Re: [PATCH for-5.15 0/3] Cross-Thread Return Address Predictions vulnerability

[Greg KH]

On Tue, Feb 14, 2023 at 12:09:53PM -0500, Paolo Bonzini wrote:
> Certain AMD processors are vulnerable to a cross-thread return address
> predictions bug. When running in SMT mode and one of the sibling threads
> transitions out of C0 state, the other thread gets access to twice as many
> entries in the RSB, but unfortunately the predictions of the now-halted
> logical processor are not purged.  Therefore, the executing processor
> could speculatively execute from locations that the now-halted processor
> had trained the RSB on.
> 
> The Spectre v2 mitigations cover the Linux kernel, as it fills the RSB
> when context switching to the idle thread. However, KVM allows a VMM to
> prevent exiting guest mode when transitioning out of C0 using the
> KVM_CAP_X86_DISABLE_EXITS capability can be used by a VMM to change this
> behavior. To mitigate the cross-thread return address predictions bug,
> a VMM must not be allowed to override the default behavior to intercept
> C0 transitions.
> 
> These patches introduce a KVM module parameter that, if set, will prevent
> the user from disabling the HLT, MWAIT and CSTATE exits.
> 
> The patches apply to the 5.15 stable tree, and Greg has already received
> them through a git bundle.  The difference is only in context, but it is
> too much for "git cherry-pick" so here they are.

Thanks for these, all now queued up.

greg k-h