From c1a4b77a9364710d89306c45ea8242421806b375 Mon Sep 17 00:00:00 2001 From: "David B. Kinder" Date: Thu, 4 Aug 2022 13:30:42 -0700 Subject: [PATCH] doc: update 3.0.1 release notes Clarify description of CVE fix (only impacts ACRN implementation on Alder Lake platforms), and improve description of the ACRN shell's new vmexit command. Signed-off-by: David B. Kinder --- doc/release_notes/release_notes_3.0.1.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/release_notes/release_notes_3.0.1.rst b/doc/release_notes/release_notes_3.0.1.rst index 14e6f05d7..7eb98cd60 100644 --- a/doc/release_notes/release_notes_3.0.1.rst +++ b/doc/release_notes/release_notes_3.0.1.rst @@ -36,19 +36,19 @@ What's New in v3.0.1 ******************** Mitigation for Return Stack Buffer Underflow security vulnerability - For platforms that supports RRSBA (Restricted Return Stack Buffer + When running ACRN on Alder Lake platforms that support RRSBA (Restricted Return Stack Buffer Alternate), using retpoline may not be sufficient to guard against branch history injection or intra-mode branch target injection. RRSBA must - be disabled to prevent CPUs from using alternate predictors for RETs. + be disabled for Alder Lake platforms to prevent CPUs from using alternate predictors for RETs. (Addresses security issue tracked by CVE-2022-29901 and CVE-2022-28693.) ACRN shell commands added for real-time performance profiling ACRN shell commands were added to sample vmexit data per virtual CPU to facilitate real-time performance profiling: - * ``vmexit clear``: clears current vmexit buffer - * ``vmexit [vm_id]``: outputs vmexit info per vCPU * ``vmexit enable | disable``: enabled by default - + * ``vmexit clear``: clears current vmexit buffer + * ``vmexit [vm_id]``: outputs vmexit reason code and latency count information per vCPU + for a VM ID (or for all VM IDs if none is specified). See :ref:`release_notes_3.0` for additional release information.