lp:~cascardo/ubuntu/+source/linux/+git/focal
- Get this repository:
-
git clone
https://git.not.enabled/~cascardo/ubuntu/+source/linux/+git/focal
Branches
Name | Last Modified | Last Commit |
---|---|---|
retbleed | 2022-10-05 18:13:06 UTC |
x86/speculation: Add RSB VM Exit protections
Author:
Daniel Sneddon
x86/speculation: Add RSB VM Exit protections commit 2b1299322016731 tl;dr: The Enhanced IBRS mitigation for Spectre v2 does not work as == Background == Indirect Branch Restricted Speculation (IBRS) was designed to help To overcome some of the performance issues of IBRS, Enhanced IBRS was == Problem == Here's a simplification of how guests are run on Linux' KVM: void run_kvm_guest(void) The execution flow for that would look something like this to the 1. Host-side: call run_kvm_guest() Now, when back on the host, there are a couple of possible scenarios of * on pre-eIBRS hardware (legacy IBRS, or nothing at all), the RSB is not * on eIBRS hardware, VM exit with IBRS enabled, or restoring the host IOW, with eIBRS supported, host RET instructions should no longer be However, if the RET instructions are "unbalanced" with CALLs after a VM Balanced CALL/RET instruction pairs such as in step #5 are not affected. == Solution == The PBRSB issue affects a wide variety of Intel processors which However, such systems (X86_FEATURE_ Therefore, introduce a new feature flag X86_FEATURE_ The lighter-weight mitigation performs a CALL instruction which is In other words, the window of exposure is opened at VM exit where RET There is a subset of eIBRS systems which are not vulnerable to PBRSB. [ bp: Massage, incorporate review comments from Andy Cooper. ] Signed-off-by: Daniel Sneddon <daniel. |
sgx | 2020-03-26 13:03:20 UTC |
Enable SGX kconfig
Author:
Thadeu Lima de Souza Cascardo
Enable SGX kconfig |
1 → 2 of 2 results | First • Previous • Next • Last |