From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Date: Tue, 5 Mar 2024 15:22:10 +0200
Subject: KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests
Git-commit: 2a0180129d726a4b953232175857d442651b55a0
Patch-mainline: v6.9-rc1
References: bsc#1213456 CVE-2023-28746
Mitigation for RFDS requires RFDS_CLEAR capability which is enumerated
by MSR_IA32_ARCH_CAPABILITIES bit 27. If the host has it set, export it
to guests so that they can deploy the mitigation.
RFDS_NO indicates that the system is not vulnerable to RFDS, export it
to guests so that they don't deploy the mitigation unnecessarily. When
the host is not affected by X86_BUG_RFDS, but has RFDS_NO=0, synthesize
RFDS_NO to the guest.
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Acked-by: Nikolay Borisov <nik.borisov@suse.com>
---
arch/x86/kvm/x86.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1100,6 +1100,8 @@ u64 kvm_get_arch_capabilities(void)
data |= ARCH_CAP_SSB_NO;
if (!boot_cpu_has_bug(X86_BUG_MDS))
data |= ARCH_CAP_MDS_NO;
+ if (!boot_cpu_has_bug(X86_BUG_RFDS))
+ data |= ARCH_CAP_RFDS_NO;
if (!boot_cpu_has(X86_FEATURE_RTM)) {
/*