On Sat, Jan 20, 2018 at 08:22:51PM +0100, KarimAllah Ahmed wrote: > Start using the newly-added microcode features for speculation control on both > Intel and AMD CPUs to protect against Spectre v2.
Thank you posting these. > > This patch series covers interrupts, system calls, context switching between > processes, and context switching between VMs. It also exposes Indirect Branch > Prediction Barrier MSR, aka IBPB MSR, to KVM guests. > > TODO: > > - Introduce a microcode blacklist to disable the feature for broken > microcodes. > - Restrict/Unrestrict the speculation (by toggling IBRS) around VMExit and > VMEnter for KVM and expose IBRS to guests. > Depend on what we expose to the guest. That is if the guest is not suppose to have this exposed (say cpuid 27 bit is not exposed) then trap on the MSR (and give an #GP)? Mihai (CC-ed) is working on this, when ready he can post an patch against this tree? > Ashok Raj (1): > x86/kvm: Add IBPB support > > David Woodhouse (1): > x86/speculation: Add basic IBRS support infrastructure > > KarimAllah Ahmed (1): > x86: Simplify spectre_v2 command line parsing > > Thomas Gleixner (4): > x86/speculation: Add basic support for IBPB > x86/speculation: Use Indirect Branch Prediction Barrier in context > switch > x86/speculation: Add inlines to control Indirect Branch Speculation > x86/idle: Control Indirect Branch Speculation in idle > > Tim Chen (3): > x86/mm: Only flush indirect branches when switching into non dumpable > process > x86/enter: Create macros to restrict/unrestrict Indirect Branch > Speculation > x86/enter: Use IBRS on syscall and interrupts > > Documentation/admin-guide/kernel-parameters.txt | 1 + > arch/x86/entry/calling.h | 73 ++++++++++ > arch/x86/entry/entry_64.S | 35 ++++- > arch/x86/entry/entry_64_compat.S | 21 ++- > arch/x86/include/asm/cpufeatures.h | 2 + > arch/x86/include/asm/mwait.h | 14 ++ > arch/x86/include/asm/nospec-branch.h | 54 ++++++- > arch/x86/kernel/cpu/bugs.c | 183 > +++++++++++++++--------- > arch/x86/kernel/process.c | 14 ++ > arch/x86/kvm/svm.c | 14 ++ > arch/x86/kvm/vmx.c | 4 + > arch/x86/mm/tlb.c | 21 ++- > 12 files changed, 359 insertions(+), 77 deletions(-) > > > Cc: Andi Kleen <[email protected]> > Cc: Andrea Arcangeli <[email protected]> > Cc: Andy Lutomirski <[email protected]> > Cc: Arjan van de Ven <[email protected]> > Cc: Ashok Raj <[email protected]> > Cc: Asit Mallick <[email protected]> > Cc: Borislav Petkov <[email protected]> > Cc: Dan Williams <[email protected]> > Cc: Dave Hansen <[email protected]> > Cc: David Woodhouse <[email protected]> > Cc: Greg Kroah-Hartman <[email protected]> > Cc: H. Peter Anvin <[email protected]> > Cc: Ingo Molnar <[email protected]> > Cc: Janakarajan Natarajan <[email protected]> > Cc: Joerg Roedel <[email protected]> > Cc: Jun Nakajima <[email protected]> > Cc: Laura Abbott <[email protected]> > Cc: Linus Torvalds <[email protected]> > Cc: Masami Hiramatsu <[email protected]> > Cc: Paolo Bonzini <[email protected]> > Cc: Peter Zijlstra <[email protected]> > Cc: Radim Krčmář <[email protected]> > Cc: Thomas Gleixner <[email protected]> > Cc: Tim Chen <[email protected]> > Cc: Tom Lendacky <[email protected]> > Cc: [email protected] > Cc: [email protected] > Cc: [email protected] > > -- > 2.7.4 >
