Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
xen.8389
xsa273-7.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa273-7.patch of Package xen.8389
x86/msr: Virtualise MSR_FLUSH_CMD for guests Guests (outside of the nested virt case, which isn't supported yet) don't need L1D_FLUSH for their L1TF mitigations, but offering/emulating MSR_FLUSH_CMD is easy and doesn't pose an issue for Xen. The MSR is offered to HVM guests only. PV guests attempting to use it would trap for emulation, and the L1D cache would fill long before the return to guest context. As such, PV guests can't make any use of the L1D_FLUSH functionality. This is part of XSA-273 / CVE-2018-3646. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -226,7 +226,8 @@ static int update_domain_cpuid_info(stru */ call_policy_changed = (is_hvm_domain(d) && ((old_7d0 ^ p->feat.raw[0].d) & - cpufeat_mask(X86_FEATURE_IBRSB))); + (cpufeat_mask(X86_FEATURE_IBRSB) | + cpufeat_mask(X86_FEATURE_L1D_FLUSH)))); break; case 0xa: --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -682,6 +682,12 @@ static void vmx_cpuid_policy_changed(str vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); else vmx_set_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); + + /* MSR_FLUSH_CMD is safe to pass through if the guest knows about it. */ + if ( cp->feat.l1d_flush ) + vmx_clear_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); + else + vmx_set_msr_intercept(v, MSR_FLUSH_CMD, VMX_MSR_RW); } int vmx_guest_x86_mode(struct vcpu *v) --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -131,6 +131,7 @@ int guest_rdmsr(const struct vcpu *v, ui case MSR_AMD_PATCHLOADER: case MSR_IA32_UCODE_WRITE: case MSR_PRED_CMD: + case MSR_FLUSH_CMD: /* Write-only */ goto gp_fault; @@ -235,6 +236,17 @@ int guest_wrmsr(struct vcpu *v, uint32_t wrmsrl(MSR_PRED_CMD, val); break; + case MSR_FLUSH_CMD: + if ( !cp->feat.l1d_flush ) + goto gp_fault; /* MSR available? */ + + if ( val & ~FLUSH_CMD_L1D ) + goto gp_fault; /* Rsvd bit set? */ + + if ( v == curr ) + wrmsrl(MSR_FLUSH_CMD, val); + break; + case MSR_INTEL_MISC_FEATURES_ENABLES: { bool old_cpuid_faulting = vp->misc_features_enables.cpuid_faulting; --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -244,7 +244,7 @@ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) / XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ XEN_CPUFEATURE(STIBP, 9*32+27) /*A STIBP */ -XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /* MSR_FLUSH_CMD and L1D flush. */ +XEN_CPUFEATURE(L1D_FLUSH, 9*32+28) /*S MSR_FLUSH_CMD and L1D flush. */ XEN_CPUFEATURE(ARCH_CAPS, 9*32+29) /* IA32_ARCH_CAPABILITIES MSR */ XEN_CPUFEATURE(SSBD, 9*32+31) /*A MSR_SPEC_CTRL.SSBD available */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor