git.kernel.dk Git - linux-2.6-block.git/commit

author	Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
	Thu, 14 Aug 2025 17:20:42 +0000 (10:20 -0700)
committer	Dave Hansen <dave.hansen@linux.intel.com>
	Thu, 14 Aug 2025 17:26:20 +0000 (10:26 -0700)
commit	a508cec6e5215a3fbc7e73ae86a5c5602187934d
tree	c16f4b96384f53a96f993344e3d51f9d3e60dcb8	tree
parent	9969779d0803f5dcd4460ae7aca2bc3fd91bff12	commit \| diff

x86/vmscape: Enumerate VMSCAPE bug

The VMSCAPE vulnerability may allow a guest to cause Branch Target
Injection (BTI) in userspace hypervisors.

Kernels (both host and guest) have existing defenses against direct BTI
attacks from guests. There are also inter-process BTI mitigations which
prevent processes from attacking each other. However, the threat in this
case is to a userspace hypervisor within the same process as the attacker.

Userspace hypervisors have access to their own sensitive data like disk
encryption keys and also typically have access to all guest data. This
means guest userspace may use the hypervisor as a confused deputy to attack
sensitive guest kernel data. There are no existing mitigations for these
attacks.

Introduce X86_BUG_VMSCAPE for this vulnerability and set it on affected
Intel and AMD CPUs.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>

arch/x86/include/asm/cpufeatures.h		diff \| blob \| blame \| history
arch/x86/kernel/cpu/common.c		diff \| blob \| blame \| history