Date: Thu, 11 Jan 2018 13:26:07 +0100
From: Peter Zijlstra <peterz@infradead.org>
To: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>, Paul Turner <pjt@google.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>, tglx@linutronix.de,
        Kees Cook <keescook@google.com>,
        Rik van Riel <riel@redhat.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Jiri Kosina <jikos@kernel.org>, gnomes@lxorguk.ukuu.org.uk,
        x86@kernel.org, bp@alien8.de, rga@amazon.de,
        thomas.lendacky@amd.com, Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH v2.1] x86/retpoline: Fill return stack buffer on vmexit
Message-ID: <20180111122607.GZ6176@hirez.programming.kicks-ass.net>
References: <1515670638-8552-1-git-send-email-dwmw@amazon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1515670638-8552-1-git-send-email-dwmw@amazon.co.uk>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: linux-kernel-owner@vger.kernel.org

On Thu, Jan 11, 2018 at 11:37:18AM +0000, David Woodhouse wrote:
> In accordance with the Intel and AMD documentation, we need to overwrite
> all entries in the RSB on exiting a guest, to prevent malicious branch
> target predictions from affecting the host kernel. This is needed both
> for retpoline and for IBRS.
> 
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>

Tested this on my AMD Interlagos, seems to work.

Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>