github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-01 11:55:25 +00:00
Code Issues Projects Releases Wiki Activity
3164f3976a
acrn-hypervisor/hypervisor/include/arch/x86
History
Yonghua Huang 3164f3976a hv: Mitigation for CPU MDS vulnerabilities. 
Microarchitectural Data Sampling (MDS) is a hardware vulnerability
 which allows unprivileged speculative access to data which is available
 in various CPU internal buffers.

 1. Mitigation on ACRN:
    1) Microcode update is required.
    2) Clear CPU internal buffers (store buffer, load buffer and
       load port) if current CPU is affected by MDS, when VM entry
       to avoid any information leakage to guest thru above buffers.
    3) Mitigation is not needed if ARCH_CAP_MDS_NO bit (bit5)
       is set in IA32_ARCH_CAPABILITIES MSR (10AH), in this case,
       current processor is no affected by MDS vulnerability, in other
       cases mitigation for MDS is required.

 2. Methods to clear CPU buffers (microcode update is required):
    1) L1D cache flush
    2) VERW instruction
    Either of above operations will trigger clearing all
    CPU internal buffers if this CPU is affected by MDS.
    Above mechnism is enumerated by:
    CPUID.(EAX=7H, ECX=0):EDX[MD_CLEAR=10].

 3. Mitigation details on ACRN:
    if (processor is affected by MDS)
	    if (processor is not affected by L1TF OR
		  L1D flush is not launched on VM Entry)
		    execute VERW instruction when VM entry.
	    endif
    endif

 4. Referrence:
    Deep Dive: Intel Analysis of Microarchitectural Data Sampling
    https://software.intel.com/security-software-guidance/insights/
    deep-dive-intel-analysis-microarchitectural-data-sampling

    Deep Dive: CPUID Enumeration and Architectural MSRs
    https://software.intel.com/security-software-guidance/insights/
    deep-dive-cpuid-enumeration-and-architectural-msrs

Tracked-On: #3317
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Reviewed-by: Jason CJ Chen <jason.cj.chen@intel.com>
2019-07-05 15:17:27 +08:00
..
boot hv:Move severl variable declaration for boot code 2019-01-25 21:32:21 +08:00
guest hv: vm_manage: minor fix about triple_fault_shutdown_vm 2019-07-03 17:44:45 +08:00
lib hv:move several files related X86 for lib 2019-05-13 10:12:20 +08:00
apicreg.h hv: Use Interrupt Remapping format for programming interrupt sources 2019-02-01 15:54:55 +08:00
board.h hv: remove CONFIG_PARTITION_MODE for pre-launched VM vE820 creation 2019-03-19 14:28:43 +08:00
cat.h HV: CAT: support config CAT from acrn_vm_config 2019-02-28 11:22:29 +08:00
cpu_caps.h hv: vmsr: handle guest msr ia32_misc_enable read/write 2019-05-09 16:35:15 +08:00
cpu.h xsave: inject GP when guest tries to write 1 to XCR0 reserved bit 2019-06-12 08:28:53 +08:00
cpufeatures.h hv: Mitigation for CPU MDS vulnerabilities. 2019-07-05 15:17:27 +08:00
cpuid.h hv: vcpuid: present sgx capabilities to guest 2019-05-29 11:24:13 +08:00
default_acpi_info.h hv: emulate ACPI reset register for Service OS guest 2019-05-15 11:20:12 +08:00
e820.h hv: remove CONFIG_PARTITION_MODE for pre-launched VM vE820 creation 2019-03-19 14:28:43 +08:00
gdt.h hv: coding style: remove no real declaration for external variable 2018-12-20 20:20:08 +08:00
host_pm.h HV: fix MISRA violation of host_pm.h 2019-05-15 09:31:43 +08:00
idt.h hv:cleanup header files for arch folder 2019-02-22 13:14:36 +08:00
init.h HV: Add prefix 'p' before 'cpu' to physical cpu related functions 2019-04-24 10:50:28 +08:00
io.h hv:modulization for IO Emulation 2019-01-21 13:49:54 +08:00
ioapic.h hv: Avoid run-time buffer overflows with IOAPIC data structures 2019-06-24 11:41:10 +08:00
irq.h doc: remove hard-coded interfaces in .rst files 2019-05-22 12:40:52 -07:00
lapic.h doc: remove hard-coded interfaces in .rst files 2019-05-22 12:40:52 -07:00
mmu.h HV: Add flush_address_space API. 2019-06-20 09:32:55 +08:00
msr.h hv: Mitigation for CPU MDS vulnerabilities. 2019-07-05 15:17:27 +08:00
multiboot.h restruct boot and bsp dir for firmware stuff 2019-05-09 16:33:44 +08:00
page.h hv: add support of EPT mapping of high MMIO 2019-02-28 18:33:11 +08:00
per_cpu.h hv:remove some unnecessary includes 2019-05-16 10:33:01 +08:00
pgtable.h hv: ept: mask EPT leaf entry bit 52 to bit 63 in gpa2hpa 2019-07-03 09:39:41 +08:00
security.h hv: Mitigation for CPU MDS vulnerabilities. 2019-07-05 15:17:27 +08:00
seed.h hv: seed: refine header file 2019-03-15 14:09:56 +08:00
sgx.h hv: sgx: add basic support to init sgx resource for vm 2019-05-29 11:24:13 +08:00
timer.h hv:move 'udelay' to timer.c 2019-03-22 08:38:13 +08:00
trampoline.h hv:Move severl variable declaration for boot code 2019-01-25 21:32:21 +08:00
vm_config.h Hv: minor cosmetic fix 2019-07-01 09:57:05 +08:00
vmx.h hv: allocate vpid based on vm_id and vcpu_id mapping 2019-04-22 19:57:28 +08:00
vtd.h HV: remove unused function disable_iommu 2019-05-22 16:36:03 +08:00
zeropage.h hv:remove common header files 2019-05-07 09:10:13 +08:00