b60d6a584c
- target/i386: csv: Release CSV3 shared pages after unmapping DMA - target/i386: Add new CPU model ClearwaterForest - target/i386: add sha512, sm3, sm4 feature bits - docs: Add GNR, SRF and CWF CPU models - target/i386: Export BHI_NO bit to guests - target/i386: Introduce SierraForest-v2 model - vdpa/iommufd:Implement DMA mapping through the iommufd interface - vdpa/iommufd:Introduce vdpa-iommufd module - vdpa/iommufd:support associating iommufd backend for vDPA devices - Kconfig/iommufd/VDPA: Update IOMMUFD module configuration dependencies The vDPA module can also use IOMMUFD like the VFIO module. - backends/iommufd: Get rid of qemu_open_old() - backends/iommufd: Make iommufd_backend_*() return bool - backends/iommufd: Fix missing ERRP_GUARD() for error_prepend() - backends/iommufd: Remove mutex - backends/iommufd: Remove check on number of backend users - hw/intc: Add extioi ability of 256 vcpu interrupt routing - hw/rtc: Fixed loongson rtc emulation errors - hw/loongarch/boot: Adjust the loading position of the initrd - target/loongarch: Fix the cpu unplug resource leak - target/loongarch: fix vcpu reset command word issue - vdpa:Fix dirty page bitmap synchronization not done after suspend for vdpa devices Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit a5212066e7516ff2a316e1b2feaa75dd5ee4d17a)
45 lines
1.7 KiB
Diff
45 lines
1.7 KiB
Diff
From bd65b82f94b07c90f856a34cb10d535b5301d9d9 Mon Sep 17 00:00:00 2001
|
|
From: Tao Su <tao1.su@linux.intel.com>
|
|
Date: Tue, 21 Jan 2025 10:06:48 +0800
|
|
Subject: [PATCH] target/i386: Export BHI_NO bit to guests
|
|
|
|
commit b611931d4f70b9a3e49e39c405c63b3b5e9c0df1 upstream.
|
|
|
|
Branch History Injection (BHI) is a CPU side-channel vulnerability, where
|
|
an attacker may manipulate branch history before transitioning from user
|
|
to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
|
|
BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
|
|
mitigation is required to prevent BHI.
|
|
|
|
Make BHI_NO bit available to guests.
|
|
|
|
Intel-SIG: commit b611931d4f70 target/i386: Export BHI_NO bit to guests.
|
|
|
|
Tested-by: Xuelian Guo <xuelian.guo@intel.com>
|
|
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
|
|
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
|
|
Link: https://lore.kernel.org/r/20250121020650.1899618-3-tao1.su@linux.intel.com
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
[ Quanxian Wang: amend commit log ]
|
|
Signed-off-by: Quanxian Wang <quanxian.wang@intel.com>
|
|
---
|
|
target/i386/cpu.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
|
|
index bad30581ce..b5231432e7 100644
|
|
--- a/target/i386/cpu.c
|
|
+++ b/target/i386/cpu.c
|
|
@@ -1157,7 +1157,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
|
|
"taa-no", NULL, NULL, NULL,
|
|
NULL, "sbdr-ssdp-no", "fbsdp-no", "psdp-no",
|
|
NULL, "fb-clear", NULL, NULL,
|
|
- NULL, NULL, NULL, NULL,
|
|
+ "bhi-no", NULL, NULL, NULL,
|
|
"pbrsb-no", NULL, "gds-no", "rfds-no",
|
|
"rfds-clear", NULL, NULL, NULL,
|
|
},
|
|
--
|
|
2.41.0.windows.1
|
|
|