diff options
| author | Fabiano Rosas <farosas@suse.de> | 2024-08-05 17:20:41 -0300 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2024-10-03 19:33:23 +0200 |
| commit | 0701abbf9880b5ab1cf44e0caa6ad173aec840e7 (patch) | |
| tree | 991fa1924207d42f17e47f36e248c2a9ae7899fc /hw/ppc | |
| parent | 67388078da1cf6dac89e5a7c748cca3444d49690 (diff) | |
| download | qemu-0701abbf9880b5ab1cf44e0caa6ad173aec840e7.zip qemu-0701abbf9880b5ab1cf44e0caa6ad173aec840e7.tar.gz qemu-0701abbf9880b5ab1cf44e0caa6ad173aec840e7.tar.bz2 | |
target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest
According to AMD's Speculative Return Stack Overflow whitepaper (link
below), the hypervisor should synthesize the value of IBPB_BRTYPE and
SBPB CPUID bits to the guest.
Support for this is already present in the kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").
Add support in QEMU to expose the bits to the guest OS.
host:
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
before (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode
after (guest):
$ cpuid -l 0x80000021 -1 -r
0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
^
$ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET
Reported-by: Fabian Vogt <fvogt@suse.de>
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240805202041.5936-1-farosas@suse.de
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/ppc')
0 files changed, 0 insertions, 0 deletions