[PATCH 12/13] KVM: x86: Add BHI_NO

Tue Apr 16 14:53:24 UTC 2024

From: Daniel Sneddon <daniel.sneddon at linux.intel.com>

commit ed2e8d49b54d677f3123668a21a57822d679651f upstream.

Intel processors that aren't vulnerable to BHI will set
MSR_IA32_ARCH_CAPABILITIES[BHI_NO] = 1;. Guests may use this BHI_NO bit to
determine if they need to implement BHI mitigations or not.  Allow this bit
to be passed to the guests.

Signed-off-by: Daniel Sneddon <daniel.sneddon at linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta at linux.intel.com>
Signed-off-by: Daniel Sneddon <daniel.sneddon at linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Reviewed-by: Alexandre Chartre <alexandre.chartre at oracle.com>
Reviewed-by: Josh Poimboeuf <jpoimboe at kernel.org>
Signed-off-by: Daniel Sneddon <daniel.sneddon at linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>

CVE-2024-2201
(backported from commit a976b129dc868561f6cbb5e2dafe2345f32450e8 linux-5.5.15)
[smb: context adjustments to work around missing defines]
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
---
 arch/x86/kvm/x86.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 07c71892d5ae..460ceae33ce0 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1498,7 +1498,8 @@ static unsigned int num_msr_based_features;
 	 ARCH_CAP_SKIP_VMENTRY_L1DFLUSH | ARCH_CAP_SSB_NO | ARCH_CAP_MDS_NO | \
 	 ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \
 	 ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \
-	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO)
+	 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \
+	 ARCH_CAP_BHI_NO)
 
 static u64 kvm_get_arch_capabilities(void)
 {
-- 
2.34.1


