stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-30 18:54:15 +10:00
Code Issues Releases Wiki Activity
1,321,560 Commits 99 Branches 5,413 Tags 8.4 GiB
d7ddc93392
Go to file
Pawan Gupta d7ddc93392 x86/vmscape: Add conditional IBPB mitigation 
Commit 2f8f173413 upstream.

VMSCAPE is a vulnerability that exploits insufficient branch predictor
isolation between a guest and a userspace hypervisor (like QEMU). Existing
mitigations already protect kernel/KVM from a malicious guest. Userspace
can additionally be protected by flushing the branch predictors after a
VMexit.

Since it is the userspace that consumes the poisoned branch predictors,
conditionally issue an IBPB after a VMexit and before returning to
userspace. Workloads that frequently switch between hypervisor and
userspace will incur the most overhead from the new IBPB.

This new IBPB is not integrated with the existing IBPB sites. For
instance, a task can use the existing speculation control prctl() to
get an IBPB at context switch time. With this implementation, the
IBPB is doubled up: one at context switch and another before running
userspace.

The intent is to integrate and optimize these cases post-embargo.

[ dhansen: elaborate on suboptimal IBPB solution ]

Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-09-11 17:21:46 +02:00
arch x86/vmscape: Add conditional IBPB mitigation 2025-09-11 17:21:46 +02:00
block block: add a queue_limits_commit_update_frozen helper 2025-09-09 18:58:24 +02:00
certs
crypto
Documentation Documentation/hw-vuln: Add VMSCAPE documentation 2025-09-11 17:21:45 +02:00
drivers dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() 2025-09-09 18:58:27 +02:00
fs ext4: avoid journaling sb update on error if journal is destroying 2025-09-09 18:58:20 +02:00
include block: add a queue_limits_commit_update_frozen helper 2025-09-09 18:58:24 +02:00
init
io_uring io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU 2025-09-09 18:58:15 +02:00
ipc
kernel sched: Fix sched_numa_find_nth_cpu() if mask offline 2025-09-09 18:58:16 +02:00
lib
LICENSES
mm mm: fix accounting of memmap pages 2025-09-09 18:58:22 +02:00
net net: dsa: provide implementation of .support_eee() 2025-09-09 18:58:19 +02:00
rust rust: alloc: fix rusttest by providing Cmalloc::aligned_layout too 2025-08-28 16:31:13 +02:00
samples
scripts rust: support Rust >= 1.91.0 target spec 2025-09-09 18:58:22 +02:00
security
sound ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY 2025-09-09 18:58:23 +02:00
tools tools: gpio: remove the include directory on make clean 2025-09-09 18:58:25 +02:00
usr
virt
.clang-format
.clippy.toml
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
.rustfmt.toml
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile Linux 6.12.46 2025-09-09 18:58:27 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.