On Wed, 2018-01-10 at 22:51 +0000, David Woodhouse wrote: > In accordance with the Intel and AMD documentation, we need to overwrite > all entries in the RSB on exiting a guest, to prevent malicious branch > target predictions from affecting the host kernel. This is needed both > for retpoline and for IBRS. > > Signed-off-by: David Woodhouse <[email protected]> > --- > Untested in this form although it's a variant on what we've had already. > I have an army of machines willing to do my bidding but nested virt > is non-trivial and I figure I might as well post it as someone else > can probably test it in less than the time it takes me to work out how.
Now smoke tested with Intel VT-x, but not yet on AMD. Tom, would you be able to do that? > This implements the most pressing of the RSB stuffing documented > by dhansen (based our discussions) in https://goo.gl/pXbvBE
smime.p7s
Description: S/MIME cryptographic signature
