upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-09 01:30:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/amd64/vmm/amd
History
Tycho Nightingale 91fe5fe7e7 Provide some mitigation against CVE-2017-5715 by clearing registers 
upon returning from the guest which aren't immediately clobbered by
the host.  This eradicates any remaining guest contents limiting their
usefulness in an exploit gadget.

This was inspired by this linux commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5b6c02f38315b720c593c6079364855d276886aa

Reviewed by:	grehan, rgrimes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13573
2018-01-15 18:37:03 +00:00
..
amdv.c sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
amdvi_hw.c amd-vi: set iommu msi configuration using pci_enable_msi method 2017-12-04 17:10:52 +00:00
amdvi_priv.h amd-vi: fix up r326152, the new width requires a wider type 2017-11-24 11:25:06 +00:00
ivrs_drv.c vmm/amd: add ivhd device with a higher order 2017-12-04 17:08:03 +00:00
npt.c As <machine/pmap.h> is included from <vm/pmap.h>, there is no need to 2016-02-22 09:02:20 +00:00
npt.h Get rid of unused forward declaration of 'struct svm_softc'. 2014-10-11 03:21:33 +00:00
svm.c vmm/svm: contigmalloc of the whole svm_softc is excessive 2018-01-09 14:22:18 +00:00
svm.h Restore the host's GS.base before returning from 'svm_launch()'. 2015-06-23 02:17:23 +00:00
svm_genassym.c Restore the host's GS.base before returning from 'svm_launch()'. 2015-06-23 02:17:23 +00:00
svm_msr.c Allow guest writes to AMD microcode update[0xc0010020] MSR without updating actual hardware MSR. This allows guest microcode update to go through which otherwise failing because wrmsr() was returning EINVAL. 2016-04-11 05:09:43 +00:00
svm_msr.h IFC r271888. 2014-09-20 21:46:31 +00:00
svm_softc.h vmm/svm: contigmalloc of the whole svm_softc is excessive 2018-01-09 14:22:18 +00:00
svm_support.S Provide some mitigation against CVE-2017-5715 by clearing registers 2018-01-15 18:37:03 +00:00
vmcb.c Don't require <sys/cpuset.h> to be always included before <machine/vmm.h>. 2015-04-30 22:23:22 +00:00
vmcb.h Fix a couple of comments in AMD Virtual Machine Control Block structure 2018-01-05 19:15:24 +00:00