OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-hypervisor/hypervisor/arch/x86
History
Yifan Liu 4f4da08490 hv: cve hotfix: Disable RRSBA on platform using retpoline 
For platform that supports RRSBA (Restricted Return Stack Buffer
Alternate), using retpoline may not be sufficient to guard against branch
history injection or intra-mode branch target injection. RRSBA must
be disabled to prevent CPUs from using alternate predictors for RETs.

Quoting Intel CVE-2022-0001/CVE-2022-0002:

Where software is using retpoline as a mitigation for BHI or intra-mode BTI,
and the processor both enumerates RRSBA and enumerates RRSBA_DIS controls,
it should disable this behavior.
...
Software using retpoline as a mitigation for BHI or intra-mode BTI should use
these new indirect predictor controls to disable alternate predictors for RETs.

See: https://www.intel.com/content/www/us/en/developer/articles/technical/
 software-security-guidance/technical-documentation/branch-history-injection.html

Tracked-On: #7907
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
 		2022-07-22 09:38:41 +08:00
..
boot Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
configs Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
guest hv: tlfs: add tlfs TSC freq MSR support for WaaG 2022-07-18 16:15:29 +08:00
lib Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
seed Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
cpu.c hv: cve hotfix: Disable RRSBA on platform using retpoline 2022-07-22 09:38:41 +08:00
cpu_caps.c hv: cve hotfix: Disable RRSBA on platform using retpoline 2022-07-22 09:38:41 +08:00
cpu_state_tbl.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
e820.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
exception.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
gdt.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
idt.S Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
init.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
ioapic.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
irq.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
lapic.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
mmu.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
nmi.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
notify.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
page.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
pagetable.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
platform_caps.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
pm.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
rdt.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
rtcm.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
sched.S Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
security.c hv: cve hotfix: Disable RRSBA on platform using retpoline 2022-07-22 09:38:41 +08:00
sgx.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
trampoline.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
tsc.c hv: tsc: calibrate TSC by HPET 2022-07-17 16:48:47 +08:00
tsc_deadline_timer.c HV: arch: fix a violation of coding guideline C-TY-24 2021-11-04 18:15:47 +08:00
vmx.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
vtd.c Update copyright year range in code headers 2022-07-15 11:48:35 +08:00
wakeup.S Update copyright year range in code headers 2022-07-15 11:48:35 +08:00