink