OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-hypervisor/hypervisor
History
Yifan Liu 4f4da08490 hv: cve hotfix: Disable RRSBA on platform using retpoline 
For platform that supports RRSBA (Restricted Return Stack Buffer
Alternate), using retpoline may not be sufficient to guard against branch
history injection or intra-mode branch target injection. RRSBA must
be disabled to prevent CPUs from using alternate predictors for RETs.

Quoting Intel CVE-2022-0001/CVE-2022-0002:

Where software is using retpoline as a mitigation for BHI or intra-mode BTI,
and the processor both enumerates RRSBA and enumerates RRSBA_DIS controls,
it should disable this behavior.
...
Software using retpoline as a mitigation for BHI or intra-mode BTI should use
these new indirect predictor controls to disable alternate predictors for RETs.

See: https://www.intel.com/content/www/us/en/developer/articles/technical/
 software-security-guidance/technical-documentation/branch-history-injection.html

Tracked-On: #7907
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
 		2022-07-22 09:38:41 +08:00
..
acpi_parser
arch/x86
boot
bsp/ld
common
debug
dm
hw
include
lib
quirks
release
scripts
Makefile
README.rst

README.rst 

ACRN Hypervisor
###############

The open source `Project ACRN`_ defines a device hypervisor reference stack and
an architecture for running multiple software subsystems, managed securely, on
a consolidated system by means of a virtual machine manager. It also defines a
reference framework implementation for virtual device emulation, called the
"ACRN Device Model".

The ACRN Hypervisor is a Type 1 reference hypervisor stack, running directly on
the bare-metal hardware, and is suitable for a variety of IoT and embedded
device solutions. The ACRN hypervisor addresses the gap that currently exists
between datacenter hypervisors, and hard partitioning hypervisors. The ACRN
hypervisor architecture partitions the system into different functional
domains, with carefully selected guest OS sharing optimizations for IoT and
embedded devices.

You can find out more about Project ACRN on the `Project ACRN documentation`_
website.

.. _`Project ACRN`: https://projectacrn.org
.. _`ACRN Hypervisor`: https://github.com/projectacrn/acrn-hypervisor
.. _`Project ACRN documentation`: https://projectacrn.github.io/